ID,name,description,start_date,end_date,inclusion_criteria,inclusion_criteria_subcode,source_incident_detection_disclosure,incident_type,receiver_name,receiver_country,receiver_region,receiver_category,receiver_category_subcode,initiator_name,initiator_country,initiator_category,initiator_category_subcode,number_of_attributions,attribution_ID,attribution_date,attribution_type,attribution_basis,attributing_actor,attribution_it_company,attributing_country,attributed_initiator,attributed_initiator_country,attributed_initiator_category,sources_attribution,cyber_conflict_issue,offline_conflict_issue,offline_conflict_issue_subcode,offline_conflict_intensity,offline_conflict_intensity_subcode,number_of_political_responses,political_response_date,political_response_type,political_response_type_subcode,political_response_country,political_response_actor,zero_days,zero_days_subcode,MITRE_initial_access,MITRE_impact,user_interaction,has_disruption,data_theft,disruption,hijacking,physical_effects_spatial,physical_effects_temporal,unweighted_cyber_intensity,target_multiplier,weighted_cyber_intensity,impact_indicator,impact_indicator_value,functional_impact,intelligence_impact,political_impact_affected_entities,political_impact_affected_entities_exact_value,political_impact_third_countries,political_impact_third_countries_exact_value,economic_impact,economic_impact_exact_value,economic_impact_currency,state_responsibility_indicator,IL_breach_indicator,IL_breach_indicator_subcode,evidence_for_sanctions_indicator,number_of_legal_responses,legal_response_date,legal_response_type,legal_response_type_subcode,legal_response_country,legal_response_actor,legal_attribution_reference,legal_attribution_reference_subcode,legal_response_indicator,casualties,sources_url,added_to_DB,updated_at
3436,The ransomware group EMBARGO gained access to customer data of the Australian lender FirstMac,"The ransomware group EMBARGO gained access to customer data of the Australian lender FirstMac, the Australian Financial Review was the first to report on 30 April 2024.
On the same day, the ransomware group EMBARGO also claimed to have stolen databases, source codes and sensitive customer data worth 500 GB. Again, FirstMac notified its customers of this cyber incident on the same day. A spokesperson for FirstMac told the media that there had been unauthorised third-party access to a limited part of the IT system and that customer information had been accessed.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Hijacking without Misuse,FirstMac,Australia,OC,Critical infrastructure,Finance,EMBARGO,Not available,Non-state-group,Criminal(s),1,19059,2024-04-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,EMBARGO,Not available,Not available,EMBARGO,Not available,Non-state-group,https://www.cyberdaily.au/security/10487-exclusive-aussie-lender-firstmac-falls-victim-to-embargo-ransomware-gang,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.cyberdaily.au/security/10487-exclusive-aussie-lender-firstmac-falls-victim-to-embargo-ransomware-gang; https://www.mortgagebusiness.com.au/lender/19018-non-bank-lender-hacked,2024-05-02,2024-05-02
3435,Unknown hackers disrupted the digital services of the French municipality of Gravelines on 25 April 2024,"Unknown hackers targeted and disrupted the digital services of the French municipality of Gravelines on 25 April 2024. Ransomware was discovered on one of the city council's computers, whereupon the decision was taken to shut down the rest of the IT infrastructure in order to contain the spread of the malware. 
The attack on Gravelines is the latest in a series of incidents that have recently affected French municipalities. ",2024-04-25,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Municipality of Gravelines,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,19057,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.zdnet.fr/actualites/gravelines-albi-de-nouvelles-collectivites-francaises-victimes-dattaques-informatiques-391202.htm; https://www.facebook.com/photo/?fbid=869819218517944&set=a.571846224981913; https://france3-regions.francetvinfo.fr/hauts-de-france/nord-0/certaines-actions-ne-sont-pour-l-instant-plus-possibles-une-cyberattaque-paralyse-toujours-la-mairie-de-gravelines-2961068.html,2024-05-02,2024-05-02
3433,A presumably Chinese hacker group gained access to the remote maintenance software for solar systems of at least the Japanese electronics manufacturer Contec and stole money from the solar system owners,"A presumably Chinese hacker group gained access to the remote maintenance software for solar systems of at least the Japanese electronics manufacturer Contec and stole money from the solar system owners, an unnamed Chinese hacker group is said to have claimed on a communication application.
The hacker group is said to have exploited a vulnerability to gain access to the remote maintenance software of the respective solar systems and implanted a backdoor. From there, in some cases the hackers then managed to hack into the bank accounts of the respective solar system owners in order to transfer money to the hackers' accounts.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Hijacking with Misuse,Not available - Contec,Not available; Japan, - ASIA; SCS; NEA,End user(s) / specially protected groups - Critical infrastructure, - Critical Manufacturing,Not available,China,Unknown - not attributed,,1,19054,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,China,Not available,China,Unknown - not attributed,https://www.hokkoku.co.jp/articles/-/1387270,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.hokkoku.co.jp/articles/-/1387270; https://www.kobe-np.co.jp/news/zenkoku/compact/202405/0017603449.shtml; https://www.sankei.com/article/20240501-ZSOLVFVJZZL6BLQJR6S6SJ23GM/,2024-05-02,2024-05-02
3432,Pro-Russian hacktivists attack several critical infrastructure entities in the beginning of 2024,"In a recent report by CISA, CCCS, NCSC-UK and other US institutions reports attacks of pro-Russian hacktivists compromising small-scale operational technology (OT) in North American and European Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture Sectors. These hacktivists seek to compromise modular, internet-exposed industrial control systems (ICS) through their software components, such as human machine interfaces (HMIs), by exploiting virtual network computing (VNC) remote access software and default passwords. The malicious activity has been observed in-between 2022 and April 2024 but highlights the recent activities in the beginning of 2024. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Not available - Not available - Not available,United States; Europe (region); Canada,NATO; NORTHAM -  - NATO; NORTHAM,Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Energy; Water; Food; Waste Water Management - Energy; Water; Food; Waste Water Management - Energy; Water; Food; Waste Water Management,Not available,Russia,Non-state-group,Hacktivist(s),1,19052; 19052; 19052; 19052; 19052; 19052; 19052; 19052; 19052; 19052,2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00; 2024-05-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI); National Security Agency (NSA); Canadian Centre for Cyber Security (CCCS); United Kingdom’s National Cyber Security Centre (NCSC); Environmental Protection Agency (EPA); United States Department of Energy (DOE); United States Department of Agriculture (USDA); Food and Drug Administration (FDA); Multi-State Information Sharing and Analysis Center (MS-ISAC),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/cisa-warning-pro-russia-hacktivists-critical-infrastructure; https://www.bleepingcomputer.com/news/security/us-govt-warns-of-pro-russian-hacktivists-targeting-water-facilities/; https://cyberscoop.com/pro-russia-hacktivists-attacking-vital-tech-in-water-and-other-sectors-agencies-say/; https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf,2024-05-02,2024-05-02
3431,Unknown threat actors breached the systems of Dropbox and accessed customer data on 24 April 2024,"Unknown threat actors breached the systems of Dropbox on 24 April 2024. The unauthorized access was discovered in the production environment of Dropbox Sign. The hackers presumably accessed information related to all users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed. At this point in time, there is no evidence that the contents of users’ accounts, such as their agreements or templates, or their payment information were exposed. The data breach appears to be limited to the Dropbox Sign infrastructure, and there is no evidence that the threat actor accessed production environments of other Dropbox products. The cyber incident is still under investigation.",2024-04-24,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft,Dropbox,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,19050,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/dropbox-data-breach-notification; https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm,2024-05-02,2024-05-02
3430,Unknown hackers gained access to the IT infrastructure of the german Catholic Youth Welfare of the Diocese of Augsburg (KJF) on 17 April 2024,"Unknown hackers attacked the IT infrastructure of the Catholic Youth Welfare (KJF) of the Diocese of Augsburg on 17 April 2024. The exfiltrated data includes personal, financial, patient and health data. The patient and health data originates from clinics and other facilities associated with the KJF.",2024-04-17,2024-04-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft,Medizinisches Versorgungszentrum GmbH in Neuburg a. d. Donau - Klinik Neuburg Service GmbH - KJF Klinik Josefinum gGmbH - Frère-Roger-Kinderzentrum gGmbH - Skywalk allgäu gGmbH - InHoga gGmbH - St. Franziskus Jugendhilfe gGmbH - Fachklinik Prinzregent Luitpold - Klinik Hochried - IFD Schwaben gGmbH  - Alpenklinik Santa Maria - Klinik St. Elisabeth Neuenburg a. d. Donau,Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Social groups - Social groups - Social groups - Social groups - Critical infrastructure - Critical infrastructure - Social groups - Critical infrastructure - Critical infrastructure,Health - Health - Health - Religious - Religious - Religious - Religious - Health - Health - Religious - Health - Health,Not available,Not available,Not available,,1,19030,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.kjf-augsburg.de/cyberangriff/,2024-04-30,2024-04-30
3429,Unknown threat actors gained access to Coffee County’s IT infrastructure on 15 April 2024,"Unknown threat actors gained access to the IT Infrastructure of Coffee County in Georgia. The county was notified by the Cybersecurity and Infrastructure Security Agency on 15 April about unusual cyber activity in their IT network. Accordingly, they took immediate steps to secure the systems even though there was no evidence of exfiltration of data/files. Due to the incident state election officials were also forced to shut down Coffee County’s access to Georgia’s statewide voter registration system GARViS. Coffee County election officials are also barred from accessing other state systems, including an election management suite known as ePulse, the election night reporting system and other state systems until the security threat is cleared.",2024-04-01,2024-04-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking without Misuse,Coffee County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,19028,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://cyberscoop.com/cyberattack-hits-georgia-county-at-center-of-voting-software-breach/,2024-04-30,2024-04-30
3428,Unknown hackers gained access to a secondary server at the University of Alicante in March 2024,"Unknown hackers gained access to a secondary server at the University of Alicante between 24 and 31 March 2024, reported the university's Vice-Rector for Digital Transformation himself, Rafael Molina, in April 2024.
He went on to explain that the IT service's security division had managed to prevent access to the central server, meaning that the hackers only had access to an external and independent server that already contained publicly accessible data, such as contact details and data relating to the respective degree programme.",2024-03-24,2024-03-31,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Hijacking without Misuse,University of Alicante,Spain,EUROPE; NATO; EU(MS),State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,19026,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.ondacero.es/emisoras/comunidad-valenciana/alicante/noticias/universidad-alicante-evita-ciberataque-sistema-informatico-central_20240429662f69a08e66020001be57dc.html,2024-04-30,2024-04-30
3427,The Medusa ransomware group gained access to the servers of Northeast Ohio Neighborhood Health and stole 51GB of data on 15 April 2024,"The Medusa ransomware group has claimed to have successfully attacked the servers of Northeast Ohio Neighborhood Health (NEON) on 15 April 2024. During the attack, 51GB of data were exfiltrated and the systems of NEON were locked, with a ransom of $250000 being demanded. 
NEON is associated with Change Healthcare which has already been the target of several cyber attacks. ",2024-04-15,2024-04-15,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Northeast Ohio Neighborhood Health (NEON),United States,NATO; NORTHAM,Critical infrastructure,Health,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,19024,2024-04-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.suspectfile.com/united-healthcare-optum-and-change-healthcare-involved-in-northeast-ohio-neighborhood-health-data-breach/,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://research.checkpoint.com/2024/29th-april-threat-intelligence-report/; https://www.suspectfile.com/united-healthcare-optum-and-change-healthcare-involved-in-northeast-ohio-neighborhood-health-data-breach/,2024-04-30,2024-04-30
3426,Unknown hackers obtained access to the systems of the US Los Angeles County Department of Health Services in February 2024,"Unknown hackers used phishing e-mails to obtain the credentials of 23 employees of the Los Angeles County Department of Health Services (DHS) between 19 February and 20 February 2024. 
With the credentials obtained, the hackers were able to access the data of around 6085 patients of the DHS. The potentially exposed information included the patient’s first and last name, date of birth, home address, phone number(s), e-mail address, medical record number, client identification number, dates of service, and/or medical information (e.g., diagnosis/condition, treatment, test results, medications), and/or health plan information. ",2024-02-19,2024-02-20,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft,Los Angeles County Department of Health Services (DHS),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,19021,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/162494/data-breach/los-angeles-county-department-of-health-services-data-breach.html; https://www.documentcloud.org/documents/24608719-la-county-department-of-health-services-data-breach-notification-letter; https://www.bleepingcomputer.com/news/security/la-county-health-services-thousands-of-patients-data-exposed-in-email-breach/,2024-04-30,2024-04-30
3421,Unknown hackers hijacked and defaced website of Uruguayan Institute for Children and Adolescents (INAU) on 26 April 2024,"On April 26, 2024, the official website of the Uruguayan Institute for Children and Adolescents (INAU) was defaced by unidentified threat actors to promote an online casino, RudalToto, which operates from Indonesia. The unauthorised content modifications were aimed at drawing visitors of the INAU website to the betting platform.
Upon noticing the breach, the INAU responded by engaging its Information and Communication Technology (ICT) division in collaboration with the web hosting provider. 
Efforts were focused on restoring the website to its original state using previous backups, a process estimated to have required two hours. During this period, the INAU informed the public of the temporary unavailability of its website.",2024-04-26,2024-04-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking with Misuse,Institute for Children and Adolescents (INAU) ,Uruguay,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18989,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.telenoche.com.uy/nacionales/hackearon-la-pagina-web-del-inau-n5366838; https://www.telenoche.com.uy/nacionales/hackearon-la-pagina-web-del-inau-n5366838,2024-04-29,2024-04-29
3418,Unidentified threat actor executed ransomware attack on Puerto Nuevo Terminals Consortium beginning on 20 April 2024,"On 20 April 2024, an unidentified threat actor launched a ransomware attack on Puerto Nuevo Terminals, a major facility at the Port of San Juan, Puerto Rico, which is part of a consortium formed by Luis Ayala Colón and Puerto Rico Terminals. 
Puerto Rico Port Authority Director Joel Pizá Batiz pointed to increased traffic in the port area due to the incident at Puerto Nuevo Terminals. Despite ongoing efforts to restore normalcy, traffic on Kennedy Avenue in San Juan continues to be slow.
The ransomware attack caused temporary disruptions to terminal operations and posed challenges to operations. Despite this, Puerto Nuevo Terminals was able to maintain operations. General Manager Clarivette Díaz confirmed that there were no sensitive data breaches and that gate hours were extended to accommodate the increased truck traffic.
Federal authorities, including the FBI, initiated investigations into the incident, including its impact on interstate commerce. 
",2024-04-20,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Puerto Nuevo Terminals Consortium,Puerto Rico,,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,18992,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.elnuevodia.com/negocios/consumo/notas/puerto-nuevo-terminals-rechaza-que-ciberataque-haya-expuesto-informacion-sensitiva-sobre-clientes/; https://www.metro.pr/noticias/2024/04/26/niegan-escasez-de-alimentos-por-ciberataque-mientras-se-espera-mas-tapon-en-la-zona-portuaria/; https://wapa.tv/programas/losdatos/ciberataque-atrasa-descarga-en-muelles/article_7d6dcfc8-040a-11ef-896a-37b0f2fcb5e1.html; https://wapa.tv/noticias/locales/camioneros-se-ven-afectados-por-ciberataque-a-empresa-que-opera-muelle-de-carga/article_00c90054-0424-11ef-865c-c7836888e402.html; https://twitter.com/prdirpuertos/status/1783905949201154281; https://www.elnuevodia.com/negocios/consumo/notas/regresan-a-la-normalidad-las-operaciones-en-los-muelles-de-carga-tras-ciberataque/,2024-04-29,2024-05-02
3419,BlackBasta suspected of targeting Spanish consulting firm Ayesa impeding access to tools for managing emergency calls on 24 April 2024,"The ransomware group BlackBasta is suspected to have targeted the consulting and engineering firm Ayesa, headquartered in Spain. The criminal collective disrupted access to several systems required to run tools Ayesa is offering to its customers as part of its business process outsourcing (BPO) services. These limitations affected the emergency response call management of the regional government of Andalusia, necessitating manual support to track calls. Ayesa initially expressed concerns about its ability to pay salaries to its 12,500 employees on schedule, noting that the servers used for processing payroll information had been corrupted. The company was able to restore access to payroll data in time. ",2024-04-24,Not available,Attack on critical infrastructure target(s),,,Disruption; Hijacking with Misuse; Ransomware,Ayesa,Spain,EUROPE; NATO; EU(MS),Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Black Basta Ransomware Gang,,Non-state-group,Criminal(s),1,18977,2024-04-24 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,Not available,,Black Basta Ransomware Gang,,Non-state-group,,,,,,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.vozpopuli.com/espana/andalucia/grupo-black-basta-ciberataque-ayesa.html; https://www.vozpopuli.com/espana/andalucia/grupo-black-basta-ciberataque-ayesa.html,2024-04-29,2024-04-29
3420,Argentinian newspaper La Nación targeted with ransomware on 25 April 2024,The Argentinian newspaper La Nación experienced a ransomware attack on 25 April 2024. Disrupted access to internal systems affected communications with subscribers and prevented the newspaper from running obituary notices.,2024-04-25,Not available,"Attack on (inter alia) political target(s), not politicized",,,Disruption; Hijacking with Misuse; Ransomware,La Nación,Argentina,SOUTHAM,Media,,,,,,1,; 18980,NaT; NaT,,,,; Not available,,,,,,,,,,,0,,,,,,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.clarin.com/tecnologia/diario-nacion-sufrio-ciberataque-restablecen-servicios-llevaran-caso-justicia_0_1jQIPhAgMP.html,2024-04-29,2024-04-29
3422,Unattributed hackers paralysed systems of Argentinian municipality of Colonia Caroya during ransomware attack on 22 April 2024,"Unknown actors disrupted business relevant systems of the municipality of Colonia Caroya in northern Córdoba, Argentina. The incident, which occurred on 22 April 2024, initially manifested itself through difficulties in accessing internal systems and mainly affected the traffic department's payment system for issuing driving licences. Subsequently, the disruption spread to other critical areas, including the registry office.
A confirmation of the intrusion from the government secretary Adrián Zanier described the incident as the result of a targeted operation.
The unidentified hackers reportedly demanded a ransom of five thousand euros to restore the administration's operating system. Mayor Paola Nanini filed a criminal complaint.",2024-04-22,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Municipality Of Colonia Caroya,Argentina,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18986,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.eldiariodecarlospaz.com.ar/sociedad/2024/4/28/hackers-piden-mil-euros-tras-el-ataque-la-municipalidad-de-colonia-caroya-201695.html; https://www.eldiariodecarlospaz.com.ar/sucesos/2024/4/25/un-ataque-hacker-paralizo-la-municipalidad-de-colonia-caroya-201440.html#google_vignette,2024-04-29,2024-04-29
3423,Chinese threat actor APT31 suspected of targeting Belgian MPs in 2021,"A device of Els Van Hoof, a member of Belgium's Chamber of Representatives for the Flemish Christian Democrats (CD&V) and chairwoman of the foreign affairs committee, was compromised as part of a phishing attempt in 2021. At the time, the State Security Service, Belgium's intelligence agency, found no evidence of further activity. According to media reports, an FBI investigation subsequently linked the infiltration to the Chinese state-associated threat actor APT31. Van Hoof, who is also a member of the Inter-Parliamentary Alliance on China (IPAC), was briefed of this connection in March 2024. A second parliamentarian and vice-chairman of the foreign affairs committee, Samuel Cogolati, was targeted in the same phishing campaign and is believed to have opened an infected email. In response to these reports, Belgium's Minister of Foreign Affairs, Hadja Lahbib, announced on 25 April that the chargé d'affaires of the Chinese embassy will be summoned. Following the departure of China's ambassador in March, the chargé d'affaires is China's highest ranking representatives in Belgium until the position is filled again. ",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",,Hijacking without Misuse,Els Van Hoof - Samuel Cogolati,Belgium; Belgium,EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system - State institutions / political system,Legislative - Legislative,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",,1,18983,2024-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,Federal Bureau of Investigation (FBI),Not available,United States,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",https://www.lemonde.fr/international/article/2024/04/25/la-chine-mise-en-cause-a-bruxelles-pour-le-piratage-de-l-ordinateur-d-une-parlementaire_6229875_3210.html,,,,,,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.lanacion.com.ar/agencias/belgica-convoca-al-encargado-de-negocios-de-china-para-pedir-explicaciones-por-el-espionaje-a-una-nid27042024/; https://twitter.com/hadjalahbib/status/1783428442412687457; https://www.hln.be/binnenland/hadja-lahbib-mr-roept-zaakgelastigde-chinese-ambassade-op-het-matje-na-hacking-parlementsleden-moeten-vrij-kunnen-werken~aaaff254/; https://www.hln.be/binnenland/kamerlid-els-van-hoof-gehackt-door-chinese-spionnen-ambassadeur-heeft-me-al-meermaals-geintimideerd~a2eca5e0/; https://www.lemonde.fr/international/article/2024/04/25/la-chine-mise-en-cause-a-bruxelles-pour-le-piratage-de-l-ordinateur-d-une-parlementaire_6229875_3210.html; https://www.sudinfo.be/id830721/article/2024-04-29/guy-verhofstadt-victime-despionnage-chinois; https://www.lesoir.be/584233/article/2024-04-29/cyberattaques-chinoises-cinq-elus-belges-cibles-dont-lex-premier-ministre; https://www.lesoir.be/584689/article/2024-04-30/cinq-elus-belges-ont-ete-victimes-dune-cyberattaque-chinoise,2024-04-29,2024-05-02
3424,"Hacktivist collective Belarusian Cyber Partisans claimed to have compromised systems of Belarusian National Intelligence Agency (KGB) to steal data of over 8,600 employees starting in Autumn 2023","On 26 April 2024, Cyber Partisans, a hacktivist collective engaged in acts to expose and resist state repression in Belarus, announced a breach of the network of the Belarusian national intelligence agency KGB, which they claim to have conducted during the autumn of 2023. Exploiting vulnerabilities within the KGB's web infrastructure, the hackers purportedly gained access to sensitive databases and server logs, exfiltrating personnel files of over 8,600 current and former KGB employees.
The compromise reportedly led to the suspension of the KGB's official website, which was placed in indefinite 'maintenance mode' in early 2024. Cyber Partisans have sought to substantiate their claims about the intrusion by disseminating administrative lists, website databases, and server logs via the Telegram messaging platform. ",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,State Security Committee of the Republic of Belarus,Belarus,EUROPE; EASTEU; CSTO,State institutions / political system,Intelligence agencies,Belarusian Cyber Partians,Belarus,Non-state-group,Hacktivist(s),1,18996,2024-04-26 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Belarusian Cyber Partisans,Not available,Belarus,Belarusian Cyber Partians,Belarus,Non-state-group,https://t.me/cpartisans_by/1403; https://t.me/cpartisans_by/1408,,,,,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.rferl.org/a/belarus-cyberattack-kgb-lukashenka-cyberpartisans/32922408.html; https://t.me/cpartisans_by/1403; https://t.me/cpartisans_by/1408; https://therecord.media/belarus-secret-service-website-hacked; https://www.heise.de/news/Cyberangriff-in-Belarus-Telegram-Bot-soll-KGB-Angestellte-deanonymisieren-9701449.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/162504/hacktivism/cyber-partisans-breached-belarus-kgb.html; https://research.checkpoint.com/2024/29th-april-threat-intelligence-report/,2024-04-29,2024-04-30
3425,Ukrainian hacker group BO Team and Ukraine´s Defense Intelligence (HUR) claimed to have concudcted cyber operation against Russian telecom provider MTS at end of April 2024,"The Ukrainian hacker group BO Team and Ukraine’s Defense Intelligence (HUR) claimed to have conducted a cyber operation against Russian telecom provider MTS on 26-27 April 2024. According to the report by Kyiv Post from 28 April, the hackers told RBC Ukraine that they were ""able to destroy the company’s software and configuration file and caused severe disruption to internet services across Russia, including Moscow and St. Petersburg."" Furthermore, HUR informed RBC Ukraine that hackers had gained access to all of MTT’s network equipment in the run-up to the cyberattack. Repair work will take months for MTT since it will need to physically connect each device across the country, according to HUR.
No independent third-party reporting was available at the time of reporting to confirm the Ukrainian media accounts, including of the alleged impact of the operation.
The attack hit the Interregional TransitTelecom (MTT), a Russian fixed-line provider operating under MTS. The MTT website reported disruptions at the time of reporting but did not confirm a cyberattack or disclose further details about the reasons for the service stop. 
",2024-04-01,2024-04-27,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","; Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption; Hijacking with Misuse,Interregional TransitTelecom (MTT),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Telecommunications,BO Team; Ukraine´s Defense Intelligence (HUR),Ukraine; Ukraine,Non-state-group; State,Hacktivist(s); ,1,18997; 18997; 18997; 18997; 18997; 18997; 18997; 18997,2024-04-27 00:00:00; 2024-04-27 00:00:00; 2024-04-27 00:00:00; 2024-04-27 00:00:00; 2024-04-27 00:00:00; 2024-04-27 00:00:00; 2024-04-27 00:00:00; 2024-04-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,BO Team; BO Team; BO Team; BO Team; Ukraine´s Defense Intelligence (HUR); Ukraine´s Defense Intelligence (HUR); Ukraine´s Defense Intelligence (HUR); Ukraine´s Defense Intelligence (HUR),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,BO Team; BO Team; Ukraine´s Defense Intelligence (HUR); Ukraine´s Defense Intelligence (HUR); BO Team; BO Team; Ukraine´s Defense Intelligence (HUR); Ukraine´s Defense Intelligence (HUR),Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,Non-state-group; State; Non-state-group; State; Non-state-group; State; Non-state-group; State,https://www.kyivpost.com/post/31798,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.kyivpost.com/post/31798,2024-04-29,2024-04-30
3417,Unknown Hackers Obtained Access to the Facebook Account of the Local Branch Müllendorf of the Austrian SPÖ Party on 20 April 2024,"On 20 April 2024, an unknown actor gained unauthorised access to the regional Facebook page of the Austrian political party SPÖ Müllendorf and renamed the public profile to ‘BOT AI 136’, indicating a takeover by automated bots. The investigation revealed that the attack targeted the business account of the administrator, who was responsible for both the SPÖ Facebook page and the page of another unrelated company. The administrator used his business email for both pages, which led to the involuntary takeover of the SPÖ Müllendorf page. As yet, no details concerning the hackers have been disclosed. ",2024-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking with Misuse,SPÖ Müllendorf,Austria,EUROPE; EU(MS); WESTEU,State institutions / political system,Political parties,Not available,Not available,Not available,,1,18952,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.meinbezirk.at/eisenstadt/c-lokales/hackerangriff-auf-facebookseite-der-spoe-muellendorf_a6653325#gallery=null,2024-04-26,2024-04-26
3416,The state-sponsored North Korean hacker group Lazarus hacked certain individuals with technical backgrounds in Asia in the summer of 2023,"The state-sponsored North Korean hacker group Lazarus hacked certain individuals with technical backgrounds in Asia in the summer of 2023, the Czech IT security company Avast reported on 18 April 2024.
According to the report, Lazarus lured these specific individuals with fake job offers, likely through standard social media, in which Lazarus sent malicious files to its targets, allegedly as part of the job interview. Clicking on the malicious files caused the three loaders RollSling, RollFling and RollMid to be triggered, which in turn triggered the Kaolin Remote Access Trojan (RAT), which in turn triggered the FudModule rootkit to gain access to the computer in question. As part of the cyber incident, Lazarus aimed to blind security products by exploiting the vulnerability in the Windows Driver (CVE-2024-21338).",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Asia (region),,End user(s) / specially protected groups,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18948,2024-04-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Avast,Avast,Czech Republic,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/; https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html; https://news.sbs.co.kr/news/endPage.do?news_id=N1007629981; https://news.kbs.co.kr/news/view.do?ncd=7952307,2024-04-26,2024-05-02
3415,The state-sponsored hacktivist group Cyber Army of Russia Reborn disrupted the Tipton West Wastewater Treatment Plant in Indiana,"The state-sponsored hacktivist group Cyber Army of Russia Reborn (CARR) disrupted the Tipton West Wastewater Treatment Plant in Indiana, United States, on 19 April 2024, the hacktivist group claimed responsibility on their Telegram channel the following day, 20 April 2024.
Over the weekend, the causal relationship between the disruption and the cyber incident was still unclear when Tipton Municipal Utilities General Manager Jim Ankrum told CNN on 22 April 2024 that no compromise had occurred. 
On 20 April 2024, the hacktivist group claimed responsibility for the cyber incident with a confessional video allegedly showing how the wastewater treatment plant's software that controls fluid movement was tampered with, industry cybersecurity expert Ron Fabela also told CNN. On 25 April 2024, the hacktivist group is said to have published another video on its Telegram channel about this cyber incident.",2024-04-19,2024-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,Tipton West Wastewater Treatment Plant,United States,NATO; NORTHAM,Critical infrastructure,Waste Water Management,People’s Cyber Army of Russia,Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,18945; 18946,2024-04-20 00:00:00; 2024-04-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,People’s Cyber Army of Russia; People’s Cyber Army of Russia,Not available; Not available,Russia; Russia,People’s Cyber Army of Russia; People’s Cyber Army of Russia,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://t.me/CyberArmyofRussia_Reborn/7433; https://statescoop.com/russian-cyberattack-wastewater-tipton-indiana/,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://statescoop.com/russian-cyberattack-wastewater-tipton-indiana/; https://edition.cnn.com/2024/04/22/politics/russia-linked-hacking-group-targets-indiana-water-plant/index.html; https://t.me/CyberArmyofRussia_Reborn/7433; https://therecord.media/russia-hackers-cyberattack-tipton-indiana,2024-04-26,2024-05-02
3414,"Ransomware group Blacksuit steals data from US branch of Swiss pharmaceutical company, Octapharma, on 17 April 2024","Octapharma Plasma, the US branch of Octapharma, a Swiss pharmaceutical company involved in ""protein manufacturing,"" or the manufacturing of plasma-dependent medical therapies, was hit by a ransomware attack by Blacksuit ransomware group on 17 April 2024. 
According to Octapharma's press release on 19 April, the company detected ""suspicious activity"" on its networks, which resulted in the company having to take its systems offline while an investigation was initiated; this impacted operations of over 100 plasma donation centres in the US. Days later, on 24 April 2024, the Blacksuit ransomware gang listed Octapharma Plasma on its leak site along with details about the attack. While the company was listed on the site, no data had been leaked; according to the group, data stolen included information on employees and clients, including medical examination information, employee contract information, and donor centre/lab data, as well as Social Security numbers of donors.",2024-04-15,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft; Ransomware,Octapharma Plasma,United States,NATO; NORTHAM,Critical infrastructure,Health,BlackSuit,Not available,Non-state-group,Criminal(s),1,18939,2024-04-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackSuit,Not available,Not available,BlackSuit,Not available,Non-state-group,https://www.cyberdaily.au/security/10466-exclusive-black-suit-ransomware-gang-claims-hack-on-octapharma-plasma,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.heise.de/news/Octapharma-Plasma-Nach-auffaelligen-Aktivitaeten-in-den-USA-Eintrag-auf-Leaksite-9696044.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.cyberdaily.au/security/10466-exclusive-black-suit-ransomware-gang-claims-hack-on-octapharma-plasma; https://www.octapharma.com/news/corporate-news/2024/news-update; https://therecord.media/plasma-donation-company-cyberattack-blacksuit; https://www.theregister.com/2024/04/18/ransomware_octapharma_plasma,2024-04-25,2024-04-25
3413,The state-sponsored hacker group UAT4356 (also known as STORM-1849) gained access to government networks worldwide via perimeter network devices and the two backdoors Line Runner and Line Dancer beginning in December 2023,"#ArcaneDoor: The state-sponsored hacker group UAT4356 (also known as STORM-1849) gained access to government networks worldwide via perimeter network devices and the two backdoors Line Runner and Line Dancer from December 2023 to February 2024, the US IT security company Cisco Talos attributed with high confidence in their technical report of 24 April 2024. 
Cisco Talos became aware of the cyber incident when a customer of their Adaptive Security Appliances (ASA) devices reported suspicious activity in early 2024. As a result, the Cisco Product Security Incident Response Team (PSIRT) and Cisco Talos began an investigation. They found that the attacker was primarily targeting Microsoft network devices and using the two backdoors, Line Runner and Line Dancer, to modify the device configuration, conduct reconnaissance, and capture and exfiltrate network traffic. The hacker group also exploited the vulnerabilities CVE-2024-20353 and CVE-2024-20359.",2023-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Global (region),,State institutions / political system,Government / ministries,UAT4356 / STORM-1849,Not available,"Non-state actor, state-affiliation suggested",,1,18937,2024-02-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,Cisco Talos Intelligence,United States,UAT4356 / STORM-1849,Not available,"Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://arstechnica.com/security/2024/04/cisco-firewall-0-days-under-attack-for-5-months-by-resourceful-nation-state-hackers/; https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/; https://securityaffairs.com/162244/apt/nation-state-actors-exploited-two-zero-days-in-asa-and-ftd-firewalls-to-breach-government-networks.html; https://therecord.media/cisco-asa-crushftp-vulnerabilities-exploited-cisa; https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/; https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/; https://www.govinfosecurity.com/cisco-fixes-firewall-0-days-after-likely-nation-state-hack-a-24934; https://thehackernews.com/2024/04/state-sponsored-hackers-exploit-two.html; https://www.channelnewsasia.com/business/cisco-says-hackers-subverted-its-security-devices-spy-governments-4290286; https://securityaffairs.com/162308/security/cisa-adds-cisco-asa-and-ftd-and-crushftp-vfs-flaws-to-its-known-exploited-vulnerabilities-catalog.html; https://www.zdnet.fr/actualites/arcanedoor-une-campagne-de-piratage-de-haut-vol-qui-sattaque-a-des-equipements-cisco-391135.htm; https://www.cybersecurity360.it/news/difesa-proattiva-contro-hacker-state-sponsored-la-lezione-degli-attacchi-arcanedoor-ai-prodotti-cisco/; https://research.checkpoint.com/2024/29th-april-threat-intelligence-report/,2024-04-25,2024-04-30
3404,"Unknown actors gained access to systems of Mount Carmel Clinic in Canada, 17 April 2024","Unknown hackers gained unauthorised access into the systems of Mount Carmel Clinic, a ""grassroots"" community healthcare centre in Winnipeg, Canada, on 17 April 2024, according to a press release by the website. As soon as the intrusion was detected, the healthcare centre enlisted a cybersecurity team to help with impact assessment and threat containment, but there is no indication as of 24 April 2024 that any data was stolen.",2024-04-17,2024-04-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Mount Carmel Clinic,Canada,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,18898,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.mountcarmel.ca/security-event/,2024-04-24,2024-04-24
3400,North Korean state-sponsored APT Lazarus Group hacked into unnamed South Korean defence company and stole data starting in November 2022,"As reported on 23 April 2024 by the South Korean National Police Agency, the North Korean APT, Lazarus Group, infiltrated the systems of an unnamed South Korean defence company in November 2022, as part of a year-and-a-half-long coordinated espionage campaign alongside two other North Korean APTs, Andariel and Kimsuky.
In the November 2022 breach, Lazarus hacked into the external network of the unnamed defence company and infected it with malicious code, thus enabling the group to gain access to internal networks through network systems that were left open for testing. Within the internal network, the group stole data and exported it to external servers abroad.
According to the National Police Agency, the aforementioned year-and-a-half-long campaign that the Lazarus hack took place within ultimately affected 10 South Korean defence organisations. ",2022-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Defence industry,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18890,2024-04-23 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Korean National Police Agency (KNPA),Not available,"Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.police.go.kr/viewer/skin/doc.html?fn=3c9dc697-f005-4acf-ba8a-511195ac72f9.hwpx&rs=/viewer/202404,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"https://www.siminilbo.co.kr/news/newsview.php?ncode=1160293172337217; https://www.police.go.kr/viewer/skin/doc.html?fn=3c9dc697-f005-4acf-ba8a-511195ac72f9.hwpx&rs=/viewer/202404; https://www.seoulfocus.kr/news/articleView.html?idxno=156782; https://www.newscj.com/news/articleView.html?idxno=3132639; https://www.ntv.com.tr/dunya/kuzey-koreden-guney-kore-savunma-sistemlerine-saldiri,RJQtQl6gR0GNpyutNUPdTg; https://www.etnews.com/20240423000390; https://sp.yna.co.kr/view/ASP20240423001500883; https://sp.yna.co.kr/view/ASP20240423001500883; https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/; https://securityaffairs.com/162193/apt/north-korea-south-korean-defense-contractors.html; https://therecord.media/south-korean-defense-companies-cyber-espionage-north-korea; https://www.dailysecu.com/news/articleView.html?idxno=155426; https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html; https://research.checkpoint.com/2024/29th-april-threat-intelligence-report/",2024-04-24,2024-04-30
3401,"North Korean state-sponsored APT Andariel stole data from unnamed South Korean defence manufacturer through accessing maintenance/repair partner, starting in October 2022","As reported on 23 April 2024 by the South Korean National Police Agency, the North Korean APT, Andariel, infiltrated the systems of an unnamed South Korean defence company in October 2022, as part of a year-and-a-half-long coordinated espionage campaign alongside two other North Korean APTs, Lazarus and Kimsuky.
In the October 2022 breach, Andariel gained access to an employee's email account from an unnamed partner which maintains and repairs equipment from the aforementioned unnamed defence company. Through this, Andariel was able to steal data that was sent via email and was further able to install malware onto the defence company's computers, enabling the theft of more data directly from the defence company's servers.
According to the National Police Agency, the aforementioned year-and-a-half-long campaign that the Andariel hack took place within ultimately affected 10 South Korean defence organisations. ",2022-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,Not available,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Defence industry,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18892,2024-04-23 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Korean National Police Agency (KNPA),Not available,"Korea, Republic of","Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.police.go.kr/viewer/skin/doc.html?fn=3c9dc697-f005-4acf-ba8a-511195ac72f9.hwpx&rs=/viewer/202404,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"https://www.police.go.kr/viewer/skin/doc.html?fn=3c9dc697-f005-4acf-ba8a-511195ac72f9.hwpx&rs=/viewer/202404; https://therecord.media/south-korean-defense-companies-cyber-espionage-north-korea; https://securityaffairs.com/162193/apt/north-korea-south-korean-defense-contractors.html; https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/; https://sp.yna.co.kr/view/ASP20240423001500883; https://sp.yna.co.kr/view/ASP20240423001500883; https://www.seoulfocus.kr/news/articleView.html?idxno=156782; https://www.newscj.com/news/articleView.html?idxno=3132639; https://www.ntv.com.tr/dunya/kuzey-koreden-guney-kore-savunma-sistemlerine-saldiri,RJQtQl6gR0GNpyutNUPdTg; https://www.etnews.com/20240423000390; https://www.siminilbo.co.kr/news/newsview.php?ncode=1160293172337217; https://www.dailysecu.com/news/articleView.html?idxno=155426; https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html; https://research.checkpoint.com/2024/29th-april-threat-intelligence-report/",2024-04-24,2024-04-30
3402,Unknown hackers gained access to the network of the Argentinian municipality of San Agustin and stole more than 19 million Argentinian pesos on 19 April 2024,"Unknown hackers gained access to the network of the Argentinian municipality of San Agustin and stole more than 19 million Argentinian pesos on 19 April 2024, the head of the municipality, Christian Osta, reported in a statement on 22 April 2024.
The hackers transferred the money in four transfers of 4.9 million Argentinian pesos each. The head said that if the money was not received, the payment of salaries, the execution of works and the provision of services would be affected.",2024-04-19,2024-04-19,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Municipality of San Agustin,Argentina,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18896,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.airedesantafe.com.ar/politica/ciberataque-la-comuna-san-agustin-hackearon-y-robaron-20-millones-pesos-n582643; https://www.facebook.com/comunadesanagustin/posts/833558102134318?ref=embed_post; https://www.lacapital.com.ar/la-region/ciberataque-hackearon-la-cuenta-una-comuna-santafesina-y-robaron-20-millones-n10130081.html; https://www.mdzol.com/sociedad/2024/4/24/ciberataque-hackearon-robaron-20-millones-una-comuna-la-dejaron-sin-fondos-para-el-pago-de-salarios-422554.html; https://www.mdzol.com/sociedad/2024/4/24/ciberataque-hackearon-robaron-20-millones-una-comuna-la-dejaron-sin-fondos-para-el-pago-de-salarios-422554.html; https://www.infobae.com/sociedad/policiales/2024/04/24/hackearon-la-cuenta-de-una-comuna-de-santa-fe-y-se-robaron-20-millones/; https://www.infobae.com/sociedad/policiales/2024/04/24/hackearon-la-cuenta-de-una-comuna-de-santa-fe-y-se-robaron-20-millones/,2024-04-24,2024-04-24
3403,North Korean state-sponsored APT Kimsuky stole technical data from unnamed South Korean defence company via email hack from April to July 2023,"As reported on 23 April 2024 by the South Korean National Police Agency, the North Korean APT, Kimsuky, stole technical data from an unnamed South Korean defence company from April to July 2023, as part of a year-and-a-half-long coordinated espionage campaign alongside two other North Korean APTs, Lazarus and Andariel.
To achieve the data theft, Kimsuky gained access to files sent via email to and from an unnamed defence company. Kimsuky allegedly abused an in-house vulnerability (or multiple vulnerabilities) that enabled unauthorized actors to download large files sent via email without logging in, allowing them to steal technical data from the company.
According to the National Police Agency, the aforementioned year-and-a-half-long campaign that the Kimsuky hack took place within ultimately affected 10 South Korean defence organisations. ",2023-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,Not available,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Defence industry,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18894,2024-04-23 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Korean National Police Agency (KNPA),Not available,"Korea, Republic of",Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.police.go.kr/viewer/skin/doc.html?fn=3c9dc697-f005-4acf-ba8a-511195ac72f9.hwpx&rs=/viewer/202404,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"https://securityaffairs.com/162193/apt/north-korea-south-korean-defense-contractors.html; https://therecord.media/south-korean-defense-companies-cyber-espionage-north-korea; https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/; https://sp.yna.co.kr/view/ASP20240423001500883; https://sp.yna.co.kr/view/ASP20240423001500883; https://www.seoulfocus.kr/news/articleView.html?idxno=156782; https://www.newscj.com/news/articleView.html?idxno=3132639; https://www.ntv.com.tr/dunya/kuzey-koreden-guney-kore-savunma-sistemlerine-saldiri,RJQtQl6gR0GNpyutNUPdTg; https://www.etnews.com/20240423000390; https://www.siminilbo.co.kr/news/newsview.php?ncode=1160293172337217; https://www.police.go.kr/viewer/skin/doc.html?fn=3c9dc697-f005-4acf-ba8a-511195ac72f9.hwpx&rs=/viewer/202404; https://www.dailysecu.com/news/articleView.html?idxno=155426; https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html; https://research.checkpoint.com/2024/29th-april-threat-intelligence-report/",2024-04-24,2024-04-30
3410,Unknown hackers gained access to the Brazilian government's Siafi payment system and stole public funds,"Unknown hackers gained access to the Brazilian government's Siafi payment system and stole public funds, the newspaper Folha de S. Paulo reported for the first time on 22 April 2024.
According to unnamed sources, it is believed that the hackers pursued a month-long phishing campaign to steal a large number of passwords. They then used these passwords to gain access to Siafi's user authentication system. The Siafi payment system is designed to record, monitor and control budgetary, financial and asset payments.
Finance Minister Fernando Haddad is said to have told the newspaper that he was told that it was merely an authentication problem and that the incident had been concealed from cabinet members.",,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Hijacking with Misuse,Integrated Financial Management System (SIAFI),Brazil,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18903,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://brazilian.report/liveblog/politics-insider/2024/04/22/criminals-break-into-payments-system/,2024-04-24,2024-04-24
3406,Unknown hackers encrypted the network of the French municipality of Albi on 22 April 2024,"Unknown hackers encrypted the network of the French municipality of Albi on 22 April 2024, the municipality reported on the same day.",2024-04-22,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Municipality of Albi,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18901,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.centrepresseaveyron.fr/2024/04/23/services-touches-agence-nationale-sollicitee-plainte-la-mairie-dalbi-visee-par-une-cyberattaque-11908147.php; https://www.facebook.com/photo.php?fbid=826828279488478&set=a.554384726732836&type=3&ref=embed_post; https://www.ladepeche.fr/2024/04/23/la-ville-toujours-paralysee-par-une-attaque-informatique-de-grande-ampleur-11907816.php; https://france3-regions.francetvinfo.fr/occitanie/tarn/albi/attaque-informatique-a-la-ville-d-albi-une-plainte-deposee-les-services-municipaux-perturbes-2959580.html; https://www.zataz.com/cyberattaque-a-la-mairie-dalbi-services-perturbes-et-enquete-en-cours/; https://www.linformaticien.com/magazine/cybersecurite/972-hacks-menaces/61966-albi-immobilisee-par-une-cyberattaque.html; https://www.computerweekly.com/de/news/366582334/Die-Cyberangriffe-der-KW17-2024-im-Ueberblick; https://www.zdnet.fr/actualites/gravelines-albi-de-nouvelles-collectivites-francaises-victimes-dattaques-informatiques-391202.htm,2024-04-24,2024-05-02
3411,Unknown actors gained access to the user management portal of mobile device management company Mobile Guardian,"Unknown actors gained access to the user management portal of mobile device management company Mobile Guardian, reported the Singapore Ministry of Education on 19 April 2024.
According to the report, Mobile Guardian informed the Ministry of Education about the cyber incident on 17 April 2024, as the names and email addresses of parents and school staff from 5 primary schools and 122 secondary schools were also accessed. Mobile Guardian is a device management application (DMA) installed on students' personal learning devices that allows parents to manage their children's devices.",,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Mobile Guardian,Singapore,ASIA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Not available,Not available,Not available,,1,18930,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.moe.gov.sg/news/press-releases/20240419-no-sensitive-data-compromised--from-unauthorised-access-into-mobile-guardians-systems,2024-04-24,2024-04-24
3412,Iranian state-sponsored APT MuddyWater compromised various sectors from multiple countries from October 2023 until April 2024 using the RMM tool Atera Agent,"The Iranian state-sponsored APT MuddyWater compromised various sectors from multiple countries from October 2023 until April 2024 using the legitimate remote monitoring and management (RMM) tool Atera Agent. According to the report by HarfangLab from 22 April 2024, the following sectors were affected: Airlines, IT Companies, Telecommunication, Pharmaceutical, Automotive manufacturing, Logistics, Travel and Tourism, Employment/Immigration agency, as well as small businesses across Israel, India, Algeria, Turkey, Italy and Egypt.
Apart from the compromises, HangfulLab stated that they do not hold any information about the specific steps and actions MuddyWater takes once it has successfully deployed the Atera agent on a target system.
Given the start of the reported campaign, a nexus to the conflict between Israel and Hamas seems plausible, due to Iran's support for the latter.
",2023-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available,Egypt; Israel; Turkey; Algeria; Italy; India,MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA - ASIA; NATO; MEA - AFRICA; NAF; MENA - EUROPE; NATO; EU(MS) - ASIA; SASIA; SCO,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure,Civil service / administration; Transportation; ; Health; Telecommunications; Digital Provider - Civil service / administration; Transportation; ; Health; Telecommunications; Digital Provider - Civil service / administration; Transportation; ; Health; Telecommunications; Digital Provider - Civil service / administration; Transportation; ; Health; Telecommunications; Digital Provider - Civil service / administration; Transportation; ; Health; Telecommunications; Digital Provider - Civil service / administration; Transportation; ; Health; Telecommunications; Digital Provider,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,18929,2024-04-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,HarfangLab,,France,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://harfanglab.io/en/insidethelab/muddywater-rmm-campaign/?ref=news.risky.biz,Resources; International power; Secession,Resources; International power; Secession,Israel (Hamas et al.); Iran – Israel; Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://harfanglab.io/en/insidethelab/muddywater-rmm-campaign/?ref=news.risky.biz,2024-04-24,2024-04-25
3399,Unattributed hackers stole data from a Middle Eastern government using DonQuixote malware in February 2024,"Unattributed hackers stole data from a Middle Eastern government using DonQuixote malware in February 2024, the Russian IT security company Kaspersky reported on 18 April 2024.
In addition to the Middle Eastern government, other governments around the world, including in Asia-Pacific (APAC), Europe and North America, have also been targeted.",2024-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,Not available,Middle East (region),,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,18866,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.lineaedp.it/rubriche/sicurezza/dunequixote-preoccupa-gli-enti-governativi-mondiali/; https://www.kaspersky.com/about/press-releases/2024_new-dunequixote-cyberespionage-campaign-targets-governmental-entities-worldwide?campaign=tcid_admitad_7f2473c78605a6e88de527bdb607d308_43137_x4&ADDITIONAL_reseller=tcid_admitad_7f2473c78605a6e88de527bdb607d308_43137_x4&tagtag_uid=7f2473c78605a6e88de527bdb607d308; https://b2b-cyber-security.de/weltweite-kampagne-gegen-regierungsbehoerden-entdeckt/,2024-04-23,2024-04-23
3398,Unknown attackers gained access to the systems of Mexican banking service and department store Coppel on 14 April 2024,"Unknown hackers breached the systems of Coppel, a Mexican department store that also offers banking services under the name of BanCoppel, on 14 April 2024. As a result, around 6.5 million active user records are allegedly for sale on hacker forums. The records include contact information as well as credit card numbers and expiration dates.  
Cybersecurity experts are suspecting SEXi, a variant of the LockBit3 ransomware, behind the attack. ",2024-04-14,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Coppel - BanCoppel,Mexico; Mexico, - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Finance,MexicanMafia,Not available,Unknown - not attributed,,1,18864,2024-04-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,MexicanMafia,Not available,Not available,MexicanMafia,Not available,Unknown - not attributed,https://twitter.com/H4ckManac/status/1782287830485455117,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://diariodelyaqui.mx/nacional/video--hackeo-a-coppel-usuario-senala-que-le-borraron-la-deuda-abogado-les-tiene-noticias/82465; https://diariodelyaqui.mx/nacional/video--hackeo-a-coppel-usuario-senala-que-le-borraron-la-deuda-abogado-les-tiene-noticias/82465; https://www.ipsec.mx/en/blog/posible-ataque-de-ransomware-a-servidores-de-coppel/; https://twitter.com/H4ckManac/status/1782287830485455117; https://www.elfinanciero.com.mx/opinion/javier-murillo/2024/04/22/las-lecciones-del-ciberataque-a-coppel/; https://france3-regions.francetvinfo.fr/occitanie/tarn/albi/attaque-informatique-a-la-ville-d-albi-une-plainte-deposee-les-services-municipaux-perturbes-2959580.html; https://eltiempomonclova.mx/noticia/2024/tras-hackeo-a-coppel-advierten-sobre-fraude-de-phishing.html; https://www.elsiglodetorreon.com.mx/noticia/2024/todo-lo-que-se-sabe-del-hackeo-a-coppel.html; https://www.elsiglodetorreon.com.mx/noticia/2024/todo-lo-que-se-sabe-del-hackeo-a-coppel.html; https://www.elsiglodedurango.com.mx/noticia/2024/todo-lo-que-se-sabe-del-hackeo-a-coppel.html; https://www.elsoldemexico.com.mx/finanzas/coppel-reestablece-su-sistema-cuales-son-los-servicios-que-puedes-hacer-11819158.html#!; https://www.computerweekly.com/de/news/366582334/Die-Cyberangriffe-der-KW17-2024-im-Ueberblick,2024-04-23,2024-04-23
3397,The hacker group Hunters International stole 1.2 TB worth of data from the Taiwanese electronics manufacturer Chicony Electronics on 15 April 2024,"The hacker group Hunters International stole 1.2 TB worth of data from the Taiwanese electronics manufacturer Chicony Electronics on 15 April 2024, the company itself attributed in its announcement on its website on 22 April 2024.
The company also said that the stolen data was not important and there was no loss of personal information or confidential documents. ",2024-04-15,2024-04-15,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,Chicony Electronics,Taiwan,ASIA; SCS,Critical infrastructure,Critical Manufacturing,Hunters International,Not available,Non-state-group,Criminal(s),1,18862,2024-04-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Chicony Electronics,Not available,Taiwan,Hunters International,Not available,Non-state-group,https://www.ithome.com/0/763/375.htm,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.ithome.com/0/763/375.htm,2024-04-23,2024-04-23
3396,The Russian state-sponsored hacking group Sandworm attacked around 20 critical infrastructure facilities in Ukraine in March 2024 ,"According to a report from the Ukrainian Computer Emergency Response Team (CERT-UA), the Russian state-sponsored hacking group Sandworm (aka BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44) attacked around 20 critical infrastructures in Ukraine in March 2022. More precisely, Sandworm conducted operations to disrupt information and communication systems at energy, water, and heating suppliers in 10 regions of Ukraine. in some cases the hackers were able to infiltrate the targeted network by poisoning the supply chain to deliver compromised or vulnerable software, or through the software provider's ability to access organization's systems for maintenance and technical support. The hackers also combined previously documented malware with new malicious tools (BIASBOAT and LOADGRIP for Linux) to obtain access and move laterally on the network. Between 7 and 15 March 2024 CERT-UA engaged in extensive counter-cyberattack operations, which included informing affected enterprises, removing malware, and enhancing security measures.",2024-03-07,2024-03-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Critical infrastructure; Critical infrastructure,Energy; Water,"UAC-0133 < Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,1,18860,2024-04-19 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,"UAC-0133 < Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://cert.gov.ua/article/6278706,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-targeted-20-critical-orgs-in-ukraine/; https://www.ruhr24.de/politik/sandworm-hacker-russland-ukraine-news-sandwurm-cyber-angriff-it-sicherheit-malware-schadsoftware-93019813.html; https://cert.gov.ua/article/6278706,2024-04-23,2024-04-23
3395,Unknown hackers disrupted digital municipal services in the French town of Floirac in April 2024,"Unknown Hackers have disrupted the networks of the French town Floirac in the Département Gironde on 18 April 2024. The attack focussed on the town hall's servers, which brought the city's digital services to a standstill. 
In response, Floirac worked together with specialists of Bordeaux Métropole teams to remedy the effects of the attack. The city's digital services were restored on 20 April 2024.",2024-04-18,2024-04-20,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,"City of Floirac (Gironde, France)",France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18858,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.usine-digitale.fr/article/speedy-france-victime-d-une-cyberattaque-des-donnees-personnelles-compromises.N2211860; https://gettotext.com/a-small-french-town-paralyzed-by-a-cyberattack-that-deprives-residents-of-their-municipal-services/; https://www.facebook.com/floirac33270/posts/809461814552011?ref=embed_post; https://www.facebook.com/floirac33270/posts/810371801127679?ref=embed_post; https://www.computerweekly.com/de/news/366582334/Die-Cyberangriffe-der-KW17-2024-im-Ueberblick,2024-04-23,2024-04-23
3394,Russian state-sponsored hacking group APT28 exploits the Windows Print Spooler flaw CVE-2022-38028 with the previously unknown tool GooseEgg since at least June 2020,"The Russian state-sponsored hacking group APT28 (aka Fancy Bear or Forest Blizzard, formerly tracked as Strontium) was observed exploiting the Windows Print Spooler flaw (CVE-2022-38028) with the previously unknown tool GooseEgg since at least June 2020. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions. Microsoft observed APT28 using this tool in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America. APT28 deployed GooseEgg to gain elevated access to target systems and steal credentials and sensitive information. The vulnerability CVE-2022-38028 was addressed with the release of Microsoft October 2022 Patch Tuesday security updates and reported by the U.S. National Security Agency. ",2020-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking with Misuse,Not available - Not available - Not available,North America; Ukraine; Western Europe, - EUROPE; EASTEU - ,State institutions / political system; Critical infrastructure; Social groups; Education - State institutions / political system; Critical infrastructure; Social groups; Education - State institutions / political system; Critical infrastructure; Social groups; Education,Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations);  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations);  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,18856,2024-04-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft Security Intelligence,United States,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/162154/apt/apt28-gooseegg-tool-win-bug.html; https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/; https://therecord.media/russia-gru-malware-gooseegg-microsoft; https://www.bleepingcomputer.com/news/security/microsoft-russian-apt28-hackers-exploit-windows-flaw-reported-by-nsa-using-gooseegg-tool/; https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/; https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html; https://www.01net.com/actualites/pirates-russes-exploitent-faille-windows-voler-mots-passe.html; https://www.cybersecurity360.it/news/gooseegg-il-malware-dei-filorussi-di-apt28-che-ruba-credenziali-di-accesso-dei-sistemi-windows/; https://securityaffairs.com/162295/hacking/cisa-adds-microsoft-windows-print-spooler-flaw-to-its-known-exploited-vulnerabilities-catalog.html; https://www.security-insider.de/schwachstelle-cve-2022-38028-russische-hacker-windows-luecke-malware-angriffe-a-b9450c76a680e205cca80175c6069241/,2024-04-23,2024-05-02
3388,Chinese State-Affiliated Hacker Group Presumably Compromised 19.000 Confidential Files Of German Manufacturing Company Volkswagen Between 2010 And 2015,"According to research by German public-service television broadcaster 'ZDF' and German news outlet 'Spiegel', Volkswagen AG was targeted in a cyber attack orchestrated by suspected Chinese state hackers between 2010 and 2015. During this timeframe, several attacks occurred, affecting not only Volkswagen but also its subsidiaries Audi and Bentley. It is estimated that approximately 19,000 confidential files were potentially stolen during these attacks. These files primarily contained information on drive technologies such as petrol engines, transmissions, and dual clutches, as well as future-oriented fields like electromobility and fuel cells.
Volkswagen confirmed the information regarding the cyber attacks but refrained from commenting on the attribution of the perpetrators. According to the research, the IP addresses associated with the hackers pointed to the Chinese military intelligence service. Moreover, the utilization of espionage software such as ""PlugX"" and ""China Chopper"" further suggests the involvement of Chinese state hackers.
Volkswagen reportedly became aware of the attack on 3 June 2014, and responded by shutting down large parts of its network on 24 April 2015. Additionally, measures were taken to delete data from over 90 servers in response to the breach.",2010-01-01,2015-04-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,Volkswagen - Audi - Bentley,Germany; Germany; United Kingdom,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure - Critical infrastructure - Critical infrastructure,Critical Manufacturing - Critical Manufacturing - Critical Manufacturing,Not available,China,State,,1,18845; 18845,2024-04-20 00:00:00; 2024-04-20 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution,Der Spiegel; ZDF,Not available; Not available,Not available; Not available,Not available; Not available,China; China,State; State,https://www.zdf.de/nachrichten/wirtschaft/volkswagen-china-hacking-industriespionage-emobilitaet-100.html; https://www.spiegel.de/netzwelt/web/volkwagen-vw-konzern-wurde-jahrelang-ausspioniert-von-china-a-f9971315-c342-42b5-b97b-8650b91d60d4,,,,,,0,,,,,,,,,,,False,,Not available,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.heise.de/news/Industriespionage-VW-jahrelang-Ziel-mutmasslich-chinesischer-Angreifer-9692407.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.zdf.de/nachrichten/wirtschaft/volkswagen-china-hacking-industriespionage-emobilitaet-100.html; https://www.spiegel.de/netzwelt/web/volkwagen-vw-konzern-wurde-jahrelang-ausspioniert-von-china-a-f9971315-c342-42b5-b97b-8650b91d60d4; https://www.sondakika.com/teknoloji/haber-volkswagen-cinli-hackerlarin-hedefinde-17257119/; https://shiftdelete.net/volkswagen-cin-hacker; https://www.heise.de/news/Montag-Chipdesigner-Jim-Keller-als-KI-Verfechter-Rueckruf-des-Tesla-Cybertruck-9692831.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.inside-it.ch/vw-gibt-uralt-hack-zu-20240422; https://ekonomi.haber7.com/ekonomi/haber/3418916-volkswageni-5-yil-boyunca-soymuslar-ne-var-ne-yok-gitmis; https://research.checkpoint.com/2024/29th-april-threat-intelligence-report/,2024-04-22,2024-04-25
3387,Unknown Nation State Actor Gained Access Into A Research And Prototyping Network (NERVE) Of The American MITRE Corporation In January 2024,"An unknown state actor gained access to the Networked Experimentation, Research, and Virtualization Environment (NERVE) of the MITRE Corporation in January 2024.
The attacker exploited several zero-day exploits in the Ivanti Connect Secure VPN software in order to access the NERVE system. In addition, a combination of sophisticated backdoors and webshells were used to harvest credentials.
The investigation into the incident is still ongoing and the extent is not yet known. MITRE disclosed the incident on 19 April 2024.",2024-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,MITRE Corporation,United States,NATO; NORTHAM,Other,,Not available,Not available,State,,1,18846,2024-04-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,MITRE Corporation,Not available,United States,Not available,Not available,State,https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks; https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/162045/security/mitre-security-breach-ivanti-zero-days.html; https://www.bleepingcomputer.com/news/security/mitre-says-state-hackers-breached-its-network-via-ivanti-zero-days/; https://therecord.media/mitre-breached-ivanti-zero-days; https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks; https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8; https://www.lemondeinformatique.fr/actualites/lire-mitre-victime-d-exploit-de-failles-ivanti-par-un-cybergang-etatique-93545.html; https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/; https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html; https://www.heise.de/news/Each-one-teach-one-Mitre-Organisation-gibt-Einblicke-in-Cyberattacke-9693285.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-april-22-april-28,2024-04-22,2024-04-25
3390,"LockBit Ransomware Gang Leaked D.C. Department of Insurance, Securities and Banking Data After Gaining Access to Texas-Based Cloud Provider Tyler Technologies' Systems in Late March 2024","The LockBit ransomware gang claimed it attacked the Washington, D.C. Department of Insurance, Securities and Banking (DISB) and allegedly stole 800GB of data on 13 April 2024. However, DISB clarified that the data breach originated from a third-party technology provider, Texas-based Tyler Technologies. LockBit threatened to leak 1GB of data to escalate ransom negotiations. DISB redirected inquiries to a statement and declined further comment. Tyler Technologies reported unauthorized access to their cloud infrastructure storing DISB's data and initiated an investigation. They confirmed data leakage and engagement with law enforcement but did not disclose ransom negotiation details.",2024-03-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,"D.C. Department of Insurance, Securities and Banking (DISB) - Tyler Technologies",United States; United States,NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - Critical infrastructure,Civil service / administration - Digital Provider,LockBit,Not available,Non-state-group,Criminal(s),1,18843,2024-04-13 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,LockBit,Not available,Non-state-group,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.heise.de/news/Erneuter-Cyberangriff-auf-Uni-in-Duesseldorf-und-mehr-9691398.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/dc-city-agency-ransomware-attack-lockbit; https://www.tylertech.com/sir-586-0324#34164217-how-did-this-happen; https://x.com/BrettCallow/status/1779191348610081235; https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/,2024-04-22,2024-04-23
3391,Unknown Attacker Deploys Ransomware On Systems Of Swiss BKW Subsidiary Swisspro in April 2024,"An unknown attacker infiltrated Swisspro's IT environment with ransomware at the beginning of April 2024. The company confirmed this to inside-it.ch, a Swiss IT magazine. It was also assured that the operational IT environment of both Swisspro and other BKW companies was not affected.
The Swiss company Swisspro offers customers IT services under the umbrella of BKW Building Solutions. These include cloud hosting and data centre services, which it also offers to the public sector.",2024-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Hijacking with Misuse; Ransomware,Swisspro AG,Switzerland,EUROPE; WESTEU,Critical infrastructure,Digital Provider,Not available,Not available,Not available,,1,18840,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.inside-it.ch/cyberangriff-auf-swisspro-tochter-von-bkw-20240419; https://www.netzwoche.ch/news/2024-04-22/swisspro-gruppe-wird-opfer-eines-ransomware-angriffs; https://www.netzwoche.ch/news/2024-04-22/swisspro-gruppe-wird-opfer-eines-ransomware-angriffs; https://www.computerweekly.com/de/news/366582334/Die-Cyberangriffe-der-KW17-2024-im-Ueberblick,2024-04-22,2024-04-22
3393,Unidentified Hacker Exploited Token Claim Contracts Of DeFi Platform Hedgey Finance And Stole $42.8 Million Worth Of Arbitrum Tokens on 19 April 2024 ,"Hedgey Finance, a notable DeFi platform, faced dual exploits from an unidentified threat actor, resulting in a significant loss of $44.7 million across both the Arbitrum and Ethereum platforms on April 19, 2024. The attack targeted Hedgey Protocol on both chains, with $42.8 million stolen on Arbitrum and an additional $1.9 million on Ethereum. Suspicious addresses implicated in the breach were identified by Cyvers Alerts.
In response, Hedgey Protocol promptly issued a security alert through its official channels and initiated a thorough investigation to understand the breach's root cause. Hedgey Finance confirmed the exploit and took proactive steps by reaching out to the initiator via Etherscan. ",2024-04-19,2024-04-19,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Hedgey Finance,United States,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18848,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,,,,,,0,,,,,,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/hedgeyfinance/status/1781400318644810138; https://cointelegraph.com/news/hedgey-protocol-44-million-exploit?ref=news.risky.biz,2024-04-22,2024-04-22
3386,Unknown Threat Actors Disrupted The Website Of The German Police Of Saxony Through A DDoS Attack On 28 September 2023,"On 28 September 2023, the website of the Saxon police, including its online precinct, was the target of a DDoS attack. This attack, which was carried out via a criminal online platform, flooded the server with requests, making the police website temporarily inaccessible. Despite the thirty-minute interruption, no sensitive data of individuals or organisations was at risk. 
Following an in-depth investigation led by the Dresden Public Prosecutor General's Office, the Cybercrime Competence Centre of the Saxony State Criminal Police Office successfully shut down a criminal online platform operating in Germany and abroad on 17 April 2024 as part of the international Operation ""PowerOFF"" in cooperation with a US law enforcement agency. The IT infrastructure used by the perpetrators to carry out DDoS attacks was thus dismantled.
The online platform enabled users to buy DDoS attacks with cryptocurrencies, which led to the disruption of various online services, including the Saxony police website. Operation PowerOFF, which was initiated in 2022 by the US law enforcement agencies, Europol, the German Federal Criminal Police Office, the Dutch National Police Corps, the British NCA and the Polish Cybercrime Police, aims to combat internet services that offer DDoS attacks.",2023-09-28,2023-09-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,Saxony State Police,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Police,Not available,Not available,Not available,,1,18942,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,True,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bild.de/regional/sachsen/cyberkriminalitaet-nach-ddos-attacke-polizei-hackt-cyber-kriminelle-66210439bbc09b2efe14ddcc; https://www.polizei.sachsen.de/de/MI_2024_105853.htm; https://www.heise.de/news/DDoS-Plattform-von-internationalen-Strafverfolgern-abgeschaltet-9691053.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag,2024-04-19,2024-04-25
3385,Belarusian Cyberpartisans disrupted the heating system of the Belarusian chemical plant Hrodna Azot on 17 April 2024,"Belarusian Cyberpartisans disrupted the heating system of the Belarusian chemical plant Hrodna Azot on 17 April 2024, the hacktivists claimed on their Telegram channel.
In addition, the hacker group claimed to have penetrated the website, email inbox, hundreds of workstations, servers, security systems and cameras. The website is indeed inaccessible.
As part of the cyber incident, the hacker group demanded the release of all political prisoners working for the chemical plant.",2024-04-17,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Grodno Azot,Belarus,EUROPE; EASTEU; CSTO,Critical infrastructure,Chemicals,Belarusian Cyber-Partisans,Belarus,Non-state-group,Hacktivist(s),1,18941,2024-04-17 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Belarusian Cyber Partisans,Not available,Belarus,Belarusian Cyber-Partisans,Belarus,Non-state-group,https://t.me/cpartisans_by/1385,System / ideology; National power,System/ideology; National power,Belarus (opposition); Belarus (opposition),Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.rferl.org/a/belarus-cyberpartisans-hackers-prisoners-protests/32911367.html; read://https_www.svaboda.org/?url=https%3A%2F%2Fwww.svaboda.org%2Fa%2F32910844.html; https://t.me/cpartisans_by/1385; https://therecord.media/belarus-cyber-partisans-fertilizer-hack-lukashenko,2024-04-19,2024-04-29
3384,A cybercrime group gained access to the computer system of U.S. telecommunication company Frontier Communications beginning at least on 14 April 2024,"A cybercrime group gained access to the computer system of U.S. telecommunication company Frontier Communications beginning at least on 14 April 2024, reported the company itself on 15 April 2024.",2024-04-14,2024-04-15,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Frontier Communications,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Non-state-group,Criminal(s),1,18940,2024-04-15 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Receiver attributes attacker,Frontier Communications,Not available,United States,Not available,Not available,Non-state-group,https://www.sec.gov/ix?doc=/Archives/edgar/data/20520/000119312524100764/d784189d8k.htm,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/telecom-giant-frontier-cyberattack-sec; https://www.sec.gov/ix?doc=/Archives/edgar/data/20520/000119312524100764/d784189d8k.htm; https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/,2024-04-19,2024-04-25
3383,Argentine National Road Safety Agency hacked and database with 6 million files stolen,"Unnamed ""professional hackers"" stole 6 million files from the Argentinian National Road Safety Agency (ANSV) related to drivers' licences, on 17 April 2024. Though the files were described by the government as ""non-sensitive,"" the drivers' licences nevertheless contain ""key identifiers"" and experts worry that the licences, when misused, can be used for malicious activities, such as identity theft or fraudulent banking activities. The hackers demanded $3000 USD from victims to return each licence.
Among victims of the database theft are a number of high-profile individuals, including celebrities and President Javier Milei.",2024-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,Argentinian National Road Safety Agency,Argentina,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Non-state-group,Criminal(s),1,18801,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://www.elesquiu.com/nacionales/2024/4/17/hackeo-de-licencias-de-conducir-que-dijeron-desde-la-agencia-nacional-de-seguridad-vial-511490.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.maracodigital.net/Hackeo-a-la-base-de-datos-de-licencias-de-conducir-piden-usd-3000-para-devolverlas.html; https://www.maracodigital.net/Hackeo-a-la-base-de-datos-de-licencias-de-conducir-piden-usd-3000-para-devolverlas.html; https://www.elesquiu.com/nacionales/2024/4/17/hackeo-de-licencias-de-conducir-que-dijeron-desde-la-agencia-nacional-de-seguridad-vial-511490.html; https://www.elesquiu.com/nacionales/2024/4/17/hackeo-de-licencias-de-conducir-que-dijeron-desde-la-agencia-nacional-de-seguridad-vial-511490.html; https://www.losprimeros.tv/noticias/2024/04/17/262695-piden-usd-3000-para-devolver-los-datos-hackeados-en-millones-de-licencias-de-conducir; https://www.losprimeros.tv/noticias/2024/04/17/262695-piden-usd-3000-para-devolver-los-datos-hackeados-en-millones-de-licencias-de-conducir; https://www.ansa.it/canale_motori/notizie/mondo_motori/2024/04/17/argentinahacker-svuotano-database-patenti-pure-quella-di-milei_7fd2c3f6-bcc6-452f-b2bf-43de3cad18cc.html; https://www.eldia.com/nota/2024-4-16-15-42-0-ciberataque-robaron-la-base-de-datos-con-mas-de-cinco-millones-de-licencias-de-conducir-politica-y-economia-policiales; https://www.eldiariodecarlospaz.com.ar/nacionales/2024/4/17/hackearon-la-base-de-datos-de-licencias-de-conducir-200698.html; https://www.eldiariodecarlospaz.com.ar/nacionales/2024/4/17/hackearon-la-base-de-datos-de-licencias-de-conducir-200698.html; https://www.minutouno.com/sociedad/licencia-conducir/hackeo-licencias-conducir-cuanta-plata-piden-el-carnet-javier-milei-y-otros-famosos-n5982615; https://www.elterritorio.com.ar/noticias/2024/04/18/824439-el-gobierno-nego-un-hackeo-o-una-filtracion-masiva-de-datos-del-registro-nacional-de-las-personas; https://www.infozona.com.ar/hackeo-a-renaper-que-datos-personales-estan-comprometidos/; https://www.canal12misiones.com/noticias-de-misiones/sociedad/afip-en-alerta-sobre-una-nueva-estafa-con-correos-electronicos; https://www.ambito.com/informacion-general/afip-alerta-una-nueva-estafa-correos-electronicos-n5984609; https://www.tiempoar.com.ar/ta_article/tras-un-hackeo-masivo-venden-en-telegram-las-licencias-de-conducir-de-6-millones-de-personas-incluidos-milei-y-sus-ministros/; https://www.infobae.com/politica/2024/04/30/un-bot-de-telegram-exhibe-datos-de-millones-de-personas-por-el-hackeo-a-las-licencias-de-conducir/,2024-04-18,2024-05-02
3382,"Cherry Health hit by ransomware attack and data theft, impacting 185,000 victims, on 21 December 2023","Cherry Health, a Michigan (USA)-based healthcare facility, stated in a regulatory filing on 17 April 2024 that it was the victim of a ransomware attack on 21 December 2023, which led to the theft of sensitive data from upwards of 185,000 people, which the company then contacted in the following months to offer credit monitoring and other services. Despite the attack taking place on 21 December, the attack was only detected days later, on 24 December. In the attack, unknown hacker(s) gained access to credit card information, social security numbers, and passwords of the victims.",2023-12-21,2024-12-21,Attack on critical infrastructure target(s),,Incident disclosed by victim; Incident disclosed by authorities of victim state,Data theft; Ransomware,Cherry Health,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,18800,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/cherry-health-ransomware-michigan; https://cherryhealth.org/wp-content/uploads/2024/01/Patient-Communication-Notice-for-Website_1.24.24_ENG-SPAN.pdf; https://apps.web.maine.gov/online/aeviewer/ME/40/2b5a149e-ee5d-4199-9149-ca4d19ec7515.shtml; https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/,2024-04-18,2024-04-19
3380,The state-sponsored threat actor UTA0218 compromised firewall devices using a zero-day vulnerability in the associated PAN-OS software of unspecified organisations beginning on 26 March 2024,"The state-sponsored threat actor UTA0218 compromised firewall devices using a Zero-day vulnerability in the associated PAN-OS software of unspecified organisations beginning on 26 March 2024, the US IT security firm Volexity attributed with high confidence on 12 April 2024.
The hacker group exploited the vulnerability (CVE-2024-3400) in the GlobalProtect feature in the Palo Alto Networks PAN-OS software of its firewall devices. They also created a reverse shell and downloaded additional tools to the compromised device, exfiltrated configuration data and used the firewall device as an entry point to gain further access to the network. The hacker group also tried to use the Python backdoor UPSTYLE. They also managed to extract sensitive credentials such as the Active Directory database, Windows event logs, login data, cookies and local state data.
The network security monitoring (NSM) customers of Palo Alto Networks were affected.",2024-03-26,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Not available,,Unknown,,UTA0218,Not available,"Non-state actor, state-affiliation suggested",,1,18799,2024-04-12 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Volexity,Volexity,United States,UTA0218,Not available,"Non-state actor, state-affiliation suggested",https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/?ref=labs.watchtowr.com,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/161936/hacking/exploit-code-cve-2024-3400-palo-alto-pan-os.html; https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/?ref=labs.watchtowr.com,2024-04-18,2024-04-22
3378,"Russian ransomware group FIN7 targeted unnamed American automotive manufacturer in a phishing campaign, late 2023","According to the BlackBerry Research & Intelligence Team, the Russian ransomware group FIN7 targeted a ""large, multinational"" US-based automotive manufacturer at the end of 2023. The group is also tracked as Carbon Spider, ELBRUS, and Sangria Tempest, and is also linked to other ransomware groups such as AlphV/BlackCat.
Researchers noted that the campaign was in-line with FIN7's shift to ""big game hunting"" that has been seen in recent years. According to the report published on 17 April 2024, FIN7 used a phishing campaign utilizing typosquatting, directing employees to a ""free IP scanner,"" which then redirected to a malicious download of an executable. The campaign targeted members of the IT department for the manufacturer in order to use the executable to install the Annuak backdoor into infected systems and to ""live off the land."" Once in the systems, FIN7 also gathered user information as part of their establishing persistence.
Researchers state that the ""final stage"" of the plan was to use this backdoor to then install ransomware, but the attack was discovered and stopped before this final stage.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,FIN7/Carbon Spider/ELBRUS/Sangria Tempest,Russia,Non-state-group,Criminal(s),1,18798,2024-04-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,BlackBerry Research and Intelligence Team,BlackBerry Research and Intelligence Team,United States,FIN7/Carbon Spider/ELBRUS/Sangria Tempest,Russia,Non-state-group,https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/fin7-targets-american-automakers-it-staff-in-phishing-attacks/; https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry; https://securityaffairs.com/162014/cyber-crime/fin7-targeted-u-s-carmaker.html; https://therecord.media/cybercriminals-targeted-carmaker-blackberry; https://thehackernews.com/2024/04/fin7-cybercrime-group-targeting-us-auto.html; https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/,2024-04-18,2024-04-22
3375,The TA558 cybercrime group stole data from over 300 computer systems in various countries and sectors since at least 2018,"The TA558 cybercrime group employed steganography in over 300 attacks on various countries across multiple sectors since at least 2018. 
The information about TA558 comes from research by the Russian cyber security provider positive technologies. According to their findings, TA558 concentrates its attacks on Latin America, but European and Asian countries are also among the victims. Many of the attacks were carried out using malicious code embedded in images and RTF documents, so-called steganography attacks.
This cyber incident was already addressed last year by some companies and individuals in the IT security community, but the Positive Technologies report expanded on the targets attacked and the countries affected.",2023-06-15,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s); Attack on critical infrastructure target(s)",; ; ; ,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Brazil; Argentina; Serbia; Chile; Slovenia; Thailand; Turkey; Guatemala; Indonesia; Bulgaria; Mexico; Costa Rica; Dominican Republic; Ecuador; Germany; Poland; Korea, Republic of; United States; Peru; Uruguay; North Macedonia; Czech Republic; Colombia; Russia; India; Romania; Pakistan; Lebanon; Morocco; Algeria; Spain",SOUTHAM - SOUTHAM - EUROPE; BALKANS; WBALKANS - SOUTHAM - EUROPE; BALKANS; NATO; EU(MS) - ASIA; SEA - ASIA; NATO; MEA - CENTAM - ASIA; SCS; SEA - EUROPE; BALKANS; NATO; EU(MS) -  - CENTAM -  -  - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); EASTEU - ASIA; SCS; NEA - NATO; NORTHAM - SOUTHAM - SOUTHAM - EUROPE; BALKANS; NATO; WBALKANS - EUROPE; NATO; EU(MS); EASTEU - SOUTHAM - EUROPE; EASTEU; CSTO; SCO - ASIA; SASIA; SCO - EUROPE; BALKANS; NATO; EU(MS) - ASIA; SASIA; SCO - ASIA; MENA; MEA - AFRICA; NAF; MENA - AFRICA; NAF; MENA - EUROPE; NATO; EU(MS),State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Education,Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health;  - Civil service / administration; Energy; Religious; ; Health; ,TA558,Not available,Non-state-group,Criminal(s),2,18792; 18793,2024-04-15 00:00:00; 2023-08-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,Positive Technologies; Ankit Anubhav,Positive Technologies; ,Russia; Not available,TA558; TA558,Not available; Not available,Non-state-group; Unknown - not attributed,https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/#id12,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.govinfosecurity.com/steganography-campaign-targets-global-enterprises-a-24873; https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/#id12; https://twitter.com/ankit_anubhav/status/1689585087267188736; https://twitter.com/0xToxin/status/1708722097885679688; https://www.metabaseq.com/ta588/; https://cyble.com/blog/threat-actor-employs-powershell-backed-steganography-in-recent-spam-campaigns/,2024-04-17,2024-04-18
3373,"Unknown actor stole data from the United Nations Development Programme, 27 March 2024","The United Nations Development Programme (UNDP) was the victim of data theft when an unknown actor stole data from a server within its UN City (Copenhagen) office on 27 March 2024. 
The UNDP stated that data stolen included personal information regarding hiring and human resources, and as a result of the threat notification alerting the office to the theft, the UNDP took steps to contain the relevant server, and the office further contacted affected parties to inform them of the breach in order to ""protect their personal information from misuse.""",2024-03-27,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,United Nations Development Programme,Norway,EUROPE; NATO; NORTHEU,International / supranational organization,,Not available,Not available,Not available,,1,18790,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.undp.org/speeches/undp-investigates-cyber-security-incident; https://therecord.media/un-agency-data-stolen-ransomware-attack; https://www.thenewhumanitarian.org/newsletter/2024/04/17/inklings-cyber-attack-exposes-un-data; https://www.securityweek.com/united-nations-agency-investigating-ransomware-attack-involving-data-theft/; https://cyberscoop.com/undp-data-stolen-ransomware/; https://securityaffairs.com/162025/cyber-crime/undp-investigates-data-breach.html; https://www.bleepingcomputer.com/news/security/united-nations-agency-investigates-ransomware-attack-claimed-by-8Base-gang/; https://www.heise.de/news/Erneuter-Cyberangriff-auf-Uni-in-Duesseldorf-und-mehr-9691398.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/,2024-04-17,2024-04-22
3374,"Unknown hackers stole data from Heinrich Heine Universität (HHU) in Düsseldorf, Germany, in mid-March 2024","The Heinrich Heine Universität (HHU) in Düsseldorf, Germany, was the victim of data theft in mid-March 2024.
According to the university, the hackers gained access to the university's systems through the use of stolen access data, enabling them to access two datasets: one dataset regarding examinations (incl. exam questions, grades, and names of examinees), which the university stated was accessed, but no data was stolen.
The second dataset accessed also included data theft. According to HHU, the stolen data included personal information of students and employees, including names, email addresses, and institutional affiliation.
As a result of the theft, HHU shut down the affected server the day after the incident.",2024-03-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft,Heinrich Heine University (HHU) Düsseldorf,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,18794,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.hhu.de/news-einzelansicht/hackerangriff-auf-it-systeme-der-hhu; https://www.heise.de/news/Erneuter-Cyberangriff-auf-Uni-in-Duesseldorf-und-mehr-9691398.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag,2024-04-17,2024-04-18
3376,"Medusa ransomware group stole 85GB of data and disrupted systems of the Solano County Library (California, USA) on 5 April 2024","The Medusa ransomware gang claimed the Solano County Library as one of its victims in a ransomware attack in which 85GB of data were stolen on 5 April 2024. 
The attack also disrupted the services of the library; WiFi, computer services, phone lines, and internal records-keeping services were all rendered inaccessible by the attack, with the computers being down for over a week. As of 15 April 2024, they were still down. 
The group demanded a $100,000 payment for them to not release the data stolen during the attack, which is believed to include personal data of patrons of the library, as well as employees.",2024-04-05,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Ransomware,Solano County Library,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),2,18795; 18796,2024-04-12 00:00:00; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,Medusa Ransomware Group; Medusa Ransomware Group,Not available; Not available,Not available; Not available,Medusa Ransomware Group; Medusa Ransomware Group,Not available; Not available,Non-state-group; Non-state-group,https://www.vallejosun.com/cyberattack-cripples-solano-county-library-computer-system/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.vallejosun.com/cyberattack-cripples-solano-county-library-computer-system/,2024-04-17,2024-04-30
3377,The Ukrainian hacker group Cyber Resistance stole personal data of the Chief Executive Officer (CEO) of the Russian drone manufacturer Albatros,"The Ukrainian hacker group Cyber Resistance gained access to the personal data of the Chief Executive Officer (CEO), Alexei Florov, of the Russian drone manufacturer Albatros and stole it, reported InformNapalm on 15 April 2024, which cooperated with the hacker group.
The hacker group is said to have stolen more than 100 GB worth of information and classified data, including internal documentation, technical data, drawings of a variety of unmanned aerial vehicles (UAVs), information on circumventing international sanctions and information on the production of the Iranian kamikaze drones Shahed 136, also known as Geranium-2.
The cyber incident and InformNapalm's claims have not been verified by Recorded Future.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,"Albatros - Alexei Florov (Chief Executive Office of Albatros, Russia)",Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure,Defence industry - Defence industry,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,Hacktivist(s),1,18797,2024-04-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cyber Resistance aka the Ukrainian Cyber Alliance,Not available,Ukraine,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,https://t.me/cyberResistanceUA/397,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://informnapalm.org/ua/cybint-zlam-rosiiskoho-vyrobnyka-bpla-part-1/; https://t.me/cyberResistanceUA/397,2024-04-17,2024-04-19
3372,The Medusa ransomware group gained access to the Paducah Dermatology Clinic in Kentucky and stole a variety of information in the last days of March,"The Medusa ransomware group gained access to the Paducah Dermatology Clinic in Kentucky and stole a variety of information in the last days of March, the ransomware group published on its website in early April.
The independent organization SuspectFile investigated this cyber incident and found various stolen information that affected patients and employees. SuspectFile wrote that the hackers probably gained access via Remote Desktop Control (RDP) due to weak credentials or stolen credentials and demanded 100,000 US dollars worth of Bitcoins by 13 April 2024 if the stolen information is not to be deleted.",2024-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Paducah Dermatology,United States,NATO; NORTHAM,Critical infrastructure,Health,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,18789,2024-04-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.suspectfile.com/ky-paducah-dermatology-affected-by-medusa-ransomware-group-ransom-demand-stands-at-100000/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://research.checkpoint.com/2024/15th-april-threat-intelligence-report/; https://www.suspectfile.com/ky-paducah-dermatology-affected-by-medusa-ransomware-group-ransom-demand-stands-at-100000/,2024-04-16,2024-04-18
3371,"Unknown actors hit Pak Suzuki Motor Company Limited (PSMCL), Pakistan, with a cyberattack leaking corporate data on 9 April 2024","On 9 April 2024 Pak Suzuki Motor Company Limited (PSMCL), Pakistan, discovered that corporate data has been leaked due to a cyberattack. They published their finding in a stock filing on 15 April 2024.",2024-04-09,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,Pak Suzuki Motor Company Limited (PSMCL),Pakistan,ASIA; SASIA; SCO,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,18788,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.brecorder.com/news/40298563; https://propakistani.pk/2024/04/15/pak-suzuki-hit-by-massive-cyber-attack/,2024-04-16,2024-04-18
3369,Unknown actors exfiltrated data from US-medical device company OraSure Technology in 2024,"According to a Form 8-K filling to the United States Security and Exchange Commission (SEC) from 10 April 2024, US-medical device company OraSure Technology was affected by a cyber incident, detected by the company around 27 March 2027. OraSure further stated that ""an unauthorized third party gained access to Company data from certain information systems"". At the time of the reporting, it was not clear which kind of information was affected. However, according to OraSure, its core financial and operational systems remained unaffected. 
Amongst others, OraSure developed the OraQuick test. It can detect HIV from a mouth swab in just 20 minutes.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft,OraSure Technology,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,18703,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.sec.gov/Archives/edgar/data/1116463/000119312524094797/d825009d8k.htm?ref=news.risky.biz,2024-04-15,2024-04-16
3368,The state-affiliated Ukrainian group Blackjack claimed to have disrupted IT-infrastructure of the Moscow sewage network communication company Moscollector since June 2023 with ICS malware Fuxnet,"The state-affiliated Ukrainian group Blackjack claimed to have disrupted IT-infrastructure of the Moscow sewage network communication company Moscollector since June 2023 with ICS malware Fuxnet. Ukrainian media agency Interfax-Ukraine first reported on the alleged hack at 9 April 2024, based on an ""informed source"". The source further corroborated that Blackjack successfully ""disabled 87,000 sensors of various warning systems throughout Moscow and in Moscow region. In addition, 70 servers and at least 90 terabytes of company data [emails, backups, and contracts] were destroyed."" Blackjack is said to be in close contact to Ukrainian Security Service SBU. 
In the following days, further media reports shared information by the attackers, who claimed to have ""permanently damaged some physical devices with the malware Fuxnet"". Furthermore, they stated to have destroyed about 1,700 sensor routers, sharing screenshots of their operation.
A report by Team82 Research & Claroty from 12 April 2024 downplayed those allegations: in contrast to the hacker's claims, the researchers are confident that the 87,000 remote sensors and IoT collectors dispersed across Moscow and beyond remain intact, with only 500 or more sensor gateways being damaged. The replacement of these gateways will require individual replacement or firmware re-flashing. ",2023-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption; Hijacking with Misuse,Moscollector,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Water,Blackjack (Security Service of Ukraine),Ukraine,"Non-state actor, state-affiliation suggested",,1,18709,2024-04-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Blackjack (SBU),Not available,Ukraine,Blackjack (Security Service of Ukraine),Ukraine,"Non-state actor, state-affiliation suggested",https://en.interfax.com.ua/news/telecom/979145.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://en.interfax.com.ua/news/telecom/979145.html; https://cybernews.com/news/ukrainian-hackers-hit-moscows-sewage-system/; https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware?ref=news.risky.biz; https://securityaffairs.com/161865/hacking/blackjack-ics-malware-fuxnet.html,2024-04-15,2024-04-29
3366,"Unknown threat actors compromised a database of the Dominican Ministry of Public Health and Social Welfare and stole more than 8,000 files on 13 April 2024","On 13 April 2024, unknown threat actors compromised the Covid-19 vaccination database of the Dominican Ministry of Public Health and Social Welfare which contains information from people who were vaccinated against Covid-19, during the various days by the Dominican State. Within this attack 8,000 files were stolen containing “name of people, telephone number, address” presumably with the purpose of selling them on the ́Dark Web. According to the sources, the data were stolen because the computers of the Ministry of Public Health are not protected with an updated antivirus that allows to protect these devices from unknown pages and links. ",2024-04-13,2024-04-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,Ministry of Public Health and Social Welfare (Dominica),Dominica,,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,18696,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://noticiassin.com/hackean-base-de-datos-de-salud-publica-y-sustraen-8-mil-archivos-de-vacunados-1622305/,2024-04-15,2024-04-15
3362,"Rhysidia Ransomware group hit Argentinian public health insurance company PAMI on 2 August 2023 disrupting several services, encrypting, stealing and leaking data in April 2024","On 2 August 2023 Argentinian public health insurance company PAMI was hit with ransomware disrupting the computer system of 5 million affiliates, their website and their app. The breach also resulted in operational setbacks, delays in medical procedures and treatments, and hindered access for employees. PAMI itself addressed the cyber incident the day after the attack in a public statement.
In the immediate aftermath of the attack, Rhysidia demanded 25 bitcoins, which is around $700 000, as a ransom. Around 20 August 2023, the ransomware gang Rhysidia exposed, that they had encrypted and stolen 831 GB of data. Though PAMI declared at the end of August, that they didn't pay the ransom as the stolen information only contained „loose work files“ rather than sensitive data, cybersecurity experts discovered references to sensitive medial records, such as cancer care details, lap reports and vaccinations. The data also contains information on medical centre audits, patient billing, financial records, employee CVs and supplier contracts. In the beginning of April 2024 the ransomware group leaked the stolen data.
PAMI (Programa de Atención Médica Integral) is managed by the Argentinian Ministry of Health and provides health coverage for retirees and members dependants.",2023-08-02,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft; Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,PAMI (Programa de Atención Médica Integral),Argentina,SOUTHAM,State institutions / political system; Critical infrastructure,Civil service / administration; Health,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,18694,2023-08-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://www.eltribuno.com/salta/policiales/2024-4-14-0-0-0-antecedentes-de-ataques-al-sistema-cibernetico-del-pami,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.eltribuno.com/salta/policiales/2024-4-14-0-0-0-antecedentes-de-ataques-al-sistema-cibernetico-del-pami,2024-04-15,2024-04-18
3361,Nation-state backed attackers exploit zero-day in Palo Alto`s firewall against unknown targets since 26 March 2024,"Nation-state backed attackers have exploited a severe zero-day vulnerability in Palo Alto's firewall against unknown targets since 26 March 2024, according to researchers from Volexity. The CVE-2024-3400 vulnerability was designated with the maximum severity rating of 10.0 and is already under active exploitation for at least two weeks now. It enables attackers without authentication to execute malicious code with root privileges. Upon exploiting the flaw, the threat actor was observed creating a cronjob that would run every minute to access commands hosted on an external server that would execute via bash. Researchers at cybersecurity firm Veloxity believe that the  actors attempted to deploy a second Python-based backdoor, which they refer to as UPSTYLE, on the vulnerable devices. This UPSTYLE backdoor was hosted at hxxp://144.172.79[.]92/update.py, but Unit42 observed a similar backdoor hosted at nhdata.s3-us-west-2.amazonaws[.]com. The last modification happened on 7 April 2024, according to the HTTP headers. According to Palo Alto, it fixed the issue ""hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions"" shortly after the disclosure. Volexity believes that there have been at least six incidents with the first attack being on 26 March 2024. 
Volexity further stated that it cannot tie the attacks to a specific threat group, but given the resources required, and the organizations targeted, the intruders are ""highly capable"" and likely backed by a nation-state. However, Volexity identified one group, tracked as UTA0218, that is leveraging the vulnerability in ""limited attacks"". The company has warned that the vulnerability CVE-2024-3400 may be subject to mass exploitation as more groups become aware of it. This is similar to recent zero-day vulnerabilities that have affected products from companies such as Ivanti, Atlassian, Citrix, and Progress in recent months. Cyber security research team VulDB identified actors possibly associated with North Korean state-affiliated hacking group Lazarus involved in the attacks.
Palo Alto tracks the post-exploitation activity under the moniker ""Operation MidnightEclipse"". ",2024-03-26,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,Palo Alto Networks,United States,NATO; NORTHAM,Critical infrastructure,Digital Provider,UTA0218,Not available,"Non-state actor, state-affiliation suggested",,1,18730,2024-04-12 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Volexity,,United States,UTA0218,Not available,"Non-state actor, state-affiliation suggested",https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://arstechnica.com/security/2024/04/highly-capable-hackers-root-corporate-networks-by-exploiting-firewall-0-day/; https://unit42.paloaltonetworks.com/cve-2024-3400/; https://therecord.media/vpn-zero-day-palo-alto-networks; https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-pan-os-firewall-zero-day-used-in-attacks/; https://www.bleepingcomputer.com/news/security/palo-alto-networks-zero-day-exploited-since-march-to-backdoor-firewalls/; https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/; https://therecord.media/palo-alto-networks-fixes-vpn-zero-day; https://www.dailysecu.com/news/articleView.html?idxno=155122; https://securityaffairs.com/161855/hacking/palo-alto-networks-pan-os-bug-known-exploited-vulnerabilities-catalog.html; https://www.bleepingcomputer.com/news/security/palo-alto-networks-fixes-zero-day-exploited-to-backdoor-firewalls/; https://securityaffairs.com/161844/apt/palo-alto-pan-os-python-backdoor.html; https://www.bleepingcomputer.com/news/security/exploit-released-for-palo-alto-pan-os-bug-used-in-attacks-patch-now/; https://thehackernews.com/2024/04/palo-alto-networks-discloses-more.html; https://www.bleepingcomputer.com/news/security/22-500-palo-alto-firewalls-possibly-vulnerable-to-ongoing-attacks/; https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/; https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html,2024-04-15,2024-04-24
3360,Dunghill Leak/Dark Angels ransomware gang claimed responsibility for ransomware attack and data theft on Dutch chip manufacturer Nexperia in March 2024,"The Dutch chip manufacturer Nexperia announced on 12 April 2024 that is was hit by ransomware involving data theft in March 2024. Local media outlets reported that large amounts of data may have been stolen. Nexperia is owned by a Chinese group since 2018 and a manufacturer of semiconductors as well as other electronic components. Nexperia stated that it launched an investigation and already notified the Dutch authorities. Private media RTL from the Netherlands noted that ""hundreds of gigabytes of sensitive information"" may have been stolen, threatened to be released by the attackers if the company denies the payment. 
On 10 April 2024 extortion group Dunghill Leak/Dark Angels ransomware gang claimed responsibility for the attack and aserted that they stole 1 TB of confidential data, leaking a sample of the alledgedly stolen files. Dunghill/Dark Angels states that the data contains 371 GB of design and product data, including QC, NDAs, trade secrets, technical specifications, confidential schematics, and production instructions. The data bundle als includes 246 GB of engineering data, including internal studies and manufacturing technologies, as well as 96 GB of commercial and marketing data, 41.5 GB of corporate data, including personal details on employees and 109 GB of client and user data, including brands such as SpaceX, IBM, Apple, and Huawei.
None of these claims have been verified yet. Dark Angels ransomware gang uses Dunghill Leak site for ransom demands.",2024-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,,Not available,Non-state-group,Criminal(s),1,18715,2024-04-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Dark Angel Ransomware Group,Not available,Not available,,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/chipmaker-nexperia-confirms-breach-after-ransomware-gang-leaks-data/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.lefigaro.fr/flash-eco/semi-conducteurs-un-fabricant-sino-neerlandais-victime-d-une-cyberattaque-20240413; https://www.infosecurity-magazine.com/news/chipmaker-nexperia-attack/; https://www.linformaticien.com/magazine/cybersecurite/61921-semi-conducteurs-nexperia-victime-d-une-cyberattaque.html; https://www.bleepingcomputer.com/news/security/chipmaker-nexperia-confirms-breach-after-ransomware-gang-leaks-data/; https://www.nexperia.com/about/news-events/press-releases/Press-statement--Nexperia-IT-Breach; https://securityaffairs.com/161888/cyber-crime/ransomware-dark-angels-nexperia.html,2024-04-15,2024-04-22
3358,Unknown threat actors targeted Slovenian government websites with DDoS attacks on 10 April 2024,"According to national media, unknown threat actors targeted Slovenian government websites with DDoS attacks starting on 10 April 2024. As a result, several websites of government institutions were inaccessible, including the Slovenian Central Bank, the Slovenian President, and the Constitutional Court. The website of the Statistics Office remains inaccessible on 12 April 2024.
Slovenian authorities acknowledged the situation and stated that measures were being taken to address the attacks. Prime Minister Robert Golob announced plans to increase funding and staffing to bolster the country's cybersecurity defenses against such attacks in the future.
",2024-04-10,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,President's Office (Slovenia) - Statistics Office (Slovenia) - Central Bank (Slovenia),Slovenia; Slovenia; Slovenia,EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS),State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,18786,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-04-11 00:00:00,EU member states: Stabilizing measures,Statements by heads of state/head of government (or executive official),Slovenia,Vojko Volk (State Secretary at the Slovenian Prime Minister's Office),,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://sloveniatimes.com/40402/slovenia-hit-by-another-cyberattack,2024-04-12,2024-04-18
3359,Unknown hacker group breached the Israeli Ministry of Defense in April 2024,"Security sources confirmed to Israeli news outlet Israel Hayom that an unknown hacker group breached the Israeli Ministry of Defense in April 2024. The attackers published stolen documents and a video of the breach on their Telegram channel. They further offered the stolen data for sale on various forums for 50 bitcoins. In addition, it was reported that hackers also managed to obtain broader data, but they would only consider selling it if Israel agreed to release 500 Palestinian prisoners.
While the hacker group claimed on its Telegram Channel that it had stolen sensitive data, the security sources did not confirm what kind of data was exfiltrated from the Ministry's systems. The Defense Ministry stated that it is aware of the incident but that there is ""no risk to classified infrastructure and systems.""",2024-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Ministry of Defense (Israel),Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,18787,2024-04-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; Resources; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,1,2024-04-09 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Israel,Defense Ministry of Israel,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.turkiyegazetesi.com.tr/dunya/israile-siber-saldiri-savunmaya-ait-hassas-bilgiler-bitcoin-karsiliginda-satildi-1033718; https://www.israelhayom.com/2024/04/09/source-confirm-defense-ministry-computers-hacked/,2024-04-12,2024-04-18
3355,Unknown threat actors disrupted the server network of the French city and agglomeration of Saint-Nazaire on April 9 ,"In the night of April 9 the servers of the French city and agglomeration Saint-Nazaire were disrupted by unknown hackers. Due to this attack, telephone and mail services are currently unavailable. Additionally, the servers are out of service and files are not accessible. In addition to the city of Saint-Nazaire, four other municipalities are affected: Montoir-de-Bretagne, Donges, La Chapelle-des-marais and Pornichet, which use the same servers. The real estate developer Sonadev and the Agency for the Sustainable Development of the Nazaire Region ADDRN are also affected. The staff of the Directorate of Information Systems (DSI) was mobilized to restore the working tools and the secure network as quickly as possible so that the work at the municipal and communal services can be resumed. At the moment, the extent and duration of the cyber incident are still unclear, as well as who is behind the attack. ",2024-04-09,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Municipality of Donges - Sonadev - Municipality of Pornichet - Municipality of Montoir-de-Bretagne - City of Saint-Nazaire  - Agency for the Sustainable Development of the Nazaire Region  - Municipality of La Chapelle-des-marais,France; France; France; France; France; France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,"Civil service / administration -  - Civil service / administration - Civil service / administration - Civil service / administration - Other (e.g., embassies) - Civil service / administration",Not available,Not available,Not available,,1,19017,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://saint-nazaire.maville.com/actu/actudet_-saint-nazaire-agglomeration-la-ville-et-la-sonadev-victimes-d-une-cyberattaque-_loc-6240215_actu.Htm; https://www.francebleu.fr/infos/faits-divers-justice/la-ville-et-l-agglo-de-saint-nazaire-victimes-d-une-cyberattaque-2976419; https://www.lemondeinformatique.fr/actualites/lire-une-cyberattaque-paralyse-les-services-de-la-ville-de-saint-nazaire-93469.html; https://france3-regions.francetvinfo.fr/pays-de-la-loire/loire-atlantique/saint-nazaire/une-cyberattaque-paralyse-les-services-de-la-ville-de-saint-nazaire-et-de-son-agglomeration-2953340.html; https://www.ouest-france.fr/pays-de-la-loire/saint-nazaire-44600/cyberattaque-a-la-ville-de-saint-nazaire-et-son-agglomeration-ce-que-lon-sait-54937c44-f72e-11ee-b61a-805a85d39d9d; https://france3-regions.francetvinfo.fr/pays-de-la-loire/loire-atlantique/saint-nazaire/une-cyberattaque-paralyse-les-services-de-la-ville-de-saint-nazaire-et-de-son-agglomeration-2953340.html; https://www.saintnazaire.fr/cyber-attaque/; https://actu.fr/pays-de-la-loire/saint-nazaire_44184/passeport-etat-civil-apres-la-cyberattaque-quels-services-fonctionnent-et-comment-a-saint-nazaire_60941298.html; https://www.ouest-france.fr/pays-de-la-loire/saint-nazaire-44600/cyberattaque-saint-nazaire-met-en-garde-les-habitants-en-cas-de-vol-de-donnees-ac5e7816-f8e6-11ee-996f-cb486090b639; https://www.computerweekly.com/de/news/366580634/Die-Cyberangriffe-der-KW15-2024-im-Ueberblick; https://www.linformaticien.com/magazine/cybersecurite/61923-cyberattaque-appel-a-la-vigilance-a-saint-nazaire.html; https://france3-regions.francetvinfo.fr/pays-de-la-loire/loire-atlantique/saint-nazaire/cyberattaque-a-saint-nazaire-on-est-passes-au-papier-a-la-gomme-et-au-crayon-2958131.html; https://actu.fr/pays-de-la-loire/saint-nazaire_44184/les-5-questions-que-lon-se-pose-sur-la-cyberattaque-de-saint-nazaire_60973958.html; https://www.ouest-france.fr/pays-de-la-loire/saint-nazaire-44600/la-promenade-new-look-de-port-desire-a-villes-a-saint-nazaire-differee-a-cause-de-la-cyberattaque-78536342-fd91-11ee-bd08-9ba0a6d2d69d; https://www.lemondeinformatique.fr/actualites/lire-telex-xai-en-passe-de-lever-6-md$-google-et-microsoft-forts-dans-le-cloud-et-l-ia-gravelines-cyberattaque-93613.html; https://www.zdnet.fr/actualites/orange-cyberdefense-se-mobilise-pour-la-securite-des-acteurs-publics-391180.htm; https://www.zdnet.fr/actualites/gravelines-albi-de-nouvelles-collectivites-francaises-victimes-dattaques-informatiques-391202.htm,2024-04-11,2024-05-02
3354,Unknown hackers disrupted network of US New Mexico Highlands University (NMHU) since at least 3 April 2024,"Unknown hackers disrupted network of US New Mexico Highlands University (NMHU) since at least 3 April 2024, NMHU reported the ransomware attack on its website for the first time. 
After the attack, on 5 April 2024, the governor of New Mexico issued executive order 2024-011 directing the Department of Information Technology (DoIT) to conduct information technology and security assessments on state agencies. The executive order requires New Mexico state agencies to adopt and implement cybersecurity, information security, and privacy policies.",2024-04-03,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Ransomware,New Mexico Highlands University (NMHU),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,18649,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-04-05 00:00:00,State Actors: Executive reactions,,United States,Michelle Lujan Grisham (Governor of New Mexico; USA),,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/ransomware-new-mexico-highlands-east-central-oklahoma-universities; https://www.nmhu.edu/eoc/; https://www.nmhu.edu/eoc/; https://www.nmhu.edu/eoc/; https://www.governor.state.nm.us/2024/04/05/governors-executive-order-strengthens-state-agency-cybersecurity/; https://www.abqjournal.com/business/nmhu-nears-a-week-of-canceled-classes-because-of-ransomware-attack/article%5ff63cbe9e-f5de-11ee-b7af-af5369dcfa7e.html,2024-04-11,2024-04-11
3357,Unknown hacker compromised and encrypted systems of German Fertility Center in Bielefeld on 4 April 2024 ,"An unknown hacker compromised and encrypted systems of German Fertility Center in Bielefeld on 4 April 2024, as the Fertility Center disclosed on their website. 
Access was gained via trojan potentially exposing the data of 80,000 patients. According to Heise, the data of the 80,000 patients was not compromised due to the rapid intervention. Additionally, the high sum demanded by the ransomware group will not be paid. Instead, all systems will be reinstalled.",2024-04-04,2024-04-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,,Not available,Not available,,1,18670,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.nw.de/nachrichten/zwischen_weser_und_rhein/23827099_80.000-Patienten-Cyberattacke-auf-Kinderwunschpraxis-in-Bielefeld.html; https://www.kinderwunsch-bielefeld.de/2024/04/10/wichtige-patienteninformation/; https://www.heise.de/news/Ransomware-bei-Kinderwunsch-Zentrum-Cyberangriff-auf-franzoesischen-Gemeinden-9682909.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag,2024-04-11,2024-04-15
3356,Unknown threat actors attack ASIAQ with ransomware in March 2024 ,"Unknown threat actors attacked ASIAQ Greenland Survey, a Danish organization which undertakes surveys and research projects, based on non-living physical data from the environment in Greenland, with ransomware in the mid of March 2024. Due to the attack, some ASIAQ data and systems are currently unavailable. As ASIAQ has a backup of most of its data, the hackers were unable to make anything of their attack. Nevertheless, it will take a few weeks before ASIAQ resumes normal operations.
",2024-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Ransomware,ASIAQ Greenland Survey,Denmark,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Research,Not available,Not available,Not available,,1,18651,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://sermitsiaq.ag/samfund/selvstyre-virksomhed-ramt-af-cyberangreb/2076158; https://www.asiaq-greenlandsurvey.gl/asiaq-har-vaeret-udsat-for-alvorlig-cyberkriminalitet/,2024-04-11,2024-04-11
3353,Unknown actors compromised the Philippine Bureau of Customs (BoC) on 7 April 2024,"Unknown actors compromised the Philippine Bureau of Customs (BoC) on 7 April 2024, the BoC reported on 9 April 2024.
Specifically, the hackers gained access to the BoC's Help Desk Ticketing System and Management Information Dashboard. The hackers compromised accounts and server as well as external cloud-based online applications using compromised login credentials.
There is also the possibility that data was stolen, including names, email addresses, company names, contact details, tax identification numbers and even information on the movement of goods and trade secrets.",2024-04-07,2024-04-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking without Misuse,Bureau of Customs (Philippines),Philippines,ASIA; SCS; SEA,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18648,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.pna.gov.ph/articles/1222338; https://securityaffairs.com/161909/intelligence/misinformation-targeting-the-philippines.html,2024-04-10,2024-04-17
3352,An unnamed threat actor gained access to the computer accessories manufacturer Targus International since at least 5 April 2024,"An unnamed threat actor gained access to the computer accessories manufacturer Targus International on 5 April 2024, the company itself reported in its 8-K form to the US Securities and Exchange Commission (SEC).",2024-04-05,2024-04-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Targus International,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,18647,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/targus-discloses-cyberattack-after-hackers-detected-on-file-servers/; https://www.sec.gov/Archives/edgar/data/1464790/000121390024031252/ea0203500-8k_briley.htm; https://www.computerweekly.com/de/news/366580634/Die-Cyberangriffe-der-KW15-2024-im-Ueberblick; https://research.checkpoint.com/2024/15th-april-threat-intelligence-report/,2024-04-10,2024-04-16
3349,"The BlackSuit ransomware group gained access to the Group Health Cooperative of South Central Wisconsin (GHC-SCW) network and stole personal health information from over 500,000 individuals beginning at least as far back as 25 January 2024","The BlackSuit ransomware group gained access to the Group Health Cooperative of South Central Wisconsin (GHC-SCW) network and stole personal health information from over 500,000 individuals beginning at least as far back as 25 January 2024, the affected healthcare provider itself reported in the associated incident notification.
It states that the healthcare provider identified the unauthorised access in the early morning of 25 January 2024 and discovered on 9 February 2024 that the attackers had copied personal health information from the network. This included the names, addresses, telephone numbers, email addresses, dates of birth and death, Social Security numbers (SSN), member numbers, and Medicare and/or Medicaid numbers of exactly 533,809 affected individuals.
The BlackSuit ransomware group claimed the ransomware attack back in March, but failed to encrypt the network. ",2024-01-25,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Group Health Cooperative of South Central Wisconsin (GHC-SCW),United States,NATO; NORTHAM,Critical infrastructure,Health,BlackSuit,Not available,Non-state-group,Criminal(s),1,18646,2024-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackSuit,Not available,Not available,BlackSuit,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/ghc-scw-ransomware-gang-stole-health-data-of-533-000-people/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://ghcscw.com/notice-of-data-privacy-event/; https://www.bleepingcomputer.com/news/security/ghc-scw-ransomware-gang-stole-health-data-of-533-000-people/; https://securityaffairs.com/161693/data-breach/group-health-cooperative-data-breach.html; https://securityaffairs.com/161806/breaking-news/security-affairs-newsletter-round-467-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/15th-april-threat-intelligence-report/,2024-04-10,2024-04-25
3344,"Unknown threat actors breached data of Greylock McKinnon Associates including data of 341,650 US citizens in May 2023","Unknown threat actors breached data of Greylock McKinnon Associates on 30 May 2023. This data breach affected personal data such as name, date of birth, address, social security number and health insurance information of about 341,650 US citizens. The data was originally obtained by the U.S. Department of Justice as part of a civil litigation matter. The company received the information of the impacted individuals in their provision of services to the DOJ in support of that matter. The incident was discovered on 7 February 2024, while the official notification was published almost two months later on 5 April 2024. ",2023-05-30,2023-05-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,Greylock McKinnon Associates Inc. - U.S. Department of Justice (DOJ),United States; United States,NATO; NORTHAM - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system, - Government / ministries,Not available,Not available,Not available,,1,18641,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/161592/data-breach/greylock-mckinnon-associates-data-breach.html; https://therecord.media/doj-data-leaked-in-attack-on-consulting-firm; https://apps.web.maine.gov/online/aeviewer/ME/40/865575ae-973b-4430-a06c-d780da040c74.shtml; https://www.doj.nh.gov/consumer/security-breaches/documents/greylock-mckinnon-associates-20240223.pdf; https://s3.documentcloud.org/documents/24536240/gma-individual-doj-notice-english-45.pdf; https://securityaffairs.com/161806/breaking-news/security-affairs-newsletter-round-467-by-pierluigi-paganini-international-edition.html,2024-04-09,2024-04-11
3348,"Unknown actors breached the customer card system of Estonian supplier of pharmacy and hospital supplies Allium UPI and obtained data of 700,000 Estonians in the beginning of February 2024","Estonian supplier of pharmacy and hospital supplies Allium UPI experienced a data breach in the beginning of February 2024. According to a statement by the company, dated 4 April 2024, threat actors stole data of 700,000 Estonian citizens during the attack, including information on clients' names, email addresses, phone numbers, personal ID codes, address details and non-prescription purchases. They also stole details on a total amount of 43 million purchases, including non-prescription drugs and other pharmacy goods such as band-aids. The information compromised originated from a backup-copy of a database containing customer records from 2014 to 2020.
Though the incident was only disclosed to customers in April, Allium UPI informed the authorities already in mid-February about the incident.",2024-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,Not available - Not available,Estonia; Estonia,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure - Critical infrastructure,Health - Health,Not available,Not available,Not available,,1,18645,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://news.err.ee/1609302096/cybercriminals-steal-data-of-around-700-000-apotheka-pharmacy-customers; https://www.heise.de/news/Estland-Fast-700-000-Kunden-von-Apothekendienstleister-abgeflossen-9677527.html; https://www.apotheke-adhoc.de/nachrichten/detail/internationales/estland-angriff-auf-apotheken-kundendaten/,2024-04-09,2024-04-12
3346,The hacker group Lazy Koala compromised 867 employee accounts of six Commonwealth of Independent States (CIS),"The threat actor compromised 867 employee accounts of six Commonwealth of Independent States (CIS), the Russian IT security company Positive Technologies reported on 4 April 2024.
The affected CIS countries included Russia, Belarus, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The affected targets included government, financial, healthcare and educational institutions. 
The group likely intended to leverage the gained access to exploit it for subsequent hacks or selling it to other threat actors.",,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available,Kyrgyzstan; Russia; Armenia; Tajikistan; Belarus; Kazakhstan; Uzbekistan,ASIA; CENTAS; CSTO; SCS - EUROPE; EASTEU; CSTO; SCO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO; SCO - EUROPE; EASTEU; CSTO - ASIA; CSTO; SCO - ASIA; CENTAS; SCO,State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Critical infrastructure; Education,Government / ministries; Health; Finance;  - Government / ministries; Health; Finance;  - Government / ministries; Health; Finance;  - Government / ministries; Health; Finance;  - Government / ministries; Health; Finance;  - Government / ministries; Health; Finance;  - Government / ministries; Health; Finance; ,Lazy Koala,Not available,Unknown - not attributed,,1,18644,2024-04-04 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Positive Technologies,Positive Technologies,Russia,Lazy Koala,Not available,Unknown - not attributed,https://www.ptsecurity.com/ww-en/about/news/positive-technologies-detects-a-series-of-cyberattacks-against-government-organizations-in-russia-and-the-cis/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.ptsecurity.com/ww-en/about/news/positive-technologies-detects-a-series-of-cyberattacks-against-government-organizations-in-russia-and-the-cis/,2024-04-09,2024-04-11
3345,Threat Actors IntelBroker and Sanggiero claim responsibility for allegedly breaching Chinese online shopping platform PandaBuy stealing over 1.3 million records of customers,"As posted by cybersecurity researcher vx-underground on 1 April 2024, Chinese online shopping platform PandaBuy has been allegedly breached by threat actors calling themselves IntelBroker and Sanggiero.
According to an announcement on BreachForums, the threat actors claim to have stolen over 3 million customer records by exploiting several critical vulnerabilities in the platform’s API and accessing the internal service of the website. The data shall include records of customers including UserId, name, phone numbers, emails, login IP, postal address and orders. The leak is considered to be legitimate, as third-party expert Troy Hunt reported that 1.3 million email addresses are considered valid, with the rest being duplicates. Hunt also claims that PandaBuy is trying to hide the incident by blocking the word breach, though one company representative said on a Discord channel, that the breach must have happened in the past as there has been no breach in 2024.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Data theft & Doxing; Hijacking with Misuse,PandaBuy,China,ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure,Digital Provider,IntelBroker; Sanggiero,Not available; Not available,Individual hacker(s); Individual hacker(s),,1,18640; 18640; 18640; 18640,2024-03-31 00:00:00; 2024-03-31 00:00:00; 2024-03-31 00:00:00; 2024-03-31 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,IntelBroker; IntelBroker; Sanggiero; Sanggiero,Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available,IntelBroker; Sanggiero; IntelBroker; Sanggiero,Not available; Not available; Not available; Not available,Individual hacker(s); Individual hacker(s); Individual hacker(s); Individual hacker(s),https://breachforums.cx/Thread-Pandabuy-Database-Leaked-Download,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/8th-april-threat-intelligence-report/; https://securityaffairs.com/161355/data-breach/pandabuy-data-breach.html; https://twitter.com/troyhunt/status/1774710326103249007?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1774710326103249007%7Ctwgr%5E462e02aca3dcfd052335b5fd6de27070677add9c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F161355%2Fdata-breach%2Fpandabuy-data-breach.html; https://twitter.com/vxunderground/status/1774676286402691251?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1774676286402691251%7Ctwgr%5Eda653238075534fb7f1b1fb8b37372f243aaaffc%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F161355%2Fdata-breach%2Fpandabuy-data-breach.html; https://breachforums.cx/Thread-Pandabuy-Database-Leaked-Download; https://www.retaildetail.be/fr/news/general/descente-de-police-sur-la-plateforme-de-contrefacon-pandabuy/,2024-04-09,2024-04-11
3341,Unknown threat actors compromised email accounts of lawyer and tax advisor representing Alberto González in April 2024,"The law firm representing Alberto González, partner of the president of the autonomous Community of Madrid, have reported that emails between their client and his lawyer had been compromised. The incident became publicly known through a complaint filed by González' lawyer as well as his tax advisor to the local court of Madrid after an internal investigation has found evidence of a theft of emails crossed between the client and his lawyers. The Community of Madrid claimed that the sophisticated nature of the attack points to a nation state-actor, without providing further evidence. Opposition party PSOE Madrid rejected the claims, as they were understood to accuse the PSOE-led Spanish central government being involved in the attack.",2024-04-02,Not available,"Attack on non-political target(s), politicized",,,Data theft; Hijacking with Misuse,Carlos Neira (Lawyer),Spain,EUROPE; NATO; EU(MS),End user(s) / specially protected groups,,Unknown,Not available,Not available,,1,18643,NaT,Not available,Not available,Not available,Not available,Not available,Unknown,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.eldiarioalerta.com/articulo/espanha/hackean-correos-electronicos-abogados-novio-diaz-ayuso/20240405173710524872.html; https://noticiasparamunicipios.com/municipios-madrid/hackeo-al-abogado-del-novio-de-ayuso-para-acceder-a-los-emails-cruzados-entre-el-letrado-y-su-cliente-ultima-hora/; https://www.larazon.es/madrid/abogados-pareja-ayuso-denuncia-ciberataque-muy-sofisticado-acceder-correos-cliente_20240405660fed075e1b1f00012d465b.html; https://www.infobae.com/espana/agencias/2024/04/05/comunidad-madrid-apunta-a-que-el-ciberataque-al-abogado-del-novio-de-ayuso-podria-estar-relacionado-con-el-gobierno/; https://www.miracorredor.tv/hackean-los-correos-de-los-abogados-del-novio-de-ayuso-y-la-presidenta-apunta-a-los-poderes-del-estado/; https://www.diariocritico.com/nacional/denuncian-hackeo-ordenadores-abogado-ayuso; https://theobjective.com/espana/tribunales/2024-04-05/bufete-novio-ayuso-hackeo-emails/; https://www.antena3.com/noticias/espana/abogados-pareja-isabel-diaz-ayuso-denuncian-hackeos-correos-cliente_20240405660fee4d0999030001d4d4c5.html; https://okdiario.com/espana/hackeo-denunciado-abogado-del-novio-ayuso-solo-esta-alcance-estados-nacionales-12634493; https://www.infolibre.es/politica/ayuso-acusa-pruebas-gobierno-ciberataque-ordenadores-abogado-novio_1_1759288.html; https://www.cope.es/actualidad/espana/noticias/comunidad-apunta-que-ciberataque-abogado-del-novio-ayuso-podria-estar-relacionado-con-gobierno-20240405_3231769; https://efe.com/espana/2024-04-05/los-abogados-del-novio-de-diaz-ayuso-denuncian-que-les-han-hackeado-correos-con-su-cliente/; https://www.telecinco.es/noticias/madrid/20240405/abogados-alberto-gonzalez-pareja-isabel-diaz-ayuso-denuncian-ciberataque-ordenadores_18_012146160.html; https://www.noticiasdenavarra.com/politica/2024/04/05/abogados-novio-ayuso-denuncian-les-8079739.html; https://www.levante-emv.com/espana/2024/04/05/abogado-novio-ayuso-denuncia-hackeo-100666682.html; https://www.lasexta.com/programas/al-rojo-vivo/abogados-novio-ayuso-denuncian-supuesto-hackeo-correos-electronicos-que-intercambiaron_20240405660fdd325e1b1f00012d1687.html; https://www.servimedia.es/noticias/bufete-defiende-pareja-ayuso-denuncia-ciberataque-para-acceder-correos/1410129803; https://okdiario.com/madrid/abogado-del-novio-ayuso-denuncia-hackeo-hacerse-correos-cruzados-cliente-12634039; https://www.infobae.com/espana/agencias/2024/04/05/psoe-ve-inaceptable-que-la-comunidad-culpe-del-ciberataque-al-abogado-del-novio-de-ayuso-al-gobierno-de-espana/; https://www.telecinco.es/noticias/a-la-carta/20240405/informativos-telecinco-video-completo-edicion-mediodia_18_012147192.html; https://www.noticiasdenavarra.com/politica/2024/04/05/comunidad-madrid-senala-gobierno-espanol-8080114.html,2024-04-08,2024-04-11
3340,Unknown threat actor targets Canadian University of Winnipeg in March 2024,"Unknown threat actor targets the Canadian University of Winnipeg in March 2024, the University disclosed in a public statement on its website. The breach was detected on 24 March 2024 and likely started the week before, the University explained in a statement.
The attack, which the university said happened the week before March 24, has delayed the semester and shut down many of the university’s services for a short time.
According to further incident updates, data from a University file server has been stolen, and the stolen information includes the personal information of current and former students and employees, including names, bank account information, and social insurance numbers.
",2024-03-18,2024-03-24,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,University of Winnipeg,Canada,NATO; NORTHAM,Critical infrastructure; Education,Research; ,Not available,Not available,Not available,,1,18629,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://winnipeg.ctvnews.ca/mobile/university-of-winnipeg-reveals-student-faculty-data-stolen-in-cyber-attack-1.6834039; https://news.uwinnipeg.ca/cyber-attack-update/; https://winnipeg.citynews.ca/2024/04/04/information-was-stolen-during-recent-cyber-attack-university-of-winnipeg-confirms/; https://www.chrisd.ca/2024/04/04/university-of-winnipeg-cyber-attack/,2024-04-08,2024-04-11
3343,"Turkish hacktivist group Bozkurtlar (aka Grey Wolves) hijacked website of French Council for Employment, Income and Social Cohesion (CERC) on 7 April 2024","According to French media reporting, the Turkish hacktivist group Bozkurtlar (a.k.a. Grey Wolves) hijacked the website of the French Council for Employment, Income and Social Cohesion (CERC) on 7 April 2024. Bozkurtlar is a Turkish far-right paramilitary organisation and political movement affiliated with the Nationalist Movement Party (MHP).
The defacement statement by the Grey Wolves claimed that the group was not engaging in any terrorist activities and called for ""respect for Turkish identity and culture.""
On 8 April, the website remained inaccessible, its presence replaced by the Grey Wolves logo.",2024-04-07,2024-04-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,"Council for Employment, Income and Social Cohesion (CERC)",France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Bozkurtlar (a.k.a. Grey Wolves),Turkey,Non-state-group,Hacktivist(s),1,18642,2024-04-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Bozkurtlar (a.k.a. Grey Wolves),Not available,Turkey,Bozkurtlar (a.k.a. Grey Wolves),Turkey,Non-state-group,https://www.cnews.fr/france/2024-04-07/cyberattaque-le-site-gouvernemental-du-cerc-pirate-par-des-hackers-turcs-1479579,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.cnews.fr/france/2024-04-07/cyberattaque-le-site-gouvernemental-du-cerc-pirate-par-des-hackers-turcs-1479579,2024-04-08,2024-04-11
3342,Hacktivist group Anonymous for Justice claims responsibility for stealing 300 GB of data from the Ministry of Justice of Israel in April 2024,"The group of hacktivists called Anonymous for Justice claimed responsibility for a cyberattack on the Israeli Ministry of Justice on 5 April 2024. The group reported on X that it has stolen almost 300 gigabytes of data, including official letters and documents, address books, telephone lists and emails. The operations of the administration and its services were not affected. The exact extent of the attack has yet to be investigated. The ministry confirmed the attack on the same day.",2024-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,Ministry of Justice (Israel),Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous for Justice,Not available,Non-state-group,Hacktivist(s),1,18638,2024-04-05 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous for Justice,Not available,Not available,Anonymous for Justice,Not available,Non-state-group,,System / ideology; Resources; Secession,Resources; Secession; Third-party intervention / third-party affection,Israel (Hamas et al.); Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,1,2024-04-05 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Israel,Ministry of Justice (Israel),,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.maariv.co.il/business/tech/Article-1089616; https://research.checkpoint.com/2024/8th-april-threat-intelligence-report/,2024-04-08,2024-04-18
3339,"Ransomware gang Hunters International targeted Japanese manufacturer Hoya Corporation on 30 March 2024, causing outages at production plants and business divisions","The Japanese manufacturer Hoya Corporation experienced disruptions on 30 March 2024 causing outages to servers, production plants, business divisions and the ordering system for certain products. The company, among other goods, produces special glasses and is active in more than 30 countries and operates 43 laboratories worldwide.
On 12 April 2024, French publication LeMagIT has reported that the infamous Hunters International ransomware gang has claimed responsibility for the attack and has listed the company’s data for a sum of $10 million. The threat group has stated that it exfiltrated 1.7 million files that make up two terabytes of data. Additionally, Hunters International has said that there will be no negotiation or available discount with this ransom. By 23 April 2024, the systems impacted in the attack were all restored.",2024-03-30,2024-04-23,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,,Japan,ASIA; SCS; NEA,Critical infrastructure,Critical Manufacturing,,Not available,Non-state-group,Criminal(s),1,18872,2024-04-12 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Hunters International,Not available,Not available,,Not available,Non-state-group,https://research.checkpoint.com/2024/15th-april-threat-intelligence-report/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hoyas-optics-production-and-orders-disrupted-by-cyberattack/; https://www.hoya.com/en/news/it-system-incident-at-our-group/; https://ssl4.eir-parts.net/doc/7741/tdnet/2418411/00.pdf; https://www.bleepingcomputer.com/news/security/optics-giant-hoya-hit-with-10-million-ransomware-demand/; https://tech.ifeng.com/c/8YkCgCn0LrM; https://research.checkpoint.com/2024/15th-april-threat-intelligence-report/; https://www.cyberdaily.au/security/10422-hunters-international-take-credit-for-hoya-optics-attack-demand-us-10m; https://www3.nhk.or.jp/news/html/20240423/k10014430911000.html; https://xtech.nikkei.com/atcl/nxt/news/24/00637/,2024-04-05,2024-04-24
3336,Unknown threat actor targeted US healthcare organisation US City of Hope between July and October 2023,"An unknown threat actor gained access to the US healthcare organization City of Hope between 7 July and 15 October 2023, the hospital disclosed in a statement on 2 April 2024 after discovering the data breach on 25 March 2024. City of Hope operates hospitals in Duarte (CA), Atlanta (GA), and Chicago (IL) and conducts cancer research.
A breach notification submitted by the hospital to the Maine Attorney General's Office reported 827,149 affected individuals. The incident resulted in the exfiltration of personal records between September 19 and October 12, 2023, including names, email addresses, phone numbers, dates of birth, social security numbers, driving licences or other government identifications, financial details such as bank account numbers and/or credit card details, health insurance information, medical records and information about medical history and/or associated conditions, and/or unique identifiers to associate individuals with City of Hope such as medical record numbers.
",2023-07-07,2023-10-15,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,City of Hope,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,18627,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/161481/data-breach/city-of-hope-data-breach.html; https://www.bleepingcomputer.com/news/security/us-cancer-center-data-breach-exposes-info-of-827-000-patients/; https://www.cityofhope.org/notice-of-data-security-incident; https://apps.web.maine.gov/online/aeviewer/ME/40/1bb296e2-ea79-438c-b357-28ef738a0bf6.shtml; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html,2024-04-05,2024-04-11
3326,Government of Palau targeted with ransomware on 14 March 2024 encrypting financial management information system,"According to The Record, the government of Palau discovered on 14 March 2024 that their financial management information system was encrypted during a ransomware attack. The system contains mostly public data, such as names, phone numbers and social security numbers. Due to the encryption, the Ministry of Finance had to return to manual payroll processing with paper checks for a minimum two weeks. 
While Palauan President Whipps Jr. stated in a press conference that an initial assessment traced artefacts of the attack to a company in Malaysia with possible ties to Russia or China, ransom notes of two different groups were found during the attack. One statement purportedly signed by ransomware gang LockBit was printed from a compromised system. A second statement, copied in a README text file to compromised systems, linked the breach to the group DragonForce. According to the CISO of Palau’s Ministry of Finance, Jay Anson, the embedded links in both documents to platforms to initiate negotiations were not working.
Anson considered it unlikely that a financially motivated actor conducted the operation. Coinciding with the commemoration of the Compact of Free Association (COFA) between Palau and the US, Anson deemed it possible that by a hacktivist outfit or a ransomware-as-a-service operator targeting Palau on behalf of another actor. In light of the law enforcement action against LockBit in early 2024, Anson thought it is unlikely that the group was responsible for the breach. DragonForce is believed to be Malaysia-based. On 7 April 2024, the DragonForce ransomware gang officially posted Palau to its leak site, threatening to publish the stolen data in three days. The government found letters from both the LockBit and DragonForce ransomware gangs but were never contacted by either.",2024-03-14,2024-03-19,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Ministry of Finance (Palau),Palau,OC,State institutions / political system,Government / ministries,DragonForce,Malaysia,Non-state-group,Hacktivist(s),4,18784; 18782; 18783; 18785,2024-04-04 00:00:00; 2024-03-14 00:00:00; 2024-03-14 00:00:00; 2024-04-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms; Attacker confirms; Attribution by receiver government / state entity,"Jay Hunter Anson (CISO of Palau's Ministry of Finance); Lockbit; DragonForce; Surangel Samuel Whipps Jr. (President, Palau)",Not available; Not available; Not available; Not available,Palau; Not available; Not available; Palau,DragonForce; LockBit; DragonForce; Not available,Malaysia; Not available; Not available; Malaysia,Non-state-group; Non-state-group; Non-state-group; Unknown - not attributed,https://therecord.media/palau-attack-who-was-behind-china-us; https://theatlasnews.co/brief/2024/04/03/palau-suffers-cyber-attack-to-financial-systems/,Unknown,Not available,,Not available,,1,2024-04-03 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Palau,Surangel Samuel Whipps Jr. (President of Palau),No,,Not available,Data Encrypted for Impact,Not available,False,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/palau-attack-who-was-behind-china-us; https://theatlasnews.co/brief/2024/04/03/palau-suffers-cyber-attack-to-financial-systems/; https://www.mvariety.com/news/regional%5fworld/palau-scrambles-after-cyberattack-cripples-financial-systems/article%5f72cf17da-efe1-11ee-9529-ebb09296e67b.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-5th-2024-virtual-machines-under-attack/; https://therecord.media/palau-denies-ransomware-gang-claims,2024-04-05,2024-04-18
3324,Pro-Ukrainian hacktivist group One Fist stole 100GB of data from Russian defence company Special Technological Center LLC (STC) in January 2024,"The pro-Ukrainian Hacktivist group One Fist stole 100GB of data from Russian Defense company Special Technological Center LLC (STC) located in St. Petersburg in January 2024. In a press release from 8 January 2024, Ukraine's Defence Intelligence noted that it had received the exfiltrated data as part of effective cooperation with ""patriotic representatives of civil society and the media community.""
The acquired data included blueprints, patents, software, and other information related to194 pieces of Russian military equipment, including UAVs like Orlan-10, electronic warfare systems such as Svet-KU, and various individual components and subsystems. Ukraine's Defence Intelligence projected the data to be worth as much as $1.5 billion. How this estimate was derived remains unclear. According to a BBC report from 4 April 2024, One Fist received a ""certificate of gratitude"" issued by the Airborne Assault Forces of Ukraine.  The certificate highlights One Fist's ""significant contribution to the development and maintenance of vital activities of the military"" but does not mention any particular activities of the group. One of the One Fist members interviewed by BBC is US citizen Kristopher Kortright, based in Michigan, who was involved in the operation against STC.",2024-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,Special Technological Center LLC (STC),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Defence industry,"One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist",United States; United Kingdom; Poland; United States,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626; 18626,2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00; 2024-04-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,"One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist",Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Poland; Poland; Poland; Poland; Poland; Poland; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Poland; Poland; Poland; Poland; Poland; Poland,"One Fist; One Fist; One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; One Fist; One Fist; One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; One Fist; One Fist; One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; One Fist; One Fist; One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; One Fist; One Fist; One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; One Fist; One Fist; One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist; Kristopher Kortright aka Voltage (IT worker, United States) < One Fist",United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.bbc.co.uk/news/technology-68722542,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Due diligence; Sovereignty; Armed conflict; Armed conflict,Conduct of hostilities; ; ; Certain persons; Neutrality,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bbc.co.uk/news/technology-68722542; https://gur.gov.ua/en/content/100-hihabait-sekretiv-vartistiu-1-5-mlrd-hur-otrymalo-masyv-taiemnykh-danykh-pro-vpk-okupantiv.html; https://en.defence-ua.com/analysis/unprecedented_tech_data_leak_from_special_technology_center_llc_is_a_treasure_trove_of_russian_secrets-9135.html; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html,2024-04-05,2024-04-11
3318,Unknown actors target financial institutions in APAC and MENA region using JSOutProx framework,"According to a report by Resecurity from 3 March 2024, the company detected a new version of JSOutProx, a sophisticated attack framework utilizing JavaScript and .NET first detected in 2019. The malware suite was leveraged against financial services and organizations in the APAC and MENA regions. JSOutProx uses the .NET (de)serialization feature to interact with a core JavaScript module on the victim's machine. After execution, the framework loads various plugins that conduct additional malicious activities on the target. When the malware was first identified, it was attributed to SOLAR SPIDER's phishing campaigns. The campaigns delivered the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia, and Southeast Asia. 
Resecurity observed a spike in the activity it monitored around 8 February 2024. On that day, a ""major system integrator based in the Kingdom of Saudi Arabia reported an incident targeting customers of one of their major banks regional banks."" The report further outlined that Resecurity helped multiple victims acquire relevant malicious code artefacts through their Digital Forensics & Incident Response (DFIR) engagement and recovered the payload. The threat actors targeted multiple banking customers through an impersonation attack using the email account 'mike.will@my[.]com'. The actors used a fake SWIFT payment notification for enterprise customers and a Moneygram template for private customers. They used misleading notifications to confuse victims and execute malicious code.
Resecurity concluded with moderate confidence that due to the malware's significant sophistication, the profile of the targets, and the geography of past attacks (with targeted government entities in India and Taiwan, as well as financial entities in the Philippines, Laos and other South-Asian states), JSOutProx might have been developed by China-nexus actors.",2024-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Mena Region (region),,Critical infrastructure,Finance,Not available,China,Unknown - not attributed,,1,18609,2024-04-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Resecurity,,United States,Not available,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/161438/malware/new-jsoutprox-attacking-financial-institutions-apac-mena.html; https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse,2024-04-04,2024-04-10
3314,Ransomware gang SEXi hit Chilean data center and hosting provider IxMetro PowerHost with ransomware on 30 March 2024 encrypting VMware ESXi servers and backups,"The Chilean data centre and hosting provider IxMetro PowerHost sustained a ransomware attack by the criminal group SEXi on 30 March 2024. The threat actors encrypted VMware ESXi servers, used for hosting virtual private servers for customers, and terabytes of corporate backups. 
On 1 April, the company advised customers that following the breach all hosted servers and websites had been taken down, as IxMetro PowerHost worked to restore services from backups. The company subsequently informed customers that encrypted backups complicated recovery. Past SEXi ransom notes instructed victims to download the Session messaging app and contact the group at the listed address.
When attempting to negotiate with SEXi, the group demanded two bitcoins per affected customer, totalling $140 million, according to Powerhost’s CEO. Based on bitcoin prices at the time of the communications, this figure would put the number of affected customers at around 1000.
CronUp cybersecurity researcher Germán Fernández assessed the ransomware used against Powerhost was first observed in March 2023. According to Bleeping Computer, the threat actors have focused on VMware ESXi servers, reflected in the group's name SEXi, an anagram of the ESXi software. ",2024-03-30,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,IxMetro PowerHost,Chile,SOUTHAM,Critical infrastructure,Digital Provider,SEXi,Not available,Non-state-group,Criminal(s),1,18613,2024-03-30 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,SEXi,Not available,Not available,SEXi,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/hosting-firms-vmware-esxi-servers-hit-by-new-sexi-ransomware/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hosting-firms-vmware-esxi-servers-hit-by-new-sexi-ransomware/; https://www.dailysecu.com/news/articleView.html?idxno=154883; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-5th-2024-virtual-machines-under-attack/,2024-04-04,2024-04-22
3315,INC Ransom claimed responsibility for breach of Leicester City Council from 7 March 2024,"In the beginning of April 2024, the ransomware gang INC Ransom claimed to be responsible for an operation against Leicester City Council in the UK on 7 March 2024 that included the alleged theft of three terabytes of data. As purported proof, the group leaked 32 scanned documents, including passport copies, rent statements, bank statements, a driving licence, and other documents containing personal data. The group soon after took down this statement, in a practice known as flashing, which is intended to create public pressures for victim's to give in to ransom demands. In response to the incident, the Council shut down many municipal services and disconnected all phone lines, followed by an announcement that the administration had entered into cooperation with forensic specialists and law enforcement.
According to a Council statement released on 28 March, while the majority of services had been restored, recovery was still ongoing three weeks after the attack.
As another side effect of the attack, media reported on 23 April 2024, that some street lights in Leicester couldn`t be turned off since then. ",2024-03-07,2024-04-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Leicester City Council (UK),United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Civil service / administration,INC Ransomware group,Not available,Non-state-group,Criminal(s),1,18873,2024-04-03 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,INC Ransomware group,Not available,Not available,INC Ransomware group,Not available,Non-state-group,https://cybernews.com/news/leicester-city-ransomware-attack-passports/; https://www.scmagazine.com/brief/attack-against-uk-city-council-admitted-by-inc-ransom,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-03-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,Leicestershire Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.ukauthority.com/articles/leicester-city-council-claims-recovery-from-cyber-incident/; https://www.scmagazine.com/brief/attack-against-uk-city-council-admitted-by-inc-ransom; https://cybernews.com/news/leicester-city-ransomware-attack-passports/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-5th-2024-virtual-machines-under-attack/; https://www.leicester.gov.uk/your-council/how-we-work/our-website/cyber-incident/cyber-incident-frequently-asked-questions/; https://news.leicester.gov.uk/news-articles/2024/april/cyber-incident-update-3-april-2024/; https://www.golem.de/news/nach-cyberangriff-stadt-kann-strassenbeleuchtung-nicht-abschalten-2404-184429.html; https://www.bitdefender.com/blog/hotforsecurity/city-street-lights-misbehave-after-ransomware-attack/; https://www.01net.com/actualites/ransomware-empeche-ville-britannique-eteindre-lampadaires.html; https://securityaffairs.com/162219/hacking/leicester-city-cyberattack.html; https://www.computerworld.dk/art/287010/engelsk-by-kan-ikke-slukke-lyset-efter-cyberangreb-bec-reducerer-omkostninger-til-it-drift-og-udvikling-dansk-kapitalfond-koeber-svensk-it-selskab,2024-04-04,2024-04-24
3317,Consumer services of Danish local water and wastewater company Fanø Vand disrupted on 18 March 2024,"The consumer services of the Danish local water and wastewater company Fanø Vand were disrupted by an unspecified cyber operation on 18 March 2024, according to a company press release from 3 April 2024. According to Fanø Vand, the operational systems serving the water and waster water supply had not been affected. The company statement, however, indicated that the threat actors may have been able to obtain data from IT networks. The company reported the incident to the Danish Data Protection Agency and Center for Cybersecurity. An investigation of the incident was initiated in cooperation with the Danish sectorCERT and external partners.",2024-03-18,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Fanø Vand,Denmark,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure; Critical infrastructure,Water; Waste Water Management,Not available,Not available,Not available,,1,18610,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.version2.dk/artikel/dansk-vandvaerk-ramt-af-hackerangreb-mod-administrative-systemer,2024-04-04,2024-04-10
3316,PetroVietnam Oil Corporation (PVOIL) targeted by ransomware on 2 April 2024,"The Vietnamese PetroVietnam Oil Corporation (PVOIL) was targeted by ransomware on 2 April 2024, according to a company statement from the same day. The incident led to the disruption of the company's information technology system, which operates over 780 petrol stations nationwide, including its electronic invoicing system. As a result, electronic invoicing for PV Oil sales was temporarily suspended. PVOIL reported the incident to authorities and is working with the Ministry of Public Security to remediate the incident. To ensure the supply of petrol, PV Oil and its member units continue to sell to customers despite not being able to issue electronic invoices as required by the Tax Administration Act. The company is also using alternative delivery notes instead of warehouse delivery notes. These measures aim to ensure that goods transported by road contain all the necessary information. ",2024-04-02,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,PetroVietnam Oil Corporation (PVOIL) ,Vietnam,ASIA; SCS; SEA,Critical infrastructure,Energy,Not available,Not available,Not available,,1,18611,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2024-04-03 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Vietnam,Vietnamese Ministry of Public Security/ Bộ Công an,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://tuoitrenews.vn/news/business/20240403/petrovietnam-oil-corp-hit-by-ransomware-attack/79151.html; https://vietnamnews.vn/economy/1653202/pvoil-enhances-effort-to-handle-ransomware-attract-at-the-earliest.html,2024-04-04,2024-04-10
3320,Medusa Ransomware Group stole data from East Baton Rouge Sheriff's Office in Louisiana on 29 March 2024,"According to local news reporting, the Medusa ransomware group stole data from the East Baton Rouge Sheriff's Office in the US state of Louisiana on 29 March 2024. The obtained data included screenshots of file folders and images of video files, investigators confirmed. 
The Sheriff's Office detected the intrusion and implemented security measures to curtail the threat actor's access.
Medusa published the stolen files on its leak site, including alleged payroll records, staging plans for policy operations and screenshots of CCTV footage. According to an investigator, Medusa demanded a $300,000 ransom and threatened to leak the remaining documents if the amount was not paid within nine days.
",2024-03-29,2024-03-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse; Ransomware,East Baton Roughe Sheriff's Office (USA),United States,NATO; NORTHAM,State institutions / political system,Police,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,18608,2024-03-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.govtech.com/security/some-data-lost-in-east-baton-rouge-sheriffs-cyber-attack,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-03-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govtech.com/security/some-data-lost-in-east-baton-rouge-sheriffs-cyber-attack; https://therecord.media/ransomware-tracker-the-latest-figures,2024-04-04,2024-04-16
3321,Unknown threat actor targeted website of Libyan central bank with DDoS attacks on 1 April 2024,"The Libyan Central Bank (CBL) disclosed in a Facebook statement that an unknown threat actor targeted its online “Foreign Currency Reservation Platform for Individuals” with DDoS attacks on 1 April 2024, affecting the availability of the bank's services. CBL prevented prolonged outages by restricting system access to network addresses registered within Libya.
The Bank additionally reported a DDoS attack against its official website on 3 April 2024.
",2024-04-01,2024-04-03,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption,Central Bank of Libya,Libya,AFRICA; MENA; MEA; NAF,State institutions / political system; Critical infrastructure,Civil service / administration; Finance,Not available,Not available,Not available,,1,18606,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty; International economic law,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://libyaobserver.ly/economy/central-bank-libya-cyberattack-has-targeted-foreign-currency-online-platform; https://www.facebook.com/CentralBankofLibya/posts/810681511090100?ref=embed_post,2024-04-04,2024-04-10
3322,"Unknown actors took down computer system of municipality of Morón, Argentina, with ransomware on 31 March 2024","A ransomware attack by unknown actors on 31 March 2024 affected the network, all servers and telephone lines of the municipality of Morón in Argentina. According to a post on X by Morón’s mayor, the breach affected all systems connected to the municipality's network. Though emergency lines were not affected, residents were not able to access online services of the commune. The unknown hackers encrypted data on compromised systems and demanded a ransom for decryption. The mayor condemned the disruption and expected recovery of essential servers based on regular backups to take several days.",2024-03-31,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Morón Municipality,Argentina,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18605,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.mdzol.com/politica/2024/4/2/hackers-piden-rescate-para-liberar-el-sistema-informatico-de-un-municipio-bonaerense-417315.html,2024-04-04,2024-04-11
3310,Unknown actors caused system outages at NorthBay VacaValley Hospital in California on 2 April 2024,"NorthBay VacaValley Hospital in Vacaville in the US state of California experienced network-wide disruptions on 2 April 2024. Outages affected the website as well as the phone, check-in, and the patient-record systems. Patients had to be turned away due to reduced capacity.",2024-04-02,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,NorthBay VacaValley Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,18625,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.cbsnews.com/sacramento/video/northbay-vacavalley-hospital-cyberattack-heres-how-its-impacting-patients/; https://www.cbsnews.com/sacramento/news/northbay-health-cyber-incident-vacaville/,2024-04-03,2024-04-11
3309,Jackson County in Missouri targeted with ransomware on 2 April 2024,"Jackson County, located in the US state of Missouri, was hit with a ransomware attack, which disrupted the county's IT systems on 2 April 2024. This was officially confirmed by the county the day of the attack.
According to county officials, the incident left certain systems inaccessible, affecting tax payments and online property searches, as well as inmate and marriage licence searches. The respective offices handling those services (the Assessment, Collection and Recorder of Deeds offices) remained closed. The county released findings from an initial assessment, based on which personal data had not been accessed during the intrusion and the county's elections offices were not impacted. As of Executive Order No.24-07 Jackson County declared a state of emergency due to the ransomware attack.",2024-04-02,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,"Jackson County (Missouri, USA)",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18742,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-04-02 00:00:00,State Actors: Executive reactions,,United States,Frank White Jr. (Jackson County Executive),,,,,,False,,,,,,0,,,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2024-04-02 00:00:00,Proclamation of public emergency (national level),,United States,Frank White Jr. (Jackson County Executive),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/kansas-city-missouri-county-suspected-ransomware-attack-tax-payments; https://www.jacksongov.org/Our-County/About-Us/Media-Releases/Media-Releases/2024/Jackson-County-responds-to-potential-ransomware-attack?transfer=f0bf9706-e914-43d2-85ef-b62aa85cdabc&fbclid=IwAR3cwocHE0hTIWEXpqlgLnE9JejR3p0oBY7UZGBiL8a0D7Wv9khCqi3hEJg_aem_ASAxfVxEW-T3vGnRhlhDjZKwHLivTzxwnZNrHTLFbogfFTryWk-wP1SZETTibSaX1_EPpi6ye6WGd64IzjWQA7sj; https://www.kansascity.com/news/local/article287309025.html; https://arstechnica.com/security/2024/04/missouri-county-declares-state-of-emergency-amid-suspected-ransomware-attack/; https://www.bleepingcomputer.com/news/security/jackson-county-in-state-of-emergency-after-ransomware-attack/; https://twitter.com/JacksonCountyMO/status/1775499702768959564; https://www.jacksongov.org/files/sharedassets/public/v/1/news/documents/executive-order-no-24-07.pdf; https://securityaffairs.com/161453/cyber-crime/jackson-county-missouri-ransomware.html; https://www.malwarebytes.com/blog/news/2024/04/jackson-county-hit-by-ransomware-declares-state-of-emergency; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-5th-2024-virtual-machines-under-attack/; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-april-1-april-7; https://research.checkpoint.com/2024/8th-april-threat-intelligence-report/; https://therecord.media/ransomware-tracker-the-latest-figures,2024-04-03,2024-04-17
3308,Unknown actors hit Grenadian financial institution Ariza Credit Union with a cyberattack causing unspeficied disruptions on 24 March 2024,Grenadian financial institution Ariza Credit Union experienced outages in their services due to a cyberattack on 24 March 2024.,2024-03-24,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Ariza Credit Union,Grenada,,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18622,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.computerweekly.com/de/news/366575957/Die-Cyberangriffe-der-KW13-2024-im-Ueberblick; https://caribdaily.news/article/aa7dd0ce-f815-4a78-afc9-84b868569b43,2024-04-02,2024-04-11
3306,"An active attack campaign exploits vulnerabilities in Ray, a widely used open-source AI framework, since at least 5 September 2023, affecting companies and institutions in various sectors","As discovered by the research team of Israeli cyber security firm Oligo, unknown hackers actively exploit vulnerabilities in open-source AI framework Ray since at least 5 September 2023. Accordingly, it is the first known attack campaign targeting AI Workloads actively exploited.
A Thousand of companies using the AI infrastructure are currently exposed to the campaign, hundreds have been compromised. Several sectors are already affected by active exploitation such as those of education, cryptocurrency, biopharma, medicine, video analytics and cloud services
CVE-2023-48022 is one of the vulnerabilities, which stems from Ray’s lack of authorization in the Jobs API. By exploitation, attackers can take over the computing power and leak sensitive data. As of April 2024 AI Production Workloads have been compromised and Production DB Credentials exposed, which enabled attackers to silently download or encrypt complete databases. Oligo also discovered, that attackers have stolen password hashes and accessed cloud services containing sensitive production and customer data. The research team has further identified attackers leveraging ShadowRay to compromise organizations in order to install cryptocurrency miners. Due to the scale of the attacks and the chain of events, Oligo believe the threat actors are probably part of a well-established hacking group.",2023-09-05,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,Not available - Not available - Not available - Ray,Not available; Not available; Not available; Not available, -  -  - ,Education - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - Health -  - ,Not available,Not available,Not available,,1,18440,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://research.checkpoint.com/2024/1st-april-threat-intelligence-report/; https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild,2024-04-02,2024-04-03
3305,Unknown actors compromised security cameras in an elementary and a nursery school in Japan during a cyberattack from around October 2023 creating fear of being used as a springboard for further attacks and the footage being privately used,"As disclosed by the Ministry of Internal Affairs and Communications on 31 March 2024 security cameras in an elementary and a nursery school in Japan were compromised during a cyberattack back in October 2023. As all cameras are connected IoT devices, there is fear that the intrusion could be used for further cyberattacks or that the footage is privately viewed. All elementary education is held by public schools in Japan.",2023-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available,Japan,ASIA; SCS; NEA,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,18439,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-03-31 00:00:00,State Actors: Preventive measures,Awareness raising,Japan,Ministry of Internal Affairs and Communications (Japan),,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://news.infoseek.co.jp/article/kyodo_1147053739327193946/; https://news.livedoor.com/article/detail/26145156/; https://www.fukuishimbun.co.jp/articles/-/2006990,2024-04-02,2024-04-24
3304,"Lockbit Claimed Responsibility for Attack on Torre Pacheco City Council with a ransomware attack detected on 29 March 2024, leaving the servers of the local police without access and encrypting information","The Torre Pacheco City Council was the victim of a ransomware attack detected on 29 March 2024. Due to the attack, the local police could not access their servers and found the rest of the information encrypted. The attack was allegedly aimed at the City Council information systems and may have affected the personal data of municipality residents.
Ransomware group LockBit claimed responsibility for the attack on 3 April 2024 on the group's Telegram Channel.
",2024-03-29,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Torre Pacheco City Council,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Civil service / administration,LockBit,Russia,Non-state-group,Criminal(s),1,18450,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Russia,LockBit,Russia,Non-state-group,https://www.laverdad.es/murcia/torrepacheco/hackers-mantienen-secuestrado-ayuntamiento-torre-pacheco-actuaron-20240403012833-nt.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.laverdad.es/murcia/torrepacheco/ayuntamiento-torre-pacheco-victima-ciberataque-20240401081159-nt.html; https://www.laopiniondemurcia.es/municipios/2024/03/31/ayuntamiento-torre-pacheco-sufre-ciberataque-100474480.html; https://www.orm.es/noticias-2024/el-ayuntamiento-de-torre-pacheco-denuncia-un-ciberataque-que-puede-afectar-a-datos-de-vecinos/; https://www.cope.es/actualidad/espana/noticias/ayuntamiento-torre-pacheco-sufre-ciberataque-que-afecta-sistemas-informacion-servicios-municipales-20240331_3222669; https://www.laverdad.es/murcia/torrepacheco/hackers-mantienen-secuestrado-ayuntamiento-torre-pacheco-actuaron-20240403012833-nt.html; https://www.laverdad.es/murcia/torrepacheco/hackers-mantienen-secuestrado-ayuntamiento-torre-pacheco-actuaron-20240403012833-nt.html; https://www.laverdad.es/murcia/torrepacheco/ayuntamiento-torre-pacheco-amplia-manera-indefinida-plazos-20240404004015-nt.html; https://www.orm.es/programas/plaza-publica/gomez-marmol-en-torre-pacheco-han-sufrido-un-ransomware/,2024-04-02,2024-04-29
3302,"An Anti-Russian goverment hacktivist group hacked into the systems of state-owned online prison shop JSC Kaluzhskoe, defacing their website with a photo of opposition leader Navalny, stealing data of hundreds of thousands of prisoners as well as manipulating the prices of the goods in the shop on 18 February 2024","A hacktivist group claiming to be of different nationalities, among them Russian expatriates and Ukrainians, hacked into the systems of state-owned online prison shop JSC Kaluzhskoe on 18 February 2024 as CNN reports on 1 April 2024. The hackers defaced the website with a photo of opposition leader Nawalny and his wife at a political rally added with messages reading “Long live Alexey Nawalny” and We, computer specialists, leave today’s Russia. [...] We love our country and will come back when it is free from Putin’s regime. And we will go all the way down this path“.
The group also claimed to have stolen a database containing information on hundreds of thousands of prisoners and their relatives, including their contacts. The dump also contains data on prisoners held in the Arctic penal colony, where Navalny died on 16 February 2024, two days before the breach. According to an interview with one of the hackers in CNN, the hacktivists aim at sharing the stolen data „in the hope that somebody can contact them and help understand what happened to Navalny“. Even though a CNN review found duplicate entries among the data, they still verify the authenticity. This is also approved by cyber security expert Tom Hegel. According to him, authorities needed three days for reparation of the website. 
During the hack, the group also lowered the prices in the online food shop for inmates through their access to the Russian prison system’s online commissary. On 19 February, the online prison shop JSC Kaluzhskoe disclosed on Russian social media platform VK about a technical failure leading to incorrect reflection of prices. JSC Kaluzhskoe is Russian state owned and serves 34 regions in Russia. In the online shop, family members can buy food or necessities for related inmates.",2024-02-16,2024-02-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Not available - JSC Kaluzhskoe,Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system, - Civil service / administration,Not available,Ukraine; Russia,Non-state-group,Hacktivist(s),1,18437; 18437; 18437; 18437,2024-04-01 00:00:00; 2024-04-01 00:00:00; 2024-04-01 00:00:00; 2024-04-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available,Russia; Russia; Ukraine; Ukraine,Not available; Not available; Not available; Not available,Ukraine; Russia; Ukraine; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://edition.cnn.com/2024/03/31/politics/navalny-russian-prisoner-database-hack/index.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.infobae.com/america/mundo/2024/04/01/tras-la-muerte-de-navalny-hackers-rusos-robaron-una-base-de-datos-con-informacion-sobre-cientos-de-miles-de-presos/; https://eltiempolatino.com/2024/04/01/internacional/rusia-reporta-cyberataque-navalny/; https://www.rferl.org/a/russia-navalny-hackers-prisoner-database-stolen-anti-kremlin/32886625.html; https://edition.cnn.com/2024/03/31/politics/navalny-russian-prisoner-database-hack/index.html; https://vk.com/wall-126576485_2535; https://www.fr.de/politik/system-netzwerk-russland-tod-alexej-nawalny-rache-hacker-angriff-foto-gefaengnis-92931913.html; https://www.fr.de/politik/foto-gefaengnis-system-netzwerk-russland-tod-alexej-nawalny-rache-hacker-angriff-92931913.html; https://therecord.media/hackers-claim-to-breach-russia-prosecutor-general-database; https://www.fr.de/politik/hacker-angriff-foto-gefaengnis-system-netzwerk-russland-tod-alexej-nawalny-rache-92931913.html,2024-04-02,2024-04-29
3301,Unknown threat actors stole data from the Spanish political party Podemos in March 2024,"Unknown threat actors conducted a cyber attack on the Spanish political party Podemos and stole data on party members and other financial data on the party’s economic management in March 2024. The stolen are not related to political or strategic matters. The attack is currently under further investigation by Technological Investigation Group of the Madrid Judicial Police Brigade. The attack was launched from an IP address in Moldova. However, political motives are not yet known. 
",2024-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,Podemos,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Political parties,Not available,Not available,Not available,,1,18436,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://es.paperblog.com/los-ahogados-en-tarragona-son-un-joven-de-15-anos-y-un-turista-aleman-que-intento-rescatarle-8515280/; https://www.infobae.com/espana/agencias/2024/03/29/podemos-sufre-un-ciberataque-que-provoca-el-robo-de-datos-de-inscritos-y-de-gestion-economica-del-partido/; https://www.elpais.cr/2024/03/29/espana-podemos-sufre-un-ciberataque-que-provoca-el-robo-de-datos-de-inscritos-y-de-gestion-economica-del-partido/; https://timis.es/podemos-sufre-un-ciberataque-con-robo-de-datos/; https://electomania.es/en/podemos-sufre-un-ciberataque-que-provoca-el-robo-de-datos-de-inscritos-y-de-gestion-economica-del-partido/; https://www.eldiario.es/politica/policia-investiga-ciberataque-robo-datos-inscritos-gestion-economica-partido_1_11246602.html,2024-04-02,2024-04-03
3299,"Pro-Russian hacktivis group NoName057(16) conducted DDoS attacks against Luxembourgian municipalities, 26 March 2024","On 26 March 2024, the websites of several Luxembourgian municipalities as well as the news website of the Luxembourgian ""Tageblatt"" were inaccessible for several hours due to a DDoS attack from pro-Russian hacktivis group NoName057(16). The websites of Differdange, Vianden, Diekirch, and Ettelbruck were listed by NoName057(16) as targets. The group linked its actions to Luxembourg's continued support to Ukraine in its defence against Russia. ""Tageblatt"" was hacked for their articles being without respect for the actions of the hacking group.",2024-03-26,2024-03-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Tageblatt - Municipality Ettelbruck - Municipality Differdange - Municipality Vianden,Luxembourg; Luxembourg; Luxembourg; Luxembourg,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Media - State institutions / political system - State institutions / political system - State institutions / political system, - Civil service / administration - Civil service / administration - Civil service / administration,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,18393,2024-03-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/2937,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.lessentiel.lu/fr/story/luxembourg-les-hackers-sen-prennent-desormais-aux-communes-103072998; https://t.me/noname05716eng/2937; https://www.tageblatt.lu/headlines/hacker-mit-polit-agenda-ein-cybersecurity-experte-ueber-den-angriff-auf-luxemburg/; https://www.lessentiel.lu/fr/story/cyberattaque-les-hackers-pro-russes-ne-lachent-pas-le-luxembourg-103072236; https://www.dhnet.be/regions/luxembourg/2024/03/22/plusieurs-sites-gouvernementaux-victimes-dune-cyberattaque-au-grand-duche-de-luxembourg-G3J3U54N25GCNG7XJTSFOJVYH4/,2024-03-28,2024-04-02
3298,"Unnamed hackers stole 8.8GB of data from Indian military, government, and energy sector in March 2024 ","According to a March 2024 report from EclecticIQ, various targets within the Indian Air Force, as well as government and private energy companies, were the victims of data theft as part of a phishing campaign in early 2024. The hackers used a modified version of the open-source information stealer HackBrowserData and likely utilised documents gained in a previous hack in January 2024, believed to have been perpetrated by the same actors, as lures by posing as officials of the Indian Air Force. This phishing campaign enabled the theft of 8.8GB worth of documents. Victims included Indian energy companies, as well as governmental agencies involved in national defence, IT services, and electronic communications. According to EclecticIQ, the data obtained from the private companies included financial documents, as well as information related to business activities.

",2024-03-07,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,India; India,ASIA; SASIA; SCO - ASIA; SASIA; SCO,State institutions / political system - Critical infrastructure,Government / ministries - Energy,Not available,Not available,Unknown - not attributed,,1,18397,2024-03-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,EclecticIQ,EclecticIQ,Netherlands,Not available,Not available,Unknown - not attributed,https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/india-infostealer-government-energy-sector-espionage; https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign; https://therecord.media/lindy-cameron-ncsc-british-high-commissioner-india,2024-03-28,2024-04-12
3300,Unknown hackers disrupted systems of Intermarché-Mestdagh supermarkets in Belgium through ransomware attack on 24 March 2024,"The internal services of several dozen supermarkets, formerly led under the Mestdagh brand, in Belgium were disrupted as the result of a ransomware attack on 24 March 2024, according to Belgian media and the supermarket chain Intermarché.
According to Intermarché, which acquired the Mestdagh stores in early 2023, no personal data was accessed during the incident. The ransomware attack led to the disruption of services for several stores, affecting delivery services and orders, leading to stock shortages for certain goods. The company filed a criminal complaint with regulatory authorities. Operations were expected to return to normal by 29 March.",2024-03-24,2024-03-24,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Intermarché,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Food,Not available,Not available,Non-state-group,Criminal(s),1,18396,2024-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://www.retaildetail.be/nl/news/food/cyberaanval-op-mestdagh-winkels-van-intermarche/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.retaildetail.be/nl/news/food/cyberaanval-op-mestdagh-winkels-van-intermarche/; https://www.lecho.be/entreprises/grande-distribution/les-ex-mestdagh-repris-par-intermarche-victimes-d-une-cyberattaque/10536000.html; https://www.computerweekly.com/de/news/366575957/Die-Cyberangriffe-der-KW13-2024-im-Ueberblick,2024-03-28,2024-04-02
3294,Chinese State-Sponsored Hacking Group APT40 attacked New Zealand’s Parliament in 2021,"The Chinese state-sponsored hacking group APT40 attacked New Zealand’s Parliament in 2021. New Zealand’s Minister of Defence Judith Collins, who is also responsible for the country’s signals intelligence agency, disclosed the intrusion on 26 March 2024.
Based on findings of the nation’s Government Communications Security Bureau (GCSB), APT40 targeted both the Parliamentary Service and Parliamentary Counsel Office in 2021. New Zealand's National Cyber Security Centre (NCSC), which operates under the GCSB, became aware of the breach in August 2021. According to the GCSB, the threat actor gained access to files related to government affairs but did not obtain sensitive information. Instead, the group appeared focused on collecting technical insights that may facilitate further infiltrations.
The disclosure of the campaign was coordinated with statements from the UK and the US calling out malicious cyber activities targeting democratic processes and organisations attributed to Chinese state-affiliated actors. Minister Collins noted that the campaign appeared to be the first to target New Zealand's democratic institutions. Senior officials at the Ministry of Foreign Affairs addressed concerns about these China-nexus activities with the Chinese ambassador. A spokesperson of the Chinese Embassy rejected the representations of the New Zealand government, noting that the embassy had lodged serious démarches with relevant New Zealand’s authorities.",2021-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Parliamentary Service (New Zealand) - Parliamentary Counsel Office (New Zealand),New Zealand; New Zealand,OC - OC,State institutions / political system - State institutions / political system,Legislative - Legislative,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",,1,18299,2024-03-26 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Governments Communications Security Bureau (New Zealand),Not available,New Zealand,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",https://www.ncsc.govt.nz/news/ncscs-response-to-the-pco-and-parliamentary-service-cyber-incident/,Unknown,Unknown,,Unknown,,1,2024-03-26 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,New Zealand,Judith Collins (New Zealand’s Minister of Defence),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,1,2021-08-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,New Zealand,Government Communications Security Bureau (GCSB),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://archive.is/aK7aW; https://www.ncsc.govt.nz/news/ncscs-response-to-the-pco-and-parliamentary-service-cyber-incident/; https://www.beehive.govt.nz/release/parliamentary-network-breached-prc; https://www.beehive.govt.nz/release/concerns-conveyed-china-over-cyber-activity; https://www.bbc.co.uk/news/uk-politics-68654533; https://www.aljazeera.com/news/2024/3/25/us-uk-sanction-alleged-china-based-hackers-for-targeting-voters-critics?traffic_source=rss; https://www.bbc.co.uk/news/world-us-canada-68659095; http://nz.china-embassy.gov.cn/eng/zyxw/202403/t20240326_11270841.htm; https://www.infobae.com/america/mundo/2024/03/26/nueva-zelanda-denuncio-que-un-grupo-chino-respaldado-por-el-regimen-de-xi-jnping-hackeo-el-parlamento/; https://www.infobae.com/america/agencias/2024/03/26/nueva-zelanda-dice-que-su-parlamento-sufrio-en-2021-un-ciberataque-vinculado-a-china/; https://www.infobae.com/america/agencias/2024/03/26/nueva-zelanda-dice-que-su-parlamento-sufrio-en-2021-un-ciberataque-vinculado-a-china/; https://www.mundiario.com/articulo/internacional/tercer-pais-acusa-china-haber-cometido-ciberataque/20240326175948302870.html; https://www.rnz.co.nz/news/chinese/512719/judith-collins; https://www.rts.ch/info/monde/2024/article/le-royaume-uni-accuse-la-chine-de-cyberattaques-contre-ses-elus-et-institutions-28449724.html; https://www.heise.de/news/Cyberangriff-auf-Wahlkommission-Grossbritannien-und-USA-sanktioneren-Chinesen-9666239.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.kochinews.co.jp/article/detail/731695; https://ici.radio-canada.ca/rci/zh-hans/%E6%96%B0%E9%97%BB/2060279/%E8%8B%B1%E5%9B%BD%E6%8C%87%E8%B4%A3%E4%B8%AD%E5%9B%BD%E7%BD%91%E7%BB%9C%E6%94%BB%E5%87%BB%E8%AE%AE%E5%91%98; https://news.mt.co.kr/mtview.php?no=2024032616250510819; https://www.birgun.net/haber/yeni-zelanda-dan-siber-saldiri-aciklamasi-cin-devleti-destekli-517048; https://www.elnacional.cat/es/internacional/eeuu-reino-unido-acusan-china-estar-detras-varios-ciberataques-han-sufrido_1185174_102.html; https://new.qq.com/rain/a/20240326A069M000; https://securityaffairs.com/161081/apt/uk-new-zealand-china-cyber-operations.html; https://www.haber7.com/dunya/haber/3409946-cinden-ingiltere-ve-yeni-zelandaya-siber-saldiri; https://fr.news.yahoo.com/p%C3%A9kin-nie-%C3%AAtre-derri%C3%A8re-cyberattaques-091626330.html; https://news.sbs.co.kr/news/endPage.do?news_id=N1007587761; https://www.theguardian.com/technology/2024/mar/26/china-cyber-attacks-are-increasing-western-analysts-warn; https://www.swissinfo.ch/spa/china-tilda-de-%22infundadas%22-acusaciones-de-ciberataques-a-nueva-zelanda-y-reino-unido/74339770; https://www.ilfattoquotidiano.it/2024/03/26/usa-gran-bretagna-e-nuova-zelanda-accusano-la-cina-di-gravi-attacchi-informatici-pechin-calunnie-dannose/7491763/; https://www.voachinese.com/a/us-sanctioned-and-indicted-hackers-linked-with-chinese-government-20240325/7542001.html; https://www.nikkei.com/article/DGXZQOGM260QW0W4A320C2000000/; https://www.lapresse.ca/international/asie-et-oceanie/2024-03-26/washington-londres-et-wellington/pekin-nie-etre-derriere-les-cyberattaques.php; https://www.01net.com/actualites/vague-cyberattaques-royaume-uni-etats-unis-epinglent-hackers-chinois.html; https://www.voachinese.com/a/nz-govt-says-chinese-state-sponsored-group-hacked-parliament-20240325/7542285.html; https://www.infobae.com/economist/2024/03/27/que-hacer-con-la-masiva-campana-de-ciberespionaje-de-china/; https://www.clarin.com/mundo/ataques-ciberneticos-londres-acusa-china-hackear-datos-40-millones-britanicos-califican-amenaza-seguridad-nacional_0_5QOCbYsQ34.html; https://www.elpais.com.uy/mundo/ciberataques-tensan-mas-la-relacion-china-occidente; https://www.infobae.com/economist/2024/03/27/que-hacer-con-la-masiva-campana-de-ciberespionaje-de-china/; https://securityaffairs.com/161269/breaking-news/security-affairs-newsletter-round-465-by-pierluigi-paganini-international-edition.html; https://new.qq.com/rain/a/20240326A068GC00; https://www.hstoday.us/subject-matter-areas/cybersecurity/new-zealand-joins-us-uk-netherlands-alleging-chinese-cyber-espionage/; https://new.qq.com/rain/a/20240402A00R3900; https://www.voachinese.com/a/china-accuses-us-of-cyber-attacks-20240402/7552972.html; https://english.elpais.com/economy-and-business/2024-04-08/chinese-overproduction-in-clean-energy-the-new-source-of-friction-between-the-us-and-china.html; https://www.ruralnewsgroup.co.nz/rural-news/rural-general-news/govt-praised-for-handling-of-china-over-cyber-attacks; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/; https://www.rnz.co.nz/news/chinese/515693/article,2024-03-26,2024-03-28
3295,Unknown hackers hijacked digital workspaces of Nancy-Metz education authority and Lille education authority (Nord) on 22 March 2024,"Unknown hackers hijacked several user accounts of digital workspaces (ENT) used by the Nancy-Metz education authority and the Lille education authority (Nord) on 22 March 2024. Around 30 accounts on the ENT messaging portal of the Nancy-Metz education authority were hacked, facilitating the distributing of threatening emails over the weekend, during the night of 23-24 March. As a precaution, several schools were evacuated on the following Monday, 25 March. In addition, the messaging function was deactivated to restrict the sending of further messages. 
At the Lille education authority (Nord), the digital workspaces of 15 schools were compromised. Through these platforms, the perpetrators threatened to attack 122 institutions. In response, the messaging function was deactivated to prevent the spread of threatening messages. Classes at the schools of the Lille education authority (Nord) continued under increased security measures. 
On 20 March, digital workspaces of French high schools across departments of the Île-de-France region were hacked to spread violent messages. At the time, self-proclaimed Islamic State affiliates assumed responsibility for the intrusion.",2024-03-22,2024-03-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking with Misuse,Lille Education Authority (Nord) - Nancy-Metz Education Authority,France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,18300,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,45.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-03-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lobservateur.fr/nord-attentat-vigipirate/; https://www.zdnet.fr/actualites/les-attaques-informatiques-contre-les-ent-continuent-dans-le-nord-39965140.htm; https://tout-metz.com/menace-attentat-etablissements-scolaires-lorraine-evacues-2024-841295.php; https://www.la-croix.com/france/comment-lutter-contre-les-menaces-numeriques-qui-touchent-lycees-et-colleges-20240324; https://www.lobservateur.fr/https-www-lobservateur-fr-https-www-lobservateur-fr-nord-menaces-dattentats-sur-les-ent-un-lycee-denaisien-est-concerne/,2024-03-26,2024-04-19
3296,Unknown hackers extracted $16M from CurioInvest ecosystem through smart contract exploit on 23 March 2024 ,Unknown hackers conducted a smart contract exploit against the CurioInvest ecosystem on 23 March 2024. The threat actors generated one billion unauthorised Curio Governance Tokens (CGT) with an estimated value of $16 million. Initial investigations suggest the exploit was enabled by a permission access logic vulnerability affecting a MakerDAO-based smart contract linked to the Ethereum blockchain.,2024-03-23,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,CurioInvest,Switzerland,EUROPE; WESTEU,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18321,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,16000000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://koinbulteni.com/altcoin-projesine-16-milyon-dolarlik-istismar-saldirgan-1-milyar-token-basti-215643.html; https://twitter.com/curio_invest/status/1771635979192774674?s=20; https://twitter.com/CyversAlerts/status/1772216818645565673?s=20,2024-03-26,2024-03-28
3293,Unknown threat actor exploited old Dolomite Exchange contract And Stole $1.8 Million Worth Of Crypto Assets On 20 March 2024,"An unknown threat actor targeted the Dolomite Exchange protocol on 20 March 2024, the company confirmed on social media. According to a report from blockchain security platform CertiK, an old Dolomite Exchange contract from 2019 for Ethereum had been targeted through an approval exploit, resulting in a loss of approximately $1.8 million worth of cryptocurrency. 
Following the incident, Dolomite announced a settlement with the threat actor, who returned 90% of the stolen funds in exchange for retaining the remaining 10%.",2024-03-20,2024-03-20,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Dolomite Exchange.io,Not available,,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18295,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,180000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://cointelegraph.com/news/old-dolomite-exchange-contract-suffers-1-8-million-loss-from-approval-exploit?ref=news.risky.biz; https://twitter.com/Dolomite_io/status/1771922337912291607,2024-03-25,2024-04-02
3292,Lockbit ransomware group compromised employee account of US pharmaceutical company Crinetics Pharmaceuticals potentially stealing data in March 2024,"Crinetics Pharmaceuticals, a Nasdaq-listed pharmaceutical development company based in San Diego, California, is investigating an incident after the LockBit ransomware gang claimed to have stolen data from the company. The company discovered suspicious activity in an employee's account, immediately disabled it, initiated a cyber incident response procedure, brought in outside forensic experts and also notified law enforcement. While the company appeared on the LockBit leak site together with a $4 million ransom demand set to expire on 23 March, Crinetics at the time of reporting had not confirmed whether the incident involved ransomware or resulted in data theft.",2024-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Crinetics Pharmaceuticals,United States,NATO; NORTHAM,Critical infrastructure,Health,LockBit,Not available,Non-state-group,Criminal(s),1,18294,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Non-state-group,https://x.com/H4ckManac/status/1769700040161820847?s=20,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit; https://x.com/H4ckManac/status/1769700040161820847?s=20,2024-03-25,2024-03-28
3291,Unknown actors deployed StrelaStealer in two large-scale campaigns to obtain email credentials from various EU and US industries in 2023 and 2024,"Unit 42, Palo Alto Networks' threat intelligence division, on 22 March 2024 released findings from an investigation of two recent campaigns leveraging the StrelaStealer malware in autumn of 2023 and January 2024, which targeted email credentials across various industries. Since its emergence in 2022, StrelaStealer has been deployed in a series of large-scale exploitation attempts. Unit 42 observed peaks around 7 November 2023 and 29 January and 6 February 2024, with over 100 organisations impacted in the EU and US. Affected industries included technology, finance, professional and legal services, manufacturing, state government, energy, insurance, and construction. Unit 42 did not disclose the specific sector distribution for the 100 compromised organisations. Upon execution, the malware sends email credentials to a remote command-and-control (C2) server. 
Using spear-phishing emails containing malicious scripts as zipped attachments and adopting obfuscation techniques in the latest StrelaStealer iteration observed in January 2024, the treat actors behind the campaign continue to involve their tools with added emphasis on avoiding detection. ",2023-11-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,United States; EU (region); United States; United States; EU (region); United States; United States; EU (region); EU (region); EU (region),NATO; NORTHAM -  - NATO; NORTHAM - NATO; NORTHAM -  - NATO; NORTHAM - NATO; NORTHAM -  -  - ,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - State institutions / political system - State institutions / political system - Critical infrastructure - Critical infrastructure,Energy -  - Critical Manufacturing -  - Energy - Finance - Government / ministries - Government / ministries - Critical Manufacturing - Finance,Not available,Not available,Not available,,1,18293,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,51-200,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://unit42.paloaltonetworks.com/strelastealer-campaign/; https://securityaffairs.com/161022/cyber-crime/strelastealer-malware-eu-us.html; https://www.01net.com/actualites/strelastealer-malware-voleur-donnees-fait-ravages.html; https://www.heise.de/news/StrelaStealer-Malware-will-E-Mail-Zugangsdaten-von-mehr-als-100-Organisationen-9665204.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/over-100-us-and-eu-orgs-targeted-in-strelastealer-malware-attacks/; https://securityaffairs.com/161269/breaking-news/security-affairs-newsletter-round-465-by-pierluigi-paganini-international-edition.html,2024-03-25,2024-03-28
3290,Unknown threat group targeted Monmouth College in Illinois with ransomware on 14 December 2022,"An unknown threat group targeted Monmouth College in the US state of Illinois with ransomware on 14 December 2022, according to a data breach notification filed with the General Attorney's Office in Maine and California in March 2024. 
The notification stated that the attacker accessed the school's system on 6 December 2022. According to the breach notification, the incident resulted in the compromise of personal data of almost 44,737 people. Affected information included names, and numbers of driving licences and other ID cards. ",2022-12-06,2022-12-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,Monmouth College (IL),United States,NATO; NORTHAM,Education,,Not available,Not available,Not available,,1,18292,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/illinois-county-gov-college-hit-with-ransomware; https://apps.web.maine.gov/online/aeviewer/ME/40/41823236-e91a-43cc-9b28-6d69d4f5e166.shtml; https://oag.ca.gov/system/files/Monmouth%20Notice%20Letter%20-%20CA%20Sample.pdf,2024-03-25,2024-03-28
3289,Medusa ransomware group targeted administration of Henry County in Illinois on 18 March 2024,"According to a media report by The Record citing the director of the local Emergency Management Office, the administration of Henry County in the US state of Illinois fell victim to a ransomware attack on 18 March 2024. The incident response team disconnected multiple impacted county government systems to contain the intrusion. 
The ransomware group Medusa claimed responsibility for the attack on its leak site and requested a ransom of $500,000.",2024-03-18,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Henry County Government (IL),United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,18296,2024-03-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://twitter.com/DarkWebInformer/status/1770889617362895074,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-03-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/illinois-county-gov-college-hit-with-ransomware; https://twitter.com/DarkWebInformer/status/1770889617362895074; https://therecord.media/tarrant-county-texas-ransomware-attack-medusa,2024-03-25,2024-04-04
3288,Sub-cluster of Russian APT Sandworm allegedly deployed AcidPour wiper against Ukrainian telecommunication providers since 13 March 2024,"According to a report by SentinelOne from 21 March 2024, a sub-cluster of the Russian GRU-led group Sandworm deployed a wiper against Ukrainian targets. Dubbed AcidPour, the malware is an updated version of AcidRain, which was used in a campaign against satellite broadband provider Viasat that targeted modems linked to the KA-SAT network and affected entities in Ukraine and beyond in 2022. The SentinelOne researchers stated that their observation coincided with reported disruptions at the four Ukrainian Internet service providers Triacom, Misto TV, Linktelecom, and KIM, which experienced connectivity outages since 13 March. Solntsepek, a group suspected to operate as a front of the Russian military intelligence service GRU, claimed responsibility for interfering with the telecommunication companies via Telegram on 13 March. CERT-UA tracks Solntsepek under the name UAC-0165. An official source at Ukraine's State Service of Special Communications and Information Protection identified UAC-0165 as a sub-cluster of Sandworm.
",2024-03-13,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Critical infrastructure; Other,Telecommunications; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,State,,2,18998; 18999,2024-03-21 00:00:00; 2024-03-13 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,"SentinelOne; Solntsepek < Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",; Not available,United States; Russia,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Solntsepek < Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia,State; Non-state-group,https://cyberscoop.com/russian-military-intelligence-may-have-deployed-wiper-against-multiple-ukrainian-isps/; https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://cyberscoop.com/russian-military-intelligence-may-have-deployed-wiper-against-multiple-ukrainian-isps/; https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/; https://therecord.media/massive-missile-russian-barrage-internet-outages-blackouts; https://research.checkpoint.com/2024/25th-march-threat-intelligence-report/; https://i-hls.com/archives/123212; https://arstechnica.com/security/2024/03/never-before-seen-data-wiper-may-have-been-used-by-russia-against-ukraine/,2024-03-22,2024-04-29
3287,Self-proclaimed Islamic State affiliates hijacked digital workspaces of French high schools spreading violent messages on 20 March 2024,"Self-proclaimed affiliates of the terrorist organisation Islamic State gained access to digital workspaces of French high schools across departments of the regions Île-de-France, Hauts-de-France and Grand Est and spread violent messages on 20 March 2024. In a statement regarding the incident, the French Ministry of Education put the number of affected institutions at about 20. Media reports spoke of up to 30 targeted schools. The hackers distributed messages containing threats of terrorist attacks against the schools, as well as videos displaying decapitations. An investigation was opened by the Paris Public Prosecutor's Office. ",2024-03-20,2024-03-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Hijacking with Misuse,Not available,France,EUROPE; NATO; EU(MS); WESTEU,Education,,Not available,Not available,Non-state-group,Terrorist(s),1,18297,2024-03-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,,System / ideology,Unknown,,Unknown,,1,2024-03-21 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,France,Ministry of Education (France),No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-03-21 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Procureure de la République de Paris (Parquet de Paris),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.usine-digitale.fr/article/des-lycees-francais-vises-par-une-cyberattaque-leurs-eleves-menaces-de-mort.N2210208; https://www.leveil.fr/paris-75000/actualites/menaces-de-bombe-enquete-ouverte-par-le-parquet-de-paris-ce-que-l-on-sait-des-cyberattaques-contre-des-lycees_14472615/; https://actu.fr/ile-de-france/sevres_92072/menaces-terroristes-dans-des-lycees-des-hauts-de-seine-quelles-mesures-de-securite-mises-en-place_60847354.html; https://www.lechorepublicain.fr/rambouillet-78120/actualites/cyberattaque-terroriste-dans-des-lycees-la-region-ile-de-france-a-depose-plainte_14472541/; https://www.charentelibre.fr/societe/terrorisme/des-centaines-de-lyceens-menaces-d-attentat-et-de-decapitation-apres-des-piratages-de-comptes-ent-19040018.php; https://fr.style.yahoo.com/menaces-terroristes-vid%C3%A9os-choquantes-quels-165643355.html; https://www.euronews.com/2024/03/22/french-pm-promises-to-track-down-hackers-who-sent-threatening-messages-to-schools,2024-03-22,2024-04-19
3286,Website of German city of Fürth affected by DDoS for second time in ten days on 21 March 2024,"The website of the German city of Fürth was affected by a DDoS attack for the second time in ten days on 21 March 2024. A spokesperson said that the administration recorded 1,43 million website requests on that day, which was accessible again in the afternoon. Whether the two incidents are connected had not been confirmed at the time of reporting. The spokesperson considered the proximity more likely to be a coincidence. ",2024-03-21,2024-03-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,City of Fürth,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,,Not available,Not available,Not available,,1,18298,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.infranken.de/lk/fuerth/internetseite-der-stadt-fuerth-erneut-ziel-von-cyber-attacke-das-zweite-mal-innerhalb-weniger-tage-art-5847486,2024-03-22,2024-03-28
3285,LockBit ransomware deployed against US city of Jacksonville Beach during 22-29 January 2024,"The city of Jacksonville Beach in the US state of Florida disclosed in a data breach notification, submitted on 20 March 2024, that personal information of 48,949 people was compromised during a ransomware incident dated to 22-29 January 2024. The notification letter disclosed that the city detected the data breach on 22 February and that threat actors were suspected to have acquired names and social security numbers from city databases. In February, the LockBit ransomware group added Jacksonville Beach to its victim list.",2024-01-22,2024-01-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,City of Jacksonville Beach (USA),United States,NATO; NORTHAM,State institutions / political system,,LockBit,Not available,Non-state-group,Criminal(s),1,18301,2024-02-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,LockBit,Not available,Not available,LockBit,Not available,Non-state-group,https://therecord.media/jacksonville-beach-municipalities-hit-by-cyberattacks,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/jacksonville-beach-municipalities-hit-by-cyberattacks; https://jacksonvillebeach.org/CivicAlerts.aspx?AID=204; https://t.me/Venari_By_BetterCyber/7212; https://therecord.media/st-cloud-hit-with-ransomware-florida-string; https://research.checkpoint.com/2024/1st-april-threat-intelligence-report/,2024-03-22,2024-03-28
3284,Pro-Russian hackers NoName057(16) conducted DDoS attacks against websites of public and private entities in Luxembourg on 21 March 2024,"On 21 March 2024, websites of government as well as private entities located in Luxembourg were affected by DDoS attacks, according to a press release by the government of Luxembourg. Prime Minister Luc Frieden activated a crisis unit, led by the Minister of Digitalisation Stéphanie Obertin as the prime minister was attending to state business in Brussels at the time of the incident. The pro-Russian hacktivist group NoName057(16) claimed responsibility, referring to Luxembourg's support of Ukraine. ",2024-03-21,2024-03-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,Not available,Luxembourg,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,18302,2024-03-21 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://www.lessentiel.lu/fr/story/les-sites-a-larret-cyberattaque-au-luxembourg-une-signature-pro-russe-et-des-questions-103068791; https://www.wort.lu/politik/luxemburg-wehrt-sich-gegen-erste-groessere-cyberattacke/9603373.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2024-03-21 00:00:00,EU member states: Executive reactions,,Luxembourg,Luc Frieden (Luxembourg’s Prime Minister) ,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.lessentiel.lu/fr/story/luxembourg-cyberattaque-contre-le-luxembourg-la-cellule-de-crise-convoquee-103068690; https://chronicle.lu/category/ict/49077-pm-mobilises-crisis-response-as-ddos-attack-hits-luxembourg-state-websites; https://www.lessentiel.lu/fr/story/les-sites-a-larret-cyberattaque-au-luxembourg-une-signature-pro-russe-et-des-questions-103068791; https://www.wort.lu/politik/luxemburg-wehrt-sich-gegen-erste-groessere-cyberattacke/9603373.html; https://www.lavenir.net/regions/luxembourg/2024/03/26/on-en-sait-plus-sur-la-cyberattaque-qui-a-touche-plusieurs-sites-gouvernementaux-au-grand-duche-TEXZSTBLYRFF7HDFXNVLIOMUIE/; https://www.lessentiel.lu/fr/story/le-ctie-mobilise-bataille-des-nerfs-au-luxembourg-pour-repondre-a-la-cyberattaque-103068863; https://www.lessentiel.lu/fr/story/cyberattaque-les-hackers-pro-russes-ne-lachent-pas-le-luxembourg-103072236,2024-03-22,2024-03-28
3283,"China-based threat actor UNC5174 facilitated compromise of organisations across Hong Kong, Southeast Asia, UK, and US beginning in late October 2023","The China-based threat actor UNC5174, believed to operate the persona 'Uteus', exploited a variety of vulnerabilities to develop access to a range of organisations across Hong Kong, Southeast Asia, the UK, and the US beginning in late October 2023, Mandiant assessed with medium confidence on 21 March 2024.
Mandiant discovered the exploitation of a vulnerability in the F5 BIG-IP Traffic Management User Interface (CVE-2023-46747) in late October 2023. At the end of 2023, the threat actor attempted to sell access to US defence contractor appliances, government entities in the UK and institutions in Asia that had been infiltrated through this vulnerability. In addition to this vulnerability, UNC5174 also exploited a vulnerability in Connectwise ScreenConnect (CVE-2024-1709) in February 2024. Independently of these two vulnerabilities, the threat actor also exploited other vulnerabilities, including a software flaw in Atlassian Confluence (CVE-2023-22518), through a Linux kernel exploit (CVE-2022-0185) and an Zyxel firewall OS command injection vulnerability (CVE-2022-3052). UNC5174 used the SNOWLIGHT downloader, the GOREVERSE backdoor, the GOHEAVY tunneler tool and the SUPERSHELL framework.
Targets included Southeast Asian and US research and educational institutions and businesses, charities and non-governmental organisations in Hong Kong, and government organisations in the United States and the United Kingdom in October, November 2023, and February 2024.
Mandiant attributed the incident to the hacker persona Uteus, who claimed on unnamed forums on 21 February 2024 to have successfully hacked Connectwise ScreenConnect devices allegedly belonging to hundreds of organisations worldwide, but primarily in the United States and Canada. Uteus is believed to be based in China and to have been part of the hacktivist collective ""Dawn Cavalry"" until mid-2023. Mandiant, which tracks the actor as UNC5174, deems they operate as contractor for the Chinese Ministry of State Security to develop initial access.",2023-10-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available,Southeast Asia (region); United States; United Kingdom; United States; Hong Kong, - NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - ASIA,Critical infrastructure; Education - State institutions / political system - State institutions / political system - Critical infrastructure; Education - Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,Research;  - Government / ministries - Government / ministries - Research;  - Advocacy / activists (e.g. human rights organizations); ; ,Uteus < UNC5174,China,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,1,19001,2024-03-21 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,Mandiant,United States,Uteus < UNC5174,China,Non-state-group,https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise; Exploit Public-Facing Application; External Remote Services,System Shutdown/Reboot,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/chinese-government-hacker-exploiting-bugs-to-target-defense-government-sectors; https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect; https://www.govinfosecurity.com/likely-chinese-hacking-contractor-quick-to-exploit-n-days-a-24693,2024-03-22,2024-04-29
3281,Unknown threat actors attacked municipal administration of Nuit Saint Georges in France with ransomware on 15 March 2024,"On 15 March 2024, unknown actors targeted the municipal administration of Nuit Saint Georges in France with ransomware, taking its servers offline. Digital operations were gradually restored by 19 March, including telephone services. The municipality engaged the local CSIRT for the Bourgogne-Franche-Comté region to assist with the recovery of data.",2024-03-15,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Municipal Administration of Nuit Saint Georges,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Non-state-group,Criminal(s),1,18304,2024-03-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lemondeinformatique.fr/actualites/lire-telex-microsoft-cree-une-division-ia-la-commaunute-de-communes-de-nuit-saint-georges-piratees-intel-recoit-8-5-md-$-de-subventions-93294.html; https://france3-regions.francetvinfo.fr/bourgogne-franche-comte/cote-d-or/la-communaute-de-communes-de-nuits-saint-georges-cible-d-une-violente-cyberattaque-une-rancon-demandee-2942661.html; https://france3-regions.francetvinfo.fr/bourgogne-franche-comte/cote-d-or/la-communaute-de-communes-de-nuits-saint-georges-cible-d-une-violente-cyberattaque-une-rancon-demandee-2942661.html; https://www.ccgevrey-chambertin-et-nuits-saint-georges.com/2024/03/19/panne-systemes-dinformation/,2024-03-21,2024-04-29
3280,Unknown threat group targeted Colombian Caldas University Hospital with ransomware on 19 March 2024,"On 19 March 2024, an unknown threat group targeted the Colombian Caldas University Hospital with ransomware, the hospital disclosed in a statement on social media.
The Columbian Minister of Information and Communication Technologies, Mauricio Lizcano, also confirmed the incident on social media. According to the minister's statement, the incident extended to the hospital's entire technological infrastructure and resulted in the encryption of two on-premises and ten cloud servers.
In its notification, the hospital reported that the threat actors gained access to the hospital's network through a management platform. The hospital was able to continue provision of healthcare services with minor adjustments. 
The hospital reported the incident to the cybercrime units of the Attorney General's Office and the SIJIN (Seccional de Investigación Criminal) and sought counsel from the Ministry of Science and Technology.",2024-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Caldas University Hospital,Colombia,SOUTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,18375,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-03-20 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Colombia,Mauricio Lizcano (Columbian Minister of Information and Communication Technologies),No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-03-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Colombia,Office of the Attorney General of Colombia (Fiscalía General de la Nación),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lapatria.com/manizales/hackearon-sistema-del-hospital-de-caldas-mintic-mauricio-lizcano-confirma-el-ataque; https://twitter.com/MauricioLizcano/status/1770228603072237952?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1770228603072237952%7Ctwgr%5E98e8c06f4b1b3a196977ea5f152fe68b3f0b9724%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.lapatria.com%2Fmanizales%2Fhackearon-sistema-del-hospital-de-caldas-mintic-mauricio-lizcano-confirma-el-ataque; https://twitter.com/JuanFel05014756/status/1770245567135818002/photo/1; https://twitter.com/SES_HUC/status/1770455627678077407; https://www.lapatria.com/manizales/hackearon-sistema-del-hospital-de-caldas-mintic-mauricio-lizcano-confirma-el-ataque,2024-03-21,2024-03-28
3282,Unknown actor flooded website of German city of Rheinberg with spam on 19 March 2024,"According to the German newspaper Rheinische Post, an unknown actor targeted the website of the German City of Rheinberg with bogus entries to the event calendar and other online forms on 19 March 2024. The incident was disclosed during a meeting of the city council on 19 March 2024. The content of the website was restored by 20 March 2024.",2024-03-19,2024-03-20,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking with Misuse,City of Rheinberg,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18303,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://rp-online.de/nrw/staedte/rheinberg/rheinberg-internetseite-der-stadt-wird-opfer-einer-cyberattacke_aid-109216093,2024-03-21,2024-03-28
3279,Unknown threat actor targeted Belgian pharmaceutical chain Goed on 18 March 2024,"According to a statement by a company spokesperson in Belgian media, an unknown threat actor targeted the Belgian pharmaceutical chain Goed on 18 March 2024. Goed detected an unauthorised transfer of data out of its networks and the encryption of files during the night of 18-19 March.
Goed's 35 home care stores in Belgium and approximately 90 pharmacies continued operations while reporting delays in deliveries.
",2024-03-18,2024-03-19,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Goed,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,18378,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://archive.ph/BD9cF#selection-2557.0-2557.4; https://www.goed.be/nl/technische-storing,2024-03-20,2024-03-28
3278,Unknown threat actors breached US lender Nations Direct Mortgage on 30 December 2023,"Nations Direct Mortgage, a US lender, experienced a data breach on 30 December 2023. According to filings with regulators in Maine and California, compromised data included client names, addresses, social security numbers, and unique Nations Direct loan numbers. Aside from the unauthorised access to this data, the company reported that no evidence that any information had been removed or exfiltrated was detected.",2023-12-30,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Nations Direct Mortgage ,United States,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18379,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/nations-direct-mortgage-data-breach; https://myndm.com/notice-of-potential-data-breach/; https://research.checkpoint.com/2024/25th-march-threat-intelligence-report/,2024-03-19,2024-03-28
3277,Unknown hackers hijacked Instagram profile of Italian Prime Minister Giorgia Meloni to spread financially motivated spam around 17 March 2024,"The personal Instagram accout of Italian Prime Minister Giorgia Meloni was hijacked while the politician was returning from a state visit to Egypt on 17-18 March 2024. The unknown actors used access to the profile page to post a misleading message that referenced a faked announcement ostensibly by Elon Musk promoting a give-away of bitcoins. The fraudulent actions were reversed within several minutes. The contents of the posts resurfaced, as screenshots were shared on social media.
The Prime Minister's Office confirmed the incident, emphasising that the affected Instagram account is a long-standing personal profile. The postal police initiated investigations to identify the perpetrators. ",2024-03-17,2024-03-18,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking with Misuse,Giorgia Meloni ,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,18380,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-03-18 00:00:00,EU member states: Stabilizing measures,Statements by heads of state/head of government (or executive official),Italy,Prime Minister Office (Italy),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2024-03-18 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Italy,Polizia di Stato/State Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.laprovinciadivarese.it/hackerato-il-profilo-instagram-di-giorgia-meloni-un-attacco-informatico-con-contenuti-fake-su-elon-musk-e-bitcoin-345213/; https://www.wired.it/article/giorgia-meloni-profilo-instagram-attacco-informatico/; https://www.bigodino.it/spettacolo/e-successo-anche-lei-giorgia-meloni-brutte-notizie-per-la-premier-quello-che-e-successo-preoccupa.html; https://www.tpi.it/politica/meloni-profilo-instagram-hacker-bitcoin-elon-musk-202403181090328/; https://www.blitzquotidiano.it/politica-italiana/giorgia-meloni-attacco-hacker-al-suo-profilo-instagram-pubblicati-contenuti-fake-su-elon-musk-3612583/; https://tg24.sky.it/cronaca/2024/03/17/attacco-hacker-instagram-giorgia-meloni; https://www.affaritaliani.it/politica/hackerato-il-profilo-instagram-di-giorgia-meloni-907286.html; https://www.ansa.it/sito/notizie/politica/2024/03/17/attacco-hacker-al-profilo-instagram-di-meloni_0eb30f82-041e-4da7-b42f-491a07f4c1cb.html; https://www.ilfattoquotidiano.it/2024/03/17/hackerato-il-profilo-instagram-della-premier-meloni-pubblicati-una-storia-e-un-post-con-una-scritta-su-elon-musk/7482541/; https://www.leggo.it/politica/news/meloni_attacco_hacker_profilo_instagram_cosa_sta_succedendo_ultima_ora_oggi_17_3_2024-8001082.html; https://www.unionesarda.it/politica/pirati-informatici-in-azione-hackerato-il-profilo-instagram-di-giorgia-meloni-jtp2xuw7; https://systemscue.it/profilo-instagram-giorgia-meloni-hackerato-ecco-cosa-e-successo/45036/; https://notizie.virgilio.it/hackerato-il-profilo-instagram-ufficiale-di-giorgia-meloni-post-su-elon-musk-e-bitcoin-accertamenti-in-corso-1611120; https://www.fanpage.it/politica/hackerato-laccount-instagram-di-giorgia-meloni-storia-e-profilo-fake-di-elon-musk/,2024-03-19,2024-03-28
3276,Chinese APT Earth Krahang breached 70 organizations in 23 countries since at least 2022,"According to investigations of Trend Micro, the Chinese APT Earth Krahang has breached 70 organizations and targeted at least 116 across 45 countries. The campaign traces to early 2022 and focused primarily on government organisations. Of the 48 compromised government organisations, 10 of which have been identified as ministries of foreign affairs. An additional 49 government agencies were reported as targeted. Confirmed victims include entities in Mexico, Brazil, Guyana, Paraguay, the United Kingdom, Hungary, Egypt, Jordan, South Africa, India, Pakistan, Uzbekistan, Kyrgyzstan, Vietnam, Thailand, Indonesia, the Philippines and the Republic of Korea. The threat actor leverages access to government infrastructure to target other government entities, abusing the infrastructure to host malicious payloads, proxy attack traffic, and send spear-phishing emails to government-related targets using compromised government email accounts. Earth Krahang was further observed as setting up VPN connections from compromised public-facing servers to develop access into private victim networks and as performing brute-force attacks to obtain email credentials. These credentials are then used to exfiltrate victim emails. Noting overlaps in the victimology and command and control infrastructure used by Earth Krahang and Earth Lusca Trend Micro surmised that the two groups may be intrusion sets operated by the same Chinese contractor, I-Soon.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"India; Brunei; Korea, Republic of; Indonesia; South Africa; Malaysia; Uzbekistan; Kyrgyzstan; Paraguay; Jordan; United Kingdom; Thailand; Mexico; Egypt; Philippines; Brazil; Vietnam; Pakistan; Guyana; Hungary",ASIA; SASIA; SCO - ASIA; SCS - ASIA; SCS; NEA - ASIA; SCS; SEA - AFRICA; SSA - ASIA; SCS; SEA - ASIA; CENTAS; SCO - ASIA; CENTAS; CSTO; SCS - SOUTHAM - ASIA; MENA; MEA - EUROPE; NATO; NORTHEU - ASIA; SEA -  - MENA; MEA; AFRICA; NAF - ASIA; SCS; SEA - SOUTHAM - ASIA; SCS; SEA - ASIA; SASIA; SCO -  - EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education,Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance;  - Government / ministries; Transportation; Advocacy / activists (e.g. human rights organizations); ; ; Military; Health; Telecommunications; Finance; ,Earth Krahang (I-Soon),China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18381,2024-03-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,Trend Micro,United States,Earth Krahang (I-Soon),China,"Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Phishing; Trusted Relationship; Valid Accounts,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,10.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,70.0,21-50,23.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Diplomatic / consular law; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/; https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html; https://securityaffairs.com/160702/apt/earth-krahang-apt.html; https://www.wired.com/story/apple-m-chip-flaw-leak-encryption-keys/; https://securityaffairs.com/161016/breaking-news/security-affairs-newsletter-round-464-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/25th-march-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/dinodasrat-malware-targets-linux-servers-in-espionage-campaign/; https://www.govinfosecurity.com/dinodasrat-backdoor-targeting-linux-machines-worldwide-a-24748; https://securityaffairs.com/161255/malware/linux-variant-dinodasrat-backdoor.html; https://research.checkpoint.com/2024/29676/; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html,2024-03-19,2024-04-22
3275,Unknown threat actors breached Japanese technology company Fujitsu ,"Unknown threat actors hacked the Japanese technology company Fujitsu, according to a statement by the business on 15 March 2024. The company reported the discovery of malware on several work stations. A preliminary internal investigation assessed that files containing personal data and customer-related information may have been exfiltrated. Fujitsu informed potentially affected individuals and reported the breach to Japan's Personal Information Protection Commission.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Fujitsu,Japan,ASIA; SCS; NEA,Critical infrastructure; Critical infrastructure,Telecommunications; Critical Manufacturing,Not available,Not available,Not available,,1,18399,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.clubic.com/actualite-521748-fujitsu-confirme-avoir-ete-pirate.html; https://pr.fujitsu.com/jp/news/2024/03/15-1.html; https://arstechnica.com/security/2024/03/fujitsu-says-it-found-malware-on-its-corporate-network-warns-of-possible-data-breach/; https://securityaffairs.com/160682/hacking/fujitsu-suffered-cyberattack.html; https://therecord.media/fujitsu-malware-statement-customer-data; https://www.bleepingcomputer.com/news/security/fujitsu-found-malware-on-it-systems-confirms-data-breach/; https://digital-magazin.de/fujitsu-hack-wirft-fragen-auf-kunden-und-personaldaten-moeglicherweise-entwendet/; https://cybeout.com/2024/03/fujitsu-conferma-che-e-stato-violato/; https://www.linformaticien.com/magazine/cybersecurite/61839-victime-d-un-malware-fujitsu-soupconne-un-vol-de-donnees.html; https://securityaffairs.com/161016/breaking-news/security-affairs-newsletter-round-464-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/25th-march-threat-intelligence-report/; https://www.heise.de/news/Cyberangriff-auf-Yacht-Anbieter-Daten-von-Vans-gestohlen-Fujitsu-prueft-Vorfall-9662901.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag,2024-03-19,2024-04-02
3274,Australian Cryptocurrency platform Mozaic suffered theft of $2 million on 15 March 2024,"Mozaic, a project offering AI-enabled tools for optimising cross-chain yield farming as well as a cryptocurrency of the same name, announced that an internal developer gained access to the private keys for a security module by compromising the data of a core team member, allowing them to drain funds from the service amounting to roughly $2.4 million. Divestment of an institutional investor holding a significant Mozaic position, following the sale of the stolen funds and sudden depreciation of Mozaic, led to a cascading price drop of temporarily more than 65%. Following notifications by some IT security companies, transfers involving the stolen assets have been identified, and related funds have been frozen, allowing for a partial recovery. Mozaic announced that it had identified the responsible individual, terminated their employment and was pursuing charges.",2024-03-15,2024-03-15,Attack on critical infrastructure target(s),,,Hijacking with Misuse,Mozaic Finance Limited,Australia,OC,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18420,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Trusted Relationship; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,0.0,dollar,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-03-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Australia,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Mozaic_Fi/status/1768754080271196178,2024-03-18,2024-04-02
3273,INC Ransom Hit Scottish NHS Dumfries & Galloway With Cyber Attack In March  2024,"INC Ransom, a ransomware group, breached systems of a section of the National Health Service (NHS) serving Scotland's southernmost region of Dumfries and Galloway in March 2024. An official notification by NHS Dumfries and Galloway broadly alluded to potential disruptions of services and indicated the possibility that sensitive data allowing for the identification of patients and staff may have been compromised. In collaboration with Police Scotland, the National Cyber Security Centre, and the Scottish Government, rapid response protocols have been activated to mitigate the impact and conduct an investigation of the incident, focused on identifying the perpetrators and evaluating the extent of compromised data. At the end of March, INC Ransom published screenshots of confidential patient data on its leak website, stating that it would leak more patient information if a ransom was not paid; the NHS acknowledged the legitimacy of the data and released a statement condemning the leak of data in response.",2024-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,NHS Dumfries and Galloway,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Health,INC Ransomware group,Not available,Non-state-group,Criminal(s),1,18421,2024-03-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,INC Ransomware group,Not available,Not available,INC Ransomware group,Not available,Non-state-group,https://securityaffairs.com/161143/data-breach/inc-ransom-hacked-national-health-service-of-scotland.html; https://www.bleepingcomputer.com/news/security/inc-ransom-threatens-to-leak-3tb-of-nhs-scotland-stolen-data/,Unknown,Not available,,Not available,,1,2024-03-15 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,United Kingdom,"Neil Gray (Cabinet Secretary for NHS Recovery, Health and Social Care, Scotland)",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,1,2024-03-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,Police Service of Scotland,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.facebook.com/NHSDG/posts/pfbid0PeU3eDAoMmcrAmQKFkW4gkW9uzSu4H4YKQFCHVxecCC89DjQ2yEv9dnQUEfaRfnxl; https://therecord.media/scottish-nhs-cyberattack-healthcare-dumfries-galloway; https://www.digitalhealth.net/2024/03/nhs-dumfries-and-galloway-hit-by-focused-and-ongoing-cyber-attack/; https://www.computing.co.uk/news/4187471/concerns-about-compromise-nhs-dumfries-galloway-attack; https://www.digitalhealth.net/2024/03/nhs-dumfries-and-galloway-hit-by-focused-and-ongoing-cyber-attack/; https://www.publictechnology.net/2024/03/22/defence-and-security/scottish-minister-cites-need-for-cyber-investment-as-attack-hits-nhs-staff-and-patient-data/; https://securityaffairs.com/161143/data-breach/inc-ransom-hacked-national-health-service-of-scotland.html; https://www.bleepingcomputer.com/news/security/inc-ransom-threatens-to-leak-3tb-of-nhs-scotland-stolen-data/; https://therecord.media/healthcare-ransomware-data-breach-nhs-scotland; https://www.heise.de/news/Nach-Cyberangriff-auf-schottische-Gesundheitsbehoerde-erste-Daten-veroeffentlicht-9671652.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://research.checkpoint.com/2024/1st-april-threat-intelligence-report/; https://securityaffairs.com/161269/breaking-news/security-affairs-newsletter-round-465-by-pierluigi-paganini-international-edition.html,2024-03-18,2024-04-02
3272,Unknown actors targeted Scranton School District in Pennsylvania with ransomware on 14 March 2024,"The Scranton School District in the US state of Pennsylvania fell victim to a ransomware attack on 14 March 2024, conducted by an unidentified actor. Several computer systems and services were temporarily disrupted. On the day the incident was detected, classes had to be delayed by two hours for the 10,000 students across the 15 schools in the district.
",2024-03-14,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Scranton School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,18444,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/160542/cyber-crime/scranton-school-district-ransomware-attack.html; https://therecord.media/pennsylvania-scranton-school-district-ransomware-attack; https://securityaffairs.com/160586/breaking-news/security-affairs-newsletter-round-463-by-pierluigi-paganini-international-edition.html,2024-03-18,2024-04-03
3271,Unknown Threat Actors Compromised Email Accounts Of  International Monetary Fund (IMF) On 16 February 2024,"Unknown threat actors gained unauthorized access to eleven email accounts of the International Monetary Fund's (IMF) on 16 February 2024. While the breach did not extend to senior leadership accounts, the IMF refrained from disclosing specific details regarding the incident, including possible attribution findings and accessed information, for security reasons.",2024-01-01,2024-02-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking without Misuse,International Monetary Fund (IMF) ,United States,NATO; NORTHAM,International / supranational organization,,Not available,Not available,Not available,,1,18445,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty; International economic law; International organizations,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/imf-february-cyberattack-email-accounts-compromised; https://www.bleepingcomputer.com/news/security/international-monetary-fund-email-accounts-hacked-in-cyberattack/; https://www.elindependiente.com/economia/2024/03/15/fmi-revela-sufrio-ciberataque-cuentas-correo-febrero/; https://www.imf.org/en/News/Articles/2024/03/15/pr2488-imf-investigates-cyber-security-incident; https://www.elmanana.com/noticias/internacional/fmi-confirma-incidente-cibernetico/5824091; https://www.larazon.es/economia/fmi-confirma-haber-sufrido-ciberataque-febrero-que-comprometio-11-cuentas-correo-electronico-entidad_2024031865f845a4649e3a00016c23e0.html; https://www.zonamovilidad.es/ciberataque-golpea-fmi; https://www.centralbanking.com/fintech/cyber/7960990/imf-hit-by-cyber-attack; https://securityaffairs.com/160641/hacking/international-monetary-fund-email-compromise.html; https://www.noticiasde.es/espana/el-fmi-ha-confirmado-que-fue-victima-de-un-ciberataque/; https://www.bolsamania.com/noticias/empresas/economia--el-fmi-confirma-haber-sufrido-un-ciberataque--16451389.html; https://www.elmanana.com/noticias/internacional/fmi-confirma-incidente-cibernetico/5824091; https://www.larazon.es/economia/fmi-confirma-haber-sufrido-ciberataque-febrero-que-comprometio-11-cuentas-correo-electronico-entidad_2024031865f845a4649e3a00016c23e0.html; https://www.noticiasde.es/espana/el-fmi-ha-confirmado-que-fue-victima-de-un-ciberataque/; https://www.bolsamania.com/noticias/empresas/economia--el-fmi-confirma-haber-sufrido-un-ciberataque--16451389.html; https://www.zonamovilidad.es/ciberataque-golpea-fmi; https://securityaffairs.com/161016/breaking-news/security-affairs-newsletter-round-464-by-pierluigi-paganini-international-edition.html,2024-03-18,2024-04-03
3270,ShinyHunters allegedly obtained AT&T customer data between 2019 and 2021 leaking over 73 million records on 17 March 2024,"According to researchers of vx-underground, a data archive of 73 million records linked to US telecommunication company AT&T was leaked to the Breached hacking forum on 17 March 2024. Independent reviews by vx-underground and the privacy advocacy group RestorePrivacy could not immediately confirm whether the data originated directly from AT&T or a third-party compromise but verified the authenticity of the stolen data. The data contains AT&T customer information, including names, phone numbers, physical addresses, email addresses, social security numbers, and dates of birth.
A user by the pseudonym 'MajorNelson' offered the data for sale, claiming that the information was obtained from an unnamed AT&T division in 2021 by the hacking group ShinyHunters. In August 2021, ShinyHunters had advertised a cache with information of about 70 million AT&T customers, asking for $1 million for the entire database or $200,000 for access. 
First AT&T declared that the data did not appear to have come from its systems with respect to both the March 2024 and August 2021 attempts at selling the data. Then on 30 March 2024 AT&T acknowledged, with regard to the data leak on 2024, that customer information has been compromised and that the data stems from AT&T specific fields, yet it is still unclear whether it was a breach of AT&T or of one of its vendors. However, they say that the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. According to the company the leaked data also contains passcodes of the current customers.
Though the company did not link the leak in 2024 to the yet-to-aknowledge-breach of AT&T by ShinyHunters in 2021, analyses of Bleeping Computer determine that both leaks contain the same information.
AT&T is facing multiple class action lawsuits after admitting to a massive data breach that exposed the sensitive information of 73 million current and former customers. The lawsuits have been filed since 1 April 2024.",2021-01-01,2024-03-17,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft & Doxing; Hijacking with Misuse,AT&T,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,ShinyHunters,Not available,Non-state-group,Criminal(s),1,18741,2021-08-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,ShinyHunters,Not available,Not available,ShinyHunters,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-04-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,U.S. District Court for the Northern District of Texas,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html; https://www.heise.de/news/Datenleck-70-Millionen-Datensaetze-von-AT-T-frei-im-Netz-verfuegbar-9657772.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/att-says-leaked-data-of-70-million-people-is-not-from-its-systems/; https://research.checkpoint.com/2024/25th-march-threat-intelligence-report/; https://arstechnica.com/tech-policy/2024/04/att-acknowledges-data-leak-that-hit-73-million-current-and-former-users/; https://www.euronews.com/business/2024/04/01/att-admits-huge-data-leak-affects-millions-of-customers; https://www.kejixun.com/article/642402.html; https://securityaffairs.com/161269/breaking-news/security-affairs-newsletter-round-465-by-pierluigi-paganini-international-edition.html; https://www.aljazeera.com/news/2024/3/31/us-firm-att-says-data-of-73-million-customers-leaked-on-dark-web?traffic_source=rss; https://securityaffairs.com/161244/data-breach/att-confirmed-data-breach-73m-people.html; https://eltiempolatino.com/2024/03/31/tecnologia/att-revelo-que-los-datos-de-73-millones-de-cuentas-fueron-filtrados-en-la-dark-web/; https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/; https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/; https://www.aarp.org/espanol/hogar-familia/tecnologia/info-2024/filtracion-datos-att.html; https://new.qq.com/rain/a/20240403A08QZP00; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-april-1-april-7; https://securityaffairs.com/161685/data-breach/att-data-breach-51m-customers.html; https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/; https://securityaffairs.com/161806/breaking-news/security-affairs-newsletter-round-467-by-pierluigi-paganini-international-edition.html; https://apps.web.maine.gov/online/aeviewer/ME/40/3778e1fc-2ed5-461d-9cc5-df15c07f687c.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/3778e1fc-2ed5-461d-9cc5-df15c07f687c/ef55bebb-fd3e-4ef8-8bef-42a097ae7963/document.html; https://research.checkpoint.com/2024/15th-april-threat-intelligence-report/; https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-april-8-april-14; https://therecord.media/telecom-giant-frontier-cyberattack-sec,2024-03-18,2024-04-17
3267,Unknown threat actors targeted website of Philippines House of Representatives with DDoS attacks on 13 March 2024,"Unknown threat actors targeted the website of the Philippines' House of Representatives with DDoS attacks on 13 March 2024, the Office of the Secretary-General of the House of Representatives confirmed in a press statement. The statement noted that the attack peaked shortly before 3pm PST. ",2024-03-13,2024-03-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,House of Representatives (Philippines),Philippines,ASIA; SCS; SEA,State institutions / political system,Legislative,Not available,Not available,Not available,,1,18449,NaT,Not available,Not available,Not available,Not available,,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-03-14 00:00:00,State Actors: Legislative reactions,Stabilizing statement by member of parliament,Philippines,House of Representatives (Philippines),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.philstar.com/headlines/2024/03/15/2340754/house-website-suffers-cyberattack-anew; https://www.congress.gov.ph/press/details.php?pressid=12978; https://businessmirror.com.ph/2024/03/14/house-website-receives-541-66-m-ddos-attacks/,2024-03-15,2024-04-03
3268,Websites linked to City Council of Ahome in Mexico defaced on 7 March 2024,"Two websites associated with the City Council of Ahome in Mexico were defaced on 7 March 2024. A hacker, identifying as 'Ik4ru T3nso' in the statements posted on the defaced websites, announced intentions to target six additional websites linked to the city council that the municipality's IT team were able to protect. On the two affected websites, the hacker posted a ransom note, asking for a Bitcoin payment in exchange for returning control over the sites. No ransomware appears to have been deployed as part of the operation. The city authorities restored access within several hours. No ransom was paid.",2024-03-07,2024-03-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking with Misuse,City Council of Ahome,Mexico,,State institutions / political system,Civil service / administration,Ik4ru T3nso,Not available,Non-state-group,Criminal(s),1,18448,2024-03-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Ik4ru T3nso,Not available,Not available,Ik4ru T3nso,Not available,Non-state-group,https://lineadirectaportal.com/sinaloa/hackers-atacan-sitios-del-ayuntamiento-de-ahome-secuestran-dos-de-las-ocho-paginas-oficiales-2024-03-07__1070086,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://lineadirectaportal.com/sinaloa/hackers-atacan-sitios-del-ayuntamiento-de-ahome-secuestran-dos-de-las-ocho-paginas-oficiales-2024-03-07__1070086; https://www.ahome.gob.mx/portal-de-alcaldia-de-ahome-esta-seguro-tras-ataque-cibernetico/; https://losnoticieristas.com/post/559955/portal-del-ayuntamiento-de-ahome-esta-seguro-tras-ataque-cibernetico/,2024-03-15,2024-04-03
3269,Unknown threat actor hijacked social media accounts of Culture and Arts Corporation of Chilean Municipality of Rancagua on 13 March 2024,"Unknown threat actor hijacked social media accounts of partner and the website of the Culture and Arts Corporation in the Chilean municipality of Rancagua on 13 March 2024, regional media outlets reported. Affected social media accounts included those of the partner institutions Casa de la Cultura, Teatro Regional Lucho Gatica, Centro Cultural Oriente, Espacio Cultural La Merced and Centro Cultural y Teatro Baquedano.
",2024-03-13,2024-03-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Centro Cultural Oriente (Rancagua) - Luco Gatica Regional Theater (Rancagua) - Casa de la Cultura (Rancagua) - Centro Cultural y Teatro Baquedano (Rancagua) - Culture and Arts Corporation (RRSS) of the Municipality of Rancagua - Espacio Cultural La Merced,Chile; Chile; Chile; Chile; Chile; Chile,SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system; State institutions / political system,Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration; Civil service / administration,Not available,Not available,Not available,,1,18447,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www-diarioelpulso-cl.translate.goog/2024/03/13/hackeo-afecta-las-cuentas-de-rrss-de-la-corporacion-y-las-artes-de-la-municipalidad-de-rancagua/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp,2024-03-15,2024-04-03
3266,Anonymous Sudan conducted DDoS attack against websites of Alabama government on 13 March 2024,"The self-styled hacktivist group Anonymous Sudan claimed to have launched DDoS attacks against the websites of several government organisations of the US state of Alabama on 13 March 2024. In addition to other unnamed victims, affected websites and related online services included those of the State of Alabama, the Alabama Office of Information Technology, the Alabama Law Enforcement Agency, and the Alabama Supercomputer Authority. According to estimates of the connectivity monitoring company Netscout, disruptions of the websites lasted between 5-10 minutes. The Alabama Office of Information Technology (OIT) noted that some websites could experience slowed down service as mitigation measures were brought online.",2024-03-13,2024-03-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,State of Alabama - Alabama Office of Information Technology - Alabama Law Enforcement Agency - Alabama Supercomputer Authority,United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Civil service / administration - Police - Civil service / administration,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),1,18614,2024-03-12 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Russia,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,https://t.me/xAnonymousSudan/815,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://whnt.com/news/alabama-news/governors-office-some-state-websites-affected-in-cyber-attack/; https://www.cnn.com/2024/03/13/tech/alabama-cyber-incidents-hnk-intl/index.html; https://thecyberexpress.com/anonymous-sudan-unleashes-infrashutdown/; https://t.me/xAnonymousSudan/815; https://www.lavoixdunord.fr/1439397/article/2024-03-11/cyberattaque-massive-en-cours-dans-plusieurs-ministeres-revendiquee-par-des; https://noticiassin.com/francia-sufre-ciberataque-reivindicado-por-un-grupo-prorruso-1601305/; https://www.laprensalatina.com/france-suffers-unprecedented-cyber-attack-claimed-by-pro-russian-group/; https://eju.tv/2024/03/francia-registra-ataques-informaticos-de-una-intensidad-inedita-en-varios-ministerios/; https://eju.tv/2024/03/francia-registra-ataques-informaticos-de-una-intensidad-inedita-en-varios-ministerios/; https://www.lavoixdunord.fr/1439479/article/2024-03-11/qui-se-cache-derriere-anonymous-sudan-ces-hackers-qui-revendiquent-la; https://laverdaddemonagas.com/2024/03/11/francia-se-encuentra-bajo-un-fuerte-ciberataque/; https://www.notizie.it/attacco-hacker-in-francia-intensita-senza-precedenti/; https://www.ilgiornale.it/news/cronaca-internazionale/francia-attacco-hacker-senza-precedenti-ai-siti-statali-2295310.html; https://es-us.noticias.yahoo.com/francia-registra-ataques-inform%C3%A1ticos-intensidad-192607250.html; https://www.charentelibre.fr/france/cyberattaque-d-ampleur-contre-plusieurs-ministeres-francais-18925115.php; https://www.humanite.fr/social-et-economie/cyberattaque/france-travail-quatre-questions-pour-comprendre-la-cyberattaque-qui-concerne-43-millions-de-personnes; https://new.qq.com/rain/a/20240312A03CG600; https://www.yahoo.com/news/governor-office-state-websites-affected-222605411.html; https://www.apr.org/news/2024-03-14/some-alabama-websites-hit-by-denial-of-service-computer-attack; https://www.leparisien.fr/societe/parcoursup-en-panne-juste-avant-lheure-limite-pour-valider-des-voeux-03-04-2024-CMXUR3B4KFGOFJRYEE3GPYIILI.php; https://therecord.media/ransomware-tracker-the-latest-figures,2024-03-14,2024-04-16
3265,French governmental employment agencies targeted in data theft affecting up to 43 million people,"France Travail, the French governmental agency for employment, and Cap Emploi, an agency for employment assistance for people with disabilities, were the victims of a data theft by unknown actors between 6 February and 5 March 2024.
According to France Travail, a technical investigation was initiated which indicated that personal data including names, phone numbers, social security numbers and dates of births, France Travail identification numbers, and email/postal addresses of up to 43 million people were stolen, including people that had been registered with the agency over the past 20 years. France Travail reported the incident to the French data protection authority CNIL. A preliminary investigation has been opened by the Paris Public Prosecutor's Office and entrusted to the Cybercrime Brigade of the Paris Judicial Police Directorate.",2024-02-06,2024-03-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Cap emploi - France Travail,France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,18850,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,2,2024-03-13 00:00:00; 2024-03-17 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France; France,Procureure de la République de Paris (Parquet de Paris); Procureure de la République de Paris (Parquet de Paris),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.varmatin.com/faits-de-societe/france-travail-frappe-par-une-cyberattaque-dampleur-43-millions-de-personnes-potentiellement-concernees-909043; https://www.lavoixdunord.fr/1440184/article/2024-03-13/cyberattaque-contre-france-travail-jusqu-43-millions-de-francais-potentiellement; https://www.bfmtv.com/tech/cybersecurite/france-travail-43-millions-de-personnes-potentiellement-concernees-par-une-cyberattaque_AD-202403130628.html; https://www.lefigaro.fr/social/france-travail-victime-d-une-cyberattaque-43-millions-de-personnes-potentiellement-concernees-20240313; https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/violation-de-donnees-personnelles-france-travail-formulaire-lettre-plainte-202403; https://www.francetravail.org/accueil/communiques/2024/france-travail-et-cap-emploi-victimes-dune-cyberattaque.html?type=article; https://www.bleepingcomputer.com/news/security/french-unemployment-agency-data-breach-impacts-43-million-people/; https://www.heise.de/news/Cyberangriffe-Keine-Ehre-unter-Kriminellen-Millionen-Franzosen-betroffen-9656333.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://securityaffairs.com/160556/data-breach/france-travail-data-breach-34m-people.html; https://www.kejixun.com/article/637344.html; https://econostrum.info/cyberattaque-france-travail-profils-piratees/; https://france3-regions.francetvinfo.fr/occitanie/haute-garonne/toulouse/cyberattaque-de-france-travail-la-menace-principale-c-est-l-usurpation-d-identite-selon-le-specialiste-en-cyber-securite-baptiste-robert-2939616.html; https://www.bibamagazine.fr/lifestyle/societe/piratage-de-france-travail-faites-vous-partie-des-43-millions-de-francais-victimes-du-vol-de-leurs-donnees-personnelles-381444.html; https://www.lejdd.fr/societe/cyberattaques-en-france-lombre-de-moscou-derriere-les-offensives-143046; https://www.varmatin.com/faits-de-societe/cyberattaque-de-france-travail-des-millions-de-donnees-personnelles-subtilisees-que-faire-si-je-suis-concernee-909484; https://securityaffairs.com/160586/breaking-news/security-affairs-newsletter-round-463-by-pierluigi-paganini-international-edition.html; https://www.lavoixdunord.fr/1441942/article/2024-03-18/piratage-massif-de-france-travail-comment-savoir-si-mes-donnees-ont-ete-volees; https://fr.news.yahoo.com/cyberattaques-recrudescence-voyons-aujourd-hui-170429438.html; https://research.checkpoint.com/2024/18th-march-threat-intelligence-report/; https://www.francetvinfo.fr/internet/securite-sur-internet/cyberattaques/cyberattaque-a-france-travail-les-fuites-de-donnees-concernent-potentiellement-43-millions-de-personnes_6424585.html; https://www.humanite.fr/social-et-economie/cyberattaque/france-travail-quatre-questions-pour-comprendre-la-cyberattaque-qui-concerne-43-millions-de-personnes; https://www.liberation.fr/economie/economie-numerique/cyberattaque-de-france-travail-la-menace-principale-cest-lusurpation-didentite-20240314_34PR7OWQ7RG2XLK34L35N6CAEM/; https://www.tf1info.fr/societe/video-piratage-de-france-travail-pourquoi-l-organisme-qui-remplace-pole-emploi-et-l-anpe-conserve-t-il-vos-donnees-pendant-20-ans-2289427.html; https://fr.finance.yahoo.com/actualites/cyberattaque-france-travail-faire-cas-150241176.html; https://www.francetvinfo.fr/internet/securite-sur-internet/cyberattaques/france-travail-43-millions-de-fichiers-ont-ete-pirates-lors-d-une-cyberattaque_6424123.html; https://siliconwadi.fr/cyberattaque-france-travail-et-cap-emploi-touches-par-une-attaque-massive-43-millions-dutilisateurs-concernes/30346/; https://www.thesiteoueb.net/actualite/article-8668-cyberattaque-france-travail-43-millions-de-personnes-potentiellement-concernees.html; https://www.laprovence.com/article/france-monde/43358121071656/43-millions-de-personnes-potentiellement-concernees-par-une-cyberattaque-de-france-travail; https://www.presse-citron.net/france-travail-43-millions-dusagers-menaces-par-une-immense-cyberattaque/; https://actu.fr/societe/france-travail-victime-d-une-cyberattaque-massive-que-faire-si-mon-compte-a-ete-pirate_60815348.html; https://www.tf1info.fr/justice-faits-divers/video-reportage-tf1-cyberattaque-a-france-travail-ce-que-l-on-sait-du-piratage-massif-qui-menace-43-millions-de-francais-2289333.html; https://www.informatiquenews.fr/nouvelle-cyberattaque-massive-43-millions-de-profils-derobes-a-france-travail-98320; https://www.aladom.fr/actualites/secteur-service/10288/france-travail-ex-pole-emploi-victime-dune-cyberattaque-les-donnees-de-43-millions-de-personnes-ont-ete-potentiellement-recuperees/; https://siecledigital.fr/2024/03/14/fuite-massive-de-donnees-personnelles-apres-une-cyberattaque-contre-france-travail/; https://www.ladepeche.fr/2024/03/14/cyberattaque-contre-france-travail-ce-que-lon-sait-du-vol-massif-de-donnees-qui-concerne-les-demandeurs-demploi-de-ces-20-dernieres-annees-11825334.php; https://www.midilibre.fr/2024/03/14/43-millions-de-personnes-touchees-par-la-cyberattaque-de-france-travail-que-risquez-vous-si-vous-etes-concernes-11825181.php; https://www.sudouest.fr/faits-divers/cyberattaque-visant-france-travail-quelles-donnees-sont-concernees-comment-savoir-qui-est-touche-18952931.php; https://actu.fr/societe/france-travail-victime-d-une-cyberattaque-massive-comment-porter-plainte_60816756.html; https://www.clicanoo.re/article/societe/2024/03/14/france-travail-cible-par-une-cyberattaque-43-millions-de-personnes-potentiellement-concernees; https://www.tomsguide.fr/copilot-version-gpt-4-turbo-est-gratuit-france-travail-victime-dune-cyberattaque-cest-le-recap/; https://demarchesadministratives.fr/actualites/france-travail-victime-une-cyberattaque-les-donnees-de-43-millions-de-francais-potentiellement-concernes; https://www.phonandroid.com/ce-smartphone-huawei-peut-utiliser-les-applications-google-france-travail-victime-dune-cyberattaque-le-recap.html; https://www.sudouest.fr/redaction/cyberattaque-visant-france-travail-interview-d-emmanuel-macron-refus-d-obtemperer-hanouna-les-infos-de-ce-jeudi-matin-18953092.php; https://www.universfreebox.com/article/563247/la-police-interpelle-trois-hackers-impliques-dans-le-piratage-de-france-travail; https://fr.finance.yahoo.com/actualites/cyberattaque-contre-france-travail-trois-110700351.html; https://www.linfo.re/france/faits-divers/cyberattaque-contre-france-travail-mise-en-examen-et-incarceration-de-trois-personnes-apres-le-vol-massif-de-donnees; https://www.generation-nt.com/actualites/piratage-france-travail-fuite-donnees-arrestations-2045498; https://www.commentcamarche.net/securite/piratage/30491-piratage-france-travail-trois-suspects-interpelles-l-ampleur-de-la-fuite-se-confirme/; https://france3-regions.francetvinfo.fr/bourgogne-franche-comte/yonne/auxerre/cyberattaque-contre-france-travail-une-personne-originaire-de-l-yonne-mis-en-examen-2942604.html; https://www.boursier.com/actualites/economie/cyberattaque-contre-france-travail-ex-pole-emploi-trois-personnes-interpellees-50750.html; https://www.sudouest.fr/faits-divers/cyberattaque-visant-france-travail-trois-personnes-interpellees-les-investigations-continuent-19021955.php; https://fr.news.yahoo.com/apr%25C3%25A8s-cyberattaque-contre-france-travail-221336078.html; https://actu.fr/societe/cyberattaque-massive-de-france-travail-trois-personnes-interpellees_60838741.html; https://www.nordlittoral.fr/204599/article/2024-03-26/cyberattaque-contre-france-travail-vous-explique-pourquoi-les-donnees-des; https://www.commentcamarche.net/securite/piratage/30637-piratage-france-travail-les-donnees-derobees-en-vente-sur-un-forum-de-pirates/; https://www.01net.com/actualites/donnees-volees-hack-france-travail-vente.html; https://www.sudouest.fr/international/europe/royaume-uni/cybersecurite-le-royaume-uni-accuse-l-etat-chinois-de-cyberattaques-malveillantes-19096716.php; https://www.laprovence.com/article/economie/64450929725491/jo-2024-face-aux-cyberattaques-former-les-tpe-pme-regionales; https://www.letelegramme.fr/bretagne/face-aux-cyberattaques-ces-bretons-sont-le-premier-bouclier-de-letat-6557797.php; https://www.lesnumeriques.com/societe-numerique/intersport-touche-par-une-cyberattaque-des-donnees-sensibles-derobees-n220443.html; https://www.lemagit.fr/actualites/366580413/Cyberattaque-France-Travail-la-CGT-denonce-des-niveaux-de-securite-insuffisants; https://www.01net.com/actualites/fuites-donnees-france-4-millions-comptes-touches-2024.html; https://www.lemondeinformatique.fr/actualites/lire-sur-fond-de-cyberattaques-les-plaintes-a-la-cnil-repartent-a-la-hausse-93565.html,2024-03-14,2024-04-23
3264,Hacker 'ph1ns' stole and released employee data from Acer Philippines obtained from third-party vendor in March 2024,"Acer Philippines, a subsidiary of the Taiwanese manufacturer of computer hardware and electronics, was affected by a data breach in March 2024. The breach involved the unauthorised access to employee data due to a compromise at a third-party vendor responsible for managing the company's employee attendance data. A sample of the stolen data containing employee data from Acer Philippines was subsequently distributed on a hacker forum by a user operating under the pseudonym 'ph1ns'.
In the post from 12 March 2024, the hacker made reference to #OpEDSA, a movement that is calling for political change in the Philippines and has been targeting companies in the country. Acer representatives confirmed the breach and stated that the compromised data hailed from a breach at one of their external suppliers in the Philippines. 
The threat actor asserted that the intrusion was aimed at data theft and denied financial motives. Ph1ns claimed to not have engaged in extortion attempts against Acer and provided evidence of data deletion on the targeted servers before their access was cut off.
Acer notified local regulatory and law enforcement authorities, including the National Privacy Commission (NPC) and the Cybercrime Investigation and Coordinating Centre (CICC), which opened an investigation into the incident.",2024-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Acer Philippines - Not available,Philippines; Philippines,ASIA; SCS; SEA - ASIA; SCS; SEA,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Critical Manufacturing - ,Ph1ns,Not available,Not available,,1,19015,2024-03-12 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Ph1ns,Not available,Not available,Ph1ns,Not available,Not available,https://www.bleepingcomputer.com/news/security/acer-confirms-philippines-employee-data-leaked-on-hacking-forum/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,2.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2024-03-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Philippines,Cybercrime Investigation and Coordinating Center (CICC),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/acer-confirms-philippines-employee-data-leaked-on-hacking-forum/; https://securityaffairs.com/160432/data-breach/acer-philippines-data-breach.html; https://x.com/AcerPhils/status/1767551121629802875?s=20; https://new.qq.com/rain/a/20240314A05BZN00; https://securityaffairs.com/160586/breaking-news/security-affairs-newsletter-round-463-by-pierluigi-paganini-international-edition.html,2024-03-14,2024-04-30
3263,Unknown threat actors targeted website of German city of Fürth with DDoS attack during 9-10 March 2024,"The administration of the German city of Fürth confirmed in a social media statement that unknown threat actors had disrupted access to its websites through a DDoS attack during 9-10, March 2024. During this time, citizens were unable to access online services.",2024-03-09,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,District of Fürth - City of Fürth,Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,18717,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.csoonline.com/de/a/hackerangriff-auf-stadt-und-landkreis-fuerth,3681294; https://www.facebook.com/landkreisfuerth/posts/pfbid034d7UBZoiJKbNwfZPwkb8AdsB2yXGKPcAvj8QxHe18evhfafL1awWCskSiErSgmLJl; https://www.fuerth.de/desktopdefault.aspx/tabid-1/5_read-36782/",2024-03-13,2024-04-16
3262,Unknown threat actors targeted websites of Estonian state institutions with DDoS attacks on 9 and 10 March 2024,"Unknown threat actors targeted websites of Estonian state institutions with DDoS attacks on 9 and 10 March 2024, according to a statement by a spokesperson of the Estonian Information System Authority (RIA) cited in media reporting.
The threat actors targeted public sector websites, with sustained disruption attempts directed against the Police and Border Guard Board, the Tax and Customs Board, and the Ministry of Justice on 9 March. The spokesperson highlighted that the affected sites only faced minor disruptions or slowed-down access.",2024-03-09,2024-03-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Police and Border Guard Board (Estonia) - Not available - Tax and Customs Board (Estonia) - Ministry of Justice (Estonia),Estonia; Estonia; Estonia; Estonia,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Police - Civil service / administration - Civil service / administration - Government / ministries,Not available,Not available,Non-state-group,Hacktivist(s),1,18721,2024-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://news.postimees.ee/7977286/estonia-s-state-institutions-hit-by-largest-cyberattack-to-date,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://news.postimees.ee/7977286/estonia-s-state-institutions-hit-by-largest-cyberattack-to-date,2024-03-13,2024-04-16
3261,Unknown threat actors breached administrative systems of Belgian telecom operator edpnet in March 2024,Unknown threat actors targeted the Belgian telecom operator edpnet. The hackers were able to break into edpnet's administrative systems. Customers were subsequently unable to log into their accounts on 9 March 2024. The internet services were not affected. ,2024-03-09,2024-03-12,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Edpnet,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,18722,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.techzine.eu/news/security/117558/belgian-telecom-operator-edpnet-reports-cyber-attack-on-systems/; https://www.edpnet.be/en/press/statement-edpnet-concerning-cyber-breach.html,2024-03-13,2024-04-16
3260,Akira ransomware group targeted US Stanford University's Department of Public Safety on 12 May 2023,"The Akira ransomware group targeted US Stanford University's Department of Public Safety on 12 May 2023. The university acknowledged an intrusion in a public statement on 27 October 2023, after detecting the breach in late September. In October 2023, the Akira group claimed to have stolen 430GB of files from the systems.
A follow-on university statement from 11 March 2024 confirmed the exfiltration of data, which potentially included information on the date of birth, social security numbers, government IDs, passport numbers, and driving licence numbers. For a small subset of individuals, compromised data my also have included biometric information, health/medical details, email addresses with password, usernames with password, security questions and answers, digital signatures, and credit card information with security codes. Overall, a data breach notification filed with the Office of the Maine Attorney General put the number of affected individuals at 27,000.

",2023-05-12,2023-09-27,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Stanford University,United States,NATO; NORTHAM,Critical infrastructure; Education,Research; ,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),1,18723,2023-10-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Akira Ransomware Group,Not available,Not available,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,https://therecord.media/stanford-investigating-cyberattack-after-ransomware,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,None/Negligent,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-09-27 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/stanford-data-of-27-000-people-stolen-in-september-ransomware-attack/; https://news.stanford.edu/report/2024/03/11/update-department-public-safety-data-security-incident/; https://news.stanford.edu/report/2023/10/27/stanford-statement-department-public-safety-cybersecurity-incident/; https://apps.web.maine.gov/online/aeviewer/ME/40/252b8b97-93b8-4b95-9657-4c84bb1940f4.shtml; https://therecord.media/stanford-data-leaked-Akira-ransomware-attack; https://therecord.media/stanford-investigating-cyberattack-after-ransomware; https://securityaffairs.com/160419/cyber-crime/stanford-university-data-breach.html; https://www.tomshw.it/hardware/rubano-dati-per-4-mesi-a-una-prestigiosa-universita-prima-che-se-ne-accorgano; https://securityaffairs.com/160586/breaking-news/security-affairs-newsletter-round-463-by-pierluigi-paganini-international-edition.html; https://therecord.media/akira-ransomware-attacked-hundreds-millions; https://www.bleepingcomputer.com/news/security/fbi-akira-ransomware-raked-in-42-million-from-250-plus-victims/,2024-03-13,2024-04-16
3259,Unknown threat actors targeted computer systems of Canadian Town of Huntsville in March 2024,"Unknown threat actors targeted the computer systems of the Canadian town of Huntsville during 9-10 March 2024. Due to remediation measures, the library and the town hall remained closed to the public for one and two days, respectively.",2024-03-09,2024-03-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse; Ransomware,Huntsville,Canada,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18724,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.huntsville.ca/en/news/media-release-huntsville-cybersecurity-incident-update-march-11-2024.aspx; https://barrie.ctvnews.ca/huntsville-town-hall-library-closed-due-to-cybersecurity-attack-1.6803080; https://barrie.ctvnews.ca/huntsville-grapples-with-cyber-attack-municipal-office-closure-extends-to-2nd-day-1.6804391; https://www.baytoday.ca/local-news/huntsville-hit-by-cyber-attack-8436887; https://www.cktimes.net/news/%EC%98%A8%EC%A3%BC-%ED%97%8C%EC%B8%A0%EB%B9%8C-%EC%82%AC%EC%9D%B4%EB%B2%84%EA%B3%B5%EA%B2%A9-%ED%83%80%EA%B2%9F/; https://www.huntsville.ca/en/news/media-release-huntsville-confirms-details-of-cybersecurity-incident.aspx,2024-03-12,2024-04-16
3258,Anonymous Sudan claimed responsibility for suspected DDoS attack against Interministerial Digital Directorate of France affecting governmental institutions on 10 March 2024,"The self-styled hacktivist group Anonymous Sudan claimed responsibility for a DDoS attack directed against the Interministerial Digital Directorate of France (DINUM) on 10 March 2024. DINUM provides the backbone for digital projects of a range of governmental institutions across France. Anonymous Sudan, whose past activities have exhibited pro-Russian patterns, declared on Telegram that 17,000 IP addresses and over 300 domains were linked to DINUM services and potentially subject to access disruptions. The group claimed specifically to have targeted the websites of the Ministries of the Economy, Culture, Ecological Transition, and the Directorate General of Civil Aviation (DGAC). The Prime Minister's Office broadly noted that a number of government bodies were affected. The precise extent, including whether the DDoS attack affected non-public resources, has not been officially confirmed. To coordinate mitigation measures and restore the availability of IT services, the authorities set up a crisis cell. Access to most government sites was restored by the afternoon of 11 March.
A news article by French outlet Le Point from 16 March cited an unnamed ANSSI expert who qualified the official executive statements that the incident has been ""unprecedented"" as exaggerated. The article also made the point that the executive branch thereby gave the attackers what they wanted, which is public attention. ",2024-03-10,2024-03-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,State Inter-ministry Network (RIE) - Not available,France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system,Civil service / administration - ,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),1,18725,2024-03-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,https://t.me/xAnonymousSudan/787,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2024-03-11 00:00:00,EU member states: Stabilizing measures,Statements by heads of state/head of government (or executive official),France,Gabriel Attal (French Prime Minister),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,,0.0,euro,None/Negligent,Sovereignty,,Not available,1,2024-03-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Procureure de la République de Paris (Parquet de Paris),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://efe.com/mundo/2024-03-11/francia-ciberataque/; https://securityaffairs.com/160374/hacking/massive-cyberattacks-hit-french-government-agencies.html; https://english.elpais.com/international/2024-03-11/the-french-government-says-its-being-targeted-by-unusual-intense-cyberattacks.html; https://www.lavoixdunord.fr/1439397/article/2024-03-11/cyberattaque-massive-en-cours-dans-plusieurs-ministeres-revendiquee-par-des; https://fr.news.yahoo.com/plusieurs-services-l-etat-vis%C3%A9s-161120479.html; https://www.politico.eu/article/french-government-hit-with-cyberattacks-of-unprecedented-intensity/; https://www.lanacion.com.ar/agencias/francia-registra-ataques-informaticos-de-una-quotintensidad-ineditaquot-en-varios-ministerios-nid11032024/; https://www.lanacion.com.ar/agencias/francia-registra-ataques-informaticos-de-una-quotintensidad-ineditaquot-en-varios-ministerios-nid11032024/; https://www.francebleu.fr/infos/societe/plusieurs-services-de-l-etat-vises-par-des-attaques-informatiques-d-une-intensite-inedite-selon-le-gouvernement-8867809; https://www.rtl.fr/actu/politique/cybersecurite-des-services-de-l-etat-vises-par-une-attaque-informatique-d-ampleur-7900362182; https://www.tomsguide.fr/la-france-est-visee-par-une-cyberattaque-dune-intensite-inedite-que-se-passe-t-il/; https://www.lalsace.fr/faits-divers-justice/2024/03/11/plusieurs-services-de-l-etat-vises-par-des-attaques-informatiques-d-une-intensite-inedite; https://www.telemadrid.es/noticias/internacional/Francia-sufre-un-ciberataque-de-intensidad-inedita-reivindicado-por-un-grupo-prorruso-0-2650534971--20240311062515.html; https://www.lapatilla.com/2024/03/11/francia-sufre-ciberataque-de-gran-intensidad-reivindicado-por-un-grupo-prorruso/; https://indigobuzz.fr/2024/03/services-de-letat-attaques-massivement-anonymous-sudan-revendique-lacte.html; https://www.lemonde.fr/pixels/article/2024/03/11/des-services-de-l-etat-vises-par-plusieurs-attaques-informatiques-depuis-dimanche-annonce-matignon_6221398_4408996.html; https://www.courrier-picard.fr/id502494/article/2024-03-11/le-reseau-de-ministeres-francais-perturbe-par-des-cyberattaques-pro-russes-du; https://www.sudouest.fr/france/plusieurs-services-de-l-etat-vises-par-des-attaques-informatiques-d-une-intensite-inedite-selon-matignon-18923711.php; https://www.lemessager.fr/649313738/article/2024-03-11/plusieurs-services-de-l-etat-vises-par-une-cyberattaque-l-intensite-inedite; https://fr.news.yahoo.com/plusieurs-services-l-etat-vis%C3%A9s-162801821.html; https://www.lexpress.fr/economie/high-tech/des-cyberattaques-dune-intensite-inedite-visent-plusieurs-services-de-letat-AHKRHXSXWFGWPFGCEHVM45FLUM/; https://t.me/xAnonymousSudan/787; https://cybernews.com/news/france-government-cyberattack-anonymous-sudan/; https://www.lemonde.fr/en/france/article/2024/03/11/french-state-services-hit-by-intense-cyberattack_6608727_7.html#; https://www.reuters.com/technology/cybersecurity/french-state-hit-by-cyberattacks-unprecedented-intensity-media-reports-2024-03-11/; https://www.cronicaviva.com.pe/organismos-publicos-franceses-sufren-ataque-informatico-a-gran-escala/; https://www.cronicaviva.com.pe/organismos-publicos-franceses-sufren-ataque-informatico-a-gran-escala/; https://www.telecinco.es/noticias/internacional/20240312/red-gobierno-francia-ataques-informaticos-gran-escala_18_011943188.html; https://www.tf1info.fr/high-tech/video-tf1-cyberattaque-en-france-de-hackers-pro-russes-qui-se-cache-derriere-cette-operation-massive-contre-l-etat-francais-2289078.html; https://www.derstandard.at/consent/tcf/story/3000000211211/gro223e-cyberattacke-trifft-franz246sische-ministerien; https://www.clubic.com/actualite-521356-les-hackers-qui-ont-attaque-la-france-jouent-la-provocation-nous-nous-detendons-pendant-que.html; https://siecledigital.fr/2024/03/12/le-parquet-de-paris-ouvre-une-enquete-apres-les-cyberattaques-contre-des-ministeres/; https://dushi.singtao.ca/toronto/%E6%96%B0%E9%97%BB/%E5%8D%B3%E6%97%B6%E5%9B%BD%E9%99%85/%E6%B3%95%E6%94%BF%E5%BA%9C%E5%AE%98%E7%BD%91%E9%81%AD%E5%BC%BA%E7%83%88%E7%BD%91%E6%94%BB-%E4%BA%B2%E4%BF%84%E9%BB%91%E5%AE%A2%E7%BB%84%E7%BB%87%E6%89%BF%E8%AE%A4%E8%B4%A3%E4%BB%BB/; https://www.samanyoluhaber.com/fransa-yi-cokerten-siber-saldiriyi-bakin-kim-ustlendi-haberi/1459744/; https://news.infoseek.co.jp/article/afpbb_3509414/; https://www.heise.de/news/Frankreichs-Regierung-Ziel-von-Cyberangriffen-in-nie-dagewesener-Intensitaet-9651907.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.lalibre.be/dernieres-depeches/2024/03/12/france-une-enquete-ouverte-apres-des-attaques-informatiques-visant-plusieurs-ministeres-PK5DDR2Q3JAR7KHER5UTXG5KXM/; https://www.tahiti-infos.com/Des-attaques-informatiques-d-une-intensite-inedite-contre-plusieurs-ministeres_a222740.html; https://www.francetvinfo.fr/replay-jt/franceinfo/21h-minuit/23-heures/cyberattaque-plusieurs-services-de-l-etat-vises_6419545.html; https://talcualdigital.com/enterate-de-otras-noticias-importantes-de-este-12mar-5/; https://www.jiji.com/jc/article?k=20240312045684a&g=afp; https://www.lemagit.fr/actualites/366573234/France-une-cyberattaque-dune-intensite-inedite-aux-airs-de-tempete-dans-un-verre-deau; https://new.qq.com/rain/a/20240312A0479S00; https://www.archimag.com/vie-numerique/2024/03/12/les-services-etat-touches-par-cyberattaques-intensite-inedite; https://www.zdnet.fr/actualites/cyberattaque-massive-en-france-sur-les-services-numeriques-de-l-etat-39964872.htm; https://www.salzburg24.at/news/welt/cyberangriff-auf-franzoesische-ministerien-russische-hacker-bekennen-sich-zu-attacke-154926040; https://www.midilibre.fr/2024/03/12/anonymous-sudan-groupe-pro-russe-ce-que-lon-sait-de-la-cyberattaque-massive-qui-a-secoue-plusieurs-ministeres-11820435.php; https://www.informatiquenews.fr/dinum-une-cyberattaque-ddos-plus-mediatisee-et-politique-quhandicapante-98297; https://www.linfo.re/france/societe/france-des-attaques-informatiques-d-envergure-contre-plusieurs-services-de-l-etat; https://www.presse-citron.net/3-questions-pour-comprendre-la-cyberattaque-massive-contre-letat/; https://www.ledevoir.com/monde/europe/808814/plusieurs-services-etat-francais-vises-attaques-informatiques-intensite-inedite; https://siecledigital.fr/2024/03/12/plusieurs-ministeres-perturbes-par-une-cyberattaque-menee-par-des-hackers-pro-russes/; https://www.franceguyane.fr/actualite/france/ouverture-dune-enquete-apres-les-attaques-informatiques-qui-ont-vise-plusieurs-ministeres-978805.php; https://www.francebleu.fr/infos/societe/un-atelier-pour-sensibiliser-les-entreprises-a-la-cybersecurite-a-nancy-2350245; https://www.sudouest.fr/faits-divers/un-veritable-braquage-trois-mois-apres-ete-victime-d-une-cyberattaque-coaxis-panse-ses-plaies-18921861.php; https://www.nouvelobs.com/economie/20240312.OBS85618/une-enquete-ouverte-apres-des-cyberattaques-visant-plusieurs-ministeres.html; https://www.sudouest.fr/faits-divers/cyberattaque-visant-des-ministeres-le-parquet-de-paris-ouvre-une-enquete-18932538.php; https://www.csoonline.com/article/1313027/russia-aligned-hackers-take-down-french-state-services-in-massive-ddos-attack.html; https://www.telecomstechnews.com/news/2024/mar/12/french-government-cyber-crisis-teams-useless-against-ddos/; https://www.journaldugeek.com/2024/03/12/une-cyberattaque-dampleur-inedite-vise-les-services-de-letat-ce-que-lon-sait/; https://www.wired.it/article/cyberattacco-senza-precedenti-francia/; https://www.rtl.fr/actu/debats-societe/video-philippe-caveriviere-le-gouvernement-n-a-pas-besoin-de-hackers-pour-ralentir-la-transition-ecologique-7900362944; https://www.zdnet.fr/actualites/pourquoi-la-cyberattaque-massive-d-anonymous-sudan-a-des-airs-de-gros-souffle-mediatique-39964882.htm; https://www.krone.at/3291081; https://www.krone.at/3291082; https://www.01net.com/actualites/qui-sont-les-hackers-derriere-la-cyberattaque-contre-les-ministeres-francais.html; https://www.middleeasteye.net/fr/decryptages/anonymous-sudan-le-collectif-de-cybercriminels-qui-fait-parler-de-lui; https://www.la-croix.com/france/ingerences-etrangeres-des-cyberattaques-a-la-desinformation-une-menace-proteiforme-20240313; https://www.lefigaro.fr/conjoncture/cyberattaque-visant-l-etat-800-sites-administratifs-ont-ete-cibles-par-les-pirates-selon-stanislas-guerini-20240315; https://fr.news.yahoo.com/cyberattaques-800-sites-administratifs-vis%25C3%25A9s-202042898.html; https://fr.news.yahoo.com/cyberattaque-pro-russe-hacktivistes-financent-183400137.html; https://www.lejdd.fr/chroniques/christine-kelly-dans-le-jdd-cyberattaque-lautre-menace-contre-la-france-143155; https://fr.news.yahoo.com/cyberattaques-recrudescence-voyons-aujourd-hui-170429438.html; https://www.generation-nt.com/actualites/cyberattaque-france-ddos-800-sites-administratifs-2045400; https://www.lepoint.fr/high-tech-internet/anonymous-sudan-des-attaques-simples-pour-faire-peur-16-03-2024-2555159_47.php?ref=news.risky.biz#11; https://www.linternaute.com/actualite/education/4933334-parcoursup-la-panne-peut-elle-avoir-des-consequences-sur-les-voeux/; https://www.zdnet.fr/actualites/ddos-les-vieilles-methodes-reviennent-a-la-mode-390612.htm,2024-03-12,2024-04-16
3254,Unknown actor breached systems of Canadian town of Ponoka in 2024,"The Canadian town of Ponoka in the province of Alberta experienced an intrusion by an unauthorised third party. On 4 March, the city announced a forensic investigation to determine the impact on personal information and declared that the incident had been reported to the Royal Canadian Mounted Police.",2024-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,Town of Ponoka,Canada,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18907,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,Not available,Not available,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.ponoka.ca,2024-03-11,2024-04-24
3253,Unknown threat actors compromised sensitive CISA systems via vulnerabilities in Ivanti VPN appliances in February 2024,"In February 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) suffered a breach of two systems handling sensitive industry information. The two systems, identified to Recorded Future News by an unnamed source as the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT) on 8 March, were taken offline. The compromise, attributed to vulnerabilities in Ivanti products, specifically the Connect Secure and Policy Secure gateways, enabled access to systems containing information on the interdependence of US infrastructure and sensitive data related to chemical security plans. The breach exploited vulnerabilities in Ivanti products disclosed earlier in January. Together with other US based organisations and Five-Eyes partners, CISA had reported the active exploitation of at least three of these vulnerabilities (CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893) by a variety of threat actors in a joint cybersecurity advisory on 29 February 2024. 
The advisory highlighted the ability of certain threat actors to subvert Ivanti's internal and external Integrity Checker Tool (ICT), allowing threat actors to maintain root-level access even after a factory reset. In light of the broad exploitation of the vulnerabilities and difficulties with detecting a compromise, CISA had issued an emergency directive on 31 January, ordering all US federal civilian agencies to disconnect vulnerable Ivanti appliances. On 9 February, CISA amended the directive, noting that appliances could be connected again if patched.
As a response, Ivanti CEO Jeff Abbott published an open letter and 6-minute video to customers on 3 April 2024 pledging to overhaul how the technology-management company builds its products and the way it undertakes communication with customers about vulnerabilities.",2024-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Cybersecurity and Infrastructure Security Agency (CISA),United States,NATO; NORTHAM,State institutions / political system,"Other (e.g., embassies)",Not available,Not available,Not available,,1,18908,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",3.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise; https://securityaffairs.com/160246/hacking/us-cisa-systems-hacked.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b; https://cyberscoop.com/biden-budget-cyber-2025/; https://research.checkpoint.com/2024/11th-march-threat-intelligence-report/; https://tecnologiageek.com/ciberataque-a-la-cisa-un-recordatorio-de-la-importancia-de-la-seguridad-informatica/; https://cyberscoop.com/ivanti-linked-breach-of-cisa-potentially-affected-more-than-100000-individuals/; https://therecord.media/ivanti-security-overhaul-ceo-jeff-abbott; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://therecord.media/mitre-breached-ivanti-zero-days,2024-03-11,2024-04-30
3255,Individual hacker claimed responsibility for alleged data breach of US financial service provider Paysign on 6 March 2024,"On 6 March 2024, a hacker operating under the pseudonym 'emo' claimed to have breached US financial Service provider Paysign and stolen data 1.2 million customer records containing names, addresses, dates of birth, phone numbers and account balances. Paysign announced it was investigating the claim while stating that no disruption to services had been observed.",2024-03-06,2024-03-06,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse,Paysign,United States,NATO; NORTHAM,Critical infrastructure,Finance,Emo,Not available,Individual hacker(s),,1,18906,2024-03-07 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,Emo,Not available,Not available,Emo,Not available,Individual hacker(s),,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/paysign-investigating-reports-of-data-breach; https://research.checkpoint.com/2024/11th-march-threat-intelligence-report/,2024-03-11,2024-04-24
3256, Stormous Ransomware Group Allegedly Stole 88 GB of Data from Belgian Brewery Duvel Moortgart in Ransomware Attack Beginning on 5 March 2024,"From Tuesday night, 5 March 2024, until the following day, the operations of Duvel Moortgat, a well-known Belgian brewery, were disrupted by a ransomware attack. Stormous ransomware group claimed responsibility for targeting the brewery's IT infrastructure on its leak site. 
In response to detection alerts, the company initiated a controlled shutdown of its servers, resulting in the suspension of production at four Belgian production sites and one site in Kansas City in the United States. Stormous, a threat actor that recently entered into collaboration with the criminal collective GhostSec, announced on their leak site to have stolen 88 GB of data from Duvel Moortgat.
As of 8 March, one facility in Puurs-Sint-Amands, Belgium, had resumed production, while remaining facilities were not yet operational pending further investigation. 
In addition to the eponymous Duvel ale, Duvel Moortgat is procuding beer for the Chouffe, Vedett and Liefmans lines.",2024-03-05,2024-03-06,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Duvel Moortgat,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Food,Stormous Ransomware Group,Not available,Non-state-group,Criminal(s),1,18888,2024-03-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Stormous Ransomware Group,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Not available,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.repubblica.it/il-gusto/2024/03/08/news/pulp_kitchen_attacco_hacker_al_birrificio_duval_produzione_sospesa-422278792/; https://www.bbc.co.uk/news/technology-68512156; https://www.nieuwsblad.be/cnt/dmf20240306%5F93861112; https://x.com/H4ckManac/status/1765707886246723617?s=20; https://www.computerweekly.com/de/news/366572815/Die-Cyberangriffe-der-KW10-2024-im-Ueberblick; https://research.checkpoint.com/2024/11th-march-threat-intelligence-report/,2024-03-11,2024-04-24
3252,Unknown hackers gained access to network of South St. Paul Public Schools in Minnesota beginning at least on 4 March 2024,"Unknown hackers gained access to the network of South St. Paul Public Schools in Minnesota beginning at least on 4 March 2024, the school reported the following day after detecting the unauthorised access.",2024-03-04,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,South St. Paul Public Schools,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,19002,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.sspps.org/newsroom/family-communication/default-family-posts/~board/family-communications/post/update-on-ongoing-technology-disruptions; https://www.govtech.com/education/k-12/cyber-attack-disrupts-systems-at-south-st-paul-schools; https://www.sspps.org/newsroom/family-communication/default-family-posts/~board/family-communications/post/technology-outtage; https://www.computerweekly.com/de/news/366572815/Die-Cyberangriffe-der-KW10-2024-im-Ueberblick,2024-03-08,2024-04-29
3251,Chinese APT Evasive Panda targeted Tibetans abroad through language translation software and through attacks on Monlam Festival websites,"The China-linked APT group Evasive Panda was observed by ESET to be conducting a cyber espionage campaign starting in September 2023, which targeted Tibetans living abroad (including in India, Taiwan, Hong Kong, Australia, and the US). Researchers assessed that the pattern of websites targeted indicates that the group was/is targeting Tibetans searching for information related to the Monlam Festival, a Tibetan Buddhist religious festival.
According to ESET, Evasive Panda also gained access to the website of a company involved in Tibetan-language translation software and placed trojanized applications within the website; the website of a Tibetan news website, Tibetpost, was also abused to host the payloads obtained through the downloads from the translation software company's website.
In a report on 7 March 2024, ESET stated that Evasive Panda used a number of downloaders/droppers/backdoors, including MgBot, a custom backdoor exclusively used by Evasive Panda which pointed to the group's involvement. Additionally, a previously undocumented backdoor, Nightdoor, was used in the campaign. According to ESET, at least three websites were compromised by Evasive Panda in order to carry out supply chain and watering-hole attacks. ",2023-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Tibetpost - Not available - Not available - Kagyu International Monlam Trust,Taiwan; India; India; Australia; India; Hong Kong; United States; India,ASIA; SCS - ASIA; SASIA; SCO - ASIA; SASIA; SCO - OC - ASIA; SASIA; SCO - ASIA - NATO; NORTHAM - ASIA; SASIA; SCO,Social groups - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Social groups - Social groups - Media - Social groups - Social groups - Social groups,Ethnic -  - Ethnic - Ethnic -  - Ethnic - Ethnic - Ethnic,Daggerfly/Evasive Panda/Bronze Highland,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,19004,2024-03-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,ESET,Slovakia,Daggerfly/Evasive Panda/Bronze Highland,China,"Non-state actor, state-affiliation suggested",https://www.eset.com/int/about/newsroom/press-releases/research/china-aligned-evasive-panda-leverages-religious-festival-to-target-and-spy-on-tibetans-eset-research-discovers-1/?utm_source=awin&utm_medium=affiliate&awc=15751_1709906726_d1e9113fdbaeec213f00997ba3c529c3,System / ideology; Autonomy; Resources,System/ideology; Autonomy; Resources,China (Tibet); China (Tibet); China (Tibet),Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise; Supply Chain Compromise,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/tibetans-targeted-in-china-linked-espionage-campaign; https://www.eset.com/int/about/newsroom/press-releases/research/china-aligned-evasive-panda-leverages-religious-festival-to-target-and-spy-on-tibetans-eset-research-discovers-1/?utm_source=awin&utm_medium=affiliate&awc=15751_1709906726_d1e9113fdbaeec213f00997ba3c529c3; https://www.it-daily.net/it-sicherheit/cybercrime/hackergruppe-evasive-panda-nutzt-moenlam-fest-um-tibeter-auszuspionieren; https://www.iyigunler.net/teknoloji/siber-casusluk-icin-dini-festivalleri-hedeflediler-h352946.html; https://securityboulevard.com/2024/03/evasive-panda-cyber-attacks-threat-actor-targets-tibetans/,2024-03-08,2024-04-30
3250,Iranian APT35 subgroup Lord Nemesis infiltrated Israeli academic software company to target Israeli institutions ,"Lord Nemesis, an Iran-funded hacktivist group and subgroup of APT35, was observed by the Israeli cybersecurity company OP Innovate as infiltrating the systems of Rashim Software, an Israeli academic software company, in November 2023. 
According to OP Innovate, the hacktivists' goal was to intimidate victims, which they managed to access through the breach of Rashim. According to both Lord Nemesis, in a post made on its website, and OP Innovate, the group was able to gain access to Rashim's systems and utilise an admin account to access clients through the use of a VPN, enabled through the unauthorised access to one of the company's products, Michlol. The abuse of Michlol and the subsequent connection to the VPN enabled the group to exfiltrate data. Furthermore, Lord Nemesis was able to compromise Rashim's Office 365 infrastructure, allowing them to send emails to the academic institutions utilising Rashim's software and Michlol in particular. On 4 March 2024, Lord Nemesis claimed to have leaked sensitive information obtained from Israeli academic institutions as part of the operation.",2023-11-30,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Data theft; Hijacking with Misuse,"Rashim Software, Ltd. - Not available",Israel; Israel,ASIA; MENA; MEA - ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Education, - ,Lord Nemesis,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,19008; 19009,2024-03-07 00:00:00; 2023-11-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,OP Innovate; Lord Nemesis,OP Innovate; Not available,"Israel; Iran, Islamic Republic of",Lord Nemesis; Lord Nemesis,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state-group",https://op-c.net/blog/lord-nemesis-strikes-supply-chain-attack-on-the-israeli-academic-sector/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Unknown,,0,,Not available,,Not available,Not available,No,,External Remote Services,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/iran-linked-lord-nemesis-hacktivists-target-israel; https://op-c.net/blog/lord-nemesis-strikes-supply-chain-attack-on-the-israeli-academic-sector/,2024-03-08,2024-04-30
3248,French catering service Dupont Restauration hit by disruptive cyber incident on 14 December 2023,"Dupont Restauration, a French catering service which provides food for 83 schools in Nîmes, France, was hit by a cyberattack which disrupted certain services on 14 December 2023.
According to an email alert sent by the city of Nîmes on 27 December 2023, disrupted services included the reservation system used by the catering service, while local media further stated that other services, including payment services and the company's customer service platform, RestoConnect, were also unavailable and remained as such by 1 March 2024. ",2023-12-14,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Dupont Restauration,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Food,Not available,Not available,Not available,,1,18909,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.francebleu.fr/infos/education/cantines-a-nimes-une-cyberattaque-bloque-la-plateforme-de-paiement-les-factures-seront-echelonnees-6516079; https://www.objectifgard.com/actualites/nimes-probleme-de-reservation-a-la-cantine-la-plateforme-restoconnect-toujours-inaccessible-123902.php; https://www.lereveildumidi.fr/flash-infos/n%C3%AEmes,2024-03-07,2024-04-24
3247,Pro-Russian hacktivist group NoName057 suspected of disrupting access to several websites of Swedish governmental institutions on 5 March 2024,"The Pro-Russian hacktivist group NoName057 claimed to have disrupted access to several websites of Swedish governmental institutions on 5 March 2024. The websites of the Swedish Authority for Privacy Protection, the parliament, and of the Financial Supervisory Authority were temporarily unreachable.
The DDoS attacks coincided with Hungary's ratification of Sweden's NATO membership bid, clearing the way for the country to join the alliance. ",2024-03-05,2024-03-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Riksdagen - Authority for Privacy Protection - Financial Supervisory Authority,Sweden; Sweden; Sweden,EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU,State institutions / political system - State institutions / political system - State institutions / political system,Legislative - Civil service / administration - Civil service / administration,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,18910,2024-03-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/2863,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,http://www.osservatoriosullalegalita.org/24/acom/03/06gattinternet.htm; https://www.aa.com.tr/en/world/russian-hacker-group-claims-cyberattack-against-sweden/3156112; https://www.thelocal.se/20240305/pro-russian-hackers-claim-responsibility-for-cyber-attack-on-swedish-privacy-agency; https://t.me/noname05716eng/2863,2024-03-07,2024-04-24
3246,Unknown hackers disrupted systems of Dutch pharmaceutical company HAL Allergy on 19 February 2024,"Unknown hackers disrupted the systems of the Dutch pharmaceutical company HAL Allergy on 19 February 2024, as part of a ransomware attack. 
According to a press release by HAL, an intrusion led to a disruption of access to parts of HAL's network and data. This interference further caused delays in the processing of orders and delivery of products. HAL warned that some personal data may have been compromised during the incident, including the name, address, date of birth, and HAL Allergy product ordered by customers. To determine the extent of a possible data breach, the company initiated a forensic investigation. ",2024-02-19,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,HAL Allergy,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Critical infrastructure,Health; Research,Not available,Not available,Not available,,1,18911,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hal-allergy.com/important-statement/; https://www.hal-allergy.com/2024/02/22/notification-statement/; https://www.apotheke-adhoc.de/nachrichten/detail/markt/hal-allergy-hacker-angriff-legt-lieferung-lahm/; https://cronicaglobal.elespanol.com/business/20240412/un-ciberataque-la-hall-alergies-semanas-vacunas/847165333_0.html,2024-03-06,2024-04-24
3245,Unknown hackers gained access to email systems of Brandenburg an der Havel University Hospital in Germany on 29 February 2024,"Unknown hackers gained access to the email systems of Brandenburg an der Havel University Hospital in Germany on 29 February 2024, the university hospital disclosed on 1 March 2024. The threat actors used this access to distribute spam messages from the hospital's systems. ",2024-02-29,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Brandenburg an der Havel University Hospital,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,18912,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.uk-brandenburg.de/aktuelles/details-zu/SPAM-Versand-hackerangriff,2024-03-06,2024-04-24
3244,North Korean state-sponsored APT Lazarus compromised South Korean Supreme Court in January 2021,"The Supreme Court of the Republic of Korea revealed in a statement on 4 March 2024 that North Korean state-sponsored APT Lazarus had compromised its networks since at least 7 January 2021. Lazarus infiltrated the court and gained access to potentially sensitive documents. Among the several hundred gigabytes of stolen data were files related to 26 cases, including personal rehabilitation applications, resident registration copies, and local tax certificates.
In February 2023, malware was detected and deleted from the judiciary's network, prompting an investigation by the Korean National Intelligence Service.",2021-01-07,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Judiciary,,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18913; 18913,2024-03-04 00:00:00; 2024-03-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Korean National Police Agency (KNPA); National Intelligence Service (South Korea),Not available; Not available,"Korea, Republic of; Korea, Republic of",,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://news.sbs.co.kr/news/endPage.do?news_id=N1007559613,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,1,2024-03-04 00:00:00,State Actors: Legislative reactions,Dissenting statement by member of parliament,"Korea, Republic of",Park Jeong-ha (Senior spokesperson People Power Party (PPP)),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,"Korea, Republic of",Korean National Intelligence Service (NIS),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://news.sbs.co.kr/news/endPage.do?news_id=N1007559613; https://www.dt.co.kr/contents.html?article_no=2024030502109958051002; https://www.sisafocus.co.kr/news/articleView.html?idxno=313832; https://www.koreatimes.co.kr/www/nation/2024/03/103_369976.html; https://vpoint.jp/world/korea/227765.html,2024-03-06,2024-04-24
3243,IRGC front company Mahak Rayan Afraz targeted networks of US government organisations and high-value private companies beginning in or around 2016,"Operatives of Mahak Rayan Afraz (MRA), a front company suspected to be under the direction of the Islamic Revolutionary Guard Corps (IRGC), gained access to networks of US government organisations and private companies, including defence contractors, from at least in or around 2016 to in or about April 2021, the US Department of Justice disclosed on 29 February 2024, when it unsealed an indictment against one of the operatives, Alireza Shafie Nasab, an Iranian national. According to the indictment, compromise attempts also were directed against unspecified targets in one other unnamed country.
In the US, the campaign extended to computer intrusions targeting the US Treasury and State Departments, the compromise of more than 200,000 employee accounts at an accounting firm and the targeting of more than 2,000 employee accounts at a hospitality company. Both companies are based in New York. In addition, from in or around February 2019 to in or around December 2019, Shafie Nasab and MRA affiliates targeted two defence contractors and a consulting firm. One of the defence sector firms, only identified as defence contractor-1 in the indictment, was compromised in August 2019. Access to an administrator email account at the firm enabled MRA conspirators to create accounts in the name of defence contractor-1, which the group leveraged in a spear phishing campaign against defence contractor-2 and the consulting firm. On 16 February, the State Department had announced a $10 million reward under its Rewards for Justice program for information on Shafie Nasab.
On 23 April 2024, the US Department of Justice expanded its indictment from February 2024 and charged Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab. Hossein Harooni was responsible for procuring, administrating, and managing the online network infrastructure. In addition, he and Nasab falsely used the identity of a real person to register servers and email accounts. Reza Kazemifar was responsible for testing and developing the malware and the tools, such as spearphishing emails to the Hospitality Company-1. Kazemifar also worked for the Iranian Electronic Warfare and Cyber Defence Organisation (EWCD), which is part of the Iranian Revolutionary Guards (IRGC), from at least in or around 2014 trough at least in or around 2020. Salmani was also responsible for testing the tools and maintaining the infrastructure. ",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by authorities of victim state,Hijacking with Misuse,Not available - US State Department - Department of the Treasury (United States) - Not available,United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - State institutions / political system - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Defence industry - Government / ministries - Government / ministries - ,Alireza Shafie Nasab < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps); Hossein Harooni < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps); Reza Kazemifar < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps); Komeil Baradaran Salmani < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",; ; ; ,2,18915; 18915; 18915; 18915; 18914,2024-04-23 00:00:00; 2024-04-23 00:00:00; 2024-04-23 00:00:00; 2024-04-23 00:00:00; 2024-02-29 00:00:00,Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ),Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; United States,Alireza Shafie Nasab < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps); Hossein Harooni < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps); Reza Kazemifar < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps); Komeil Baradaran Salmani < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps); Alireza Shafie Nasab < Mahak Rayan Afraz (Islamic Revolutionary Guard Corps),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.justice.gov/usao-sdny/media/1340446/dl; https://www.justice.gov/opa/media/1349141/dl?inline,International power,System/ideology; International power,Iran – USA; Iran – USA,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,3,2024-03-01 00:00:00; 2024-04-23 00:00:00; 2024-04-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests); Peaceful means: Retorsion (International Law)",; ; Economic sanctions,United States; United States; United States,US Justice Department; US Justice Department; US Department of the Treasury,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/us-charges-iranian-for-hacks-on-defense-orgs-offers-10m-for-info/; https://www.justice.gov/opa/pr/iranian-national-charged-multi-year-hacking-campaign-targeting-us-defense-contractors-and; https://www.justice.gov/usao-sdny/media/1340446/dl; https://rewardsforjustice.net/rewards/alireza-shafie-nasab/; https://www.hstoday.us/subject-matter-areas/cybersecurity/iranian-charged-over-attacks-against-us-defense-contractors-government-agencies/; https://www.dailysecu.com/news/articleView.html?idxno=154012; https://thehackernews.com/2024/03/us-charges-iranian-hacker-offers-10.html; https://therecord.media/iranian-indicted-cyber-espionage-campaign-us-defense-contractors; https://www.justice.gov/opa/pr/justice-department-charges-four-iranian-nationals-multi-year-cyber-campaign-targeting-us; Treasury Designates Iranian Cyber Actors Targeting U.S. Companies and Government Agencies; https://twitter.com/RFJ%5FUSA/status/1782824365127500272; https://www.justice.gov/opa/media/1349141/dl?inline; https://cyberscoop.com/iranian-nationals-charged-with-hacking-u-s-companies-treasury-and-state-departments/; https://www.rferl.org/a/iran-us-sanctions-hacking/32917814.html; https://therecord.media/us-accuses-iranians-irgc-sanctions-indictments; https://www.bleepingcomputer.com/news/security/us-govt-sanctions-iranians-linked-to-government-cyberattacks/; https://www.bssnews.net/international/185456; https://www.cyberdaily.au/government/10467-us-treasury-sanctions-iranian-cyber-actors-over-government-attacks; https://securityaffairs.com/162205/cyber-warfare-2/162205us-sanctioned-4-iranian-nationals.html; https://menafn.com/1108132954/US-increases-sanctions-on-Iran-targeting-alleged-cyber-activities; https://thehackernews.com/2024/04/us-treasury-sanctions-iranian-firms-and.html; https://thehackernews.com/2024/04/us-treasury-sanctions-iranian-firms-and.html; https://www.infosecurity-magazine.com/news/us-sanctions-iranian-cyber-attacks/,2024-03-06,2024-04-24
3234,North Korean state-sponsored hacker group Kimsuky exploited vulnerabilities to gain access to ScreenConnect customer systems since at least 21 February 2024,"The North Korean state-sponsored hacker group Kimsuky gained access to ScreenConnect customer systems, the cyber risk advisory of Kroll reported on 5 March 2024. The operation is believed to have focused on long-term espionage and intelligence gathering.
The threat actor exploited vulnerabilities in the ScreenConnect remote access software (CVE-2024-1708 and CVE-2024-1709), likely following their disclosure on 20 February, allowing for access to public-facing endpoints on which the vulnerable versions of the software were running. In the next step, the group distributed toddlershark, an iteration of Kimsuky's malware strain babyshark, designed for long-term information collection and maintaining persistent access to compromised systems. To access the ScreenConnect Endpoint, the group used a legitimate Microsoft binary to execute a malicious script while disguising its activities as a normal system process. According to South Korean Cyber News, toddlershark uses read-only technology to hide the code, modify system registries and bypass security systems. Through these capabilities, the malware seeks to enable long-term espionage by avoiding traditional digital-based detection methods and using randomly generated functions, variable names, and code positions.",2024-02-21,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Unknown,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,19013,2024-03-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Kroll,Kroll,United States,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,External Remote Services,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/; https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark; https://www.dailysecu.com/news/articleView.html?idxno=154108,2024-03-05,2024-04-30
3235,American Express Card Member data exposed through data breach at third-party merchant processor in the beginning of March 2024,"As disclosed in a data breach notice to their customers by American Express, a global provider of financial services based in the US, a merchant processor tasked with handling American Express Card member data was compromised in the beginning of March 2024. Information of American Express card members, including names, account numbers and expiration dates, may have been exposed.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Not available - American Express,Not available; United States, - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Digital Provider - Finance,Not available,Not available,Not available,,1,19007,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/american-express-credit-cards-exposed-in-third-party-data-breach/; https://securityaffairs.com/159964/data-breach/american-express-customers-data-exposed.html; https://www.mass.gov/doc/assigned-data-breach-number-2024-210-american-express-travel-related-services-company-inc/download; https://www.malwarebytes.com/blog/news/2024/03/american-express-warns-customers-about-third-party-data-breach; https://eltiempolatino.com/2024/03/31/tecnologia/att-revelo-que-los-datos-de-73-millones-de-cuentas-fueron-filtrados-en-la-dark-web/,2024-03-05,2024-04-30
3233,Ukraine's Defense Intelligence obtained sensitive documents and encryption software from servers of the Russian Ministry of Defense in March 2024,"Ukraine's Defence Intelligence infiltrated servers of the Russian Ministry of Defence in March 2024, acquiring sensitive internal documents, the Ukrainian Ministry of Defence claimed in a press release on 4 March 2024. The breach yielded a trove of classified information, including software used by the Russian Ministry of Defence for data protection, numerous secret service documents, and details outlining the organisational structure of the Russian ministry and armed forces.
Four screenshots included in the press release, purportedly showing database queries, log files, and official documents, have been shared as evidence of the breach. 
Russia did not immediately comment on or confirm the alleged compromise of Ministry of Defence infrastructure.",2024-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,Ministry of Defence (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Defense Intelligence Unit (DIU),Ukraine,State,,1,19005,2024-03-04 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attacker confirms,Main Directorate of Intelligence of the Ministry of Defence of Ukraine,Not available,Ukraine,Defense Intelligence Unit (DIU),Ukraine,State,https://gur.gov.ua/en/content/soft-shyfry-sekretni-dokumenty-kiberfakhivtsi-hur-zlamaly-minoborony-rosii.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.iltempo.it/esteri/2024/03/04/news/mosca-accusa-intelligence-ucraina-gur-attacco-informatico-accesso-software-38634154/; https://gur.gov.ua/en/content/soft-shyfry-sekretni-dokumenty-kiberfakhivtsi-hur-zlamaly-minoborony-rosii.html; https://eng.obozrevatel.com/section-war/news-diu-cyber-specialists-hacked-into-the-servers-of-the-russian-ministry-of-defense-and-seized-an-array-of-classified-documents-04-03-2024.html; https://www.infobae.com/america/agencias/2024/03/04/kiev-dice-haber-obtenido-gran-cantidad-de-datos-clasificados-en-ciberataque-contra-rusia/; https://www.infobae.com/america/agencias/2024/03/04/kiev-dice-haber-obtenido-gran-cantidad-de-datos-clasificados-en-ciberataque-contra-rusia/; https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-russian-ministry-of-defense-servers/; https://securityaffairs.com/159981/cyber-warfare-2/ukraine-gur-hacked-russian-ministry-of-defense.html,2024-03-05,2024-04-30
3238,Unknown actors hit Japanese Kokubu Co-op Hospital in Kirishima City with ransomware on 27 February 2024,"Kokubu Co-op Hospital in Kirishima City, Kagoshima Prefecture, announced on 4 March 2024 that several systems malfunctioned due to a ransomware attack detected on 27 February. The image management server was unable to be accessed due to the attack. While emergency and outpatient services remained restricted beyond 4 March, electronic medical record and accounting systems could be restored. Kokubu Co-op Hospital decided against making any payments or negotiating with the intruders. The facility houses departments for internal medicine and surgery. ",2024-02-27,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Kokubu Co-Op Hospital,Japan,ASIA; SCS; NEA,Critical infrastructure,Health,Not available,Not available,Not available,,1,19003,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.sankei.com/article/20240304-3KKRFLQHA5IS7PJKGWEUD7JQFQ/; https://www.kyoto-np.co.jp/articles/-/1213017; https://www.fukuishimbun.co.jp/articles/-/1988151; https://www.yomiuri.co.jp/local/kyushu/news/20240305-OYTNT50023/; https://kumanichi.com/articles/1347508; https://www.asahi.com/articles/ASS3D14VHS3CUTIL02T.html,2024-03-05,2024-04-30
3240,Unknown actors targeted Middleton-Cross Plains Area School District in Wisconsin on 2 March 2024,"As disclosed in an email by officials of the Middleton-Cross Plains Area School District, the district located in the US state of Wisconsin experienced an intrusion affecting its technology-based systems on 2 March 2024. In response, the network was partly shut down, interrupting Internet and phone services in the district. All school activities were suspended on 4 March 2024. ",2024-02-24,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Middleton-Cross Plains Area School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,19014,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.ibmadison.com/middleton-cross-plains-school-district-cancels-monday-classes-after-network-interruption/; https://www.wmtv15news.com/2024/02/26/middleton-cross-plains-closes-all-schools-monday-due-network-issue/; https://www.wmtv15news.com/2024/02/28/middleton-cross-plains-school-district-releases-update-network-outage/; https://www.lemagit.fr/actualites/366572033/Cyberhebdo-du-1er-mars-2024-9-cyberattaques-recensees-autour-du-monde; https://therecord.media/pennsylvania-scranton-school-district-ransomware-attack,2024-03-05,2024-04-30
3237,North Korean threat groups compromised South Korean Semiconductor companies in late 2023 and early 2024,"North Korean threat actors compromised at least two unnamed South Korean semiconductor companies in late 2023 and early 2024, the South Korean National Intelligence Service disclosed in a press release on their website on 4 March 2024. 
According to the statement, North Korean hacking groups infiltrated the company's internet-connected servers, exploiting vulnerabilities in business servers for document and data management. Through this entry vector, the threat actors gained access to one microchip company in December 2023 and later a second business in the industry in February 2024. The threat actors primarily employed the living-off-the-land techniques. The intrusion resulted in the theft of product design drawings and facility site photos.
The National Intelligence Service suspects North Korea's hacking activities may be linked to domestic efforts to produce semiconductors.",2023-12-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Critical Manufacturing,Not available,"Korea, Democratic People's Republic of",Unknown - not attributed,,1,19010,2024-03-04 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,National Intelligence Service (South Korea),Not available,"Korea, Republic of",Not available,"Korea, Democratic People's Republic of",Unknown - not attributed,https://www-nis-go-kr.translate.goog/CM/1_4/view.do?seq=286&_x_tr_port=4016&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,1,2024-03-04 00:00:00,State Actors: Preventive measures,Awareness raising,"Korea, Republic of",National Intelligence Service of the Republic of Korea (NIS),No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www-nis-go-kr.translate.goog/CM/1_4/view.do?seq=286&_x_tr_port=4016&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp; https://www.zaobao.com.sg/realtime/world/story20240304-1472004; https://www.chosunonline.com/site/data/html_dir/2024/03/04/2024030480183.html; https://www.dt.co.kr/contents.html?article_no=2024030402109931065005; https://therecord.media/south-korea-semiconductor-industry-espionage-north-korea; https://www.bleepingcomputer.com/news/security/north-korea-hacks-two-south-korean-chip-firms-to-steal-engineering-data/; https://www.bbc.co.uk/news/business-68476035; https://www.cctvnews.co.kr/news/articleView.html?idxno=236915; https://www.haberler.com/teknoloji/guney-koreli-cip-sirketleri-kuzey-kore-hack-saldirisina-ugradi-16922050-haberi/; https://www.dt.co.kr/etc/article_print.html?article_no=2024030402109931065005; https://shiftdelete.net/guney-kore-cip-ureticileri-hacklendi,2024-03-05,2024-04-30
3242,Ransomware gang Medusa claimed responsibility for disruption of IT environment of Swedish hospital Sophiahemmet on 26 February 2024,"The hospital Sophiahemmet in Stockholm suffered a ransomware attack on 26 February 2024. According to the chief physician Marie Wickman Chantereau, the incident was discovered at three o’clock in the night and resulted in the outage of the telephone systems. Care was not affected.
According to Sophia Hultkranz, spokesperson of the hospital, the hospital had received a message from ransomware gang Medusa announcing the theft of data the group linked to 'Sophiahemmet university'. In early March, Medusa declared on its leak site that the hospital's data will be published a week later unless the hospital pays a ransom of $1 billion. The data was subsequently posted for sale.
Sophiahemmet is a private hospital in Stockholm, connected with Sophiahemmet university college. The college offers research and education. ",2024-02-26,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Ransomware,Sophiahemmet hospital,Sweden,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Health,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,19006,2024-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.svt.se/nyheter/lokalt/stockholm/data-fran-cyberattack-mot-sjukhus-till-salu,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.svt.se/nyheter/lokalt/stockholm/data-fran-cyberattack-mot-sjukhus-till-salu; https://www.svt.se/nyheter/lokalt/stockholm/sophiahemmet-utsatt-for-omfattande-hackerattack; https://nyheter.sh/n/en/stockholms-sophiahemmet-hospital-hit-by-major-hacker-attack; https://www.dn.se/sverige/hackargrupp-hotar-lacka-sophiahemmets-data-kraver-miljonbelopp/; https://www.lemagit.fr/actualites/366572033/Cyberhebdo-du-1er-mars-2024-9-cyberattaques-recensees-autour-du-monde,2024-03-05,2024-04-30
3232,Hacker Exploited Seneca Stablecoin Protocol and Stole $6.4 Million Worth of Crypto Assets on 28 February 2024,"On 28 February 2024, Seneca, a decentralised finance (DeFi) platform, suffered an exploitation of a vulnerability in its stablecoin protocol. The unidentified hacker manipulated the Seneca smart contract and siphoned off $6.4 million worth of crypto assets, affecting both Ethereum and Arbitrum networks. CertiK and Blocksec experts identified the cause of the breach as an arbitrary call issue exacerbated by the fact that Seneca did not have a pause function integrated into their contracts. Seneca was able to recover 80% of the funds from the threat actor in exchange for a pay-out of the 20% of the initially stolen amount as bug bounty.",2024-02-28,2024-02-28,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Seneca Protocol,Not available,,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18916,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,0.0,=< 10 Mio,1300000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://x.com/SenecaUSD/status/1763181438113865960?s=20; https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/; https://cointelegraph.com/news/decentralized-lending-platform-seneca-exploited?utm_source=CryptoNews&utm_medium=app; https://learn2.trade/seneca-hacker-returns-stolen-funds-after-receiving-bounty; https://digitalmarketreports.com/news/10949/seneca-defi-platform-suffers-6-4-million-security-breach/; https://www.cryptopolitan.com/crypto-hacking-activities-declined-in-feb/,2024-03-04,2024-04-24
3231,Unknown threat actor targeted Swedish blockchain platform Shido Network (SHIDO) on 29 February 2024,"An unknown threat actor targeted Swedish blockchain platform Shido Network (SHIDO) on 29 February 2024, the company confirmed via social media. The threat actor stole more than 4.3 billion tokens, worth about $35 million at the time of the theft. The affected tokens accounted for nearly half of the supply in circulation.
SHIDO reported on the same day to have identified the exploit leveraged by the threat actor but did not disclose further details. Following the disclosure of the compromise, the prices of SHIDO declined by 80%. The company offered a bug bounty to the perpetrator in exchange for returning the tokens. 
",2024-02-29,2024-02-29,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Shido Network,Sweden,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Finance,,Not available,Not available,,1,18917,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,> 10 Mio - 100 Mio,35000000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.investorsobserver.com/news/qm-news/8498955116832516; https://twitter.com/ShidoGlobal/status/1763108584236228781; https://twitter.com/ShidoGlobal/status/1763131455205482831,2024-03-04,2024-04-24
3230,"Unidentified Perpetrators offered 1.7 TB of Data, Including Sensitive Government Data, obtained from Taiwan's Leading Telecommunications Company Chunghwa Telecom for sale on Darkweb","The largest integrated telecom service provider in Taiwan, Chunghwa Telecom, experienced a data breach, in which 1.7TB of data, including government contracts and other, potentially sensitive information, were stolen. The Taiwanese Ministry of Defence confirmed on March 1, 2024 that important institutions such as the armed forces, the Ministry of Foreign Affairs and the Coast Guard were affected by the security breach. A contract with Taiwan's air force included in the leak was not confidential and did not reveal information that had not previously been public. Additionally, the Ministry of Defence noted that leaked correspondence between the navy department and Chunghwa did not contain confidential information.
Chunghwa Telecom, a publicly traded company, assured investors that the initial investigation has not shown any significant impact on its operations. ",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Chunghwa Telecom,Taiwan,ASIA; SCS,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,18918,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,1,2024-03-01 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Taiwan,Taiwanese Ministry of Defence,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Not available,0.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.france24.com/en/live-news/20240301-hackers-stole-sensitive-data-from-taiwan-telecom-giant-ministry; https://securityaffairs.com/159918/data-breach/chunghwa-telecom-data-breach.html,2024-03-04,2024-04-24
3229,Unknown threat actor targeted US Richland Community College on 17 February 2024,"An unknown threat actor targeted Richland Community College in Decatur, Illinois, on 17 February 2024. The college's IT team publicly confirmed the incident that caused disruptions affecting network servers, phones, some department emails and the main website for more than two weeks.
",2024-02-17,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Richland Community College,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,18919,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Not available,0.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govtech.com/education/higher-ed/richland-community-college-struggling-after-cyber-attack; https://news.yahoo.com/news/richland-shares-network-security-disruption-170251965.html; https://herald-review.com/news/local/crime-courts/issues-remain-following-cyber-attack-at-richland-community-college/article_f8ecf942-d752-11ee-98bd-c357a4db0028.html,2024-03-04,2024-04-24
3228,Unknown threat actor targeted third-party system utilized by US Fairway Independent Mortgage Corporation on 4 December 2023,"An unknown threat actor targeted a third-party system utilised by US Fairway Independent Mortgage Corporation on 4 December 2023, the mortgage provider revealed on 2 February 2024 in a statement filed with the Attorney General of Massachusetts and issued to affected customers. For Massachusetts, the letter identified 430 as concerned by the data breach.
According to the statement, the affected personal data included, customers' first name, last name, social security number, bank account information, and credit card numbers. Fairway did not disclose the name of the third party that was the initial target.",2023-12-04,2024-12-04,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Fairway Independent Mortgage Corporation,United States,NATO; NORTHAM,Not available; Critical infrastructure,; Finance,Not available,Not available,Not available,,1,18920,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://nationalmortgageprofessional.com/news/fairway-independent-latest-victim-cyber-attack; https://www.mass.gov/doc/assigned-data-breach-number-2024-345-fairway-independent-mortgage-corporation/download; https://www.nationalmortgagenews.com/news/fairway-hit-with-cyber-attack-in-december,2024-03-04,2024-04-24
3227,North Korean State-Sponsored Hacker Group Lazarus Exploited Windows Zero-Day Vulnerability in Admin-to-Kernel Operation going back to at least August 2023,"On 28 February 2024, the Czech cybersecurity software company Avast announced a major cybersecurity incident involving Lazarus Group. The reporting revealed that Lazarus executed an admin-to-kernel exploit that took advantage of a zero-day vulnerability in the appid.sys driver of the Windows AppLocker (CVE-2024-21338) to gain kernel-level access. AppLocker is a Windows functionality for whitelisting applications. This complex intrusion technique targeted a critical component of Windows security responsible for application policy enforcement.
Exploitation of this zero-day vulnerability in the central driver of the Windows feature allowed Lazarus to gain kernel privileges and execute arbitrary code. This extended access positioned the group to disable security software and manipulate kernel objects directly.
Unlike traditional Bring Your Own Vulnerable Driver (BYOVD) techniques that rely on loading third-party software, with appid.sys, Lazarus targeted a driver preinstalled on the target systems. This approach combines BYOVD techniques with living-off-the-land tactics, adding to the difficulties for detection. 
The threshold for such operations is high, due to the smaller number of drivers that are built into operating systems and their higher code quality.
Avast developed a proof of concept for the exploitation of the vulnerability, which it submitted to Microsoft in August 2023. Microsoft provided a fix for the zero-day vulnerability on 13 February 2024, as part of its monthly update cycle. As a result of this large-scale remediation of the zero-day enabling this rootkit, Avast researchers noted that Lazarus likely lost one of its most complex tools and would possibly have to revert to less stealthy BYOVD techniques. Avast did not disclose details about the victim of the exploitation or how successful the operation was before its discovery. ",2023-08-01,2024-02-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,Not available,Not available,,Unknown,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18921,2024-02-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Jan Vojtěšek,Avast,Czech Republic,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,One,Not available,Not available,,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/159728/apt/lazarus-exploited-zero-day-windows-applocker-driver.html; https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day; https://therecord.media/north-korean-hackers-windows-zero-day; https://www.bleepingcomputer.com/news/security/lazarus-hackers-exploited-windows-zero-day-to-gain-kernel-privileges/; https://www.bleepingcomputer.com/news/security/windows-kernel-bug-fixed-last-month-exploited-as-zero-day-since-august/; https://securityaffairs.com/159874/breaking-news/security-affairs-newsletter-round-461-by-pierluigi-paganini-international-edition.html; https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/; https://securityaffairs.com/160009/hacking/cisa-adds-microsoft-windows-kernel-bug-used-by-lazarus-apt-to-its-known-exploited-vulnerabilities-catalog.html; https://therecord.media/far-reaching-hack-stole-information-from-python-developers,2024-03-01,2024-04-24
3226,Unknown hackers breached website of Ukrainian parliament on 28 February 2024,"Unknown hackers manipulated a link on the website of the Ukrainian parliament on 28 February 2024, the parliament reported on its Telegram channel on 28 February. A link on the website leading to the parliament's Telegram page had been replaced, directing users to a fabricated page. 
13 minutes after this announcement on Telegram, the Ukrainian parliament published a second message announcing that the website had been restored.",2024-02-28,2024-02-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Ukrainian Parliament (Verkhovna Rada),Ukraine,EUROPE; EASTEU,State institutions / political system,Legislative,Not available,Not available,Not available,,1,18924,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,1,2024-02-28 00:00:00,State Actors: Legislative reactions,Stabilizing statement by member of parliament,Ukraine,Ukrainian parliament,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://kyivindependent.com/parliaments-website-reportedly-hit-by-cyberattack/; https://t.me/verkhovnaradaukrainy/64384,2024-03-01,2024-04-24
3225,"Unauthorized actor gained access to sensitive personal information from Egyptian Health Department in Illinois, USA, on 21 December 2023","The Egyptian Health Department (EHD), a public health department providing general care services and health screenings based in the US state of Illinois, was the victim of a data breach, in which unknown actors gained unauthorized access to sensitive personal data on 21 December 2023, according to a 20 February 2024 notification.
According to EHD, a forensic investigation was initiated after an intrusion into its systems had been detected. The company was contacting 100,000 impacted individuals to offer credit monitoring and identity theft protection. For 21,000 patients, stolen data contained protected health information. Exfiltrated employee data comprised social security numbers, drivers’ licence numbers or other government-issued IDs, financial account information, and/or insurance information. For patients, the potentially impacted information included names, dates of birth, medical information, and health insurance claims information.",2023-12-21,2023-12-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Not available,Not available,,1,18925,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://egyptian.org/notice-of-cyber-security-incident/; https://www.hipaajournal.com/egyptian-health-department-cyberattack-affects-up-to-100000-individuals/,2024-03-01,2024-04-24
3223,Hackers Hijacked Facebook Page of Philippine Coast Guard on 26 February 2024 ,"The official Facebook page of the Philippine Coast Guard (PCG) was taken over by hackers on 26 February 2024. The threat actors obtained control of the account by deploying malware against an unnamed victim and used the hijacked account to distribute two videos.
Rear Adm. Armando Balilo, spokesman for the PCG, disclosed that the activity had been tied to three Facebook accounts in the names of Fatima Hasan, Murat Kansu, and Vicky Bates. These are unlikely to be the actual names of the responsible actors, and an investigation into their identity has been initiated.",2024-02-26,2024-02-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Philippine Coast Guard (PCG),Philippines,ASIA; SCS; SEA,State institutions / political system; State institutions / political system,Military; Police,Fatima Hasan; Murat Kansu; Vicky Bates,Not available; Not available; Not available,Individual hacker(s); Individual hacker(s); Individual hacker(s),; ; ,1,18928; 18928; 18928,2024-02-29 00:00:00; 2024-02-29 00:00:00; 2024-02-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Armando Balilo (Rear Admiral and Spokesperson of Philippine Coast Guard, Philippines); Armando Balilo (Rear Admiral and Spokesperson of Philippine Coast Guard, Philippines); Armando Balilo (Rear Admiral and Spokesperson of Philippine Coast Guard, Philippines)",Not available; Not available; Not available,Philippines; Philippines; Philippines,Fatima Hasan; Murat Kansu; Vicky Bates,Not available; Not available; Not available,Individual hacker(s); Individual hacker(s); Individual hacker(s),https://www.facebook.com/coastguardph/posts/pfbid0sVnRhTjzZaFzacZCU9snHywuU3c3WESFMeTMpJaWfgE21Tu7TQwr2kwu2S9Tk3Vzl,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-02-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Philippines,Cybercrime Investigation and Coordinating Center (CICC),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://maritime-executive.com/index.php/article/hackers-take-over-philippine-coast-guard-s-facebook-page-for-days; https://www.facebook.com/coastguardph/posts/pfbid0sVnRhTjzZaFzacZCU9snHywuU3c3WESFMeTMpJaWfgE21Tu7TQwr2kwu2S9Tk3Vzl,2024-03-01,2024-04-24
3220,Unknown hackers hijacked official social media account of German Berlinale festival on 25 February 2024,"On 25 February 2024, one of the official social media accounts of the German Berlinale film festival published image-text posts about the ongoing war in Gaza. The posts included statements such as ""Free Palestine – From the river to the sea"" and ""Stop the Genocide in Gaza"" and called for an immediate ceasefire in Gaza. Following the discovery of the posts, the Berlinale organization immediately deleted the posts from their channel and declared that the account had been compromised by unknown hackers. The public prosecutor's office of the state of Berlin was informed about the hack and started an investigation. The postings added up to a general controversy about antisemitic statements that were publicly made during the festival. ",2024-02-24,2024-02-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Hijacking with Misuse,Berlinale Instagram account,Germany,EUROPE; NATO; EU(MS); WESTEU,Media,,Not available,Not available,Non-state-group,Hacktivist(s),1,18307,2024-02-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://www.euronews.com/culture/2024/02/27/antisemitism-accusations-hacks-and-criminal-charges-the-berlinale-controversy-explained,System / ideology; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.euronews.com/culture/2024/02/27/antisemitism-accusations-hacks-and-criminal-charges-the-berlinale-controversy-explained,2024-02-29,2024-03-28
3219,Iranian-linked threat actor UNC1549 used credential-harvesting and phishing in espionage campaign targeting aerospace and defence industries since June 2022,"UNC1549, an Iranian hacking group linked to the Islamic Revolutionary Guard Corps (IRGC), was observed by Mandiant to have run an espionage campaign against targets in the defence and aerospace industries, based in the Middle East, since June 2022.
The campaign, which Mandiant says was still ongoing at the time of reporting, involved the creation of fake job offers and login pages to steal credentials from defence and aerospace companies operating in the Middle East, such as Boeing. Since the start of the Israel-Hamas War in October 2023, Mandiant also observed the group creating fake pages related to the conflict in order to steal credentials; for example, the group created a page spoofing the ""Bring them Home Now!"" movement, advocating for the release of Israeli hostages held by Hamas. On infected systems, the group installed two previously-unknown backdoors, identified as MINIBUS and MINIBIKE, leveraging Microsoft Azure cloud infrastructure for command and control. 
While Mandiant assessed that targets were based in Israel and the UAE, its reporting identified additional countries potentially impacted by the activity, including India, Turkey, and Albania.",2022-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available,Global (region); Israel; United Arab Emirates, - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC,Unknown - Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure; Critical infrastructure, - Transportation; Defence industry; Space - Transportation; Defence industry; Space,UNC1549,"Iran, Islamic Republic of",Unknown - not attributed,,1,18308,2024-02-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,Mandiant,United States,UNC1549,"Iran, Islamic Republic of",Unknown - not attributed,https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing; Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://cyberscoop.com/iran-hostages-boeing-dji/; https://therecord.media/iran-cyber-espionage-campaign-targeting-middle-east-defense-aerospace; https://www.malwarebytes.com/blog/business/2024/02/stopping-a-targeted-attack-on-a-managed-service-provider-msp-with-threatdown-mdr; https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east; https://news.infoseek.co.jp/article/mynavi_2732675/; https://research.checkpoint.com/2024/4th-march-threat-intelligence-report/,2024-02-29,2024-03-28
3221,Unauthorized actor gained access to computer networks of multiple Spanish public institutions and stole data related to 40 million licence plates beginning in 2020,"An individual had gained access to the computer networks of multiple Spanish public institutions and stole data related to 40 million licence plates beginning in 2020, media reports revealed on the occasion of their arrest on 19 February 2024.
The accused exploited a vulnerability in the forms for the payment of property transfer tax on the websites of certain regional governments, such as those of the Canary Islands and the Electronic Headquarters of the Public Administration of the Region of Murcia. Based on this, the accused managed to steal 80,000 records from the National Directorate General of Transport. In addition, the accused also gained access to the computer networks of the autonomous communities of Andalusia, the Balearic Islands and, the Canary Islands.
A police investigation was launched in January 2024, when the competent authorities discovered the data theft. The defendant is accused of discovering and disclosing secrets, including the unauthorised access to databases.",2020-01-01,2024-02-19,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Electronic Headquarter of Public Administration of the Region of Murcia - Directorate-General for Traffic (DGT) - Not available,Spain; Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration - Civil service / administration,Not available,Not available,Individual hacker(s),,1,18306,2024-02-19 00:00:00,Domestic legal action,Attribution by receiver government / state entity,Not available,Not available,Spain,Not available,Not available,Individual hacker(s),https://www.canarias7.es/sucesos/detenido-sustraer-datos-millones-matriculas-varias-autonomias-20240227133221-nt.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.canarias7.es/sucesos/detenido-sustraer-datos-millones-matriculas-varias-autonomias-20240227133221-nt.html,2024-02-29,2024-03-28
3218,Unknown hackers gained access to network of pharmaceutical wholesaler Cencora and stole data in February 2024,"Unknown hackers gained access to the network of pharmaceutical wholesaler Cencora and stole data, beginning at least on 21 February 2024, Cencora reported in its filing with the US Securities and Exchange Commission (SEC) on 27 February 2024. Without detailing the nature of the stolen data, the SEC report acknowledged that it may have contained personal information.",2024-02-21,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Cencora,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,18023,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-02-21 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.reuters.com/business/healthcare-pharmaceuticals/cencora-says-hit-by-cyber-attack-its-information-systems-2024-02-27/; https://www.sec.gov/ixviewer/ix.html?doc=/Archives/edgar/data/0001140859/000110465924028288/tm247267d1_8k.htm; https://www.bleepingcomputer.com/news/security/pharmaceutical-giant-cencora-says-data-was-stolen-in-a-cyberattack/; https://securityaffairs.com/159716/data-breach/cencora-discloses-data-breach.html; https://www.hipaajournal.com/egyptian-health-department-cyberattack-affects-up-to-100000-individuals/; https://securityaffairs.com/159874/breaking-news/security-affairs-newsletter-round-461-by-pierluigi-paganini-international-edition.html,2024-02-28,2024-03-18
3217,Team Insane PK defaced website of Indian fast food chain Burger Singh on 27 February 2024,"Team Insane PK, a group of Pakistani hacktivists, defaced the website of the Indian fast food chain Burger Singh on 27 February 2024. According to the company, the incident followed a promotional blunder by the company involving a politically charged promo code.",2024-02-27,2024-02-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption; Hijacking with Misuse,,India,ASIA; SASIA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Team Insane PK,Pakistan,Non-state-group,Hacktivist(s),1,18021,2024-02-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Team Insane PK,Not available,Pakistan,Team Insane PK,Pakistan,Non-state-group,https://twitter.com/BurgerSinghs/status/1762502629555683373?s=20,System / ideology; Territory; Resources; International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Yes / HIIK intensity,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/BurgerSinghs/status/1762502629555683373?s=20; https://www.businesstoday.in/technology/news/story/burger-singhs-website-compromised-in-cyber-attack-by-pakistani-hackers-419209-2024-02-28,2024-02-28,2024-03-18
3216,Unknown hackers broke into IT infrastructure at University of Applied Sciences Kempten in Bavaria on 27 February 2024,"Unknown hackers broke into parts of the IT infrastructure at University of Applied Sciences Kempten in Bavaria on 27 February 2024, the University announced on the same day.",2024-02-27,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Hijacking without Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,,Not available,Not available,,1,18020,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Unknown,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hs-kempten.de/hochschule/aktuelles/artikel/hacker-angriff-auf-die-hochschule-kempten-2598; https://www.computerweekly.com/de/news/366571972/Die-Cyberangriffe-der-KW9-2024-im-Ueberblick; https://www.lemagit.fr/actualites/366572033/Cyberhebdo-du-1er-mars-2024-9-cyberattaques-recensees-autour-du-monde; https://www.hs-kempten.de/hochschule/aktuelles/artikel/hacker-angriff-auf-die-hochschule-kempten-2598,2024-02-28,2024-03-18
3215,"Unknown hackers breached networks of Butler County, Pennsylvania, on 2 October 2023","On 2 October 2023, federal agents alerted the leaders of Butler County in the US state of Pennsylvania to ""suspicious activity"" on their networks. Findings of a subsequent investigation revealed on 21 February 2024 confirmed a data breach affecting 6,748 citizens. The compromised data included social security numbers, driving licence numbers, passport numbers, and state identification numbers. Potentially affected were individuals involved with county business and court or law enforcement matters, including some employees. ",2023-10-02,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,Butler County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17999,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-10-02 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.pennlive.com/news/2024/02/pa-county-cyber-attack-stole-publics-personal-data-today-in-pa.html; https://www.pennlive.com/life/2024/02/thousands-in-pa-county-lost-private-data-to-cyberattack.html; https://www.cbsnews.com/pittsburgh/news/butler-county-computer-system-hackers-personal-information-exposed/,2024-02-28,2024-03-15
3214,Spyware found on two phones linked to European Parliament Subcomittee on Security and Defence in February 2024,"On 20 February 2024, a routine check discovered traces of spyware on the phone of a member of the European Parliament's Subcommittee on Security and Defence. The Parliament's IT service advised all members and staff of the subcommittee to have their mobile phones checked for possible infections, noting that spyware artefacts had been detected on two devices. 
",2024-02-20,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,European Parliament Subcommittee on Security and Defence,EU (institutions),,International / supranational organization,,Not available,Not available,Not available,,1,18000,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,1,2024-02-21 00:00:00,EU: Legislative reactions,Stabilizing statement by member of parliament,EU (region),Delphine Colard (EU Parliament's Deputy Spokesperson),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://netzpolitik.org/2024/nach-spyware-fund-im-eu-parlament-buergerrechtsorganisationen-fordern-verbot-von-spionagesoftware/; https://www.politico.eu/article/parliament-defense-subcommittee-phones-checked-for-spyware/; https://www.tagesspiegel.de/politik/digitalisierung-ki/verdacht-auf-spionagesoftware-eu-abgeordnete-sollen-ihre-handys-uberprufen-lassen-11250259.html; https://netzpolitik.org/2024/klage-gegen-nso-group-staatstrojaner-firma-soll-quellcode-von-pegasus-uebergeben/; https://www.euronews.com/my-europe/2024/03/13/will-the-brussels-spyware-scandal-finally-convince-the-eu-to-act,2024-02-28,2024-03-15
3213,Unknown hackers disrupted network of Neuburg-Schrobenhausen District Office in Bavaria on 27 February 2024,"Unknown hackers disrupted the network of the Neuburg-Schrobenhausen District Office in Bavaria on 27 February 2024, local media reported based on communications by the district administration.",2024-02-27,2024-02-28,"Attack on (inter alia) political target(s), not politicized",,,Disruption; Hijacking with Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system,Civil service / administration; Civil service / administration,,Not available,Not available; Not available,,1,17997,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Service Stop,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Not available,0.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.donaukurier.de/lokales/landkreis-neuburg-schrobenhausen/trojaner-legt-landratsamt-lahm-15534301; https://neuburg-schrobenhausen.de/Aktuelles/Technische-Probleme-im-Landratsamt-Neuburg-Schrobenhausen.php?object=tx,3453.5.1&ModID=7&FID=3453.32972.1&NavID=3453.43&La=1",2024-02-28,2024-03-15
3212,Lockbit claimed responsibility for compromise of Indian company Motilal Oswal Financial Services in February 2024,"On 15 February 2024, the ransomware group Lockbit added the Indian company Motilal Oswal Financial Services (MOSF) to its dark web leak site and claimed to have obtained access to confidential company data. On 19 February, the company confirmed an intrusion after detecting malicious activity on the machines of several employees. Publicly, the company asserted the incident had been mitigated within a few hours without implications for the daily businesses. MOSF is a provider of financial services, including asset and wealth management, loan-based housing finance, and capital markets operations - serving six millions clients in India. According to a company statement, the Indian Computer Emergency Response Team was informed about the incident.
",2024-02-12,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse,Motilal Oswal Financial Services,India,ASIA; SASIA; SCO,Critical infrastructure,Finance,LockBit,Russia,Non-state-group,Criminal(s),1,17996,2024-02-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,LockBit,Not available,Russia,LockBit,Russia,Non-state-group,https://techcrunch.com/2024/02/15/lockbit-ransomware-cyberattack-india-brokerage-firm-motilal-oswal/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAANN3S772tlRpVjvZtERg3jUX0fCMIkDSdiHu_j-VchNPq-7B07IcxmmokKmhmndMQWBNiLhVtb3Lgi6sZofQqF7iVvTPPRzJclllz-edYu0ePcGz_GgzyQ5MEkwLYpFkznXp1gLWYKqt_rBDkHkSlaS0Zu2RssbjGxTCb0oPjzqy,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-02-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,India,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.theindianwire.com/business/sebi-is-writing-down-the-framework-for-brokers-to-guard-them-against-cyberattacks-345666/; https://www.business-standard.com/companies/news/no-impact-on-business-operations-motilal-oswal-financial-on-data-breach-124021901020_1.html; https://techcrunch.com/2024/02/15/lockbit-ransomware-cyberattack-india-brokerage-firm-motilal-oswal/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAANN3S772tlRpVjvZtERg3jUX0fCMIkDSdiHu_j-VchNPq-7B07IcxmmokKmhmndMQWBNiLhVtb3Lgi6sZofQqF7iVvTPPRzJclllz-edYu0ePcGz_GgzyQ5MEkwLYpFkznXp1gLWYKqt_rBDkHkSlaS0Zu2RssbjGxTCb0oPjzqy,2024-02-28,2024-04-04
3211,Unknown threat actors targeted Japanese Company Izumi with ransomware on 15 February 2024,"Unknown threat actors targeted the Japanese Company Izumi with ransomware on 15 February 2024. Several servers were encrypted, leaving the ordering system impaired and interfering with the timely restocking of stores.
Izumi is a Japanese company which is engaged in the retail sale of clothing, housing-related goods, and food products, which it offers in its shopping centres, general merchandise stores (GMSs) and supermarkets. On 12 March 2024, Izumi announced that it had to postpone its financial reporting for 2023 due to delays in accessing relevant information as a result of the incident. In the same communication, the company shared its preliminary assessment that the immediate financial impact of the incident was likely limited.",2024-02-15,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking without Misuse; Ransomware,Izumi,Japan,ASIA; SCS; NEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Food; ,Not available,Not available,Not available,,1,18386,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.tellerreport.com/business/2024-02-21-izumi-suffers-from-cyber-attack-and-system-failure-affects-purchasing-of-some-products.SkxefiGQnT.html; https://news.ntv.co.jp/n/kkt/category/society/kk93b985f453434a01a998790476abae14; https://www.izumi.co.jp/corp/outline/news_release/pdf/2024/0216news.pdf; https://www.izumi.co.jp/corp/outline/news_release/pdf/2024/0216news_02.pdf; https://www.izumi.co.jp/corp/outline/news_release/pdf/2024/0219news.pdf; https://www.izumi.co.jp/corp/outline/news_release/pdf/2024/0219news_01.pdf; https://www.izumi.co.jp/corp/outline/news_release/pdf/2024/0220news.pdf; https://www.izumi.co.jp/corp/ir/pdf/2024/0222news.pdf; https://www.izumi.co.jp/corp/outline/news_release/pdf/2024/0222news.pdf; https://www.izumi.co.jp/corp/ir/pdf/2024/0312news_01.pdf,2024-02-28,2024-03-29
3208,US headquarter of aircraft engine manufacturer Continental Aerospace Technologies suffered network disruption in February 2024,"On 20 February 2024, the Alabama headquarter of the aircraft engine manufacturer Continental Aerospace Technologies reported a network disruption that affected the company's daily operations. Continental Aerospace is now owned by the Chinese state-held Aviation Industry Corporation of China (AVIC).",2024-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Continental Aerospace Technologies,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,18311,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.computerweekly.com/de/news/366571114/Die-Cyberangriffe-der-KW8-2024-im-Ueberblick; https://www.avweb.com/aviation-news/continental-hacked/; https://www.lemagit.fr/actualites/366571176/Cyberhebdo-du-23-fevrier-2024-9-cyberattaques-recenses-dans-le-monde,2024-02-27,2024-03-28
3206,Unknown hackers targeted Spanish Regional Transport Consortium of Madrid (CRTM) on 22 November 2023,"Unknown hackers targeted the Spanish Regional Transport Consortium of Madrid (CRTM) on 22 November 2023. In a statement on its website on 14 February, the company admitted that its database had been compromised. In the published statement, CRTM explained that it had not been able to determine the content of the data that may have been exfiltrated, although there are indications that personal data, including names, addresses, telephone numbers and email addresses, have been copied from the database. The national police and the Spanish Data Protection Agency were informed of the incident shortly after it was discovered.",2023-11-22,2023-11-22,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Transport Consortium of Madrid,Spain,EUROPE; NATO; EU(MS),Critical infrastructure,Transportation,Not available,Not available,Not available,,1,18313,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.abc.es/espana/madrid/consorcio-transportes-sufrio-ciberataque-noviembre-afecto-datos-20240226175350-nt.html; https://www.elplural.com/autonomias/ciberataque-datos-usuarios-tarjeta-transporte-madrid_325403102; https://www.elplural.com/autonomias/ciberataque-datos-usuarios-tarjeta-transporte-madrid_325403102; https://elpais.com/https:/elpais.com/espana/madrid/2024-02-26/el-consorcio-regional-de-transportes-alerta-en-febrero-de-un-ciberataque-de-noviembre-que-comprometio-los-datos-de-los-viajeros.html; https://www.infobae.com/espana/2024/02/26/un-ciberataque-al-consorcio-de-transportes-de-madrid-comprometio-los-datos-de-los-viajeros-en-noviembre/; https://noticiasparamunicipios.com/comunidad-madrid/regional-un-ciberataque-contra-el-consorcio-de-transportes-se-hace-con-datos-personales-de-viajeros-ultima-hora/; https://www.madridiario.es/ciberataque-compromete-datos-titulares-tarjeta-de-transporte; https://www.madridactual.es/7941044-la-comunidad-asegura-que-el-consorcio-de-transportes-informo-a-los-afectados-por-el-ciberataque-sufrido-en-noviembre; https://crtm.es/comunicacion/actualidad-del-servicio/avisos/14022024-incidencia-de-ciberseguridad/; http://www.gentedigital.es/madrid/noticia/3781861/la-comunidad-asegura-que-el-consorcio-de-transportes-informo-a-los-afectados-por-el-ciberataque-sufrido-en-noviembre/; https://www.zonamovilidad.es/ciberataque-compromete-datos-en-el-consorcio-regional-de-transportes-de-madrid; https://www.telemadrid.es/programas/120-minutos/Un-ciberataque-al-Consorcio-de-Transportes-compromete-datos-de-los-usuarios-de-la-Tarjeta-de-Transporte-de-Madrid-2-2646655317--20240227015837.html; https://www.larazon.es/madrid/consorcio-transportes-madrid-sufrio-ciberataque-afecto-datos-usuarios_2024022765dd889e4129260001db856c.html; https://www.telecinco.es/noticias/madrid/20240227/ciberataque-datos-madrilenos-titulares-tarjetas-transporte-publico_18_011818166.html; https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177; https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177; https://www.elplural.com/autonomias/comunidad-madrid-estudia-subida-precio-abono-transporte_326162102; https://www.telecinco.es/noticias/madrid/20240311/posible-subida-precio-abono-transporte_18_011936369.html; https://www.infobae.com/espana/2024/03/12/la-guardia-civil-avisa-del-peligro-de-esta-nueva-estafa-en-la-que-se-hacen-pasar-por-la-dgt/,2024-02-27,2024-03-28
3207,Unknown threat actor targeted German manufacturing company ThyssenKrupp on 23 February 2024,"On 23 February 2024, a company spokesperson confirmed that an unidentified attacker targeted the German manufacturer ThyssenKrupp. The German newspaper Saarbrücker Zeitung first reported about the incident, referring to a company statement. The reporting indicated that ThyssenKrupp's automotive division, Automotive Body Solutions, experienced unauthorised access to its IT systems. This incident has affected multiple plants within the automotive division, including one in the state of Saarland.
The spokesperson highlighted that the breach did not impact other business units or customers. To reduce the risk of further damage, ThyssenKrupp's IT team temporarily shut down specific applications and systems.",2024-02-23,2024-02-24,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,ThyssenKrupp,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,,Not available,Not available,,1,18312,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/159611/hacking/thyssenkrupp-automotive-body-solutions-bu-cyberattack.html; https://www.bleepingcomputer.com/news/security/steel-giant-thyssenkrupp-confirms-cyberattack-on-automotive-division/; https://www.borncity.com/blog/2024/02/24/cyberangriff-auf-thyssenkrupp-automotive-am-23-2-2024/; https://www.tomshw.it/index.php/altro/thyssenkrupp-deve-fermare-le-macchine-per-colpa-di-un-cyberattacco; https://www.01net.com/actualites/lun-des-plus-importants-producteurs-dacier-au-monde-a-ete-pirate.html; https://www.computerweekly.com/de/news/366571972/Die-Cyberangriffe-der-KW9-2024-im-Ueberblick; https://www.lemagit.fr/actualites/366572033/Cyberhebdo-du-1er-mars-2024-9-cyberattaques-recensees-autour-du-monde,2024-02-27,2024-03-28
3209,Unknown threat actors targeted Canadian Laurentian University in February 2024,"Unknown threat actors targeted the Laurentian University in Ontario, Canada, on 18 February 2024. The incident interfered with the functioning of the university's IT systems. On 18 February, the university first reported these technical issues. On 20 February, the university stated that it had discovered an intrusion on 18 February. Following the detection of the compromise, the university's IT staff decided to take down affected systems to secure the network. The university informed law enforcement of the incident. On 6 March, the university disclosed that the incident resulted in a limited data breach affecting people affiliated with the Living with Lakes Centre / Co-operative Freshwater Ecology Unit and the Northern Ontario School of Medicine.",2024-02-18,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Laurentian University,Canada,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,18310,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.myalgomamanitoulinnow.com/58914/news/lus-internet-is-down-due-to-cyber-incident/; https://laurentian.ca/; https://www.sudbury.com/local-news/lu-president-praises-employees-for-response-to-cyber-attack-8471952; https://docs.google.com/document/d/e/2PACX-1vTffpEBxLjNB19AfpqF-vywWa14KBxra-_bpUJwVF4GouKQyKuyGNgow9ZzUb31gXGdYeVrxhVCVIIE/pub; https://docs.google.com/document/d/e/2PACX-1vSbJUchSKEu3R2oRBd1SOve8mSZvOMur15E9jfMpkRKEcj5ljKnSxRlOFeMT26uqg/pub; https://northernontario.ctvnews.ca/laurentian-still-offering-little-information-about-cyber-incident-1.6817157,2024-02-27,2024-03-28
3210,Unknown threat actor targeted Canadian City of Hamilton on 25 February 2024,"An unknown threat actor targeted the Canadian city of Hamilton on 25 February 2024, the city confirmed in an official statement on its website. On social media, the city disclosed that it was facing a disruption of its phone and email services following the incident. Furthermore, communication systems of the city's transit system were also impacted by the incident, the operator Hamilton Street Railway confirmed. On 5 March, city officials confirmed that the incident involved the deployment of ransomware. The city declared its opposition to paying any ransom.",2024-02-25,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,City of Hamilton,Canada,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18309,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.hamilton.ca/city-council/news-notices/news-releases/city-hamilton-addressing-cybersecurity-incident; https://twitter.com/cityofhamilton/status/1761779500117860543?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1761779500117860543%7Ctwgr%5E5086687c3da5a751eb0a442a68d8b0409b095384%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.cbc.ca%2Fnews%2Fcanada%2Fhamilton%2Fhamilton-cybersecurity-incident-1.7125556; https://twitter.com/hsr/status/1762068646698869076?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1762068646698869076%7Ctwgr%5E5086687c3da5a751eb0a442a68d8b0409b095384%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.cbc.ca%2Fnews%2Fcanada%2Fhamilton%2Fhamilton-cybersecurity-incident-1.7125556; https://www.computerweekly.com/de/news/366571972/Die-Cyberangriffe-der-KW9-2024-im-Ueberblick; https://www.cbc.ca/news/canada/hamilton/delaying-vaccine-suspensions-in-hamilton-1.7132546; https://www.lemagit.fr/actualites/366572033/Cyberhebdo-du-1er-mars-2024-9-cyberattaques-recensees-autour-du-monde; https://therecord.media/canadian-city-hamilton-ransomware-recovery; https://www.zataz.com/une-attaque-de-ransomware-qui-dure-dure-dure/; https://ici.radio-canada.ca/nouvelle/2056572/bibliotheque-ouverture-donnees-informations-confidentielles-mesures; https://www.baytoday.ca/local-news/huntsville-hit-by-cyber-attack-8436887; https://northernontario.ctvnews.ca/laurentian-still-offering-little-information-about-cyber-incident-1.6817157; https://www.thepublicrecord.ca/2024/04/hamilton-public-library-says-it-is-covered-by-city-cyber-insurance-no-timeline-for-full-recovery/,2024-02-27,2024-03-28
3205,Unknown Threat Actors compromised French Software Provider Act21 on 13 February 2024,"Unknown threat actors compromised the French software provider Act21 on 13 February 2024, encrypting company systems. The incident prevented customers from accessing their data or the software. ",2024-02-13,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Act21,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,18314,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.lemagit.fr/actualites/366570041/ESN-Act21-le-pole-RSE-de-Baker-Tilly-victime-de-cyberattaque?_gl=1*xv53yo*_ga*MTI3MjE0MDE4LjE3MDg5MjU5MjE.*_ga_TQKE4GS5P9*MTcwODkyNTkyMS4xLjEuMTcwODkyNjI0NS4wLjAuMA; https://www.computerweekly.com/de/news/366570132/Die-Cyberangriffe-der-KW7-2024-im-Ueberblick,2024-02-26,2024-03-28
3203,"Unknown Hackers Penetrated Systems of US City of Pleasant Hill, California, on 22 February 2024","The city of Pleasant Hill in Contra Costa County in the US state of California faced an intrusion of its servers on 22 February 2024, which was discovered by its IT experts. The Pleasant Hill Police Department initiated an investigation into the incident.
In an official statement, Pleasant Hill officials assured the public that city services were operational at all times. 
On the same day, Oakley, a nearby city in Contra Costa County, suffered a ransomware attack. Whether the incidents are related remained subject to investigation.",2024-02-22,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,City of Pleasant Hill,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18315,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.eastbaytimes.com/2024/02/24/oakley-pleasant-hill-face-cyber-incidents/; https://www.eastbaytimes.com/2024/02/24/oakley-pleasant-hill-face-cyber-incidents/?blm_source=Bloom&blm_medium=Website&blm_campaign=Map; https://www.computerweekly.com/de/news/366571972/Die-Cyberangriffe-der-KW9-2024-im-Ueberblick,2024-02-26,2024-03-28
3202,Unknown Threat Actors targeted US City of Oakley with Ransomware on 22 February 2024,"On 22 February 2024, the city of Oakley in Contra Costa County in the US state of California fell victim to a ransomware attack. The IT department reached out to law enforcement and cybersecurity experts to investigate the severity of the incident. Emergency services, including 911, police, fire and ambulance, remained unaffected.
As a precautionary measure, the city manager declared a local state of emergency and partially activated the city's emergency operations centre. The IT department took the affected systems offline to ensure the safe restoration of services.
During this recovery period, the city expects delays in non-urgent services. 
On the same day, Pleasant Hill, a neighbouring city in Contra Costa County, was revealed to be the target of a network intrusion. Whether the two incidents are connected has not been confirmed.",2024-02-22,2024-02-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,City of Oakley,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18316,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.eastbaytimes.com/2024/02/24/oakley-pleasant-hill-face-cyber-incidents/; https://www.ci.oakley.ca.us/city-of-oakley-subjected-to-ransomware-attack/; https://www.eastbaytimes.com/2024/02/24/oakley-pleasant-hill-face-cyber-incidents/?blm_source=Bloom&blm_medium=Website&blm_campaign=Map; https://www.computerweekly.com/de/news/366571972/Die-Cyberangriffe-der-KW9-2024-im-Ueberblick,2024-02-26,2024-03-28
3200,The Pro-Russian Hacktivist group NoName057 targeted Danish websites with a DDoS Attack on 25 February 2024,"The Pro-Russian hacktivist group NoName057 (16) has claimed responsibility for DDoS attacks on multiple Danish websites, including the website of Denmarks largest transporting company Movia, Bornholm airport, Thisted and Copenhagen airport. The website of the Danish airport in Copenhagen was temporarily unavailable on 25 February 2024 due to a DDoS attack. The booking of parking spaces was also temporarily restricted. Travellers were asked to switch to mobile apps to access flight data. The website of the Danish municipality of Thisted was temporarily unavailable on 25 February 2024 due to a DDoS attack. According to the Danish television station TV Midwest, the airport in Thisted was the original target. The website has been operational again since 26 February. On Telegram, NoName057 (16) stated that they carried out the DDoS attacks because of Denmarks support for Ukraine and its promised arms delivery to Ukraine.
",2024-02-25,2024-02-26,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption,Bornholm Airport - Municipality of Thisted  - Copenhagen Airport (CPH) - Movia - Thisted Airport,Denmark; Denmark; Denmark; Denmark; Denmark,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure - State institutions / political system - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Civil service / administration - Transportation - Transportation - Transportation,NoName057(16) ,Not available,Non-state-group,Hacktivist(s),1,17986,2024-02-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,NoName057(16),Not available,Not available,NoName057(16) ,Not available,Non-state-group,https://t.me/s/noname05716eng,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,5.0,,0.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.derstandard.de/story/3000000209046/hackerangriff-legte-webseite-von-flughafen-kopenhagen-lahm; https://twitter.com/CPHAirports/status/1761778731511648395; https://www.it-daily.net/shortnews/hackerangriff-setzt-website-des-flughafens-kopenhagen-ausser-betrieb; https://nyheder.tv2.dk/krimi/2024-02-25-prorussisk-cyberangreb-har-et-klart-formaal-siger-it-ekspert; https://www.facebook.com/thistedkommune/posts/pfbid0hgaXLys8he1zfioxFMWwB93wv9d69mzEzita55wmkJik1FVUYCSJ4gMNkDGyHxJFl; https://www.bt.dk/samfund/hackere-angriber-igen-og-igen-derfor-er-danmark-i-skudlinjen; https://www.bt.dk/samfund/sikkerhedsmyndighed-maner-til-ro-efter-boelge-af-cyberangreb; https://t.me/s/noname05716eng; https://nyheder.tv2.dk/samfund/2024-02-26-cyberangrebene-er-drilleangreb-den-sande-russiske-trussel-findes-et-andet-sted-siger-forsker; https://ekstrabladet.dk/forbrug/Teknologi/hackergrupper-paa-spil-igen-vi-har-ramt-mitid/10146562; https://nyheder.tv2.dk/samfund/2024-02-28-48-timer-uden-internet-hvad-ville-der-ske-i-samfundet; https://nyheder.tv2.dk/samfund/2024-02-28-kommunerne-skal-forberede-sig-paa-krig-mener-byraadspolitikere; https://www.computerworld.dk/art/286672/her-er-min-historie-om-det-store-ddos-angreb-der-ramte-movia-jeg-tror-paa-at-videndeling-er-et-godt-forsvar,2024-02-26,2024-03-15
3199, Unknown Threat Actors Attacked Systems of Royal Canadian Mounted Police (RCMP) in February 2024,"The Royal Canadian Mounted Police (RCMP) was subject to a network intrusion in February 2024 and has since launched a criminal investigation into the incident. In an email to employees dated 23 February 2024, RCMP Chief of Security Paul L. Brown referred to the incident as a 'cyber event.' The RCMP assured the public that there has been no operational impact. The RCMP is actively working to determine the extent of the breach, and there have been no reports of any impact on foreign police or intelligence agencies. This development follows the Canadian government's disclosure of a data breach in November 2023 involving contractors Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services. Sensitive data of government employees, including members of the Canadian Armed Forces and RCMP, was exposed. The ongoing investigation aims to uncover the full extent of the recent data breach on the RCMP.",,Not available,Not available,,Incident disclosed by victim,Hijacking without Misuse,Royal Canadian Mounted Police (RCMP) ,Canada,NATO; NORTHAM,State institutions / political system,Police,Not available,Not available,Not available,,1,18317,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/159568/hacking/cyber-attack-hit-royal-canadian-mounted-police.html; https://www.bleepingcomputer.com/news/security/rcmp-investigating-cyber-attack-as-its-website-remains-down/; https://www.noticiasde.es/espana/la-policia-de-canada-experimenta-un-ciberataque-preocupante-pero-sin-consecuencias-para-los-canadienses/; https://dushi.singtao.ca/toronto/%E6%96%B0%E9%97%BB/%E6%96%B0%E9%97%BB%E5%BF%AB%E9%80%92/%E5%8A%A0%E6%8B%BF%E5%A4%A7%E7%9A%87%E5%AE%B6%E9%AA%91%E8%AD%A6%E9%81%AD%E7%BD%91%E7%BB%9C%E6%94%BB%E5%87%BB-%E5%BC%BA%E8%B0%83%E6%B2%A1%E6%9C%89%E5%AF%B9%E5%85%AC%E4%BC%97%E9%80%A0%E6%88%90%E5%BD%B1/; https://www.telemadrid.es/tecnologia/La-Policia-Montada-de-Canada-sufre-un-ciberataque-de-alarmante-magnitud-0-2645435492--20240223102945.html; https://toronto.citynews.ca/2024/02/23/rcmp-cyber-attack-on-its-networks/; https://www.cbc.ca/news/politics/cybersecurity-breach-rcmp-1.7123787?ref=news.risky.biz; https://ensegundos.com.pa/2024/02/25/policia-de-canada-sufre-ciberataque/; https://www.computerweekly.com/de/news/366571972/Die-Cyberangriffe-der-KW9-2024-im-Ueberblick; https://www.bleepingcomputer.com/news/security/canadas-anti-money-laundering-agency-offline-after-cyberattack/,2024-02-26,2024-03-28
3198,Unidentified Hackers targeted Malawi Immigration Department's Computer Networks with Ransomware in February 2024,"Unknown cyber criminals targeted the networks of the Malawi Immigration Department with ransomware in February 2024. The hackers responsible demanded a ransom. President Lazarus Chakwera described the incident as a serious breach of national security and emphasized that Malawi will not negotiate with the threat actors. Due to the incident, Malawi had to suspend the issuance of passports and aimed to identify an interim solution to resume passport issuance within three weeks. 
",2024-02-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Immigration service,Malawi,AFRICA; SSA,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18318,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-02-23 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Malawi,Lazarus Chakwera (President of Malawi),No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.lusakatimes.com/2024/02/23/malawi-suspends-passport-issuance-after-cyber-attack/; https://www.bbc.com/news/world-africa-68366749; https://www.computerweekly.com/de/news/366571114/Die-Cyberangriffe-der-KW8-2024-im-Ueberblick; https://www.lemagit.fr/actualites/366571176/Cyberhebdo-du-23-fevrier-2024-9-cyberattaques-recenses-dans-le-monde,2024-02-26,2024-03-28
3196,BlackCat/ALPHV compromised US Healthcare Provider Change Healthcare Leading to Nationwide Outage of Prescription Processing Services on 21 February 2024,"On 21 February 2024, UnitedHealth Group revealed that its subsidiary, Change Healthcare, operated by the IT company Optum Solutions, suffered a compromise of its systems. This incident caused a widespread disruption in processing services throughout the United States, leading to challenges for pharmacies in delivering medications to patients. The American Hospital Association, based on open-source statements and press reports, points to the exploitation of a zero-day vulnerability in ScreenConnect, a remote access solution offered by the company ConnectWise, as a contributing factor to the intrusion. According to a filing with the US Securities and Exchange Commission, UnitedHealth Group suspects the involvement of a nation-state-associated threat actor.
Change Healthcare handles prescription processing for insurance and facilitates data transmission between healthcare providers and insurance companies for tens of thousands of pharmacies across the United States. Optum Solutions, asserts that the incident is confined to Change Healthcare systems and has not affected those of Optum, UnitedHealthcare, and UnitedHealth Group, according to a statement by the company. Reports from Bleeping Computer suggest that the incident also affected Tricare, the US healthcare provider for active-duty personnel, requiring manual prescription filling at US military pharmacies. The incident also affected Availity, the clearing house for Therabill.
Numerous pharmacies are reporting delays in fulfilling medical prescriptions, mainly due to the significant service disruption of the platform for e-prescriptions and issues with refilling. Camp Pendleton states that the disruption affected all US military pharmacies worldwide, and several retail pharmacies in the US experienced disruptions, including the Naval Hospital in Camp Pendleton, Evans Army Community Hospital, and the prescription discount company GoodRx. Additionally, pharmacies in Maryland and Utah, defence pharmacies such as the Brooke Army Medical Center, USAFA Pharmacy, and the Bassett Army Community Hospital, as well as other pharmacies, including Moffet Drug (Kansas), Costco, Sav-On, Osco, Kaiser-Permanente, Tricare, Safeway, and Albertson's, were affected. On 26 February, Bleeping Computer and Reuters reported that the incident was attributed to BlackCat/ALPHV ransomware gang, citing forensic experts involved in the investigation of the incident. UnitedHealth Group confirmed this the same week. ALPHV claimed in a statement on their leak site that in sum they had stolen 6 TB of data. 
According to a report from Bleeping Computer from 15 April 2024 ALPHV shut down operation due to increased pressure from law enforcement. Claims arose that the ransomware group pulled an exit scam by stealing $22 million of the Change Healthcare ransom payment from the affiliate, named ""Notchy"", originally conducting the attack. Notchy partnered up with another ransomware gang RansomHub in order to extort Change Healthcare again. At the time, the company was believed to already have paid a ransom. UnitedHealth confirmed the payment of an undisclosed amount in a statement to CNBC on 22 April. On 8 April, RansomHub has posted to its dark-web site that it has 4 terabytes of Change Healthcare’s stolen data, which it threatened to sell to the “highest bidder” if Change Healthcare did not pay an unspecified ransom. RansomHub tells WIRED it is not affiliated with AlphV and “can’t say” how much it’s demanding as a ransom payment. In the week of 15 April 2024 RansomHub began leaking screenshots of files they claim being from the Change Healthcare Breach. This is not verified yet, though Bleeping Computer says the data ""does appear to belong to the company"".
On 16 April 2024, UnitedHealth Group has reported an $872 million impact on its Q1 earnings due to the ransomware attack that has disrupted the U.S. healthcare system since February. The ransomware attack's impact includes $593 million in direct cyberattack response costs and $279 million due to business disruptions.
On 1 May 2024, UnitedHealth Group CEO Andrew Witty confirmed previous reporting for the first time that the company paid a $22 million ransom to the BlackCat/AlphV ransomware gang. Additionally, UnitedHealth confirmed that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled.",2024-02-21,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,Critical infrastructure,Health,,Not available,Non-state-group,Criminal(s),2,19048; 19047,2024-02-26 00:00:00; 2024-02-21 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Political statement / report (e.g., on government / state agency websites)",IT-security community attributes attacker; Receiver attributes attacker,Not available; Change Healthcare,; Not available,Not available; United States,,Not available; Not available,Non-state-group; State,,Unknown,Not available,,Not available,,1,2024-03-23 00:00:00,State Actors: Legislative reactions,,United States,COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS (US Senate),Yes,One,Not available,Data Encrypted for Impact,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,13.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,> 100 Mio - 1 bn,872000000.0,dollar,None/Negligent,Human rights; International peace; Due diligence; Sovereignty,"Economic, social and cultural rights; Prohibition of intervention; ; ",Not available,2,2024-03-13 00:00:00; 2024-02-21 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States; United States,US Department of Health and Human Services (HHS); Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.financial-world.org/news/news/financial/25101/us-pharmacies-face-prescription-delays-after-cyberattack-on-healthcare-processor/; https://www.thebaltimorebanner.com/economy/science-medicine/pharmacies-delayed-prescriptions-cyber-attack-4HR5CLCPMZDEXOIL5PM2G5DRO4/; https://www.kbtx.com/2024/02/24/cyber-security-issue-impacts-unit-unitedhealth/; https://esdiario.com.mx/farmacias-de-estados-unidos-reportan-problemas-tras-ciberataque/; https://www.fox13now.com/news/local-news/cyber-attacks-affect-utahns-access-to-medication; https://techreport.com/news/nationwide-cyber-attack-slows-down-prescription-processing-across-pharmacies/; https://www.managedhealthcareexecutive.com/view/unitedhealth-unplugs-change-healthcare-systems-to-contain-cyber-attack; https://helenair.com/news/local/change-healthcare-cyberattack-sparks-st-peters-to-disconnect-from-system/article_281dd7e0-d28a-11ee-bfbb-2f7be547b747.html; https://uk.finance.yahoo.com/news/cyberattack-leaves-patients-facing-choice-202444240.html; https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-optum-hack-behind-us-healthcare-billing-outage/; https://www.heise.de/news/eHealth-Cyberangriff-sorgt-fuer-Probleme-mit-Rezepten-in-US-Apotheken-9638099.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/53097433/cyber-attack-at-change-healthcare-affects-pharmacies-nationwide; https://www.beckershospitalreview.com/cybersecurity/change-healthcare-is-credit-negative-after-attack-moodys.html; https://www.bitdefender.com/blog/hotforsecurity/prescription-orders-delayed-as-us-pharmacies-grapple-with-nation-state-cyber-attack/; https://www.boursier.com/actualites/reuters/les-valeurs-a-suivre-a-wall-street-actualise-357123.html; https://status.changehealthcare.com/incidents/hqpjz25fn3n7; https://www.aha.org/2024-02-24-update-unitedhealth-groups-change-healthcares-continued-cyberattack-impacting-health-care-providers; https://www.sec.gov/ixviewer/ix.html?doc=/Archives/edgar/data/0000731766/000073176624000045/unh-20240221.htm; https://ktar.com/story/5564258/cyber-attack-on-health-insurance-provider-could-prevent-arizonans-from-getting-prescriptions/; https://www.computerweekly.com/de/news/366571114/Die-Cyberangriffe-der-KW8-2024-im-Ueberblick; https://research.checkpoint.com/2024/26th-february-threat-intelligence-report/; https://www.wired.com/story/blackcat-ransomware-disruptions-comebacks/; https://www.bleepingcomputer.com/news/security/fbi-cisa-warn-us-hospitals-of-targeted-blackcat-ransomware-attacks/; https://www.bleepingcomputer.com/news/security/unitedhealth-subsidiary-optum-hack-linked-to-blackcat-ransomware/; https://securityaffairs.com/159641/cyber-crime/blackcat-ransomware-attack-optum-solutions.html; https://therecord.media/change-healthcare-blackcat-alphv-incident-drags-on; https://www.lemagit.fr/actualites/366571176/Cyberhebdo-du-23-fevrier-2024-9-cyberattaques-recenses-dans-le-monde; https://cyberscoop.com/ransomware-alphv-healthcare-pharmacies/; https://www.malwarebytes.com/blog/news/2024/02/change-healthcare-outages-reportedly-caused-by-ransomware; https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/; https://securityaffairs.com/159716/data-breach/cencora-discloses-data-breach.html; https://www.cpomagazine.com/cyber-security/cyber-attack-on-health-tech-firm-change-healthcare-disrupts-pharmacies-across-the-us/; https://www.malwarebytes.com/blog/news/2024/02/alphv-is-singling-out-healthcare-sector-say-fbi-and-cisa; https://www.kqed.org/news/11977093/everybody-is-just-scrambling-nationwide-cyber-attack-delays-bay-area-pharmacy-orders; https://securityaffairs.com/159703/cyber-crime/alphv-blackcat-ransomware-healthcare-sector.html; https://www.finanznachrichten.de/nachrichten-2024-02/61520006-resilient-healthcare-operations-in-the-wake-of-cyber-attacks-discover-jorie-ai-s-revolutionary-solutions-200.htm; https://startupitalia.eu/tech/il-ransomware-blackcat-colpisce-ancora/; https://laraza.com/2024/02/26/farmacias-de-chicago-enfrentan-ciberataques-en-resurtido-de-ciertos-medicamentos/; https://therecord.media/change-healthcare-ransomware-attack-blackcat-alphv; https://arstechnica.com/security/2024/03/us-prescription-market-hamstrung-for-9-days-so-far-by-ransomware-attack/; https://arstechnica.com/security/2024/03/us-prescription-market-hamstrung-for-9-days-so-far-by-ransomware-attack/; https://www.elperiodista.cl/2024/03/hospitales-denuncian-el-ataque-informatico-mas-grave-jamas-lanzado/; https://uk.finance.yahoo.com/news/cyberattack-insurance-giant-disrupting-business-193316243.html; https://finance.yahoo.com/news/change-healthcare-cyberattack-whats-status-172956475.html?fr=sycsrp_catchall; https://www.newsbytesapp.com/news/science/blackcat-ransomware-group-behind-hack-at-change-healthcare-says-unitedhealth/story; https://www.mcknights.com/news/massive-cyber-attack-creates-crushing-billing-burdens-for-skilled-nursing-sparks-efforts-for-payment-relief/; https://www.btimesonline.com/articles/164465/20240302/ransomware-attack-on-change-healthcare-marks-unprecedented-threat-to-u-s-health-care.htm; https://www.wired.com/story/push-notification-privacy-security-roundup/; https://www.scmagazine.com/news/connectwise-screenconnect-bug-used-in-play-ransomware-breach-msp-attack; https://www.wusf.org/politics-issues/2024-03-02/what-to-know-after-hacking-at-unitedhealth-unit-cripples-part-of-the-us-health-system; https://www.beckershospitalreview.com/cybersecurity/change-healthcare-ransomware-attack-7-updates.html; https://cyberscoop.com/alphv-website-ransomware-attack-change-healthcare/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-1st-2024-healthcare-under-siege/; https://www.fiercehealthcare.com/health-tech/cybersecurity-patient-safety-what-ransomware-attack-change-healthcare-should-teach; https://fr.investing.com/news/stock-market-news/alertes-resultats--veeva-systems-affiche-des-resultats-solides-pour-le-quatrieme-trimestre-et-lexercice-et-envisage-une-croissance-future-93CH-2329095; https://securityaffairs.com/159874/breaking-news/security-affairs-newsletter-round-461-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/4th-march-threat-intelligence-report/; https://www.democrats.senate.gov/imo/media/doc/ces_-_cms_response_change_healthcare_outage_3-1-24pdf.pdf; https://therecord.media/healthcare-industry-needs-relief-after-change-cyber-incident-hospital-association; https://www.bleepingcomputer.com/news/security/blackcat-ransomware-turns-off-servers-amid-claim-they-stole-22-million-ransom/; https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/; https://www.beckershospitalreview.com/cybersecurity/johns-hopkins-ramps-up-cybersecurity-amid-change-healthcare-attack.html; https://arstechnica.com/security/2024/03/alphv-ransomware-site-claims-it-was-seized-by-fbi-researchers-suspect-22m-scam/; https://cyberscoop.com/ransomware-group-behind-change-healthcare-attack-goes-dark/; https://www.finanznachrichten.de/nachrichten-2024-03/61593957-unitedhealth-aktie-cyberangriff-trifft-gesundheitsdienste-429.htm; https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/; https://www.heise.de/news/Ransomware-ALPHV-Blackcat-betruegt-offenbar-Partner-und-zieht-sich-zurueck-9646707.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.finanznachrichten.de/nachrichten-2024-03/61587365-unitedhealth-aktie-cyberangriffe-und-zukunftsaussichten-542.htm; https://www.lefigaro.fr/secteur/high-tech/medicaments-non-delivres-devis-et-facturation-en-panne-une-cyberattaque-perturbe-serieusement-le-systeme-de-sante-aux-etats-unis-20240304; https://www.ktvq.com/news/local-news/cyber-attack-continues-to-plague-montana-pharmacies; https://isanidad.com/275693/el-mayor-ciberataque-a-una-entidad-sanitaria-en-estados-unidos-afecta-a-medicos-y-pequenos-y-medianos-proveedores/; https://www.itworldcanada.com/article/healthcare-sector-stretched-thin-in-fight-against-cyber-attacks-warns-cso-of-health-isac/559886; https://www.itworldcanada.com/article/healthcare-sector-stretched-thin-in-fight-against-cyber-attacks-warns-cso-of-health-isac/559886; https://therecord.media/europol-doj-nca-deny-involvement-in-alphv-blackcat-ransomware-takedown; https://www.malwarebytes.com/blog/ransomware/2024/03/alphv-ransomware-gang-fakes-own-death-fools-no-one; https://krebsonsecurity.com/2024/03/blackcat-ransomware-group-implodes-after-apparent-22m-ransom-payment-by-change-healthcare/; https://www.butterword.com/2024/03/los-funcionarios-se-apresuran-ayudar.html; https://www.orientaldaily.com.my/news/business/2024/03/06/635559; https://diario.mx/estados-unidos/paraliza-ciberataque-sistema-de-pagos-de-salud-mas-grande-de-eu-20240305-2160068.html; https://www.washingtonexaminer.com/policy/healthcare/2895532/ransomware-attack-on-unitedhealth-hits-provider-payments/; https://www.zonebourse.com/cours/action/UNITEDHEALTH-GROUP-INC-14750/actualite/UnitedHealth-confirme-que-le-groupe-Blackcat-est-a-l-origine-de-la-recente-attaque-de-cybersecu-46064011/; https://www.beckershospitalreview.com/cybersecurity/change-healthcare-confirms-ransomware-attack-hackers-claim-massive-data-haul.html; https://www.heise.de/news/Cyberangriff-auf-US-Gesundheitsdienstleister-CISA-und-FBI-ergreifen-Massnahmen-9642586.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.usine-digitale.fr/article/une-cyberattaque-perturbe-fortement-des-pharmacies-et-hopitaux-le-gang-blackcat-pointe-du-doigt.N2209135; https://www.fox13now.com/news/local-news/7-days-after-cyber-attack-utahns-on-medicaid-till-struggling-to-get-medication; https://new.qq.com/rain/a/20240307A0095300; https://www.finanznachrichten.de/nachrichten-2024-03/61610525-unitedhealth-aktie-cyberangriff-heizt-debatte-an-429.htm; https://www.defenseone.com/threats/2024/03/government-facilities-were-third-largest-ransomware-target-2023-fbi-says/394726/; https://www.bleepingcomputer.com/news/security/unitedhealth-brings-some-change-healthcare-pharmacy-services-back-online/; https://www.butterword.com/2024/03/el-equipo-de-biden-y-unitedhealth.html; https://therecord.media/change-healthcare-brings-some-systems-online; https://www.finanznachrichten.de/nachrichten-2024-03/61625885-unitedhealth-aktie-besserung-nach-cyberattacke-542.htm; https://www.butterword.com/2024/03/el-equipo-de-biden-y-unitedhealth.html; https://www.aarp.org/espanol/dinero/estafas-y-fraudes/info-2024/ataque-pirata-a-recetas.html; https://fr.news.yahoo.com/gang-pirates-fait-croire-qu-083655279.html; https://www.zonebourse.com/cours/action/UNITEDHEALTH-GROUP-INC-14750/actualite/Analyse-Le-piratage-d-UnitedHealth-pourrait-prendre-des-mois-pour-se-retablir-completement-46128615/; https://www.aarp.org/espanol/dinero/estafas-y-fraudes/info-2024/ataque-pirata-a-recetas.html; https://therecord.media/ransomware-tracker-the-latest-figures; https://cyberscoop.com/biden-budget-cyber-2025/; https://fx.minkabu.jp/news/293976; https://www.cpomagazine.com/cyber-security/under-increasing-federal-scrutiny-blackcat-ransomware-gang-pulls-exit-scam-on-its-way-out/; https://www.malwarebytes.com/blog/threat-intelligence/2024/03/ransomware-review-march-2024; https://www.tnonline.com/20240313/pocono-urgent-care-centers-closing-because-of-cyber-attack/; https://kion546.com/top-stories/2024/03/12/local-monterey-county-nonprofit-organization-struggling-to-provide-services-due-to-change-healthcare-cyber-attack/; https://www.bleepingcomputer.com/news/security/us-govt-probes-if-ransomware-gang-stole-change-healthcare-data/; https://therecord.media/hhs-investigating-unitedhealth-after-ransomware-attack; https://www.channelnewsasia.com/business/unitedhealth-unit-change-healthcares-pharmacy-network-back-online-4193836; https://www.govtech.com/security/struggles-continue-as-fed-unitedhealth-confront-cyber-attack; https://www.zonebourse.com/cours/action/UNITEDHEALTH-GROUP-INC-14750/actualite/Les-autorites-americaines-demandent-a-UnitedHealth-d-accelerer-les-paiements-aux-prestataires-d-46136618/; https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year; https://cyberscoop.com/health-care-groups-resist-cybersecurity-rules-in-wake-of-landmark-breach/; https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/; https://www.scmagazine.com/brief/mandatory-cyber-requirements-after-change-healthcare-attack-opposed-by-health-sector; https://seekingalpha.com/article/4678927-unitedhealthgroup-cyber-attack-timeline-overview-and-2023-review; https://therecord.media/white-house-official-united-health-certification-assessment; https://arstechnica.com/science/2024/03/paralyzing-cyberattack-spurs-federal-probe-into-unitedhealths-hipaa-compliance/; https://www.zonebourse.com/cours/action/UNITEDHEALTH-GROUP-INC-14750/actualite/Qu-est-ce-que-UnitedHealth-a-restaure-et-quelle-est-la-prochaine-etape-apres-un-piratage-majeur--46200828/; https://www.scmagazine.com/news/hhs-investigating-unprecedented-change-healthcare-ransomware-attack; https://www.beckershospitalreview.com/finance/change-healthcare-attack-costing-hospitals-2b-a-week-report.html; https://lvb.com/highmark-assisting-medical-practices-affected-by-cyber-attack/; https://finance.yahoo.com/news/hackers-roil-entire-industries-attacks-100000390.html; https://news.yahoo.com/national-cyber-attack-makes-dents-004724689.html; https://www.infosecurity-magazine.com/news/us-investigate-healthcare/; https://www.haberturk.com/ozel-icerikler/muharrem-sarikaya/3670785-akademik-korsanlar-tele-korsana-karsi-; https://www.bleepingcomputer.com/news/security/what-the-latest-ransomware-attacks-teach-about-defending-networks/; https://insurancenewsnet.com/oarticle/editorial-health-care-industry-vulnerable-to-cyber-attacks; https://cyberscoop.com/cybersecurity-minimum-standards-change-healthcare-mark-warner/; https://www.govinfosecurity.com/hospitals-lobby-feds-to-clarify-breach-duties-in-uhg-attack-a-24704; https://therecord.media/hhs-reported-grant-payment-scam-sen-bill-cassidy-letter; https://www.hsgac.senate.gov/wp-content/uploads/2024-03-23-GCP-letter-Change-Healthcare.pdf; https://www.channelnewsasia.com/business/unitedhealth-unit-will-start-processing-14-billion-medical-claims-backlog-after-hack-4216081; https://www.nextgov.com/cybersecurity/2024/03/new-bill-would-create-payment-incentives-health-sector-meet-cyber-standards/395175/; https://www.govinfosecurity.com/change-healthcare-wake-up-call-sector-too-codependent-a-24719; https://www.gundemkibris.com/abd-fidyeci-hackerlari-ariyor-bilgi-saglayana-10-milyon-dolar-odul-verilecek; https://www.clubic.com/actualite-522783-les-usa-mettent-a-prix-la-tete-des-pirates-blackcat-10-millions-de-dollars-de-recompense.html; https://www.cayhaber.net/fidyeciler-icin-odul-belirlendi-abdde-siber-saldiri-krizi-buyuyor; https://www.itmedia.co.jp/enterprise/articles/2403/30/news024.html; https://www.euronews.com/business/2024/03/22/nationwide-apologises-to-customers-as-tech-glitch-delays-payments; https://lostcoastoutpost.com/2024/mar/22/california-doctors-struggle-to-make-payroll-one-mo/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-5th-2024-virtual-machines-under-attack/; https://cyberscoop.com/alphv-steps-up-laundering-of-change-healthcare-ransom-payments/; https://fr.investing.com/news/company-news/morgan-stanley-reduit-lobjectif-de-cours-de-laction-unitedhealth-tout-en-maintenant-sa-surponderation-93CH-2364681; https://cyberscoop.com/extortion-group-threatens-to-sell-change-healthcare-data/; https://www.malwarebytes.com/blog/threats/2024/04/new-ransomware-group-demands-change-healthcare-ransom; https://fr.investing.com/news/company-news/lobjectif-de-cours-de-laction-unitedhealth-est-revu-a-la-baisse-en-raison-des-inquietudes-liees-a-la-pression-sur-les-benefices-par-action-93CH-2370065; https://www.wired.com/story/change-healthcare-ransomhub-threat/; https://arstechnica.com/security/2024/04/change-healthcare-faces-another-ransomware-threat-and-it-looks-credible/; https://www.bleepingcomputer.com/news/security/ransomware-gang-starts-leaking-alleged-stolen-change-healthcare-data/; https://therecord.media/ransomware-tracker-the-latest-figures; https://cyberscoop.com/change-healthcare-unitedhealth-ransomware-hearing/; https://www.wired.com/story/change-healthcare-ransomhub-data-sale/; https://www.govinfosecurity.com/congress-asks-what-went-wrong-in-change-healthcare-attack-a-24875; https://www.bleepingcomputer.com/news/security/unitedhealth-change-healthcare-cyberattack-caused-872-million-loss/; https://www.zonebourse.com/cours/action/UNITEDHEALTH-GROUP-INC-14750/actualite/L-unite-Change-de-UnitedHealth-confrontee-a-un-probleme-de-traitement-de-certaines-demandes-de-r-46471243/; https://www.bitdefender.com/blog/hotforsecurity/change-healthcare-data-for-sale-on-dark-web-as-fallout-from-ransomware-attack-spirals-out-of-control/; https://fr.investing.com/news/company-news/deutsche-bank-releve-lobjectif-de-cours-de-laction-unitedhealth-apres-la-publication-des-resultats-93CH-2379869; https://isanidad.com/280742/mercado-negro-un-historial-medico-puede-costar-entre-28-y-938-euros/; https://www.zonebourse.com/cours/action/UNITEDHEALTH-GROUP-INC-14750/actualite/Le-PDG-de-UnitedHealth-temoignera-devant-une-sous-commission-de-la-Chambre-des-representants-sur-l-46482047/; https://www.consalud.es/saludigital/ia-big-data/sector-salud-ciberdelincuentes-desafio_142864_102.html; https://www.consalud.es/saludigital/ia-big-data/sector-salud-ciberdelincuentes-desafio_142864_102.html; https://www.lesaffaires.com/bourse/analyses-de-titres/bp-les-titres-boursiers-qui-ont-retenu-l-attention-cette-semaine-19-04-2024/649190/2; https://www.govinfosecurity.com/feds-issue-guide-for-change-health-breach-reporting-duties-a-24916; https://therecord.media/unitedhealth-ceo-andrew-witty-testimony-house-subcommittee; https://www.wired.com/story/change-healthcare-admits-it-paid-ransomware-hackers/; https://www.malwarebytes.com/blog/news/2024/04/substantial-proportion-of-americans-may-have-had-health-and-personal-data-stolen-in-change-healthcare-breach; https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-it-paid-ransomware-gang-to-stop-data-leak/; https://fr.investing.com/news/company-news/unitedhealth-progresse-dans-sa-reponse-a-la-cyberattaque-et-offre-son-soutien-93CH-2382800; https://www.zonebourse.com/cours/action/UNITEDHEALTH-GROUP-INC-14750/actualite/UnitedHealth-declare-que-le-piratage-pourrait-toucher-une-proportion-substantielle-d-Americains-46495385/; https://www.usine-digitale.fr/article/unitedhealth-confirme-que-des-hackers-ont-vole-les-donnees-de-sante-de-nombreux-americains.N2211963; https://cyberscoop.com/stolen-change-healthcare-data-could-contain-information-on-a-substantial-portion-of-americans/; https://www.heise.de/news/eHealth-Nach-Cyberangriff-droht-US-Bevoelkerung-grosser-Datenleak-9695208.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.zdnet.fr/actualites/la-mega-facture-de-change-healthcare-victime-dune-attaque-par-rancongiciel-391010.htm; https://www.phonandroid.com/cette-cyberattaque-par-ransomware-coutera-plus-dun-milliard-de-dollars-au-secteur-de-la-sante.html; https://cyberscoop.com/cisa-ransomware-warning-easterly/; https://news.pedaily.cn/202404/533161.shtml; https://www.cnbc.com/2024/04/22/unitedhealth-paid-ransom-to-bad-actors-says-patient-data-was-compromised-in-change-healthcare-cyberattack.html; https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-april-22-april-28; https://cyberscoop.com/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive/; https://cyberscoop.com/change-healthcare-attack-stolen-data-ransom-andrew-witty-unitedhealth/; https://www.channelnewsasia.com/business/unitedhealth-hackers-took-advantage-citrix-vulnerabilty-break-ceo-says-4301696; https://therecord.media/unitedhealth-ceo-testifies-senate-hearing; http://www.eeo.com.cn/2024/0501/658586.shtml; https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/; https://www.finanznachrichten.de/nachrichten-2024-04/62095542-unitedhealth-aktie-cyberattacke-trifft-us-gesundheitsriesen-429.htm; https://arstechnica.com/security/2024/04/change-healthcare-hacked-through-stolen-password-for-account-with-no-mfa/; https://therecord.media/unitedhealth-group-change-healthcare-ransomware-congress,2024-02-26,2024-05-02
3195,"Unknown hackers encrypted systems of Francis Howell School District, Missouri, in February 2024","The Francis Howell School District in the US state of Missouri was the victim of an attack by unknown actors who encrypted some of the district's systems in February 2024. 
According to Superintendent Kenneth Roumpos, ""unexpected activity"" was detected on the district's networks and malware was used to encrypt some of the district's systems, leading to an investigation by federal law enforcement and IT specialists.",2024-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Francis Howell School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,17967,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.stltoday.com/news/local/crime-courts/francis-howell-returning-to-school-after-cyberattack-disrupts-technology/article_da3568e8-d100-11ee-9ecd-938e05647904.html; https://www.facebook.com/francishowellschools/?show_switched_toast=0&show_invite_to_follow=0&show_switched_tooltip=0&show_podcast_settings=0&show_community_review_changes=0&show_community_rollback=0&show_follower_visibility_disclosure=0; https://www.lemagit.fr/actualites/366571176/Cyberhebdo-du-23-fevrier-2024-9-cyberattaques-recenses-dans-le-monde; https://michiganadvance.com/2024/03/03/feds-deliver-stark-warnings-to-state-election-officials-ahead-of-november/,2024-02-23,2024-03-14
3191,Unknown threat group targeted Berlin University of Technology in Germany on 20 February 2024,"An unknown threat group targeted the Berlin University of Technology (BHT) in Germany on 20 February 2024, the university confirmed in a statement on its website.
The website was temporarily not accessible and email communications were disrupted. 
",2024-02-20,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Berlin University of Technology (BHT),Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,18335,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.tagesschau.de/inland/regional/berlin/rbb-wedding-berliner-hochschule-fuer-technik-meldet-cyberattacke-100.html; https://www.tagesschau.de/inland/regional/berlin/rbb-wedding-berliner-hochschule-fuer-technik-meldet-cyberattacke-100.html; https://idw-online.de/en/news828965; https://www.computerweekly.com/de/news/366571114/Die-Cyberangriffe-der-KW8-2024-im-Ueberblick; https://www.lemagit.fr/actualites/366571176/Cyberhebdo-du-23-fevrier-2024-9-cyberattaques-recenses-dans-le-monde,2024-02-22,2024-03-28
3189,Foreign cyber spies suspected of stealing from Chinese civilian-military enterprise,"Foreign cyber spies are suspected of stealing from a Chinese civilian-military enterprise, the Chinese Ministry of State Security wrote in an article titled ""How cyber espionage takes advantage of the situation?"" on WeChat on 16 February 2024.
According to the article, the foreign cyber spies stole important manufacturing, business and customer information.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,China,ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure,Defence industry,Not available,Not available,State,,1,18336,2024-02-16 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,"Ministry of State Security (MSS, China)",Not available,China,Not available,Not available,State,https://www.rfa.org/mandarin/Xinwen/1-02162024104133.html,Unknown,Unknown,,Unknown,,1,2024-02-16 00:00:00,State Actors: Preventive measures,Awareness raising,China,Ministry of State Security (MSS; China),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.voachinese.com/a/china-s-ministry-of-state-security-warns-of-overseas-cyber-espionage-threats-20240219/7493499.html; https://www.rfa.org/mandarin/Xinwen/1-02162024104133.html; https://www.sohu.com/a/758080470_162522; https://www.globaltimes.cn/page/202402/1307124.shtml; https://www.zaobao.com.sg/news/china/story20240317-3168147; https://www.zaobao.com.sg/realtime/china/story20240317-3166767,2024-02-22,2024-03-28
3190,Hacktivist Group hijacked X and Instagram social media accounts of German Car manufacturer BMW in Turkey on 20 February 2024,"According to Turkish news outlets, on 20 February 2024, hacktivists took control of German car manufacturer BMW's social media accounts on X and Instagram in Turkey. They posted content related to the Israel-Gaza war on both platforms. The attackers made statements like ""All enemies of Islam are our immediate target!""
BMW has since regained control of its Instagram account, but its X account remains inaccessible.",2024-02-20,2024-02-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Hijacking with Misuse,BMW Turkiye,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,MUTARRIF,Turkey,Non-state-group,Hacktivist(s),1,17968,2024-02-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,MUTARRIF,Not available,Not available,MUTARRIF,Turkey,Non-state-group,https://www.tamindir.com/haber/bmw-turkiye-sosyal-medya-hesaplari-hacklendi_86446/,System / ideology; Resources; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.tamindir.com/haber/bmw-turkiye-sosyal-medya-hesaplari-hacklendi_86446/,2024-02-22,2024-04-18
3193,"Unknown actors breached systems of Australian Internet and telecommunications provider Tangerine on 18 February 2024 exposing data of over 230,000 customers","Unknown actors took data of over 20,000 customers during a data breach at the Australian Internet and telecommunications provider Tangerine on 18 February 2024, Tangerine reported to their customers in an email. The compromised data includes names, dates of birth, email addresses, and mobile phone numbers. Tangerine is one of Australia’s fastest growing Internet providers, headquartered in Melbourne. ",2024-02-18,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Tangerine,Australia,OC,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,18333,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.smh.com.au/technology/internet-provider-tangerine-suffers-cyberattack-20240221-p5f6rd.html; https://securityaffairs.com/159528/data-breach/telco-provider-tangerine-data-breach.html,2024-02-22,2024-03-28
3192,Suspected Pro-Russian hackers disrupted and defaced websites and X-accounts of several Ukrainian news outlets spreading fake news during 17-18 February 2024,"Alleged Pro-Russian hackers defaced websites and X-accounts of multiple Ukrainian news outlets in order to spread fake news about the Russian-Ukrainian war on the weekend of 17 and 18 February 2024. Among the victims were online newspaper Ukrainska Pravda, business media site Liga.net and news websites Apostrophe and Telegraf. 
The hackers tried to spread fake news through the compromised accounts, claiming that Russia destroyed a Ukrainian special forces unit in the eastern Ukrainian city of Avdiivka. The attack was attributed by Ukraine’s state cybersecurity agency (SSSCIP) to an unspecified Russian threat actor as part of Russia’s “information warfare” against Ukraine.
According to Yevheniia Nakonechna, the head of Ukraine's Computer Emergency Response Team (CERT-UA), Ukrainian media is commonly a Russian target to circulate false or misleading information.",2024-02-17,2024-02-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Apostrophe - Telegraf - Liga.net  - Ukrainska Pravda,Ukraine; Ukraine; Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,Media - Media - Media - Media, -  -  - ,Not available,Russia,Non-state-group,Hacktivist(s),1,18334,2024-02-18 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,SSSCIP,Not available,Ukraine,Not available,Russia,Non-state-group,https://t.me/dsszzi_official/6758,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2024-02-18 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,State Special Communications Service of Ukraine (SSSCIP),No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/information-campaign-aimed-at-ukrainians-sow-doubt; https://t.me/dsszzi_official/6758; https://therecord.media/ukrainian-news-outlets-attacked-by-russian-hackers; https://www.telemundo.com/noticias/noticias-telemundo/elecciones-estados-unidos-2024/rusia-ya-interfiere-en-las-elecciones-de-eeuu-con-mensajes-sobre-la-fr-rcna140475,2024-02-22,2024-04-24
3194,Unknown actors compromised servers of Spanish-Catalan police Mossos d'Esquadra in the beginning of february 2024 stealing and leaking data of around 70 agents and commanders,"Unknown actors breached the servers of Spanish-Catalan police Mossos d'Esquadra in the beginning of February 2024 through the inbox of the police. In the course of the compromise they obtained data including a list of the people who were on duty on the night of 1 February 2024 at the Roca del Vallès penitentiary centre. The list contains names of over 70 agents and commanders, the numbers of their identification cards, and phone numbers. Investigators were notified that another breach of a second mailbox led to the data theft of information on two more people. The stolen data of both breaches have been published via Telegram. The Roca del Vallès penitentiary centre is a prison located in the province of Barcelona.",2024-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing; Hijacking with Misuse,Mossos d'Esquadra,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Police,Not available,Not available,Not available,,1,18332,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.elnacional.cat/es/sociedad/hackers-entran-servidor-mossos-esquadra-publican-datos-personales-criticos_1160488_102.html; https://cronicaglobal.elespanol.com/vida/20240220/los-mossos-responden-de-ciberseguridad-autoproteccion-filtracion/833916633_0.html; https://cronicaglobal.elespanol.com/politica/20240217/los-hackers-vuelven-golpear-mossos-filtran-agentes/833416700_0.html; https://cronicaglobal.elespanol.com/vida/20240417/aumentan-afectados-de-personales-cataluna-victimas-supera/848415245_0.html,2024-02-22,2024-04-23
3185,Unknown threat actor exploited vulnerability in FixedFloat crypto exchange system and withdrew cryptocurrencies worth $26 million on 18 February 2024 ,"On 18 February 2024, the decentralized cryptocurrency exchange FixedFloat fell victim to a security breach that resulted in the unauthorised withdrawal of around $26 million worth of Bitcoin and Ether. The as yet unknown external actors exploited vulnerabilities in the exchange's security protocols to siphon off 409 Bitcoin (BTC) and 1,728 Ether (ETH). FixedFloat operates as a non-custodial exchange that enables automated cryptocurrency transactions without user registration or KYC verification. Despite the significant financial loss, the exchange assured that no user funds were directly affected, as the compromised assets belonged exclusively to FixedFloat's reserves. Following the security breach, FixedFloat has been actively working to address the security issues identified to protect against future attacks. The exchange committed to finalising all outstanding transactions upon resuming regular operations.",2024-02-17,2024-02-18,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,FixedFloat,Seychelles,AFRICA; SSA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18341,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://unchainedcrypto.com/crypto-exchange-fixedfloat-hacked-for-26-million-in-bitcoin-ether/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://unchainedcrypto.com/crypto-exchange-fixedfloat-hacked-for-26-million-in-bitcoin-ether/; https://crypto.news/fixedfloat-denies-internal-hack-pending-orders/; https://twitter.com/FixedFloat/status/1759216185185288653?ref_src=twsrc%5Etfw%7Ctw[%E2%80%A6]rs-drain-26-million-worth-of-crypto-from-fixedfloat-exchange%2F; https://cointelegraph.com/news/fixed-float-confirms-26m-exploit-bitcoin-ether,2024-02-21,2024-03-28
3183,Hacktivist group Edaalate Ali disclosed documents from Iranian judiciary servers in February 2024,"Anti-Iranian government hacktivists Edaalate Ali claimed to have breached the severs of the Iranian judicial system on 20 February 2024, releasing confidential documents on their Telegram channel. The documents encompass a spectrum of sensitive subjects, from internal deliberations within the National Security Council in response to the protests sparked by the death of Mahsa Amini following her arrest by the morality police to efforts aimed at quelling unauthorized VPN vendors and cases of economic corruption. On Telegram, the group announced that they would create a website where more documents of court processes would be accessible. 
Edaalate Ali first became known for their release of images from the Evin prison in Tehran in 2021. ",2024-01-01,2024-02-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Not available,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,Judiciary,Edaalate Ali,Not available,Non-state-group,Hacktivist(s),1,18342,2024-02-20 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Edaalate Ali,Not available,Not available,Edaalate Ali,Not available,Non-state-group,https://www.dw.com/fa-ir/%DA%AF%D8%B1%D9%88%D9%87-%D8%B9%D8%AF%D8%A7%D9%84%D8%AA-%D8%B9%D9%84%DB%8C-%D8%B3%D8%B1%D9%88%D8%B1%D9%87%D8%A7%DB%8C-%D9%82%D9%88%D9%87-%D9%82%D8%B6%D8%A7%D8%A6%DB%8C%D9%87-%D8%AC%D9%85%D9%87%D9%88%D8%B1%DB%8C-%D8%A7%D8%B3%D9%84%D8%A7%D9%85%DB%8C-%D8%B1%D8%A7-%D9%87%DA%A9-%DA%A9%D8%B1%D8%AF/a-68310521,System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.lejdd.fr/international/le-systeme-judiciaire-de-la-republique-islamique-diran-victime-dune-cyberattaque-142272; https://www.dw.com/fa-ir/%DA%AF%D8%B1%D9%88%D9%87-%D8%B9%D8%AF%D8%A7%D9%84%D8%AA-%D8%B9%D9%84%DB%8C-%D8%B3%D8%B1%D9%88%D8%B1%D9%87%D8%A7%DB%8C-%D9%82%D9%88%D9%87-%D9%82%D8%B6%D8%A7%D8%A6%DB%8C%D9%87-%D8%AC%D9%85%D9%87%D9%88%D8%B1%DB%8C-%D8%A7%D8%B3%D9%84%D8%A7%D9%85%DB%8C-%D8%B1%D8%A7-%D9%87%DA%A9-%DA%A9%D8%B1%D8%AF/a-68310521; https://www.iranintl.com/en/202402201687,2024-02-21,2024-03-28
3184,"UK, US and other law enforcement agencies infiltrated LockBit ransomware group as early as 2021 eventually seizing public websites and servers in 2024","UK, US and other law enforcement agencies seized the public websites and servers of the LockBit ransomware group beginning in 2021, the US Department of Justice and the Federal Bureau of Investigation (FBI) as well as the UK National Crime Agency (NCA) and the National Cyber Security Center (NCSC) announced on 20 February 2024.
In addition to the aforementioned authorities, the NCA South West Regional Organised Crime Unit; France’s Gendarmerie Nationale Cyberspace Command; Germany’s Landeskriminalamt Schleswig-Holstein and the Bundeskriminalamt; Switzerland’s Federal Office of Police, Public Prosecutor’s Office of the Canton of Zurich, and Zurich Cantonal Police; Japan’s National Policy Agency; Australian Federal Police; Sweden’s Polismyndighetens; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant of the Netherlands; Finland’s Poliisi; Europol; and Eurojust also took part in the intervention called Operation Cronos.

Operation Cronos included the takeover of LockBit's public websites, where they published their ransomware attacks and subsequent ransom demands; and the takeover of the LockBit ransomware group's administrative environment, from which they controlled the ransomware attacks; the arrest of two LockBit actors in Poland and Ukraine, as well as the disruption of multiple US servers used by LockBit's administrators to host the StealBit platform to organise and collect stolen data. In total, security authorities seized 34 servers hosting the data leak website and its mirrors, data stolen from the victims, cryptocurrency addresses, 1000 decryption keys, and the affiliate panel.

On the same day, the Office of Foreign Assets Control (OFAC) sanctioned Ivan Gennadievich Kondratiev, a Russian citizen and leader of LockBit's affiliate National Hazard Society, as well as another Russian citizen, Artur Sungatov. In addition, the US District Court in New Jersey indicted Ivan Gennadievich Kondratiev (also known as ""Bassterlord"" or ""Fisheye"") and Artur Sungatov for conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud as well as computer fraud and abuse.
The US department of state offers a reward of up to $15 million for information that could lead to the identification or location of Lockbit members and affiliates, as published in a press statement on 21 February 2024. 

In a statement on 24 February 2024, LockBit shares detailed information about the breach of their servers. According to this timeline, the first penetration testing occuredat 6:36 UTC resulting in a 502 Bad Gateway error. 20:47 the site gave an 404 Not Found nginx error, the server was not able to accessed and information was erased. LockBit suspects that the authorities gained access through CVE-2023-3824 to two main servers, which had installed the PHP 8.1.2 version known for that vulnerability. LockBit implicates the reason behind the attack by the authorities lies in the menaced leak information from https://fultoncountyga.gov/. As confirmed on 24 February 2024, LockBit has undertaken efforts to relaunch their operation on a new infrastructure, which is now running the latest version of PHP 8.3.3. LockBit offers a reward for anyone informing them about new CVEs while threatening to increase their attacks on government sectors. According to Bleeping Computer, the statement appears to be an attempt at damage control and restoring their credibility. ",2021-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Lockbit,Russia,EUROPE; EASTEU; CSTO; SCO,Social groups,Criminal,US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; National Policy Agency; Federal Police; Polismyndighetens; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Europol; Eurojust,United States; United States; United Kingdom; United Kingdom; United Kingdom; France; Germany; Germany; Switzerland; Switzerland; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); EU (region),State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,1,18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001; 18001,2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom,US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); US Department of Justice (DOJ); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Crime Agency (NCA); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); National Cyber Security Center (NCSC); NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; NCA South West Regional Organised Crime Unit; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Gendarmerie Nationale Cyberspace Command; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Landeskriminalamt Schleswig-Holstein; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Bundeskriminalamt; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Federal Office of Police; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Public Prosecutor’s Office of the Canton of Zurich; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; Zurich Cantonal Police; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; National Policy Agency; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Federal Police; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Polismyndighetens; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Politie Dienst Regionale Recherche Oost-Brabant; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Poliisi; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Europol; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust; Eurojust,United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region); United States; United Kingdom; France; Germany; Switzerland; Japan; Australia; Sweden; Canada; Netherlands; Finland; EU (region),State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State,https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant; https://www.ncsc.gov.uk/news/ncsc-statement-on-law-enforcement-disruption-of-lockbit-ransomware-operation; https://www.fbi.gov/news/speeches/fbi-cyber-deputy-assistant-director-brett-leathermans-remarks-at-press-conference-announcing-the-disruption-of-the-lockbit-ransomware-group; https://www.nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-group,Cyber-specific,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Account Access Removal; Data Exfiltration,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.fox5atlanta.com/news/law-enforcement-disrupts-lockbit-ransomware-group-believed-to-be-behind-fulton-county-attack; https://www.euronews.com/2024/02/20/most-harmful-hacker-network-lockbit-disrupted-by-global-police-operation; https://securityaffairs.com/159388/cyber-crime/operation-cronos-against-lockbit.html; https://arstechnica.com/security/2024/02/after-years-of-losing-its-finally-feds-turn-to-troll-ransomware-group/; https://www.nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-group; https://www.ncsc.gov.uk/news/ncsc-statement-on-law-enforcement-disruption-of-lockbit-ransomware-operation; https://www.channelnewsasia.com/world/international-operation-uk-us-agencies-smashes-most-harmful-cyber-crime-group-lockbit-4136476; https://home.treasury.gov/news/press-releases/jy2114; https://www.techrepublic.com/article/fbi-shut-down-lockbit-ransomware-group/; https://www.fbi.gov/news/speeches/fbi-cyber-deputy-assistant-director-brett-leathermans-remarks-at-press-conference-announcing-the-disruption-of-the-lockbit-ransomware-group; https://www.malwarebytes.com/blog/business/2024/02/law-enforcement-trolls-lockbit-reveals-massive-takedown; https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant; https://www.rferl.org/a/lockbit-ransomware-group-disrupted-russia/32827997.html; https://therecord.media/lockbit-ransomware-indictments-us-doj-bassterlord; https://www.hardwareluxx.de/index.php/news/allgemein/netzpolitik/62993-mg-cyberkriminalitaet-hackergruppe-lockbit-zerschlagen.html; https://www.teletrader.com/us-sanctions-two-lockbit-affiliates/news/details/61525851; https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/; https://www.patronlardunyasi.com/haber/abd-den-rusya-merkezli-fidye-yazilimi-grubuyla-iliskili-2-kisiye-yaptirim/306970; https://www.sondakika.com/ekonomi/haber-abd-lockbit-fidye-yazilimi-saldirilarindan-sorumlu-16872352/; https://www.haberler.com/ekonomi/abd-lockbit-fidye-yazilimi-saldirilarindan-sorumlu-iki-kisiyi-yaptirim-kapsamina-aldi-16872351-haberi/; https://www.justice.gov/opa/media/1338956/dl?inline; https://actu.fr/sciences-technologie/lockbit-le-groupe-de-hackers-le-plus-nuisible-au-monde-demantele_60724138.html; https://www.courrierinternational.com/article/cybercriminalite-les-hackeurs-de-lockbit-neutralises-par-une-vaste-operation-policiere-internationale; https://finance.yahoo.com/news/authorities-down-hackers-targeted-manufacturers-164746995.html; https://www.ndr.de/nachrichten/schleswig-holstein/wellenord/Internationales-Hacker-Netzwerk-zerschlagen-Auch-LKA-SH-dabei,lockbit100.html; https://news.mydrivers.com/1/964/964396.htm; https://techprincess.it/polizie-internazionali-sito-hacker-lockbit/; https://www.rtl.fr/actu/sciences-tech/lockbit-demantele-ce-que-l-on-sait-de-l-operation-contre-le-groupe-de-hackers-le-plus-nuisible-au-monde-7900354959; https://therecord.media/lockbit-ransomware-gang-shutdown-cybercrime-intelligence-captured; https://www.freemalaysiatoday.com/category/world/2024/02/20/international-operation-smashes-worlds-most-harmful-cyber-crime-group/; https://euroweeklynews.com/2024/02/20/worlds-most-prolific-cyber-crime-group-dismantled/; https://www.diariolasamericas.com/eeuu/desmantelan-grupo-hackers-lockbit-que-realizo-cientos-ataques-eeuu-n5351849; https://www.diariolasamericas.com/eeuu/desmantelan-grupo-hackers-lockbit-que-realizo-cientos-ataques-eeuu-n5351849; https://www.haber3.com/dunya/dunyanin-en-buyuk-siber-suc-orgutu-cokertildi-haberi-6171511; https://arstechnica.com/information-technology/2024/02/lockbit-ransomware-group-taken-down-in-multinational-operation/; https://www.dailymail.co.uk/news/article-13104371/ransomware-gang-lockbit-shut-nca-fbi.html; https://www.silicon.de/41712054/lockbit-wirklich-endgueltig-zerschlagen; https://taz.de/Lockbit-zerschlagen/!5993744/; https://channelobserver.de/produkte/lockbit-ermittler-zerschlagen-ransomware-hackergruppe-37561/; https://video.lefigaro.fr/figaro/video/cyberattaques-le-groupe-de-hackers-lockbit-vise-par-une-operation-de-police-internationale/; https://www.theguardian.com/technology/2024/feb/20/uk-and-fbi-lock-cybercrime-group-out-of-lockbit-website; https://www.heise.de/news/Ransomware-Lockbit-durch-Ermittler-zerschlagen-zwei-Festnahmen-9633327.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.wiwo.de/technologie/digitale-welt/lockbit-ermittler-legen-eine-der-gefaehrlichsten-hackergruppe-lahm/29663996.html; https://thepeninsulaqatar.com/article/20/02/2024/hacked-the-hackers-international-operation-smashes-most-harmful-cyber-crime-group; https://www.sudouest.fr/faits-divers/cyberattaque-lockbit-le-groupe-de-hackers-russes-le-plus-nuisible-au-monde-a-ete-demantele-18654645.php; https://www.bbc.co.uk/news/technology-68344987; https://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/; https://www.lavoixdunord.fr/1432475/article/2024-02-20/lockbit-auteur-de-la-cyberattaque-de-l-hopital-d-armentieres-vise-par-une; https://www.ultimahora.com/una-operacion-de-10-paises-contra-la-red-de-chantajes-mas-grande-del-mundo; https://www.giornalettismo.com/lockbit-chi-sono-come-agiscono/; https://t3n.de/news/schlag-gegen-lockbit-hacker-fbi-europol-1608784/; https://www.netzwoche.ch/news/2024-02-20/strafverfolger-uebernehmen-darknet-praesenz-der-ransomware-gruppe-lockbit; https://www.zeit.de/news/2024-02/20/internationale-ermittler-zerschlagen-ransomware-hackergruppe; https://www.sueddeutsche.de/wirtschaft/internet-internationale-ermittler-zerschlagen-ransomware-hackergruppe-dpa.urn-newsml-dpa-com-20090101-240220-99-54212; https://www.faz.net/agenturmeldungen/dpa/internationale-ermittler-zerschlagen-ransomware-hackergruppe-19532134.html; https://tarnkappe.info/artikel/it-sicherheit/fbi-beschlagnahmt-lockbit-infrastruktur-289468.html; https://www.huffingtonpost.it/tecnologia/2024/02/20/news/lockbit_hacker_operazione_polizia_ransomware-422168334/; https://sg.news.yahoo.com/hacker-groups-taken-over-law-015500961.html; https://www.rnd.de/wirtschaft/lockbit-internationale-ermittler-legen-hacker-gruppe-lahm-GBZ2DLH2GVOSFOZV6D7PEC3RUQ.html; https://www.malwarebytes.com/blog/cybercrime/2024/02/lockbit-the-worlds-worst-ransomware-is-down; https://www.channelnewsasia.com/world/international-operation-uk-us-agencies-smashes-most-harmful-cyber-crime-group-lockbit-4136476; https://securityaffairs.com/159360/cyber-crime/operation-cronos-disrupted-lockbit-operation.html; https://new.qq.com/rain/a/20240220A08FYV00; https://securityaffairs.com/159454/cyber-crime/lockbit-members-reward.html; https://www.security-insider.de/zerschlagung-weltweit-schaedlichste-cyberkriminalitaetsgruppe-lockbit-a-f8610b09691beaefb5ca12ebd9a76efc/; https://www.zdnet.fr/actualites/le-gang-lockbit-touche-par-cronos-spectaculaire-operation-policiere-internationale-39964374.htm; https://www.gazeteduvar.com.tr/rus-fidye-yazilim-grubu-lockbite-uluslararasi-operasyon-hackerlari-hackledik-haber-1671128; https://cadenaser.com/baleares/2024/02/21/una-operacion-policial-internacional-jaquea-los-servicios-del-grupo-responsable-del-ciberataque-a-sant-antoni-radio-ibiza/; https://www.cope.es/emisoras/andalucia/sevilla-provincia/sevilla/noticias/asi-caido-grupo-piratas-informaticos-lockbitt-responsables-del-ciberataque-ayuntamiento-20240221_3156980; https://www.ladepeche.fr/2024/02/21/nous-avons-hacke-les-hackers-pourquoi-le-demantelement-du-groupe-cybercriminel-lockbit-est-un-coup-dur-pour-les-pirates-du-web-11778486.php; https://www.telecinco.es/noticias/ciencia-y-tecnologia/20240221/desmantelado-lockbit-hackers-ciberataque-ayuntamiento-sevilla_18_011764528.html; https://www.cronicabalear.es/2024/cae-el-grupo-de-hackers-que-ataco-al-ayuntamiento-de-calvia-y-de-sant-antoni/; https://www.inside-it.ch/wir-legen-den-schwerpunkt-auf-die-stoerung-der-bedrohununsakteure-20240221; https://www.telecinco.es/noticias/ciencia-y-tecnologia/20240221/desmantelado-lockbit-hackers-ciberataque-ayuntamiento-sevilla_18_011764528.html; https://www.diariodesevilla.es/sevilla/Cae-piratas-informaticos-hackeo-Ayuntamiento-Sevilla_0_1877812744.html; https://www.derstandard.at/story/3000000208397/hackergruppe-lockbit-war-wohl-auch-in-oesterreich-aktiv; https://www.lavoixdunord.fr/1432862/article/2024-02-21/cyberattaque-de-l-hopital-d-armentieres-ou-en-est-dix-jours-plus-tard; https://www.diariodemallorca.es/part-forana/2024/02/21/cae-grupo-hackers-ataco-ayuntamiento-98452468.html; https://www.diariodemallorca.es/part-forana/2024/02/21/cae-grupo-hackers-ataco-ayuntamiento-98452468.html; https://actu.fr/societe/lockbit-ce-groupe-de-hackers-a-vole-des-donnees-de-98-des-grandes-entreprises-francaises_60727242.html; https://www.diariodeibiza.es/ibiza/2024/02/21/hackers-sant-antoni-cercados-operacion-98464175.html; https://therecord.media/lockbit-affiliates-arrested-in-ukraine-poland; https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/; https://www.noudiari.es/local-ibiza/desmantelado-el-grupo-responsable-del-ciberataque-al-ayuntamiento-de-sant-antoni/; https://kelo.com/2024/02/21/ukraine-arrests-father-son-duo-in-lockbit-cybercrime-bust/; https://therecord.media/russia-arrests-sugarlocker-ransomware-members; https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-secretly-building-next-gen-encryptor-before-takedown/; https://www.badische-zeitung.de/ermittler-zerschlagen-internationale-hackergruppe; https://wirtschaft.com/russischsprachiges-lockbit-schaedlichstes-hacker-netzwerk-der-welt-zerschlagen/; https://www.dailymail.co.uk/news/article-13103367/lockbit-ransomware-hackers-seized-nca-fbi.html; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-lockbit; https://www.heise.de/news/Zwischen-Selbstkritik-und-Trotz-LockBit-rechtfertigt-cyberkriminelle-Handlungen-9638063.html?wt_mc=rss.red.security.security; https://www.heise.de/news/Zwischen-Selbstkritik-und-Trotz-LockBit-rechtfertigt-cyberkriminelle-Handlungen-9638063.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.it-daily.net/shortnews/was-bedeutet-die-lockbit-zerschlagung-fuer-die-bedrohungslandschaft; https://www.varesenews.it/2024/02/scacco-matto-alla-piu-grande-gang-di-attacchi-informatici/1855104/; https://www.lesoleil.com/jeunesse/les-as-de-l-info/2024/02/23/qui-sont-les-puissants-cyberpirates-de-lockbit-arretes-CRG3V6TPZ5CEPIR7LU67D5CYMY/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-has-over-110-million-in-unspent-bitcoin/; https://therecord.media/lockbit-administrator-engaging-with-police; https://industrie.de/cybersecurity/was-die-lockbit-zerschlagung-fuer-die-bedrohungslandschaft-bedeutet/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/; https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt; https://cyberscoop.com/lockbit-takedown-messaging-campaign/; https://www.techrepublic.com/article/fbi-shut-down-lockbit-ransomware-group/; https://www.theguardian.com/technology/2024/feb/26/russian-based-lockbit-ransomware-hackers-attempt-comeback; https://www.phonandroid.com/lockbit-nest-pas-mort-le-plus-celebre-groupe-de-pirates-prepare-deja-son-retour.html; https://roubaix.maville.com/actu/actudet_-des-fichiers-diffuses-sement-le-doute-sont-ils-issus-du-piratage-de-l-hopital-d-armentieres-_fil-6175925_actu.Htm; https://www.bluewin.ch/de/digital/vermeintlich-zerschlagene-hackergruppe-lockbit-meldet-sich-zurueck-2100784.html; https://securityaffairs.com/159584/cyber-crime/lockbit-gang-resumed-raas.html; https://krebsonsecurity.com/2024/02/fbis-lockbit-takedown-postponed-a-ticking-time-bomb-in-fulton-county-ga/; https://new.qq.com/rain/a/20240226A04P5400; https://research.checkpoint.com/2024/26th-february-threat-intelligence-report/; https://www.datensicherheit.de/lockbit-disruption-strafverfolgungsbehoerden-nutzung-trend-micro-expertise; https://therecord.media/lockbit-relaunch-attempt-follwing-takedown; https://www.malwarebytes.com/blog/news/2024/02/a-week-in-security-february-19-february-25-2; https://www.inside-it.ch/lockbit-ist-zurueck-20240226; https://www.computerworld.dk/art/286324/lockbit-er-tilbage-har-genskabt-servere-under-en-uge-efter-politiet-lukkede-dem-ned; https://cyberscoop.com/lockbit-comeback-less-than-a-week-after-major-disruption/; https://www.freiburger-nachrichten.ch/digitale-erpressungen-nehmen-zu-ermittler-haben-es-schwer/; https://securityaffairs.com/159555/breaking-news/security-affairs-newsletter-round-460-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/; https://finance.ifeng.com/c/8XVotVAS6ix; https://www.dailymail.co.uk/news/article-13129041/Russian-linked-cyber-gang-attacks-Royal-Mail-Porton-ONLINE-just-week-Britains-FBI-celebrated-taking-down.html; https://www.it-daily.net/it-sicherheit/cybercrime/ransomware-lockbit-kehrt-zurueck-und-greift-krankenhaeuser-an; https://www.it-daily.net/it-sicherheit/cybercrime/lockbit-ransomware-meldet-sich-zurueck; https://www.zdnet.fr/actualites/lockbit-est-de-retour-mais-sur-tois-pattes-39964494.htm; https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/; https://securityaffairs.com/159757/cyber-crime/lockbit-gang-resuming-operation.html; https://www.wired.com/story/lockbit-fulton-county-georgia-trump-ransomware-leak/; https://finance.yahoo.com/news/cyber-attacks-constant-threat-tech-172051189.html?fr=sycsrp_catchall; https://www.wired.com/story/push-notification-privacy-security-roundup/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-1st-2024-healthcare-under-siege/; https://www.heise.de/news/LockBit-Drohung-mit-Leak-zu-Verfahren-gegen-Donald-Trump-wohl-nur-ein-Bluff-9643336.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/fulton-county-services-restored-rolling; https://research.checkpoint.com/2024/4th-march-threat-intelligence-report/; https://eng.obozrevatel.com/section-war/news-diu-cyber-specialists-hacked-into-the-servers-of-the-russian-ministry-of-defense-and-seized-an-array-of-classified-documents-04-03-2024.html; https://andaluciainformacion.es/sevilla/1580323/juan-bueno-sobre-el-psoe-y-los-presupuestos-no-habia-ni-una-cifra/; https://therecord.media/europol-doj-nca-deny-involvement-in-alphv-blackcat-ransomware-takedown; https://securityaffairs.com/160054/cyber-crime/lockbit-3-0s-comeback-torrent-based-p2p-data-leakage.html; https://tarnkappe.info/artikel/it-sicherheit/alphv-blackcat-exit-scam-ein-abgang-mit-betrug-und-chaos-290226.html; https://www.lefigaro.fr/social/cyberattaque-a-l-hopital-d-armentieres-300-000-patients-concernes-par-le-vol-de-donnees-20240228; https://www.state.gov/reward-offers-for-information-on-lockbit-leaders-and-designating-affiliates/; https://www.malwarebytes.com/blog/threat-intelligence/2024/03/ransomware-review-march-2024; https://therecord.media/lockbit-administrator-mikhail-vasiliev-sentenced-canada; https://www.theguardian.com/technology/2024/mar/12/ransomware-groups-warned-there-is-no-money-in-attacking-british-state; https://www.theguardian.com/technology/2024/mar/17/british-library-did-the-right-thing-by-not-paying-cybercriminals; https://arstechnica.com/security/2024/03/member-of-lockbit-ransomware-group-sentenced-to-4-years-in-prison/; https://tarnkappe.info/artikel/it-sicherheit/malware/lockbit-mitglied-verurteilt-vier-jahre-haft-fuer-bandenmitglied-290602.html; https://finance.yahoo.com/news/hackers-roil-entire-industries-attacks-100000390.html; https://www.asahi.com/articles/ASS2W6S4NS2TULZU00G.html; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/rise-in-active-raas-groups-parallel-growing-victim-counts-ransomware-in-2h-2023; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax; https://www.datanet.co.kr/news/articleView.html?idxno=192269; https://www.ejanews.co.kr/news/articleView.html?idxno=322146; https://www.silicon.de/41713065/malware-im-maerz-remcos-loest-cloudeye-ab; https://cybersecasia.net/news/the-lockbit-group-may-have-been-busted-but-its-code-lives-on/",2024-02-21,2024-05-02
3181,Pro-Russian hacktivist group NoName057(16) carried out DDoS attacks against Belgian govermental websites on 20 February 2024,"In the afternoon of 20 February 2024, the Russian hacktivist group NoName057(16) briefly disrupted several Belgian governmental websites, including the site of Prime Minister Alexander De Croo and the House of Representatives. On Telegram, NoNameo57 linked its activity to Belgium's financial support for the Ukrainian government. The Belgian Cybersecurity Centre confirmed the attack that lasted for two hours, although the websites were not continually down during this timeframe.",2024-02-20,2024-02-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Website Belgian Prime Minister Alexander de Croo - Website Belgian House of Respresentatives,Belgium; Belgium,EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system - State institutions / political system,Government / ministries - Legislative,NoName057(16) ,Russia,Non-state-group,Hacktivist(s),1,18343,2024-02-20 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16) ,Russia,Non-state-group,https://t.me/noname05716eng/2826,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.rtbf.be/article/des-hackers-russes-sattaquent-a-plusieurs-sites-gouvernementaux-belges-11332725; https://www.sudinfo.be/id795733/article/2024-02-20/une-attaque-informatique-de-pirates-russes-touche-plusieurs-sites-web; https://www.lalibre.be/belgique/politique-belge/2024/02/20/la-vivaldi-ciblee-par-les-hackers-les-sites-du-premier-ministre-et-de-tous-les-ministres-du-gouvernement-victimes-dune-cyberattaque-5KNUENUMGJDOTHFQFGQPUUQMVU/; https://www.lavenir.net/actu/belgique/2024/02/20/un-jeu-du-chat-et-de-la-souris-denviron-2-heures-des-pirates-informatiques-russes-mettent-hors-service-plusieurs-sites-web-gouvernementaux-PREOBQFWLNA7JLRT3K5NJKHGH4/; https://t.me/noname05716eng/2826; https://www.dhnet.be/actu/belgique/2024/02/19/le-site-du-parlement-victime-dune-cyberattaque-SOITC7BMHRA25D7Y3L4GJUK4LA/,2024-02-21,2024-03-29
3186,"LockBit ransomware group targeted insurance company in San Juan, Puerto Rico, in or around August 2021","The LockBit ransomware group deployed its ransomware against an insurance company in San Juan, Puerto Rico, in or around August 2021, according to an indictment obtained in the United States District Court in New Jersey against two Russian nationals involved in the activities of the ransomware group, Artur Sungatov and Ivan Kondratyev that was unsealed on 20 February 2024. Also unsealed on the same day were additional charges brought against Kondratyev in the Northern District of California related to his deployment of ransomware against a target in California in 2020. ",2021-08-01,Not available,Attack on critical infrastructure target(s),,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse; Ransomware,Not available,Puerto Rico,,Critical infrastructure,Finance,Artur Sungatov; LockBit,Russia; Russia,Individual hacker(s); Non-state-group,; Criminal(s),1,18340; 18340; 18340; 18340,2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00,Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action,Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey,Not available; Not available; Not available; Not available,United States; United States; United States; United States,Artur Sungatov; Artur Sungatov; LockBit; LockBit,Russia; Russia; Russia; Russia,Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group,https://www.justice.gov/opa/media/1338956/dl?inline,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-02-20 00:00:00,Peaceful means: Retorsion (International Law),Travel bans,United States,US Department of the Treasury,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.justice.gov/opa/media/1338956/dl?inline,2024-02-21,2024-03-28
3187,"LockBit ransomware group targeted medical clinic in Panama City, Florida, in or around June 2022","The LockBit ransomware group used its ransomware against a medical clinic in Panama City, Florida, in or around June 2022, according to an indictment obtained in the United States District Court in New Jersey against two Russian nationals involved in the activities of the ransomware group, Artur Sungatov and Ivan Kondratyev that was unsealed on 20 February 2024. Also unsealed on the same day were additional charges brought against Kondratyev in the Northern District of California related to his deployment of ransomware against a target in California in 2020. ",2022-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Not available,United States,NATO; NORTHAM,Critical infrastructure,Health,LockBit; Artur Sungatov,Russia; Russia,Non-state-group; Individual hacker(s),Criminal(s); ,1,18338; 18338; 18338; 18338,2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00,Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey,Not available; Not available; Not available; Not available,United States; United States; United States; United States,LockBit; LockBit; Artur Sungatov; Artur Sungatov,Russia; Russia; Russia; Russia,Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s),https://www.justice.gov/opa/media/1338956/dl?inline,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-02-20 00:00:00,Peaceful means: Retorsion (International Law),Travel bans,United States,US Department of the Treasury,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.justice.gov/opa/media/1338956/dl?inline,2024-02-21,2024-03-28
3188,LockBit ransomware group targeted a city in Puerto Rico in or around September 2022,"The LockBit ransomware group used its ransomware against a city in Puerto Rico in or around September 2022, according to an indictment obtained in the United States District Court in New Jersey against two Russian nationals involved in the activities of the ransomware group, Artur Sungatov and Ivan Kondratyev that was unsealed on 20 February 2024. Also unsealed on the same day were additional charges brought against Kondratyev in the Northern District of California related to his deployment of ransomware against a target in California in 2020. ",2022-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse; Ransomware,Not available,Puerto Rico,,State institutions / political system,Civil service / administration,"LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia)",Russia; Russia,Non-state-group; Individual hacker(s),Criminal(s); ,1,18339; 18339; 18339; 18339,2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00; 2024-02-20 00:00:00,Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action,Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey,Not available; Not available; Not available; Not available,United States; United States; United States; United States,"LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia)",Russia; Russia; Russia; Russia,Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s),https://www.justice.gov/opa/media/1338956/dl?inline,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-02-20 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,United States,US Department of the Treasury,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.justice.gov/opa/media/1338956/dl?inline,2024-02-21,2024-03-28
3180,Anonymous Sudan targeted Cambridge University and University of Manchester with DDoS attack on 19 February 2024 ,"The self-styled hacktivist group Anonymous Sudan claimed responsibility for a DDoS attack affecting Cambridge University and the University of Manchester on 19 February 2024. The disruptions appeared to be directed at services provided through the Janet Network, which facilitates rapid, high-volume connections between research institutions. Janet is maintained by Jisc, a consortium for the provision of IT services among UK universities. 
The deluge of access requests disrupted the availability of systems handling student records and of digital collaborative work spaces service until the early morning of 20 February. An internal email by the head of user services at Cambridge University’s research computing services centre confirmed the incident as a DDoS attack. ",2024-02-19,2024-02-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Cambridge University - University of Manchester,United Kingdom; United Kingdom,EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU,State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research;  - Civil service / administration; Research; ,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),1,18002,2024-02-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Russia,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.varsity.co.uk/news/27131; https://www.timeshighereducation.com/news/uk-universities-targeted-cyberattack; https://twitter.com/OfficialUoM/status/1759857922538881139; https://t.me/xAnonymousSudan/626?single; https://www.infosecurity-magazine.com/news/universities-recovering-ddos-attack/; https://www.hstoday.us/subject-matter-areas/cybersecurity/cambridge-university-faces-cyber-attack/; https://www.varsity.co.uk/news/27131; https://www.computing.co.uk/news/4178362/cyber-incident-disrupts-uk-university; https://www.wired.com/story/university-of-cambridge-medical-school-malicious-activity/; https://www.wired.com/story/yogurt-heist-security-roundup/,2024-02-20,2024-03-15
3175,Russian-aligned threat actor TAG-70 targeted various governmental entities in Europe and Central Asia using Roundcube vulnerability in October 2023,"The Russian-aligned threat actor TAG-70 was observed to target more than 80 organisations with a regional focus in Eastern European countries such as Ukraine, Georgia and Poland, Recorded Future disclosed in a February 2024 report. The group, which shares overlaps with activity tracked as Winter Vivern, UAC-0114 and TA473, focused on embassies of various states and other political entities, suggesting espionage-related tasking aligning with Russian and Belarusian interests.
Additional targets included entities in critical infrastructure sectors such as research, science, transport or media. TAG-70 made use of the CVE-2023-43770 vulnerability in Roundcube's web mail server application, which was added by the US Cybersecurity and Infrastructure Security Agency (CISA) in February to a list of known exploited vulnerabilities.",2023-10-01,2023-10-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Iran, Islamic Republic of; Georgia; Iran, Islamic Republic of; Georgia; Czech Republic; Germany; United Kingdom; Georgia; Poland; Belgium; Not available; France; Ukraine",ASIA; MENA; MEA - ASIA; CENTAS - ASIA; MENA; MEA - ASIA; CENTAS - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; NORTHEU - ASIA; CENTAS - EUROPE; NATO; EU(MS); EASTEU - EUROPE; EU(MS); NATO; WESTEU -  - EUROPE; NATO; EU(MS); WESTEU - EUROPE; EASTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Media,"Other (e.g., embassies) - Government / ministries - Other (e.g., embassies) - Other (e.g., embassies) - ; Research;  - ; Research;  - ; Research;  - ; Research;  - ; Research;  - ; Research;  - ; Research;  - ; Research;  - ; Transportation; ; ; Transportation; Research; Research; ",TAG-70,Russia,"Non-state actor, state-affiliation suggested",,1,18347,2024-02-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,,United States,TAG-70,Russia,"Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2024-0217.pdf,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,Yes,One,Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/russia-aligned-hackers-target-european-and-iranian-embassies-cyber-espionage; https://go.recordedfuture.com/hubfs/reports/cta-2024-0217.pdf; https://securityaffairs.com/159311/apt/russia-apt-tag-70-roundcube-xss.html; https://securityaffairs.com/159555/breaking-news/security-affairs-newsletter-round-460-by-pierluigi-paganini-international-edition.html,2024-02-19,2024-04-19
3172,Unknown threat actor leaked data from US state government organisation,"On 15 February 2024, the US Cybersecurity and Infrastructure Security Agency informed in an advisory that data from a state government organization had been stolen and posted by an unknown threat actor on a darknet brokerage page. Through a former employee's account, the unknown threat actor had compromised the network administrator credentials and by this gained access to a VPN access point. The released documents contain host and user information, including metadata. Investigations of the incident showed that no further sensitive systems were compromised.",,Not available,Not available,,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,Not available,United States,NATO; NORTHAM,State institutions / political system,,Not available,Not available,Not available,,1,18348,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-046a,Unknown,Not available,,Not available,,1,2024-02-15 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/159223/hacking/cisa-hackers-breached-government-org.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-046a,2024-02-19,2024-03-28
3177,Canadian Okanagan Skaha school district suffered network outage beginning February 2024,"On 15 February 2024, the Okanagahan Skaha school district in British Columbia released a statement about a network outage in the school district caused by a cyberattack. The schools in the district continued lessons while systems managing phone and emails communications were unavailable. The district collaborated with Ministry of Education and Child Care staff, Safer Schools Together, local authorities and cybersecurity experts in mitigating the incident.",2024-02-15,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Okanagan School District,Canada,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,18344,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://22.files.edl.io/6aff/02/15/24/213642-21f136c3-911d-419b-982f-2c3a5759d7fa.pdf,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://22.files.edl.io/6aff/02/15/24/213642-21f136c3-911d-419b-982f-2c3a5759d7fa.pdf,2024-02-19,2024-03-28
3176,"Unknown malicious actors conducted ransomware attack against Washington County, Pennsylvania, on 24 January 2024","On 24 January 2024, Homeland Security officials informed Washington County leaders about a ransomware attack against their servers after the county first detected an intrusion on 19 January. County officials decided to shut down the county's network to protect their internal system, forcing employees to return to pen and paper because of the attack. On 6 February, the county officially confirmed that the incident involved ransomware and that the perpetrators had announced a deadline to comply with their ransom demand. On 15 February, county leaders decided to pay a $350,000 ransom, stating that they made the decision because not only social security and driver licence numbers were among the obtained data, but also information of children supervised by courts. The county officials claimed that the threat actor has links to Russia, but did not specify which group was behind the incident. The incident shared similarities with a ransomware incident affecting Bucks County, also in Pennsylvania.",2024-01-24,Not available,Not available,,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Washington County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Russia,Non-state-group,Criminal(s),1,18345,2024-02-16 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Washington County Officials,Not available,United States,Not available,Russia,Non-state-group,https://therecord.media/pennsylvania-county-pays-cyberattack-ransom,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/pennsylvania-county-pays-cyberattack-ransom,2024-02-19,2024-03-28
3171,Unknown hackers penetrated network of Singaporean electronics manufacturer Aztech and carried out ransomware attack,"Unknown hackers penetrated the network of Singaporean electronics manufacturer Aztech and carried out a ransomware attack, the company itself reported in an incident notification on 13 February 2024.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Aztech,Singapore,ASIA,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,18349,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.aztechglobal.com/investor-relations/SGX-13%20February%202024-003.pdf,2024-02-16,2024-03-28
3170,State-sponsored Iranian hacker group MYSTICDOME infected four cell phones in Israel with SOLODROID malware,"The state-sponsored Iranian hacker group MYSTICDOME (also known as UNC1530, CHRONO KITTEN, STORM-0133) infected four cell phones in Israel with SOLODROID malware, Google's Threat Analysis Group and Mandiant assessed in a 15 February 2023 report.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,End user(s) / specially protected groups,,Storm-0133 fka DEV-0133/Lyceum/Hexane/Mysticdome/UNC1530/Chrono Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,18350; 18350; 18350; 18350,2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Google's TAG; Google's TAG; Mandiant; Mandiant,Google Threat Analysis Group; Mandiant; Google Threat Analysis Group; Mandiant,United States; United States; United States; United States,Storm-0133 fka DEV-0133/Lyceum/Hexane/Mysticdome/UNC1530/Chrono Kitten; Storm-0133 fka DEV-0133/Lyceum/Hexane/Mysticdome/UNC1530/Chrono Kitten; Storm-0133 fka DEV-0133/Lyceum/Hexane/Mysticdome/UNC1530/Chrono Kitten; Storm-0133 fka DEV-0133/Lyceum/Hexane/Mysticdome/UNC1530/Chrono Kitten,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,2024-02-16,2024-03-28
3169,Hamas-linked hacker group DESERTVARNISH infected several cell phones in Israel with LOVELYDROID malware,"The Hamas-linked hacker group DESERTVARNISH infected several cell phones in Israel with the malware LOVELYDROID, Google's Threat Analysis Group Mandiant detailed in a 15 February 2023 report.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,End user(s) / specially protected groups,,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Not available,Non-state-group,Terrorist(s),1,18351; 18351; 18351; 18351,2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Google's TAG; Google's TAG; Mandiant; Mandiant,Google Threat Analysis Group; Mandiant; Google Threat Analysis Group; Mandiant,United States; United States; United States; United States,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Not available; Not available; Not available; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,2024-02-16,2024-03-28
3168,Palestine-based and likely Hamas-linked hacking group BLACKATOM installed SYSJOKER backdoor on computers of Israeli software engineers in September 2023,"The Palestine-based and likely Hamas-linked hacking group BLACKATOM installed the SYSJOKER backdoor on computers of Israeli software engineers in September 2023, Google Threat Analysis Group and Mandiant concluded in a 15 February 2023 report.
According to the assessment, the hacker group approached Israeli software engineers from the military, aerospace and defence sector via LinkedIn and offered them freelance work. As part of a staged aptitude test, contacted engineers were asked to submit an assignment and download the Visual Studio program, which was equipped with the SYSJOKER backdoor.",2023-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,End user(s) / specially protected groups,,BLACKATOM (Hamas),Palestine,Non-state-group,Terrorist(s),1,18352; 18352; 18352; 18352,2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Google's TAG; Google's TAG; Mandiant; Mandiant,Google Threat Analysis Group; Mandiant; Google Threat Analysis Group; Mandiant,United States; United States; United States; United States,BLACKATOM (Hamas); BLACKATOM (Hamas); BLACKATOM (Hamas); BLACKATOM (Hamas),Palestine; Palestine; Palestine; Palestine,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,2024-02-16,2024-03-28
3167,Iranian state-sponsored hacking group MARNANBRIDGE compromised and abused email accounts of Israeli municipal governments in mid-October 2023,"The Iranian state-sponsored hacking group MARNANBRIDGE (also known as COTTON SANDSTORM and suspected to be operated by the IRGC front company Emennet Pasargad) compromised and abused the email accounts of Israeli municipal governments, Google's Threat Analysis Group and Mandiant analysed in a 15 February 2023 report.
The presumed purpose of these compromises was the subsequent sending of emails to publicize a hack-and-leak operation targeting Israeli municipalities, with the aim of unsettling the Israeli population. In the course of these emails sent by MARNANBRIDGE through the compromised accounts, the threat actor also claimed the theft of personal data in the network of the compromised municipal governments. Google and its email service GMail recognized and filtered the emails.",2023-10-15,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,Not available,Israel,ASIA; MENA; MEA,State institutions / political system,Civil service / administration,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,18353; 18353; 18353; 18353,2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Google's TAG; Google's TAG; Mandiant; Mandiant,Google Threat Analysis Group; Mandiant; Google Threat Analysis Group; Mandiant,United States; United States; United States; United States,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC); Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC); Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC); Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,2024-02-16,2024-03-28
3166,APT group Turla targeted Polish NGOs during December 2023 and January 2024,"According to Cisco Talos and CERT.NGO, Turla compromised a series of unnamed Polish NGOs, including one involved with aid for Ukraine during the Russia-Ukraine war. Turla is linked to the Russian Federal Security Service (FSB) and was identified by Talos as running the campaign since 18 December 2023 at the earliest, up until at least 27 January 2024. Talos considers it likely that the campaign began even earlier, in November 2023. Talos assessed the goal of Turla in the campaign as gaining intelligence on upcoming aid packages to Ukraine.
The campaign saw Turla installing a new malware, TinyTurla-NG, and using vulnerable WordPress sites for command-and-control purposes. Once Turla had access to systems, it used TurlaPower-NG to steal data from affected systems, including master passwords and other data.",2023-11-01,2024-01-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Poland,EUROPE; NATO; EU(MS); EASTEU,Social groups,Advocacy / activists (e.g. human rights organizations),"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18354,2024-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,Cisco Talos ,United States,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/tinyturla-next-generation/,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/turla-hackers-backdoor-ngos-with-new-tinyturla-ng-malware/; https://blog.talosintelligence.com/tinyturla-next-generation/; https://securityaffairs.com/159208/apt/turla-apt-tinyturla-ng-backdoor.html; https://thehackernews.com/2024/02/russian-turla-hackers-target-polish.html; https://securityaffairs.com/159208/apt/turla-apt-tinyturla-ng-backdoor.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2024-02-16,2024-03-28
3165,Iran disrupted several Israeli targets using wiper malware following Hamas terrorist attack on 7 October 2023,"Iran disrupted a variety of Israeli targets using wiper malware in the weeks following the Hamas terrorist attack on 7 October 2023, Google's Threat Analysis Group and Mandiant assessed in a 15 February 2023 report.
Israeli targets included the government, financial institutions, technology companies and defence contractors. ",2023-10-07,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Israel,ASIA; MENA; MEA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Finance; ,Not available,"Iran, Islamic Republic of",State,,1,18355; 18355; 18355; 18355,2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00; 2024-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Google's TAG; Google's TAG; Mandiant; Mandiant,Google Threat Analysis Group; Mandiant; Google Threat Analysis Group; Mandiant,United States; United States; United States; United States,Not available; Not available; Not available; Not available,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of",State; State; State; State,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,System / ideology; International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,2024-02-16,2024-03-28
3164,North Korean hackers infiltrated email account of staff member of Office of South Korean President,"North Korean hackers allegedly infiltrated the email account of a member of the Office of the President of South Korea prior to the president's trip to Europe in November 2023. It is unclear what type of information was exposed, but the Office of the President stated that the North Korean hackers had access to the personal emails of the staff member, who was using a personal email account to perform work-related duties. 
According to local media, the hackers allegedly gained access to the trip schedule and emails sent to and from the president, as well as other sensitive information.",2023-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Civil service / administration,Not available,"Korea, Democratic People's Republic of",Not available,,1,18357,2024-02-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,The Office of the President of the Republic of Korea,Not available,"Korea, Republic of",Not available,"Korea, Democratic People's Republic of",Not available,https://apnews.com/article/north-korea-hacking-south-korean-presidential-office-4248cc5ddc964c2c6c89ba2ab4f139fc,Not available,Not available,,Not available,,1,2024-02-14 00:00:00,State Actors: Legislative reactions,Dissenting statement by member of parliament,"Korea, Republic of","Youn Kun-young (Member of the National Assembly, Republic of Korea)",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/159179/apt/north-korea-breached-south-korean-president-office.html; https://www.bitdefender.com/blog/hotforsecurity/north-korea-successfully-hacks-email-of-south-korean-presidents-aide-gains-access-to-sensitive-information/; https://apnews.com/article/north-korea-hacking-south-korean-presidential-office-4248cc5ddc964c2c6c89ba2ab4f139fc; https://www.kmib.co.kr/article/view.asp?arcid=0019162850&code=61111211&sid1=pol; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; http://www.tnews.kr/news/articleView.html?idxno=112487,2024-02-16,2024-03-28
3163,Hacktivist group Uprising till Overthrow targeted Iranian Parliament on 13 February 2024,"According to Iranian News, the hacktivist group ""Uprising till Overthrow"" (aka GhyamSarnegouni) attacked the Iranian Khaneh Mellat News Agency on 13 February 2024. The Khaneh Mellat News Agency is the media arm of the Iranian Parliament. 
A statement issued by the group on Telegram revealed that the intrusion targeted parliament servers associated with the commission and principal chamber. Following the breach, the agency's website was unavailable. The group leaked confidential correspondences on Telegram, such as letters from the president of the parliament to military officials, and exposed the salaries of over 200 deputies. While the parliament claimed the salary list was manipulated, officials did not fundamentally dispute the salary information.
According to media reporting, Uprising till Overthrow maintains ties with the Albania-based opposition organisation Mujahideen-e Khalq (MEK).",2024-02-13,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Khaneh Mellat News Agency - Islamic Parliament of Iran,"Iran, Islamic Republic of; Iran, Islamic Republic of",ASIA; MENA; MEA - ASIA; MENA; MEA,State institutions / political system - State institutions / political system,Civil service / administration - Legislative,GhyamSarnegouni = Uprising till Overthrow,Not available,Non-state-group,Hacktivist(s),1,18358,2024-02-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,GhyamSarnegouni = Uprising till Overthrow,Not available,Not available,GhyamSarnegouni = Uprising till Overthrow,Not available,Non-state-group,https://www.iranintl.com/en/202402132497,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.ilna.ir/بخش-سیاسی-3/1448015-خبرگزاری-مجلس-هک-شد; https://www.iranintl.com/en/202402132497; https://iranjournal.org/news/cybergruppe-hackt-server-des-iranischen-parlaments; https://www.isna.ir/news/1402112416964/خبرگزاری-خانه-ملت-هک-شد,2024-02-16,2024-03-28
3162,US Department of Justice dismantles APT28-controlled Moobot botnet in January 2024,"The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) neutralised an APT-28-controlled botnet, Moobot, following a court authorization in January 2024. The botnet, which used small office/home office routers (SOHO) to commit crimes such as credential harvesting against security, corporate, and military targets deemed of interest to the Russian government, was infiltrated by the DoJ, which then copied and deleted stolen data from infected routers and further blocked remote access to the routers by APT28, which by US and Western government sources is considered to operate as part of the Russian military, specifically GRU Military Unit 26165. 
According to a spokesperson of the German Federal Ministry of the German security authorities supported the operation. The German Federal Office for Constitutional Protection revoked that the hacker group had also used the international infrastructure for attacks on German targets over the past two years with the goal of gaining information about Germany's political-strategic orientation in connection with Russia and support supplies of military goods for Ukraine.",2024-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Not available - Not available,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Unknown - End user(s) / specially protected groups, - ,US Department of Justice (DOJ),United States,State,,1,18356,2024-02-15 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attacker confirms,US Department of Justice (DoJ),Not available,United States,US Department of Justice (DOJ),United States,State,https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Manipulation; Service Stop,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/159197/cyber-crime/feds-dismantled-moobot-botnet.html; https://cyberscoop.com/doj-fbi-disrupt-russian-intelligence-botnet/; https://therecord.media/us-kicked-gru-out-of-routers-fbi; https://www.rferl.org/a/us-russia-intelligence-hacking/32821384.html; https://www.bleepingcomputer.com/news/security/fbi-disrupts-moobot-botnet-used-by-russian-military-hackers/; https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian; https://www.rferl.org/a/germany-russia-spy-network/32823965.html; https://www.heise.de/news/FBI-und-BKA-uebernehmen-russisches-Spionagenetz-aus-Routern-9631625.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.sueddeutsche.de/politik/cyberspionage-hacker-russland-fbi-faeser-1.6369424; https://www.sueddeutsche.de/politik/cyberspionage-hacker-russland-fbi-faeser-1.6369424; https://www.wired.com/story/how-to-not-get-scammed-out-of-50000/; https://www.toscanacalcio.net/operazione-americana-le-autorita-hanno-chiuso-una-rete-di-spionaggio-russa/; https://www.faz.net/aktuell/politik/inland/behoerden-russisches-spionagenetz-ausgeschaltet-router-uebernommen-19526870.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://cyberscoop.com/fbi-operation-seizes-infrastructure-of-lockbit-ransomware-group/; https://stadt-bremerhaven.de/us-und-deutsche-sicherheitsbehoerden-hebeln-russisches-spionagenetz-aus/; https://www.techspot.com/news/101928-another-day-another-fbi-takedown-routers-infected-malware.html; https://techstory.in/fbi-unearths-alarming-router-infection-linked-to-russian-hackers/; https://news.mynavi.jp/techplus/article/20240220-2887025/; https://www.bleepingcomputer.com/news/security/russian-hackers-hijack-ubiquiti-routers-to-launch-stealthy-attacks/; https://therecord.media/intel-agencies-issue-guidance-gru-russia-botnet; https://securityaffairs.com/159691/breaking-news/russia-apt28-compromised-ubiquiti-edgerouters.html; https://arstechnica.com/security/2024/02/kremlin-backed-hackers-are-infecting-ubiquity-edgerouters-fbi-warns/; https://therecord.media/fbi-director-christopher-wray-interview-click-here-podcast; https://securityaffairs.com/159874/breaking-news/security-affairs-newsletter-round-461-by-pierluigi-paganini-international-edition.html; https://www.strategypage.com/htmw/htecm/articles/20240302.aspx,2024-02-16,2024-03-28
3158,Unknown threat actors accessed data of US Government Accountability Office through Atlassian vulnerability at contractor CGI Federal,"On 17 January 2024, CGI Federal, a contractor of the US Government Accountability Office (GAO), notified the agency that some of its data was compromised through a vulnerability in an Atlassian workforce collaboration tool. The data breach affected records from 2007 to 2017 related to approximately 6,600 people, the majority of which are current and former GAO employees, in addition to information about GAO's businesses dealings. Compromised information included names, social security numbers, addresses, and some banking details. ",,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Government Accountability Office - CGI,United States; Canada,NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - Critical infrastructure,Civil service / administration - Telecommunications,Not available,Not available,Not available,,1,18005,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,2.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://cyberscoop.com/atlassian-vulnerability-at-fault-in-gao-breach/; https://www.reuters.com/technology/us-government-accounting-office-says-it-was-notified-data-breach-by-it-2024-02-12/; https://www.nextgov.com/cybersecurity/2024/02/some-6600-current-former-employees-impacted-january-gao-data-breach/394116/?oref=ng-home-top-story,2024-02-14,2024-03-15
3157,ALPHV ransomware group targeted US insurance company Prudential in data breach on 4 February 2024,"The threat actors gained access to data of the US insurance company Prudential on 4 February 2024. The data breach was detected one day later and is assessed to have affected administrative and user data from certain information technology systems, as well as a small percentage of company user accounts. In an SEC filing from 12 February, which disclosed the incident, Prudential reported that the breach did not materially affect operations and did not otherwise materially impact the company's financial condition. On 16 Feburary, ALPHV ransomware group claimed to be responsible for the data breach and threatened to publish obtained data. In a regulatory filing with the Maine Attorney General's Office made on 29 March 2024, Prudential indicated that the personal data of 36,545 individuals was accessed, including addresses and drivers' licenses/ID cards.",2024-02-04,2024-02-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Prudential Financial,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Health; Finance,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,18423,2024-02-16 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/prudential-financial-breached-in-data-theft-cyberattack/; https://www.sec.gov/Archives/edgar/data/1137774/000119312524033753/d770643d8k.htm; https://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/; https://research.checkpoint.com/2024/19th-february-threat-intelligence-report/; https://securityboulevard.com/2024/03/alert-fbi-warns-of-blackcat-ransomware-healthcare-attack/; https://therecord.media/prudential-discloses-new-information-from-february-incident; https://apps.web.maine.gov/online/aeviewer/ME/40/2605118e-36eb-44d8-933a-2e084c069f84.shtml; https://research.checkpoint.com/2024/8th-april-threat-intelligence-report/,2024-02-14,2024-04-03
3160,Unknown threat actors targeted Zambrów Co-operative Bank in Poland with ransomware on 16 January 2024 ,"Unknown threat actors targeted the Zambrów Co-operative Bank in Poland with ransomware. On 16 January 2024, disruptions of the bank's online financial services led to the discovery that customer data had been encrypted. The service disruptions temporarily prevented customers from accessing funds and making payments. While the bank did not specify whether data had been exfiltration during the breach, it cancelled and reissued bank cards for some its customers.",2024-01-16,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Zambrów Co-Operative Bank ,Poland,EUROPE; NATO; EU(MS); EASTEU,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18004,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bszambrow.pl/,2024-02-14,2024-03-21
3156,Unknown threat actor encrypted systems of Colorado State Public Defender's Office on 9 February 2024,"An unknown threat actor targeted the networks of the Office of the Colorado State Public Defender in the United States on 9 February 2024, a spokesperson of the Office confirmed on 12 February. According to the statement, the Office “recently became aware that some data within [the] computer system was encrypted by malware.”
To prevent further damage, the computer system was temporarily disabled. This resulted in public defenders across the state being locked out of critical work systems, hindering their ability to handle court cases. The wider court system remained operational, unaffected by the breach.",2024-02-09,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Office of the Colorado State Public Defender,United States,NATO; NORTHAM,State institutions / political system,Judiciary,Not available,Not available,Not available,,1,18007,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2024-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.denverpost.com/2024/02/12/colorado-public-defenders-office-cyberattack-ransomware-malware/; https://iowacapitaldispatch.com/2024/02/17/feds-deliver-stark-warnings-to-state-election-officials-ahead-of-november/; https://news.yahoo.com/cyber-attack-colorado-public-defender-223313956.html; https://www.greeleytribune.com/2024/02/25/colorado-public-defenders-ransomware-cyberattack-malware/; https://michiganadvance.com/2024/03/03/feds-deliver-stark-warnings-to-state-election-officials-ahead-of-november/,2024-02-13,2024-03-22
3155,Unknown actors breached network of Village of Skokie in Illinois and stole data,"Unknown actors breached the network of the village of Skokie in the US state of Illinois and stole certain files, the information platform Patch.com reported based on statements from employees involved. On 18 December 2023, the village administration's IT department asked employees to turn off all computers in response to what was described as a village-wide network outage. On 21 December, the assistant village manager informed employees that an intrusion by unauthorized external actors led to the network outage. In an update from 9 January 2024, the assistant village manager confirmed the theft of data from administrative computers. ",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Not available,Not available,,1,18010,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,=< 10 Mio,0.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://patch.com/illinois/skokie/cyberattack-shuts-down-skokie-network-staff-told-keep-it-secret,2024-02-13,2024-03-15
3154,Lithuanian electric car charging service Ignitis ON disrupted on 11 February 2024,"Customer-facing infrastructure of the Lithuanian electric car charging service Ignitis ON was disrupted on the evening of 11 February 2024. Ignitis customers were no longer able to access the service's app to charge their car, and all Ignitis charging stations were disconnected from the Internet. The company was able to restore connectivity several hours later. Unnamed threat actors published the data of 20,000 customers allegedly obtained during the intrusion. Extracted information included customer names and addresses. The company started an investigation into the incident and informed the data protection authority, National Cyber Security Center and the National Crisis Management Center.",2024-02-11,2024-02-11,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Ignitis ON,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,18117,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,7.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.delfi.lt/en/business/data-of-20-000-ignitis-on-clients-leaked-in-cyber-incident-95857777,2024-02-13,2024-03-19
3153,Unknown threat actor targeted website of Italian Provincial Health Authority of Cosenza (ASP),"An unidentified threat actor targeted web services of the Italian Provincial Health Authority of Cosenza (ASP) and disrupted systems used for managing appointments and online consultations, as reported by an Italian news outlet on 5 February 2024. A suspected compromise of channels used for transmitting medical information between patients and healthcare providers led the Authority to temporarily suspend related online services.",2024-02-05,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Azienda Sanitaria Provinciale di Cosenza (ASP),Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Health,Not available,Not available,Not available,,1,18119,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.calabriadirettanews.com/2024/02/05/attacco-hacker-al-sito-dellasp-di-cosenza-bloccata-lerogazione-dei-servizi/; https://www.asp.cosenza.it/?p=articoli&id=1943-a-tutti-i-dipendenti-asp-cosenza-alcuni-servizi-interni-dell-asp-di-cosenza-sono-interrotti-per-pr; https://www.asp.cosenza.it/?p=articoli&id=1944-a-tutti-i-dipendenti-asp-cosenza-risoluzione-problemi-tecnici,2024-02-13,2024-03-19
3152,Ransomware attack allegedly by Backmydata ransomware group on Romanian health IT provider affected operation of 25 Romanian hospitals in February 2024,"In the night of 11-12 February 2024, a ransomware attack directed against the Hipocrate Information System, a platform for health services in Romania, affected at least 25 Romanian hospitals, including cancer treatment centres. Files and databases were encrypted, and the targeted hospitals disconnected their networks to isolate compromised systems. Due to the disruption the hospitals had to revert to paper records. An additional 75 institutions disconnected from their systems from the platform as a precautionary measure. The Directoratul Național de Securitate Cibernetică (DNSC), the Romanian national cyber security agency, launched an investigation into the incident. The DNSC reported that the unidentified threat actors deployed Backmydata ransomware from the Phobos family and demanded a ransom of €157,000.",2024-02-11,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,"Sighetu Marmației Municipal Hospital  - The Emergency Clinical Hospital for Plastic Surgery, Reconstructive Surgery and Burns, Buchares - ""Sf. Apostol Andrei"" County Clinical Emergency Hospita - Hipocrate - Baia Mare Emergency Hospital - C.F. Clinic Hospital No. 2 - Medgidia Municipal Hospital - Targoviste County Emergency Hospital - Timișoara Institute of Cardiovascular Diseases  - CF Clinical Hospital Nr. 2 Bukarest - Regional Oncology Institute Iași (IRO Iași)  - Slobozia County Emergency Hospital - City hospital Stadtkrankenhaus Băicoi - Azuga Orthopedics and Traumatology Hospital ""Dr. Constantin Opris"" - Fundeni Clinical Institute  - ""Dr. Alexandru Gafencu"" Military Emergency Hospital - Buzău County Emergency Hospital  - Colțea Clinical Hospital - Pitești County Emergency Hospital - St. Luca Chronic Diseases Hospital - Medical Centre MALP SRL Moinești - ""Prof. Dr. Al. Trestioreanu"" Oncology Institute",Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania; Romania,EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS),Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health -  - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health,Not available,Not available,Not available,,1,18122,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,25.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-02-10 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Romania,National Directorate for Cybersecurity/Directoratul Național de Securitate Cibernetică (DNSC),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.gizmochina.com/2024/02/12/ransomware-attack-romania-hospitals/; https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-21-romanian-hospitals-to-go-offline/; https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-21-romanian-hospitals-to-go-offline/; https://www.ms.ro/en/press-center/atac-cibernetic-masiv-de-tip-ransomware-asupra-serverelor-de-produc%C8%9Bie-pe-care-ruleaz%C4%83-sistemul-informatic-his/; https://www.dnsc.ro/citeste/atac-cibernetic-ransomware-spitale-Romania; https://therecord.media/romanian-hospitals-offline-after-ransomware-attack; https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html; https://www.computerworld.dk/art/286159/kaempe-ransomware-angreb-tvinger-21-hospitaler-til-at-gaa-offline-maa-arbejde-med-papir; https://lepetitjournal.com/bucarest/actualites/une-cyberattaque-paralyse-15-hopitaux-en-roumanie-378776; https://www.bbc.co.uk/news/technology-68288150; https://www.heise.de/news/Ransomware-Angriffe-auf-kritische-Infrastrukturen-und-Hoergeraetekette-Kind-9628904.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://lepetitjournal.com/bucarest/actualites/demande-de-rancon-apres-la-cyberattaque-des-hopitaux-378833; https://www.agenzianova.com/a/65cc4d62472621.31178238/4833725/2024-02-13/romania-18-ospedali-sono-stati-colpiti-da-un-attacco-informatico; https://www.clubic.com/actualite-518791-une-terrible-cyberattaque-paralyse-des-dizaines-d-hopitaux-roumains-contraints-de-revenir-au-papier-et-au-stylo.html; https://medimagazin.com.tr/guncel/romanyada-100u-askin-saglik-tesisine-fidye-yazilimi-saldirisi-109926; https://www.tokenpost.kr/article-164581; https://www.linformaticien.com/magazine/cybersecurite/61681-ransomware-des-dizaines-d-hopitaux-paralyses-en-roumanie.html; https://www.zdnet.de/88414264/21-krankenhaeuser-in-rumaenien-von-ransomware-angriff-betroffen/; https://www.wired.com/story/how-to-not-get-scammed-out-of-50000/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/19th-february-threat-intelligence-report/; https://www.xataka.com/seguridad/cuando-ciberataque-dejo-out-a-hospitales-rumanos-medicos-recuperaron-clasico-lapiz-papel-1; https://www.xataka.com/seguridad/cuando-ciberataque-dejo-out-a-hospitales-rumanos-medicos-recuperaron-clasico-lapiz-papel-1; https://www.digitalhealth.net/2024/02/over-a-hundred-romanian-hospitals-affected-by-ransomware-attack/; https://cybergeeks.tech/a-technical-analysis-of-the-backmydata-ransomware-used-to-attack-hospitals-in-romania/,2024-02-13,2024-03-19
3145,US SouthState Bank suffered network breach on 7 Feburary 2024,"The US SouthState Bank detected a network breach on 7 February 2024. In a regulatory filing to the Securities and Exchange Commission (SEC) on 8 February, the company stated that no further material impact on the company's operations occurred. The company started an investigation into the incident and informed regulatory as well as law enforcement authorities.",2024-02-07,Not available,Attack on critical infrastructure target(s),,,Hijacking without Misuse,SouthState Bank,United States,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18134,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://d18rn0p25nwr6d.cloudfront.net/CIK-0000764038/a027c25d-af1d-4b83-ba7d-a55afa7dd053.pdf,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.marketwatch.com/story/southstate-bank-reports-cyber-incident-60f1dad2; https://d18rn0p25nwr6d.cloudfront.net/CIK-0000764038/a027c25d-af1d-4b83-ba7d-a55afa7dd053.pdf; https://www.computerweekly.com/de/news/366569653/Die-Cyberangriffe-der-KW6-2024-im-Ueberblick; https://www.lemagit.fr/actualites/366569695/Cyberhebdo-du-9-fevrier-2024-9-cyberattaques-rapportees-dans-la-presse,2024-02-12,2024-03-19
3140,French Internet Service provider Free suffered data leak on or around 8 Feburary 2024,"The French Internet Service Provider Free suffered a compromise of customer data. The company informed customers beginning on 8 February 2024, saying that customers' full names, telephone numbers and mailing addresses may have been accessed. ",2024-02-08,Not available,Attack on critical infrastructure target(s),,,Data theft; Hijacking with Misuse,Free SAS,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Critical infrastructure,Telecommunications; Digital Provider,Not available,Not available,Not available,,1,18162,NaT,Not available,Not available,,Not available,,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; International telecommunication law; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.phonandroid.com/free-un-enorme-vol-de-donnees-touche-de-nombreux-abonnes-gare-aux-sms-et-appels-douteux.html; https://www.commentcamarche.net/securite/piratage/30207-piratage-free-les-donnees-personnelles-des-abonnes-derobees/; https://twitter.com/AlexArchambault/status/1755714977485279616; https://www.degrouptest.com/actualite/abonnes-freebox-attention-vos-donnees-personnelles-sont-peut-etre-compromises; https://www.tomsguide.fr/ldlc-pirate-les-donnees-de-15-million-de-clients-seraient-en-vente-sur-le-dark-web/,2024-02-12,2024-03-22
3141,Hacktivist group Anonymous Sudan claimed responsibility for DDoS attacks on Ugandian telecommunication companies in February 2024,"On 6 February 2024, Anonymous Sudan claimed to be responsible for DDoS attacks on three telecommunication companies in Uganda. Telecommunication operators Airtel, MTN, and Uganda Telecom reported technical difficulties sustaining their Internet services. Disruptions in connectivity across Uganda were also confirmed by Netblocks monitoring for the time frame. In their statement, the threat actor, which is suspected to be associated to Russian hacktivist group KillNet, linked the targeting of Ugandan organisations to the country's support of the RSF paramilitary forces in the civil war in Sudan.",2024-02-06,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Uganda Telecom - Airtel - MTN,Uganda; Uganda; Uganda,AFRICA; SSA - AFRICA; SSA - AFRICA; SSA,Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),1,18161,2024-02-06 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,International telecommunication law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.techzim.co.zw/2024/02/sudan-hacker-group-cyber-attacks-djibouti-kenya-uganda-telecoms-companies-over-politics/; https://t.me/xAnonymousSudan/541,2024-02-12,2024-03-22
3142,LockBit targeted Austrian municipality of Korneuburg with ransomware on 5 February 2024,"Initially unknown actors targeted the Austrian municipality of Korneuburg with ransomware on 5 February 2024. Following the incident, the entire IT network was shut down and services had to be switched to manual procedures upon the activation of an emergency plan. The municipality received external assistance from IT specialists to restore the systems. Law enforcement authorities as well as the public prosecutor initiated an investigation. The following week, LockBit was confirmed as being responsible for the attack and two members of the criminal group were arrested within ""Operation Cronos"", while it was not clear if the arrests were in connection to the incident. On 23 February 2024, the municipality announced that the impact of the attack was mitigated with no data theft recorded.",2024-02-05,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Municipality of Korneuburg,Austria,EUROPE; EU(MS); WESTEU,State institutions / political system,Civil service / administration,LockBit,Russia,Non-state-group,Criminal(s),1,18160,2024-02-21 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Austrian Direktion Staatsschutz und Nachrichtendienst (DSN),Not available,Austria,LockBit,Russia,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,=< 10 Mio,100000.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-02-05 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Austria,Austrian Direktion Staatsschutz und Nachrichtendienst (DSN),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.5min.at/5202402081849/cyber-attacke-auf-stadtgemeinde-in-niederoesterreich/; https://www.heise.de/news/Ransomware-legt-Stadtverwaltung-in-Oesterreich-lahm-und-verzoegert-Bestattungen-9625161.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.korneuburg.gv.at/Cyberangriff%5Fauf%5FStadtgemeinde; https://www.derstandard.at/story/3000000208397/hackergruppe-lockbit-war-wohl-auch-in-oesterreich-aktiv; https://noe.orf.at/stories/3246124/; https://www.noen.at/korneuburg/ca-100-000-euro-schaden-nach-cyberangriff-wieder-sicherer-normalbetrieb-in-korneuburg-410932870; https://www.noen.at/niederoesterreich/chronik-gericht/internet-kriminalitaet-hacker-angriffe-um-die-daten-an-sich-geht-es-in-seltensten-faellen-410918738,2024-02-12,2024-03-22
3143,Anonymous224 defaced website of Conakry’s Airport in Guinea on 8 February 2024,"The hacktivist group Anonymous22 defaced the website of Conakry’s Ahmed Sékou Touré International Airport in Guinea on 8 February 2024. Anonymous22 used its access to display the message ""The Internet is a right"" on the website, alluding to restrictions of Internet services in Guinea since November 2023. 

",2024-02-08,2024-02-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Conakry’s Ahmed Sékou Touré International Airport,Guinea,AFRICA; SSA,Critical infrastructure,Transportation,Anonymouss224,Not available,Non-state-group,Hacktivist(s),1,18159,2024-02-08 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymouss224,Not available,Not available,Anonymouss224,Not available,Non-state-group,,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://lomeactu.com/guinee-le-site-internet-de-laeroport-de-conakry-pirate/,2024-02-12,2024-03-22
3146,Communication systems of German Town of Petersberg disrupted on 7 February 2024,"The town of Petersberg in Germany was targeted by unknown hackers on 7 February 2024, disrupting email and telephone communications of the municipal administration. The incident also affected library services, which had to be suspended temporarily. The town hall informed law enforcement authorities and commissioned a forensic investigation into the incident. 
",2024-02-07,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Municipality of Petersberg,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,,,,,1,; 18133,NaT; NaT,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://osthessen-news.de/n11756444/edv-ausfall-rathaus-seit-mittwoch-nur-eingeschrankt-erreichbar.html; https://www.fuldaerzeitung.de/fulda/fulda-cyber-angriff-attacke-gemeinde-petersberg-rathaus-telefon-mail-ausfall-92825678.html; https://petersberg.de/index_main.php?modules=news&callmode=1&unid=1225&ispar=1&websiteid=petersberg&PHPSESSID=51f354cf9547930c7b6dea05d229c2a5; https://www.computerweekly.com/de/news/366569653/Die-Cyberangriffe-der-KW6-2024-im-Ueberblick; https://www.lemagit.fr/actualites/366569695/Cyberhebdo-du-9-fevrier-2024-9-cyberattaques-rapportees-dans-la-presse,2024-02-12,2024-04-17
3148,People’s Cyber Army of Russia disrupted access to website of Times of Malta with DDoS attack on 6 February 2024,"The people’s Cyber Army of Russia blocked access to the website of the Times of Malta with a DDoS attack for most readers for around 45 minutes. The threat actor claimed to have targeted the news outlet, Malta's oldest daily newspaper still in circulation, over Malta's support of sanctions against Russia. The matter was referred to law enforcement authorities, which launched an investigation into the incident. ",2024-02-06,2024-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,,Disruption,Times of Malta,Malta,EUROPE; EU(MS); MENA,Media,,,,,,1,; 18130,NaT; 2024-02-06 00:00:00,"; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",; Attacker confirms,; People’s Cyber Army of Russia,; Not available,; Russia,; People’s Cyber Army of Russia,; Russia,; Non-state-group,,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-02-06 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Malta,Malta Police Force,,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://timesofmalta.com/articles/view/editorial-the-invisible-siege-fourth-pillar.1083105; https://timesofmalta.com/articles/view/russian-hackers-claim-times-malta-website-attack-threaten-others.1082544,2024-02-12,2024-03-27
3150,Blackout claims ransomware attack on French hospital in Armentières around 11 February 2024,"In the early morning of 11 February 2024, hackers sent several ransom notes to a French hospital in Armentières, stating that they had encrypted the hospital's data. Following the reception of the note, the hospital disconnected all computers from its network. Due to these response measures, the hospital was forced to close its emergency service for a day. The hospital said that the incident had no impact on  patient care at the hospital. 
On 9 February - two days before the attack was discovered - , newly emerged ransomware group Blackout published on their blog in the dark web that they had encrypted over 100 servers and stolen a database of 900,000+ patients with their addresses, phone numbers, medical history. The self-attribution is confirmed by cybersecurity experts such as Damien Bancal and Clément Domingo. As the countdown for paying the ransom expired Blackout published the stolen data on their website on 25 February 2024. According to a press statement of the hospital on 28 February 2024, the amount of data stolen is considerably smaller, including information of 300,000 patients, mainly based on lists with contact details, date of arrival and area of care. Blackout is believed to be a regrouping of LockBit affiliates.",2023-02-11,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,,Not available,Non-state-group,Criminal(s),1,18361,2024-02-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Blackout,Not available,Not available,,Not available,Non-state-group,https://twitter.com/FalconFeedsio/status/1762477694460235836,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.tf1info.fr/sante/nord-l-hopital-d-armentieres-vise-par-une-cyberattaque-les-urgences-temporairement-fermees-2285850.html; https://www.rtl.fr/actu/sante/l-hopital-d-armentieres-touche-par-une-cyberattaque-7900351673; https://atlantico.fr/article/pepite/l-hopital-d-armentieres-est-victime-d-une-cyberattaque-provoquant-la-fermeture-des-urgences-pour-la-journee-cybersecurite-impact-malades-patients-personnel-soignant-menace-risques-donnees-cryptees-pirates-informatiques; https://www.humanite.fr/social-et-economie/cyberattaque/lhopital-darmentieres-vise-par-une-cyberattaque-ses-urgences-ferment-pendant-24-h; https://www.sudouest.fr/sante/hopital/un-hopital-du-nord-vise-par-une-cyberattaque-les-urgences-contraintes-de-fermer-18529758.php; https://www.varmatin.com/faits-divers/un-hopital-du-nord-vise-par-une-cyberattaque-902725; https://www.lefigaro.fr/flash-eco/un-hopital-vise-par-une-cyberattaque-les-urgences-contraintes-de-fermer-20240211; https://www.computerweekly.com/de/news/366569653/Die-Cyberangriffe-der-KW6-2024-im-Ueberblick; https://france3-regions.francetvinfo.fr/hauts-de-france/nord-0/cyberattaque-de-l-hopital-d-armentieres-pour-les-pirates-on-est-tous-des-porte-monnaie-un-specialiste-en-cybercriminalite-reagit-2923266.html; https://www.usine-digitale.fr/article/l-hopital-d-armentieres-vise-par-une-attaque-par-ransomware-les-urgences-ferment.N2208158; https://www.01net.com/actualites/piratage-numero-securite-sociale-porter-plainte-ligne.html; https://www.generation-nt.com/actualites/ransomware-cyberattaque-hopital-armentieres-2044291; https://www.lemondeinformatique.fr/actualites/lire-l-hopital-d-armentieres-perturbe-par-un-ransomware-92940.html; https://www.lemagit.fr/actualites/366569733/Armentieres-la-cyberattaque-qui-donne-une-fausse-impression-de-ciblage-du-secteur-de-la-sante; https://www.clubic.com/actualite-518683-cyberattaque-de-l-hopital-d-armentieres-apres-la-pagaille-les-urgences-vont-rouvrir-mais-les-problemes-ne-sont-pas-termines.html; https://fr.news.yahoo.com/sport/nord-victime-d-cyberattaque-l-162430942.html; https://www.linformaticien.com/magazine/cybersecurite/61677-l-hopital-d-armentieres-touche-par-un-ransomware-2.html; https://actu.fr/hauts-de-france/armentieres_59017/lhopital-darmentieres-cible-par-une-cyberattaque-que-sest-il-passe_60713687.html; https://www.lavoixdunord.fr/1432475/article/2024-02-20/lockbit-auteur-de-la-cyberattaque-de-l-hopital-d-armentieres-vise-par-une; https://www.lavoixdunord.fr/1432862/article/2024-02-21/cyberattaque-de-l-hopital-d-armentieres-ou-en-est-dix-jours-plus-tard; https://www.francebleu.fr/infos/faits-divers-justice/apres-la-cyberattaque-au-centre-hospitalier-d-armentieres-des-liens-diffuses-par-les-pirates-6100048; https://roubaix.maville.com/actu/actudet_-des-fichiers-diffuses-sement-le-doute-sont-ils-issus-du-piratage-de-l-hopital-d-armentieres-_fil-6175925_actu.Htm; https://fr.news.yahoo.com/sport/cyberattaque-donn%C3%A9es-patients-d-h%C3%B4pital-104812602.html; https://www.clubic.com/actualite-519871-les-pirates-a-l-origine-de-la-cyberattaque-contre-l-hopital-d-armentieres-font-fuiter-de-potentielles-donnees-de-sante.html; https://www.nordlittoral.fr/201635/article/2024-02-26/apres-la-cyberattaque-des-donnees-des-patients-du-centre-hospitalier-d; https://www.rtl.fr/actu/sciences-tech/cyberattaque-a-l-hopital-d-armentieres-les-donnees-des-patients-ont-elles-ete-diffusees-7900357418; https://www.lemondeinformatique.fr/actualites/lire-piratage-de-l-hopital-d-armentieres-pres-d-1-million-de-donnees-patients-publiees-93082.html; https://www.lavoixdunord.fr/1436215/article/2024-03-01/les-trois-infos-regionales-700-rib-pirates-des-fromages-rappeles-lille-paris; https://www.allodocteurs.fr/piratage-des-donnees-de-sante-voici-ce-que-vous-devez-verifier-36737.html; https://www.ladepeche.fr/2024/03/06/retour-a-la-normale-a-habitat-audois-apres-la-cyberattaque-11807456.php; https://www.lefigaro.fr/social/cyberattaque-a-l-hopital-d-armentieres-300-000-patients-concernes-par-le-vol-de-donnees-20240228; https://twitter.com/FalconFeedsio/status/1762477694460235836; https://www.lefigaro.fr/secteur/high-tech/l-association-sidaction-se-dit-visee-par-une-cyberattaque-des-donnees-de-donateurs-concernees-20240228; https://twitter.com/H4ckManac/status/1762223061862858819; https://www.sudinfo.be/id799771/article/2024-02-28/cyberattaque-de-grande-ampleur-dans-un-hopital-en-france-300000-patients; https://www.linformaticien.com/magazine/cybersecurite/61754-hopital-d-armentieres-les-donnees-de-300-000-patients-ont-ete-volees.html; https://www.latribune.fr/technos-medias/informatique/cyberattaques-ces-virus-qui-terrassent-les-hopitaux-993114.html; https://www.lefigaro.fr/nice/victime-d-une-cyberattaque-d-ampleur-l-hopital-de-cannes-redemarre-peu-a-peu-apres-huit-jours-de-paralysie-20240424,2024-02-12,2024-03-28
3151,LockBit conducted ransomware attack against US Service Employees International Union Local 1000 on 18 January 2024,"LockBit conducted a ransomware attack against California-based Service Employees International Union Local 1000 (SEIU Local 1000) on 18 January 2024, as acknowledged by the Union, following claims by the threat actor that they obtained data. SEIU Local 1000, representing almost 100,000 employees of Californian state institutions, confirmed the encryption of certain data and efforts to investigate whether and which data may have been exfiltrated. LockBit alleged to have stolen social security numbers, salary information, financial documents. A forensic investigation was initiated and SEIU has informed authorities.",2024-01-18,Not available,"Attack on (inter alia) political target(s), not politicized",,,Data theft; Disruption; Hijacking with Misuse; Ransomware,Service Employees International Union Local 1000 (SEIU Local 1000),United States,NATO; NORTHAM,Social groups,Advocacy / activists (e.g. human rights organizations),,,,,1,; 18127,NaT; NaT,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/california-union-lockbit-attack-ransomware; https://www.facebook.com/seiu1000/posts/pfbid02dPMESPfkk1crUP8upTrvL9o38f1WGQN1W5KwvajDi4dXUVioo2cpt8CudcUUnyJql; https://research.checkpoint.com/2024/12th-february-threat-intelligence-report/; https://www.facebook.com/seiu1000/posts/pfbid0sXYNGMAoZu7tb5ueJyhy7ZxngCiVoeQAJ7VUQjN7ht2phU1tw5AfmEPEFgDernhJl,2024-02-12,2024-03-19
3147,German health care provider Lindenbrunn compromised on 9 Feburary 2024,"The German health service Lindenbrunn, providing various health and care facilities in the state of Lower Saxony, reported the detection of a network intrusion on 9 February 2024. Due to the shutdown of the IT systems and the implementation of an emergency plan, the hospital's contact options have been temporarily restricted. Care services remained in operation.",2024-02-09,Not available,Attack on critical infrastructure target(s),,,Disruption; Hijacking with Misuse; Ransomware,Gesundheits- und Pflegeeinrichtungen Lindenbrunn e. V.,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Unknown,Not available,Not available,,1,18132,NaT,Not available,Not available,Not available,Not available,Not available,Unknown,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.dewezet.de/lokales/hameln-pyrmont/coppenbruegge-cyberattacke-auf-krankenhaus-lindenbrunn-PN4UUN432BDJHF2ALG2NZG4WD4.html; https://www.dieharke.de/lokales/nienburg-lk/rehburg-loccum/bad-rehburg-haus-viktoria-luise-von-cyberattacke-in-coppenbruegge-betroffen-LC6RVQYQ2RHKDCZZ6M3JR5URKA.html; https://www.ndr.de/nachrichten/niedersachsen/hannover_weser-leinegebiet/Cyberangriff-Hacker-legen-IT-System-von-Klinik-lahm,aktuellhannover15444.html; https://web.archive.org/web/20240212152106/https://www.krankenhaus-lindenbrunn.de/index.htm; https://www.computerweekly.com/de/news/366569653/Die-Cyberangriffe-der-KW6-2024-im-Ueberblick; https://www.dewezet.de/lokales/hameln-pyrmont/video-beach-bar-in-rinteln-unter-wasser-ab1cea54-8871-4495-acd3-5495604d25a6.html; https://www.lemagit.fr/actualites/366569695/Cyberhebdo-du-9-fevrier-2024-9-cyberattaques-rapportees-dans-la-presse; https://www.heise.de/news/Ransomware-Angriffe-auf-kritische-Infrastrukturen-und-Hoergeraetekette-Kind-9628904.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag",2024-02-12,2024-03-19
3139,Ukrainian Defence Intelligence Service Disrupted Russian Drone Control Program on 8 February 2024,"On 8 February 2024, the Defence Intelligence Service of Ukraine (DIU) interfered with the normal functioning of the software used by the Russian armed forces to control drones. The software is used for modifying commercial off-the-shelf drones from the Chinese manufacturer DJI to meet military purposes. The operation disclosed by DIU reportedly cut off drones from the web servers running the software, requiring on-the-ground manual control in close range of the deployment. Without access to the dedicated software support, Russian drone operators were left without the ""friend or foe"" identification system and unable to stream video to command posts. Information published by DIU indicates the disruption might have been achieved through a denial of TCP connections of the servers.",2024-02-08,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Drone Control Program,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Military,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,18171,2024-02-08 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attacker confirms,Main Directorate of Intelligence of the Ministry of Defence of Ukraine,Not available,Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,https://gur.gov.ua/content/u-rashystiv-masshtabnyi-zbii-prohramy-keruvannia-dronamy-detali-kiberataky-hur.html,International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Service Stop,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),International telecommunication law; Armed conflict,; Conduct of hostilities,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://gur.gov.ua/content/u-rashystiv-masshtabnyi-zbii-prohramy-keruvannia-dronamy-detali-kiberataky-hur.html; https://www.kyivpost.com/post/27795; https://news.yahoo.com/ukrainian-cyber-specialists-disrupt-russias-164500594.html,2024-02-09,2024-03-22
3138, Black Basta Ransomware Group exfiltrated data from Hyundai Motor Europe In January 2024,"Hyundai Motor Europe, a division of Hyundai Motor Corporation based in Germany, was targeted by the Black Basta ransomware gang in January 2024. Black Basta reportedly obtained around 3 TB of data from the carmaker's networks. Hyundai Europe confirmed an unauthorised intrusion in response to a media inquiry from BleepingComputer after initially reporting ""IT issues"". Images shared by Black Basta showed folders suggesting it had exfiltrated files from the company's legal, sales, human resources, accounting, IT, and management units. Hyundai is currently working with external cybersecurity and legal experts to investigate the intrusion and has informed the authorities. ",2024-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Hyundai Motor Europe,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Black Basta Ransomware Gang,Not available,Non-state-group,Criminal(s),1,18172,2024-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Black Basta Ransomware Gang,Not available,Not available,Black Basta Ransomware Gang,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/hyundai-motor-europe-hit-by-black-basta-ransomware-attack/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hyundai-motor-europe-hit-by-black-basta-ransomware-attack/; https://www.lemondeinformatique.fr/actualites/lire-hyundai-motor-europe-victime-du-ransomware-black-basta-92928.html; https://securityaffairs.com/158916/data-breach/black-basta-ransomware-hyundai-motor-europe.html; https://securityaffairs.com/158965/breaking-news/security-affairs-newsletter-round-458-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/12th-february-threat-intelligence-report/,2024-02-09,2024-03-22
3132,Ransomware group Akira targeted Swedish municipality Kalmar in February 2024,"The Swedish municipality of Kalmar was targeted in a ransomware attack in early February 2024. On 5 February, the municipality identified malfunctions of its IT systems, restricting access to the municipal network. A shutdown of municipality servers cut off a range of dependent services, including digital aids used in local schools and preschools, as well as electronic access controls at ice rinks, swimming pools and sport facilities. Home care staff reported issues in accessing patient records. A spokesperson for the municipality linked the incident to the Akira ransomware group, while noting that two days after the incident no ransom demands had been received.",2024-02-06,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,municipality Kalmar,Sweden,EUROPE; EU(MS); NORTHEU,State institutions / political system,Civil service / administration,Akira Ransomware Group/Storm-1567,Russia,Non-state-group,Criminal(s),1,18191,2024-02-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"Nico Werge (Communication Manager of Kalmar Municipality, Sweden)",Not available,Sweden,Akira Ransomware Group/Storm-1567,Russia,Non-state-group,https://www.svt.se/nyheter/lokalt/smaland/misstankt-it-attack-mot-kalmar-kommun,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,1,2024-02-06 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Sweden,Swedish Police Authority,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://kalmar.se/arkiv/nyhetsarkiv/nyheter/2024-02-06-uppdaterad-information-koncernen-ar-drabbad-av-angrepp-pa-delar-av-it-miljon.html; https://www.svt.se/nyheter/lokalt/smaland/misstankt-it-attack-mot-kalmar-kommun; https://www.computerweekly.com/de/news/366569653/Die-Cyberangriffe-der-KW6-2024-im-Ueberblick; https://www.lemagit.fr/actualites/366569695/Cyberhebdo-du-9-fevrier-2024-9-cyberattaques-rapportees-dans-la-presse; https://siecledigital.fr/2024/03/06/depuis-plusieurs-semaines-la-suede-est-la-cible-du-groupe-cybercriminel-akira/; https://www.lemonde.fr/international/article/2024/03/05/la-suede-victime-d-une-vague-d-attaques-au-rancongiciel_6220281_3210.html; https://kalmar.se/arkiv/nyhetsarkiv/nyheter/2024-02-06-effekter-av-it-angreppet-6-februari.html,2024-02-08,2024-03-22
3134,Hacktivist Turk Hack Team claimed responsibility for DDoS attack on French bank Crédit Agricole and French postal service La Poste on February 6 and 7 2024,"The French postal service La Poste experienced an outage of its web serivce on February 6, confirming on February 7 that the outage was caused by a DDoS attack. One day later,  the French bank Crédit Agricole also experienced an outage of its web services caused by a DDoS attack. On the same day, the hacktivist group Turk Hack Team claimed on Telegram to be responsible for both of the attacks. The disruption left the websites and application of both institutions inaccessible for several hours. Turk Hack Team is believed to operate on political motives. They stated that with the attacks they were protesting against the planned arms delivery from France to Armenia, announcing futher attacks on French institutions in the future.",2024-02-07,2024-02-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Crédit Agricole - La Poste,France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure,Finance - Telecommunications,Turk Hack Team,Not available,Non-state-group,Hacktivist(s),1,18189,2024-02-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Turk Hack Team,Not available,Not available,Turk Hack Team,Not available,Non-state-group,https://t.me/turkhckteam/310,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.leparisien.fr/faits-divers/credit-agricole-le-site-et-lapplication-mobile-paralyses-plusieurs-heures-par-une-cyberattaque-07-02-2024-PFWQITQT7ZBOLEJ7RDMEUPXT4A.php; https://t.me/turkhckteam/310; https://www.zdnet.fr/actualites/attaques-ddos-la-poste-et-le-credit-agricole-hors-ligne-pendant-une-demi-journee-39964102.htm; https://www.courrier-picard.fr/id491989/article/2024-02-08/le-site-et-lapplication-mobile-du-credit-agricole-paralyses-par-une-cyberattaque; https://www.zdnet.fr/actualites/attaques-ddos-la-poste-et-le-credit-agricole-hors-ligne-pendant-une-demi-journee-39964102.htm; https://www.cnews.fr/france/2024-04-07/cyberattaque-le-site-gouvernemental-du-cerc-pirate-par-des-hackers-turcs-1479579,2024-02-08,2024-03-22
3131,Pro-Russian hacking group NoName057 carried out DDoS attacks against Spanish websites in early February 2024,"During 6-7 February 2024, the pro-Russian hacker group NoName057 carried out DDoS attacks against the websites of several entities in Spain, including the Basque Government, the Parliaments of the Canary Islands, of Navarre and of Euskadi, the municipality of Murcia, the port of Barcelona and the transport company Vectalia, responsible for public transport in the city of Alicante. The websites became available again after a short period. An attempt to block access to the website of the Regional Assembly of Murcia proved unsuccessful. NoName057 linked its actions to protests by Spanish farmers against EU agricultural regulations. ",2024-02-06,2024-02-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,Parliament of Euskadi - None - None - Basque Government - None - None - Parliament of Navarre - None,Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system,Government / ministries - Transportation - Legislative - Government / ministries - Civil service / administration - Transportation - Government / ministries - Legislative,None; None; None,Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s),3,18194; 18194; 18194; 18194; 18194; 18194; 18194; 18194,2024-02-07 00:00:00; 2024-02-07 00:00:00; 2024-02-07 00:00:00; 2024-02-07 00:00:00; 2024-02-07 00:00:00; 2024-02-07 00:00:00; 2024-02-07 00:00:00; 2024-02-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,National Cryptologic Center; National Cryptologic Center; NoName057(16); NoName057(16); National Cryptologic Center; National Cryptologic Center; NoName057(16); NoName057(16),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Spain; Russia; Spain; Russia; Spain; Russia; Spain; Russia,; ; ; ; ; ; ; ,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://t.me/noname05716eng/2787; https://t.me/noname05716eng/2789,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,8.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available; Not available; Not available,; ; ,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.lavanguardia.com/politica/20240207/9515028/hackers-rusos-atacan-webs-instituciones-espanolas-apoyo-protestas-agricolas.html; https://www.europasur.es/campo-de-gibraltar/hackers-rusos-atacan-webs-protestas-agricolas_0_1873614835.html; https://t.me/noname05716eng/2787; https://t.me/noname05716eng/2789; https://www.levante-emv.com/economia/2024/02/07/protesta-agricultores-crece-carreteras-cortadas-97845081.html; https://www.levante-emv.com/economia/2024/02/07/protesta-agricultores-crece-carreteras-cortadas-97845081.html; https://www.economiadigital.es/empresas/puertos-algeciras-barcelona.html; https://www.informacion.es/economia/2024/02/07/protesta-agricultores-crece-carreteras-cortadas-97845069.html; https://www.economiadigital.es/empresas/puertos-algeciras-barcelona.html; https://www.noticiasdealava.eus/sociedad/2024/02/10/parlamento-vasco-sufre-ataque-hackers-7854640.html; https://www.noticiasdealava.eus/sociedad/2024/02/10/parlamento-vasco-sufre-ataque-hackers-7854640.html; https://www.informacion.es/economia/2024/02/07/protesta-agricultores-crece-carreteras-cortadas-97845069.html; https://www.diariovasco.com/economia/cibertaque-euskadi-rusia-20240213164034-nt.html; https://www.diariovasco.com/economia/cibertaque-euskadi-rusia-20240213164034-nt.html; https://www.diariodenavarra.es/noticias/navarra/2024/03/10/el-gobierno-navarra-limita-el-acceso-telematico-decena-paises-frenar-ciberataques-601487-300.html; https://www.diariodenavarra.es/noticias/navarra/2024/03/10/el-gobierno-navarra-limita-el-acceso-telematico-decena-paises-frenar-ciberataques-601487-300.html; https://www.cope.es/emisoras/navarra/navarra-provincia/pamplona/noticias/ciberseguridad-todos-debemos-proteger-nuestros-datos-20240325_3215261,2024-02-08,2024-03-22
3133,Russian hackers disrupted access to website of Ukrainian Ministry of Education and Science on 7 February 2024,"Unidentified Russian hackers disrupted access to the website of the Ukrainian Ministry of Education and Science on 7 February 2024, the Ministry disclosed in a Facebook post on the same day.",2024-02-07,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Ministry of Education and Science (Ukraine),Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,Not available,Russia,Unknown - not attributed,,1,18190,2024-02-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Ministry of Education and Science (Ukraine),Not available,Ukraine,Not available,Russia,Unknown - not attributed,https://www.facebook.com/UAMON/posts/pfbid02xWAFVK8eKNwQxjeRZAbF6JzC1maEDYydmatWH5qJUGwmYiUrMTS4ioBebKTYHJCGl,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Armed conflict; Due diligence; Sovereignty; Armed conflict,"Economic, social and cultural rights; Conduct of hostilities; ; ; Certain persons",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.facebook.com/UAMON/posts/pfbid02xWAFVK8eKNwQxjeRZAbF6JzC1maEDYydmatWH5qJUGwmYiUrMTS4ioBebKTYHJCGl; https://www.pravda.com.ua/eng/news/2024/02/7/7440763/,2024-02-08,2024-03-22
3136,Foreign actor suspected of planting virus in computer systems for marketing fuel in Cuba on 31 January 2024,"An unidentified foreign actor is believed to have planted a virus in the computer systems used in the marketing of fuel in Cuba on 31 January 2024, the Deputy Minister of Economy Mildrey Granadillo de la Torre announced on the same day.
This incident prompted the Ministry of Economy to indefinitely postpone the five-fold increase in the price of petrol scheduled to take effect on the next day.",2024-01-31,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available,Cuba,,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18188,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2024-01-31 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Cuba,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.reuters.com/world/americas/cuba-delays-feb-1-fuel-price-hike-cites-cyberattack-2024-01-31/; https://apnews.com/article/cuba-cabinet-economy-minister-fuel-prices-8f8e0619dadeb1e1ab2e3cc61c0fb2a7; https://www.mep.gob.cu/es/noticia/aplazamiento-por-incidente-de-ciberseguridad-de-la-implementacion-de-la-actualizacion-de; https://www.granma.cu/cuba/2024-02-03/cuba-fortalece-su-ciberseguridad-como-una-labor-prioritaria; https://www.directoriocubano.info/panorama/actualizan-sobre-situacion-con-el-combustible-en-cuba/,2024-02-08,2024-03-22
3137,FBI dismantled botnet leveraged by Chinese state actor Volt Typhoon starting in December 2023,"Executing four successive search and seizure warrants under Criminal Procedure Rule 41 since 6 December 2023, the FBI has been dismantling a botnet of small-office/home-office (SOHO) across the United States controlled by the Chinese state actor Volt Typhoon. 
The law enforcement deleted malware tying targeted devices to the KV botnet followed by steps to prevent a re-infection with KV botnet malware and isolate the devices from further communications with the botnet’s control nodes. 
The US Department of Justice issued a press release on 31 January 2024 officially disclosing the disruption of Volt Typhoon’s US-based attack infrastructure, following a report by Reuters on the court-authorised operation on 29 January.
In a hearing before the Select Committee on the Chinese Communist Party of the US House of Representatives on 31 January, FBI Director Christopher Wray linked Volt Typhoon’s activity to efforts by China to preposition disruptive capabilities in critical infrastructure networks in the communications, energy, transportation, and water sectors. Reporting by Lumen Technologies first publicly connected the use of KV botnet malware to Volt Typhoon, in targeting a range of organisations since at least July 2022, including US military entities and telecommunication companies.",2023-12-06,2024-01-31,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption; Hijacking without Misuse,,United States,NATO; NORTHAM,End user(s) / specially protected groups,,Federal Bureau of Investigation (FBI); None,United States; United States,State; State,,1,18187; 18187,2024-01-31 00:00:00; 2024-01-31 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attacker confirms; Attacker confirms,US Department of Justice (DoJ); US Department of Justice (DoJ),Not available; Not available,United States; United States,Federal Bureau of Investigation (FBI); ,United States; United States,State; State,https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical,International power,System/ideology; International power,China – USA; China – USA,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction; Data Manipulation; Service Stop,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Medium,13.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,501-10000,0.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical; https://www.bleepingcomputer.com/news/security/fbi-disrupts-chinese-botnet-by-wiping-malware-from-infected-routers/; https://www.reuters.com/world/us/us-disabled-chinese-hacking-network-targeting-critical-infrastructure-sources-2024-01-29/; https://www.fbi.gov/news/speeches/director-wrays-opening-statement-to-the-house-select-committee-on-the-chinese-communist-party; https://www.defenseone.com/threats/2024/02/how-fbi-hamstrung-chinese-hacker-group/393992/; https://www.defenseone.com/threats/2024/02/the-d-brief-february-08-2024/394027/; https://www.theguardian.com/technology/2024/feb/08/chinese-hack-us-transportation-infrastructure; https://new.qq.com/rain/a/20240208A074FL00; https://www.cktimes.net/news/%EC%A4%91%EA%B5%AD-%ED%95%B4%EC%BB%A4%EC%9D%98-%EB%AF%B8%EA%B5%AD-%EC%82%AC%EC%9D%B4%EB%B2%84-%EA%B3%B5%EA%B2%A9%EC%84%A4/; https://www.techrepublic.com/article/volt-typhoon-botnet-attack/; https://www.theguardian.com/technology/2024/feb/13/volt-typhoon-what-is-it-how-does-it-work-chinese-cyber-operation-china-hackers-explainer; https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/; https://cyberscoop.com/fbi-operation-seizes-infrastructure-of-lockbit-ransomware-group/; https://www.defenseone.com/defense-systems/2024/02/biden-sign-executive-order-boosting-cybersecurity-ports-maritime-vessels/394340/; https://menafn.com/1107898438/Chinas-Involvement-In-Cyber-Espionage-In-The-US-And-The-Netherlands-Raise-Global-Concern; https://therecord.media/intel-agencies-issue-guidance-gru-russia-botnet; https://www.controlglobal.com/blogs/unfettered/blog/33038009/the-us-electric-industry-is-not-responding-to-cyber-vulnerable-chinese-equipment; https://cyberscoop.com/intelligence-national-security-artificial-intelligence-threats/; https://www.defenseone.com/threats/2024/04/some-volt-typhoon-victims-wont-know-theyre-impacted-mandiant-ceo-says/395664/; https://cyberscoop.com/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive/,2024-02-08,2024-03-27
3130,Unknown hacker exploited vulnerability in cryptocurrency platform Abracadabra and stole assets worth $6.5 million on 30 January 2024,"An unknown hacker exploited a vulnerability in certain older Cauldron V4 codes of the cryptocurrency platform Abracadabra and stole $6.5 million worth of the associated stablecoin Magic Internet Money (MIM) on 30 January 2024, Abracadabra confirmed via social media on the day of the incident.",2024-01-30,2024-01-30,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Abracadabra,Not available,,Critical infrastructure,Finance,Not available,Not available,Not available,,1,18196,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,6500000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.blockmedia.co.kr/archives/456161; https://mirror.xyz/0x5744b051845B62D6f5B6Db095cc428bCbBBAc6F9/8YhkH5F_wSIjC5LDmXs4w4GIXbUGh8tDdiXaJI8ngVo; https://twitter.com/MIM_Spell/status/1752368458715607261,2024-02-07,2024-03-22
3129,Russian ransomware group Akira suspected to have stolen personal data from Reykjavík University on 2 February 2024,"The Russian ransomware group Akira is suspected to have stolen user data from Reykjavík University on 2 February 2024, the university reported. Disclosed information included names, ID numbers, university email addresses, and encrypted passwords for university services. In a statement dated 21 February 2024, the University confirmed a data theft amounting to 15 TB of data. Some of the data was classified as sensitive as it contained information about grade, salary or health matters.",2024-02-02,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Reykjavík University,Iceland,EUROPE; NATO; NORTHEU,Critical infrastructure; Education,Research; ,Akira Ransomware Group/Storm-1567,Russia,Non-state-group,Criminal(s),1,18197,2024-02-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Reykjavík University,Not available,Iceland,Akira Ransomware Group/Storm-1567,Russia,Non-state-group,https://www.visir.is/g/20242524602d/russneskir-hakkarar-taldir-bera-abyrgd-a-tolvuaras-a-hr,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.visir.is/g/20242524602d/russneskir-hakkarar-taldir-bera-abyrgd-a-tolvuaras-a-hr; https://www.icelandreview.com/news/russian-hackers-believed-to-be-behind-cyber-attack-on-icelandic-university/; https://en.ru.is/news/notification-regarding-a-computer-attack-on-the-university-of-reykjavik,2024-02-07,2024-03-22
3128,Trigona ransomware deployed against Mexican telecommunication company Claro in January 2024,"The largest telecommunication company in South America, the Mexican company Claro, was targeted with Trigona ransomware on 25 January 2024, leading to disruption of its telecommunication service in Nicaragua as well as in El Salvador, Costa Rica, Guatemala and Honduras.  On 2 February, the Nicaraguan branch of the company published a notice confirming a ransomware attack. The press release stated that, to safeguard their system, Claro decided to isolate some of its computers and shut down part of their systems. Following the incident, customers reported connectivity issues, problems with video calls, and payment processing. ",2024-01-25,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Claro - Claro - Claro - Claro - Claro,Nicaragua; Costa Rica; Guatemala; El Salvador; Honduras,CENTAM - CENTAM - CENTAM - CENTAM - CENTAM,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications,Trigona Ransomware Group,Not available,Non-state-group,Criminal(s),1,18198,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Trigona Ransomware Group,Not available,Not available,Trigona Ransomware Group,Not available,Non-state-group,https://gridinsoft.com/blogs/claro-company-hit-by-trigona-ransomware/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,5.0,1-10,5.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Due diligence; Sovereignty,Civic / political rights; ; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://gridinsoft.com/blogs/claro-company-hit-by-trigona-ransomware/; https://twitter.com/1ZRR4H/status/1753919331493085620?s=20; https://www.swissinfo.ch/spa/nicaragua-telefon%C3%ADa_claro-nicaragua-reporta-ciberataque-de--ransomware--que-afecta-su-red-de-telefon%C3%ADa/49182560; https://confidencial.digital/nacion/claro-nicaragua-calla-sobre-las-consecuencias-del-ciberataque-para-los-usuarios/; https://confidencial.digital/nacion/claro-nicaragua-calla-sobre-las-consecuencias-del-ciberataque-para-los-usuarios/,2024-02-07,2024-03-22
3127,Unknown hackers installed malware on traffic signal system of Gnalp-Steg Tunnel in Liechtenstein on 3 February 2024,"Unknown hackers installed malware on the server managing the traffic signal system of the Gnalp-Steg Tunnel in Liechtenstein on 3 February 2024, the Liechtenstein Administration announced on 6 February 2024. The malware disrupted the operation of the traffic signal system, requiring a change to manual traffic management and the installation of a temporary traffic light to keep the tunnel open.
",2024-02-03,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,State Administration (Liechtenstein),Liechtenstein,EUROPE; WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18199,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2024-02-06 00:00:00,Not available,,Liechtenstein,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.llv.li/de/medienmitteilungen/ausfall-der-lichtsignalanlage-tunnel-gnalp-steg,2024-02-07,2024-03-22
3126,Unidentified US-based Hacker Targeted Systems of Spanish Foundation for Development of Nursing (FUDEN) with Ransomware On 27 January 2024,"The Foundation for the Development of Nursing (FUDEN) experienced a ransomware attack on 27 January, which was detected on 29 January. The Spanish news portal ElPeriodic.com reported on 5 February that a hacker operating from the United States was responsible for the incident. The threat actor managed to gain unauthorized access to FUDEN's systems, compromising the personal data and academic records of 50,000 nurses from all over Spain, which they subsequently leveraged to blackmail FUDEN. The data involved includes personal information of the nurses, such as surnames, first names, dates of birth, contact information (e-mail and telephone numbers), and copies of identity documents. FUDEN filed a complaint with law enforcement and reported the incident to the Spanish data protection authority and cybersecurity agency INCIBE.",2024-01-27,2024-01-27,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Foundation for the Development of Nursing (FUDEN),Spain,EUROPE; NATO; EU(MS),Critical infrastructure; Education,Research; ,Unknown,United States,Individual hacker(s),,1,18266,2024-02-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Foundation for the Development of Nursing (FUDEN),Not available,Spain,Unknown,United States,Individual hacker(s),https://www.elperiodic.com/hacker-americano-roba-expedientes-academicos-datos-personales-enfermeros-valencianos_943219,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://prnoticias.com/2024/02/06/ciberataque-a-fuden-roban-datos-personales-de-miles-de-enfermeros/; https://www.elperiodic.com/hacker-americano-roba-expedientes-academicos-datos-personales-enfermeros-valencianos_943219; https://www.elperiodic.com/hacker-americano-roba-expedientes-academicos-datos-personales-enfermeros-valencianos_943219; https://www.elperiodic.com/hacker-americano-roba-expedientes-academicos-datos-personales-enfermeros-valencianos_943219; https://www.incibe.es/ciudadania/avisos/fuden-avisa-de-una-brecha-de-seguridad-que-afecta-los-datos-personales-de-sus#,2024-02-07,2024-03-26
3125,Qilin ransomware group stole 68 GB worth of customer data from Italian financial company Neafidi,"The Qilin ransomware group stole 68 GB worth of customer data from the Italian financial intermediary Neafidi, according to a media report. Qilin demanded a ransom on 25 January 2024 and threatened and released the stolen data when a 2 February elapsed and its demand went unanswered. In a press release from 7 February, Neafidi confirmed the data theft while disputing claims about a ransom note and clarifying that the incident had not interrupted IT services.",2024-01-25,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,Neafidi,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Finance,Qilin Ransomware Group,Not available,Non-state-group,Criminal(s),1,18267,2024-01-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Qilin Ransomware Group,Not available,Not available,Qilin Ransomware Group,Not available,Non-state-group,https://www.rainews.it/tgr/veneto/articoli/2024/02/consorzio-confindustria-sotto-attacco-hacker-rubati-pubblicati-dati-clienti-ca880475-fd8e-4517-b217-b5b378410fd0.html,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Italy,Polizia di Stato/State Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.rainews.it/tgr/veneto/articoli/2024/02/consorzio-confindustria-sotto-attacco-hacker-rubati-pubblicati-dati-clienti-ca880475-fd8e-4517-b217-b5b378410fd0.html; https://www.neafidi.it/incidente-di-sicurezza-informatica-comunicato-stampa/,2024-02-07,2024-03-26
3124,Chinese state-sponsored threat actor infiltrated network of Dutch Ministry of Defence stealing user data in 2023,"A Chinese state-sponsored threat actor infiltrated a network within the Ministry of Defence in 2023, the Dutch Military Intelligence and Security Service (MIVD) and the civilian General Intelligence and Security Service (AIVD) assessed with high confidence in an advisory released on 6 February 2024. The network was set up for research and development (R&D) activities related to unclassified
projects, facilitating collaboration with two external research institutes. The intrusion group utilised a vulnerability found in FortiGate devices (CVE-2022-42475) to install the previously undocumented COATHANGER malware on infected devices and gain access to communications between the infected devices. Upon developing access to the network, the threat actors conducted reconnaissance and stole user account data. According to MIVD and AIVD findings, harvested information appeared limited in scope, as the compromised network was segregated from wider Ministry of Defence infrastructure and only had a maximum of 50 users. MIVD reporting on the incident marks the first instance of the agency publishing a technical report on the methods of Chinese threat actors. The Dutch intelligence services noted that the implant had previously been detected on the networks of a Western diplomatic mission, in addition to several other unnamed victims. In a statement responding to the report, the Chinese embassy in the Netherlands asserted the Chinese government would ""not allow any country or individual using Chinese infrastructure to engage in such illegal activities"".",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Ministry of Defense (Netherlands) - Not available,Netherlands; Not available,EUROPE; NATO; EU(MS); WESTEU - ,State institutions / political system - Unknown,Government / ministries - ,Not available,China,"Non-state actor, state-affiliation suggested",,1,18384; 18384,2024-02-06 00:00:00; 2024-02-06 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Dutch Military Intelligence and Security Service (MIVD); Dutch General Intelligence and Security Service (AIVD),Not available; Not available,Netherlands; Netherlands,Not available; Not available,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.ncsc.nl/actueel/nieuws/2024/februari/6/nieuwe-malware-benadrukt-aanhoudende-interesse-in-edge-devices,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Diplomatic / consular law; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-military-network-with-malware/; https://therecord.media/dutch-find-chinese-hackers-networks-fortinet; https://www.ncsc.nl/actueel/nieuws/2024/februari/6/nieuwe-malware-benadrukt-aanhoudende-interesse-in-edge-devices; https://www.reuters.com/technology/cybersecurity/china-cyber-spies-hacked-computers-dutch-defence-ministry-report-2024-02-06/; https://www.defensie.nl/actueel/nieuws/2024/02/06/mivd-onthult-werkwijze-chinese-spionage-in-nederland; http://nl.china-embassy.gov.cn/eng/sgxw/202402/t20240207_11241801.htm; https://www.heise.de/news/Spionage-Vorwuerfe-Niederlande-sieht-China-fuer-Cyberangriff-verantwortlich-9621207.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/158765/apt/china-linked-apt-dutch-mod.html; https://research.checkpoint.com/2024/12th-february-threat-intelligence-report/; https://www.voachinese.com/a/europe-warns-of-rampant-chinese-spying-20240214/7486874.html; https://www.voachinese.com/a/china-s-ministry-of-state-security-warns-of-overseas-cyber-espionage-threats-20240219/7493499.html; https://www.voachinese.com/a/china-s-ministry-of-state-security-warns-of-overseas-cyber-espionage-threats-20240219/7493499.html; https://www.avionews.it/it/item/1257497-olanda-cina-tensioni-su-cyberspionaggio.html; https://www.voachinese.com/a/in-beijing-dutch-pm-raises-cyberespionage-with-china-s-xi-20240327/7546220.html; https://www.bleepingcomputer.com/news/security/the-biggest-takeaways-from-recent-malware-attacks/,2024-02-07,2024-03-29
3119,Unknown hackers stole information from Ingeniero Huergo Hospital in Argentinian province of Rio Negro on 3 February 2024,"Unknown hackers stole information from the Ingeniero Huergo Hospital in the Argentinian province of Rio Negro on 3 February 2024, the provincial government confirmed.
The press release described the incident as targeting the Government of Río Negro, without specifying whether institutions other than the public hospital were affected by the breach. ",2024-02-03,2024-02-03,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Ingeniero Huergo Hospital,Argentina,SOUTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,16914,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.lmcipolletti.com/provincia/hackers-vulneraron-al-gobierno-rionegrino-y-robaron-informacion-un-hospital-n1091258; https://www.lmneuquen.com/neuquen/ciberataque-al-gobierno-rio-negro-hackers-roban-informacion-un-hospital-n1091375; https://www.lmcipolletti.com/provincia/hackers-vulneraron-al-gobierno-rionegrino-y-robaron-informacion-un-hospital-n1091258; https://www.lmneuquen.com/neuquen/ciberataque-al-gobierno-rio-negro-hackers-roban-informacion-un-hospital-n1091375; https://www.anroca.com.ar/noticias/2024/02/05/157762-hackers-vulneraron-el-sistema-del-hospital-de-huergo-y-robaron-datos; https://www.anroca.com.ar/noticias/2024/02/05/157762-hackers-vulneraron-el-sistema-del-hospital-de-huergo-y-robaron-datos; https://todoespolitica.com.ar/hackeron-y-robaron-datos-del-hospital-de-huergo/; https://www.rionegro.com.ar/sociedad/hackearon-el-sistema-de-un-hospital-de-rio-negro-y-confirmaron-el-robo-de-datos-3399956/; https://prensa.rionegro.gov.ar/articulo/48238/hackearon-el-sistema-del-hospital-de-huergo-y-robaron-datos; https://tsnnecochea.com.ar/generales/hackeos-historicos-en-argentina-127653.html,2024-02-07,2024-02-07
3107,Unknown actors hit Pennsylvania court system with DDoS attack on 4 February 2024,"A DDosS attack interfered with access to the filing system and the bail payment site of the Pennsylvania court system, among other services, on 4 February 2024.
A statement released by the Administrative office of Pennsilvania Courts (APOC) on 4 February noted disruptions to connectivity, leading to the unavailability of the electronic filing system used by attorneys, key systems that document appointed guardians, the system used for court payments, and the web docket tracking court cases. Following the partial restoration of affected services on 5 February, the portions of the website experienced renewed outages on 6 February. 
",2024-02-04,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Pennsylvania court system,United States,NATO; NORTHAM,State institutions / political system,Judiciary,Not available,Not available,Not available,,1,16876,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline; https://www.govtech.com/public-safety/cyber-attack-affecting-access-to-pennsylvania-state-courts; https://www.mydallaspost.com/news/185475/online-access-to-some-court-records-impacted-by-cyber-attack; https://www.facebook.com/pennsylvaniacourts/posts/787501490070010; https://twitter.com/PACourts/status/1754343684089209122; https://twitter.com/PACourts/status/1754568478663512257; https://twitter.com/PACourts/status/1754634035886707165; https://twitter.com/PACourts/status/1754891493611811005; https://www.elmanana.com/texas/valledetexas/agencia-de-tribunales-reciben-ciberataque/5810775; https://www.elmanana.com/texas/valledetexas/agencia-de-tribunales-reciben-ciberataque/5810775; https://news.yahoo.com/pa-court-systems-targeted-cyber-191016686.html; https://www.mydallaspost.com/news/185475/online-access-to-some-court-records-impacted-by-cyber-attack; https://www.skooknews.com/2024/02/pennsylvania-courts-web-site-remains.html; https://www.lehighvalleylive.com/news/2024/02/cyber-attack-on-pa-courts-website-affects-online-services.html; https://www.pennlive.com/crime/2024/02/cyber-attack-on-pa-courts-website-affects-online-services.html; https://local21news.com/news/local/local-school-messiah-university-trains-new-generation-of-cybersecurity-experts-in-central-pa; https://research.checkpoint.com/2024/12th-february-threat-intelligence-report/,2024-02-06,2024-02-08
3112,IT systems of Cameroonian electricity operator Eneo dsirupted on 29 January 2024,"The Cameroonian electricity supplier Eneo experienced disruptions of its systems on 29 January 2024. Following media reports, the company issued a press release on 2 February confirming the incident. To protect its systems, the company took some of its applications down, temporarily preventing customers from paying bills and topping up meters online.",2024-01-29,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Eneo,Cameroon,AFRICA; SSA,Critical infrastructure,Energy,Not available,Not available,Not available,,1,16880,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.investiraucameroun.com/energie/0202-20272-paiement-des-factures-et-achat-des-unites-eneo-confirme-qu-une-cyberattaque-est-a-l-origine-des-perturbations-actuelles,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.koaci.com/article/2024/02/02/cameroun/societe/cameroun-loperateur-majeur-delectricite-vise-par-une-cyberattaque_175554.html; https://www.investiraucameroun.com/energie/0202-20272-paiement-des-factures-et-achat-des-unites-eneo-confirme-qu-une-cyberattaque-est-a-l-origine-des-perturbations-actuelles,2024-02-06,2024-02-06
3108,Unknown hackers stole data from French health insurance third-party payment service Viamedis in late Janaury 2024,"On 29 January 2024, the French third-party payment service Viamedis became the target of an intrusion leading to the theft of customer data. One of the four shareholders in Viamedis, issued a statement to its customers on the evening of 31 January on the incident. Viamedis operates as a payment service for about 84 complementary health services, including Carte Blanche Partenaires, Itelis, Kalixia and Santéclair, which in total service about 20 million customers. The precise number of affected customers had not yet been determined at the time of reporting. The stolen data included information about the civil status, date of birth, social security number and name of insurance provider. Viamedis says that the compromised platform has been disconnected in response to the incident, potentially limiting access for certain healthcare businesses, in particular opticians and hearing aid specialists.  However, the company says that most people should be able to use their carte Vitale and third-party payment card as normal.  As of 6 February, Viamedis' website remained inaccessible. The company filled a complaint and informed the French data protection authority and cybersecurity agency about the incident. ",2024-01-29,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Viamedis - Carte Blance Partenaires - Santéclair - Itelis - Kalixia,France; France; France; France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Finance - Health - Health - Health - Health,Not available,Not available,Not available,,1,16888,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,rgusdelassurance.com/assurance-de-personnes/sante/cyberattaque-la-plateforme-viamedis-victime-d-une-importante-fuite-de-donnees.230240,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing; Valid Accounts,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.presse-citron.net/20-millions-de-numeros-de-securite-sociale-des-francais-viennent-detres-pirates-qui-est-concerne/; https://www.generation-nt.com/actualites/numero-securite-social-piratage-viamedis-complementaire-sante-2044057; https://www.usine-digitale.fr/article/les-donnees-de-20-millions-de-francais-menacees-suite-a-la-cyberattaque-d-une-complementaire-sante.N2207534; https://www.lemoniteurdespharmacies.fr/actu/actualites/actus-socio-professionnelles/cyberattaque-de-viamedis-on-fait-quoi-a-la-pharmacie.html; https://www.lemonde.fr/pixels/article/2024/02/02/des-donnees-appartenant-a-20-millions-d-assures-sociaux-menacees-par-le-piratage-de-viamedis-specialiste-du-tiers-payant_6214472_4408996.html; https://www.usine-digitale.fr/article/les-donnees-de-20-millions-de-francais-menacees-suite-a-la-cyberattaque-d-une-complementaire-sante.N2207534; https://www.sudouest.fr/economie/economie-du-numerique/cyberattaque-les-numeros-de-20-millions-d-assures-sociaux-potentiellement-aspires-18411457.php; https://www.tf1info.fr/sante/video-reportage-cyberattaque-contre-le-specialiste-du-tiers-payant-viamedis-que-risquent-les-20-millions-d-assures-francais-potentiellement-concernes-2285136.html; https://www.linformaticien.com/magazine/cybersecurite/61636-fuite-de-donnees-apres-l-attaque-de-l-organisme-de-tiers-payant-viamedis.html; rgusdelassurance.com/assurance-de-personnes/sante/cyberattaque-la-plateforme-viamedis-victime-d-une-importante-fuite-de-donnees.230240; https://www.bleepingcomputer.com/news/security/data-breach-at-french-healthcare-services-firm-puts-millions-at-risk/; https://www.generation-nt.com/actualites/tiers-payant-cyberattaque-almerys-fuite-donnees-viamedis-2044127; https://fr.news.yahoo.com/cyberattaque-contre-viamedis-almerys-peuvent-061600575.html; https://siecledigital.fr/2024/02/06/viamedis-et-almerys-deux-specialistes-du-tiers-payant-victimes-de-cyberattaques/; https://draguignan.maville.com/actu/actudet_-almerys-viamedis-ce-que-l-on-sait-de-la-fuite-de-millions-de-donnees-d-assures-sociaux-_fil-6146835_actu.Htm; https://www.lemoniteurdespharmacies.fr/actu/actualites/actus-socio-professionnelles/almerys-nouvelle-victime-d-une-cyberattaque-massive.html; https://www.lunion.fr/id566212/article/2024-02-06/cyberattaques-chez-almerys-et-viamedis-ce-que-lon-sait-de-la-fuite-de-donnees; https://fr.news.yahoo.com/sport/sant%C3%A9-sait-piratages-g%C3%A9ants-vol-155922985.html; https://www.radins.com/service/telephone-internet/actualites/piratage-vol-donnees-personnelles-sante-securite-sociale/52967; https://www.lemonde.fr/pixels/article/2024/02/06/apres-viamedis-le-specialiste-du-tiers-payant-almerys-lui-aussi-victime-d-un-piratage_6215024_4408996.html; https://www.lefigaro.fr/secteur/high-tech/le-specialiste-du-tiers-payant-almerys-touche-par-une-cyberattaque-cinq-jours-apres-son-concurrent-20240206; https://www.franceguyane.fr/actualite/france/sante-les-donnees-de-plus-de-20-millions-de-cartes-vitale-ont-fuite-973650.php; https://www.la-croix.com/france/cyberattaque-chez-viamedis-et-almerys-33-millions-d-assures-concernes-20240208; https://tr.euronews.com/next/2024/02/08/fransanin-en-buyuk-siber-saldirisinda-33-milyon-kisinin-saglik-verileri-calindi; https://www.leparisien.fr/economie/comment-le-vol-massif-de-donnees-dassures-sociaux-complique-la-vie-des-opticiens-et-des-patients-08-02-2024-3B676CCTVNHCBOCRL73RDZHHII.php; https://therecord.media/health-insurance-data-breach-affects-half-of-france-cnil; https://www.tf1info.fr/sante/video-reportage-33-millions-de-francais-victimes-d-une-cyberattaque-au-tiers-payant-comment-savoir-et-que-faire-si-vous-etes-concerne-2285550.html; https://www.allodocteurs.fr/fuite-de-donnees-de-sante-comment-savoir-si-vous-etes-concerne-36538.html; https://www.francetvinfo.fr/sante/vol-de-donnees-de-33-millions-de-francais-les-deux-principaux-operateurs-du-tiers-payant-cibles_6353476.html; https://www.euronews.com/next/2024/02/08/data-of-33-million-people-in-france-stolen-in-its-largest-ever-cyberattack-this-is-what-we; https://cherbourg.maville.com/actu/actudet_-entretien.-fuite-de-donnees-de-sante-certainement-une-des-plus-grandes-qu-on-ait-jamais-connues-_54135-6150195_actu.Htm; https://www.tf1info.fr/conso/piratage-de-donnees-de-sante-la-vente-de-lunettes-mise-a-l-arret-2285686.html; https://www.zinfos974.com/cyberattaque-chez-viamedis-et-almerys-les-complementaires-sante-de-la-reunion-concernees/; https://www.heise.de/news/Cyberangriff-Gesundheitsdaten-von-33-Millionen-Franzosen-betroffen-9624548.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.sudouest.fr/sciences-et-technologie/donnees-volees-aux-mutuelles-ce-que-l-on-sait-du-piratage-massif-qui-concerne-33-millions-de-francais-18497896.php; https://www.letemps.ch/economie/cyber/apres-la-suisse-la-france-decouvre-le-fleau-du-piratage-de-masse; https://www.tf1info.fr/sante/video-tf1-cyberattaques-contre-viamedis-et-almerys-le-tiers-payant-a-l-arret-des-patients-contraints-d-avancer-les-frais-les-opticiens-subissent-le-contrecoup-2285794.html; https://www.journaldugeek.com/2024/02/09/vol-de-numero-de-securite-sociale-que-risquez-vous-vraiment/; https://www.lemonde.fr/pixels/article/2024/02/09/donnees-volees-aux-mutuelles-de-sante-le-parquet-de-paris-ouvre-une-enquete-apres-les-cyberattaques-de-viamedis-et-almerys_6215719_4408996.html; https://www.sudouest.fr/economie/social/piratage-de-millions-de-numeros-de-securite-sociale-le-parquet-de-paris-ouvre-une-enquete-18510552.php; https://www.linfo.re/france/societe/piratage-de-numeros-de-securite-sociale-ouverture-d-une-enquete-sur-les-cyberattaques; https://www.lejdd.fr/societe/cyberattaques-enquete-ouverte-apres-le-piratage-des-donnees-de-sante-de-viamedis-et-almerys-141958; https://fr.news.yahoo.com/sport/piratage-donn%C3%A9es-sant%C3%A9-fran%C3%A7ais-concern%C3%A9s-111505598.html; http://www.samanyoluhaber.com/fransada-33-milyon-kisinin-saglik-verileri-calindi-haberi/1458128/; https://www.midilibre.fr/2024/02/12/un-francais-sur-deux-concerne-par-ce-danger-les-risques-meconnus-du-piratage-de-donnees-de-sante-11752122.php; https://research.checkpoint.com/2024/12th-february-threat-intelligence-report/; https://la1ere.francetvinfo.fr/reunion/cyberattaques-dans-la-sante-prise-en-charge-des-lunettes-perturbee-chez-les-opticiens-et-tentatives-d-arnaques-par-sms-1464498.html; https://www.commentcamarche.net/securite/piratage/30231-piratage-securite-sociale-une-lettre-plainte-a-remplir-en-ligne/; https://www.01net.com/actualites/piratage-numero-securite-sociale-porter-plainte-ligne.html; https://www.tomsguide.fr/vol-de-donnees-des-mutuelles-protegez-vous-en-portant-plainte-en-ligne/; https://siecledigital.fr/2024/02/12/le-parquet-de-paris-ouvre-une-enquete-suite-aux-cyberattaques-subies-par-viamedis-et-almerys/; https://www.sudouest.fr/sciences-et-technologie/donnees-volees-aux-mutuelles-comment-savoir-si-vous-etes-concernes-comment-deposer-plainte-en-ligne-18546582.php; https://www.lemondeinformatique.fr/actualites/lire-affaire-viamedis-et-almerys-cybermalveillance-aide-au-depot-de-plainte-92944.html; https://worldissmall.fr/2024/02/13/cyberattaques-une-enquete-ouverte-apres-le-piratage-massif-des-donnees-de-sante-des-francais/; https://www.ladepeche.fr/2024/02/13/vol-de-donnees-comment-savoir-si-vos-informations-personnelles-ont-ete-compromises-11762680.php; https://www.humanite.fr/social-et-economie/cyberattaque/donnees-de-sante-pourquoi-sont-elles-dans-le-viseur-des-hackeurs; https://www.quechoisir.org/actualite-cyberattaque-viamedis-et-almerys-et-maintenant-n117310/; https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2024/fallout-from-viamedis-almerys-attack-does-not-end-with-the-data-leak; https://www.quechoisir.org/actualite-cyberattaque-viamedis-et-almerys-les-reponses-a-vos-questions-n118434/; https://www.allodocteurs.fr/piratage-des-donnees-de-sante-voici-ce-que-vous-devez-verifier-36737.html; https://www.phonandroid.com/vol-de-donnees-de-la-securite-sociale-33-millions-de-victimes-quels-sont-les-dangers-et-comment-se-proteger.html; https://actu.fr/nouvelle-aquitaine/marmande_47157/cyberattaque-massive-en-lot-et-garonne-comment-les-entreprises-sen-sont-sorties_60811091.html; https://econostrum.info/cyberattaque-smartphone-cibles/; https://fr.news.yahoo.com/cyberattaques-recrudescence-voyons-aujourd-hui-170429438.html; https://actu.fr/normandie/pont-audemer_27467/cyberattaque-des-plateformes-de-gestion-du-tiers-payant-les-opticiens-ont-du-sadapter_60906169.html; https://www.argusdelassurance.com/les-distributeurs/courtiers/cyberattaque-de-viamedis-et-almerys-helium-a-ete-touche-par-rebond-thierry-auzole.231050; https://www.lemondeinformatique.fr/actualites/lire-sur-fond-de-cyberattaques-les-plaintes-a-la-cnil-repartent-a-la-hausse-93565.html; https://www.techniques-ingenieur.fr/actualite/articles/piratage-du-tiers-payant-nos-donnees-personnelles-sont-elles-efficacement-protegees-132526/,2024-02-06,2024-02-13
3111,Chinese state actor compromised telecommunications system used by Japanese Foreign Ministry and stole sensitive information since at least mid-2020,"A Chinese state actor compromised the telecommunications system used by the Japanese foreign ministry in communication with its embassies and stole sensitive information going back to at least the summer of 2020, the Japanese daily Yomiuri Shinbun, also known as The Japan News, revealed on 5 February 2024, based on anonymous government sources.
According to the news article, the US government warned Japan in the summer of 2020 that the computer networks of Japanese diplomatic missions abroad had been compromised by Chinese hackers. Among other internal documents, the Chinese threat actors reportedly gained access to official cables transmitted via an encrypted VPN channel between the Japanese embassy in Beijing and the foreign ministry in Tokyo.
Then head of US Cyber Command (USCYBERCOM) Paul Nakasone travelled to Japan, to reach an agreement with Japanese counterparts that five bodies - namely the foreign and defence ministries, the National Police Agency, the Public Security Intelligence Agency and the Cabinet Intelligence and Research Office - conduct targeted threat hunting on their networks.
The Chinese ministry of foreign affairs denied any knowledge of or involvement in the incident.",2020-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Embassy of Japan in Beijing - Ministry of Foreign Affairs (Japan),Japan; Japan; Japan,ASIA; SCS; NEA - ASIA; SCS; NEA - ASIA; SCS; NEA,State institutions / political system - State institutions / political system - State institutions / political system,"Other (e.g., embassies) - Other (e.g., embassies) - Government / ministries",Not available,China,State,,2,16890; 16891,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party,Not available; Not available,Not available; Not available,United States; United States,Not available; Not available,China; China,State; Unknown - not attributed,https://japannews.yomiuri.co.jp/politics/defense-security/20240205-166966/,International power,Territory; Resources; International power,China - Japan (East China Sea); China - Japan (East China Sea); China - Japan (East China Sea),Yes / HIIK intensity,HIIK 2,1,2020-01-01 00:00:00,State Actors: Preventive measures,Confidence and security-building Dialogues,United States,Paul Nakasone (Head of US CYCOM and NSA),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.dt.co.kr/contents.html?article_no=2024020502109931065003; https://japannews.yomiuri.co.jp/politics/defense-security/20240205-166966/; https://www.japantimes.co.jp/news/2024/02/05/japan/classified-diplomatic-info-leaked-china-cyberattack/; https://www.swissinfo.ch/spa/jap%C3%B3n-ciberataque_documentos-clasificados-diplom%C3%A1ticos-de-jap%C3%B3n-se-filtraron-en-ciberataques-chinos/49186144; https://www.lapatilla.com/2024/02/05/documentos-clasificados-diplomaticos-de-japon-se-filtran-en-ciberataques-chinos/; https://www.47news.jp/10490422.html; https://www.hokkoku.co.jp/articles/-/1310276; https://www.fnnews.com/news/202402051355404300; https://news.ifeng.com/c/8Ww7DnM3eRm; https://news.ifeng.com/c/8Ww0RqTQF3h; https://news.seehua.com/post/1115176; https://kumanichi.com/articles/1317525; https://biz.heraldcorp.com/view.php?ud=20240205000193&cpv=1; https://www.yomiuri.co.jp/politics/20240301-OYT1T50230/,2024-02-06,2024-02-19
3113,Groton Public Schools in Connecticut targeted with network disruption in February 2024,"The Groton Public Schools in the US state of Connecticut sustained a network disruption in February 2024 that led to a district-wide Internet outage on 1 February 2024. According to a statement from the school district, 90 percent of the affected systems were restored shortly after the incident. ",2024-02-01,2024-02-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Groton Public Schools,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,16889,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.govtech.com/education/k-12/cyber-attack-takes-groton-public-schools-conn-offline; https://www.databreaches.net/ct-groton-schools-internet-outage-from-cyber-attack-under-investigati,2024-02-06,2024-02-13
3114,Unknown actors stole data of social security policyholders from French third-party payment specialist Almerys on 5 February 2024,"The French third-party payment specialist Almerys suffered a data breach on 5 February 2024. Passwords and identifiers of several healthcare professionals were compromised and used to gain access to the Almerys portal. The responsible threat actors subsequently stole personal information of social security beneficiaries, including, names, dates of birth, social security numbers, as well as the name contact details of the health insurer. Almerys temporarily restricted access of healthcare professionals to the portal.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,Not available,Not available,,Critical infrastructure,Health,Not available,Not available,Not available,,1,16887,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.tf1info.fr/sante/video-reportage-cyberattaque-contre-le-specialiste-du-tiers-payant-viamedis-que-risquent-les-20-millions-d-assures-francais-potentiellement-concernes-2285136.html; https://www.linformaticien.com/magazine/cybersecurite/61636-fuite-de-donnees-apres-l-attaque-de-l-organisme-de-tiers-payant-viamedis.html; https://www.laprovence.com/article/france-monde/1635241575888316/almerys-specialiste-du-tiers-payant-touche-par-une-cyberattaque; https://www.tf1info.fr/sante/video-reportage-cyberattaque-contre-le-specialiste-du-tiers-payant-viamedis-que-risquent-les-20-millions-d-assures-francais-potentiellement-concernes-2285136.html; https://siecledigital.fr/2024/02/06/viamedis-et-almerys-deux-specialistes-du-tiers-payant-victimes-de-cyberattaques/; https://www.lunion.fr/id566212/article/2024-02-06/cyberattaques-chez-almerys-et-viamedis-ce-que-lon-sait-de-la-fuite-de-donnees; https://fr.news.yahoo.com/sport/sant%C3%A9-sait-piratages-g%C3%A9ants-vol-155922985.html; https://www.radins.com/service/telephone-internet/actualites/piratage-vol-donnees-personnelles-sante-securite-sociale/52967; https://www.lemonde.fr/pixels/article/2024/02/06/apres-viamedis-le-specialiste-du-tiers-payant-almerys-lui-aussi-victime-d-un-piratage_6215024_4408996.html; https://www.lefigaro.fr/secteur/high-tech/le-specialiste-du-tiers-payant-almerys-touche-par-une-cyberattaque-cinq-jours-apres-son-concurrent-20240206; https://www.franceguyane.fr/actualite/france/sante-les-donnees-de-plus-de-20-millions-de-cartes-vitale-ont-fuite-973650.php; https://www.laprovence.com/article/france-monde/1635241575888316/almerys-specialiste-du-tiers-payant-touche-par-une-cyberattaque; https://tr.euronews.com/next/2024/02/08/fransanin-en-buyuk-siber-saldirisinda-33-milyon-kisinin-saglik-verileri-calindi; https://www.leparisien.fr/economie/comment-le-vol-massif-de-donnees-dassures-sociaux-complique-la-vie-des-opticiens-et-des-patients-08-02-2024-3B676CCTVNHCBOCRL73RDZHHII.php; https://www.tf1info.fr/sante/video-reportage-33-millions-de-francais-victimes-d-une-cyberattaque-au-tiers-payant-comment-savoir-et-que-faire-si-vous-etes-concerne-2285550.html; https://www.allodocteurs.fr/fuite-de-donnees-de-sante-comment-savoir-si-vous-etes-concerne-36538.html; https://www.francetvinfo.fr/sante/vol-de-donnees-de-33-millions-de-francais-les-deux-principaux-operateurs-du-tiers-payant-cibles_6353476.html; https://www.euronews.com/next/2024/02/08/data-of-33-million-people-in-france-stolen-in-its-largest-ever-cyberattack-this-is-what-we; https://cherbourg.maville.com/actu/actudet_-entretien.-fuite-de-donnees-de-sante-certainement-une-des-plus-grandes-qu-on-ait-jamais-connues-_54135-6150195_actu.Htm; https://www.tf1info.fr/conso/piratage-de-donnees-de-sante-la-vente-de-lunettes-mise-a-l-arret-2285686.html; https://www.zinfos974.com/cyberattaque-chez-viamedis-et-almerys-les-complementaires-sante-de-la-reunion-concernees/; https://www.heise.de/news/Cyberangriff-Gesundheitsdaten-von-33-Millionen-Franzosen-betroffen-9624548.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://therecord.media/health-insurance-data-breach-affects-half-of-france-cnil; https://www.sudouest.fr/sciences-et-technologie/donnees-volees-aux-mutuelles-ce-que-l-on-sait-du-piratage-massif-qui-concerne-33-millions-de-francais-18497896.php; https://www.letemps.ch/economie/cyber/apres-la-suisse-la-france-decouvre-le-fleau-du-piratage-de-masse; https://www.tf1info.fr/sante/video-tf1-cyberattaques-contre-viamedis-et-almerys-le-tiers-payant-a-l-arret-des-patients-contraints-d-avancer-les-frais-les-opticiens-subissent-le-contrecoup-2285794.html; https://www.journaldugeek.com/2024/02/09/vol-de-numero-de-securite-sociale-que-risquez-vous-vraiment/; https://www.lemonde.fr/pixels/article/2024/02/09/donnees-volees-aux-mutuelles-de-sante-le-parquet-de-paris-ouvre-une-enquete-apres-les-cyberattaques-de-viamedis-et-almerys_6215719_4408996.html; https://www.sudouest.fr/economie/social/piratage-de-millions-de-numeros-de-securite-sociale-le-parquet-de-paris-ouvre-une-enquete-18510552.php; https://www.linfo.re/france/societe/piratage-de-numeros-de-securite-sociale-ouverture-d-une-enquete-sur-les-cyberattaques; https://www.lejdd.fr/societe/cyberattaques-enquete-ouverte-apres-le-piratage-des-donnees-de-sante-de-viamedis-et-almerys-141958; https://fr.news.yahoo.com/sport/piratage-donn%C3%A9es-sant%C3%A9-fran%C3%A7ais-concern%C3%A9s-111505598.html; https://www.midilibre.fr/2024/02/12/un-francais-sur-deux-concerne-par-ce-danger-les-risques-meconnus-du-piratage-de-donnees-de-sante-11752122.php; https://la1ere.francetvinfo.fr/reunion/cyberattaques-dans-la-sante-prise-en-charge-des-lunettes-perturbee-chez-les-opticiens-et-tentatives-d-arnaques-par-sms-1464498.html; https://www.commentcamarche.net/securite/piratage/30231-piratage-securite-sociale-une-lettre-plainte-a-remplir-en-ligne/; https://www.tomsguide.fr/vol-de-donnees-des-mutuelles-protegez-vous-en-portant-plainte-en-ligne/; https://siecledigital.fr/2024/02/12/le-parquet-de-paris-ouvre-une-enquete-suite-aux-cyberattaques-subies-par-viamedis-et-almerys/; https://www.sudouest.fr/sciences-et-technologie/donnees-volees-aux-mutuelles-comment-savoir-si-vous-etes-concernes-comment-deposer-plainte-en-ligne-18546582.php; https://www.lemondeinformatique.fr/actualites/lire-affaire-viamedis-et-almerys-cybermalveillance-aide-au-depot-de-plainte-92944.html; https://worldissmall.fr/2024/02/13/cyberattaques-une-enquete-ouverte-apres-le-piratage-massif-des-donnees-de-sante-des-francais/; https://www.ladepeche.fr/2024/02/13/vol-de-donnees-comment-savoir-si-vos-informations-personnelles-ont-ete-compromises-11762680.php; https://www.humanite.fr/social-et-economie/cyberattaque/donnees-de-sante-pourquoi-sont-elles-dans-le-viseur-des-hackeurs; https://www.quechoisir.org/actualite-cyberattaque-viamedis-et-almerys-et-maintenant-n117310/; https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2024/fallout-from-viamedis-almerys-attack-does-not-end-with-the-data-leak; https://www.quechoisir.org/actualite-cyberattaque-viamedis-et-almerys-les-reponses-a-vos-questions-n118434/; https://www.phonandroid.com/13-millions-didentifiants-francais-sont-le-dark-web-depuis-des-mois-presque-tous-les-services-sont-touches.html; https://www.phonandroid.com/vol-de-donnees-de-la-securite-sociale-33-millions-de-victimes-quels-sont-les-dangers-et-comment-se-proteger.html; https://actu.fr/nouvelle-aquitaine/marmande_47157/cyberattaque-massive-en-lot-et-garonne-comment-les-entreprises-sen-sont-sorties_60811091.html; https://econostrum.info/cyberattaque-smartphone-cibles/; https://fr.news.yahoo.com/cyberattaques-recrudescence-voyons-aujourd-hui-170429438.html; https://actu.fr/normandie/pont-audemer_27467/cyberattaque-des-plateformes-de-gestion-du-tiers-payant-les-opticiens-ont-du-sadapter_60906169.html; https://www.argusdelassurance.com/les-distributeurs/courtiers/cyberattaque-de-viamedis-et-almerys-helium-a-ete-touche-par-rebond-thierry-auzole.231050; https://www.lemondeinformatique.fr/actualites/lire-sur-fond-de-cyberattaques-les-plaintes-a-la-cnil-repartent-a-la-hausse-93565.html; https://www.techniques-ingenieur.fr/actualite/articles/piratage-du-tiers-payant-nos-donnees-personnelles-sont-elles-efficacement-protegees-132526/,2024-02-06,2024-02-06
3115,Ransomware group Medusa targeted Italian Cloud Service Provider CloudFire stealing 400 GB of data on 25 January 2024,"The Italian cloud service provider CloudFire, based in Reggio nell’Emilia, was the victim of a ransomware attack allegedly carried out by the Medusa group on 25 January 2024. The threat actors obtained 400 GB of data from nine Italian companies. The affected companies are not disclosed but identified as operating in diverse sectors, including vehicle sales, web marketing, legal services, occupational health and safety consultancy, food, travel agencies, and telecommunications services. The compromised data reportedly contained personal identification documents, notarial deeds, sales contracts, financial and administrative documents, budgets, employment contracts, and payrolls. As proof, Medusa has published 30 files containing copies of identity documents. The group demanded a ransom of $100,000 in bitcoin for the deletion or download of the stolen data.",2024-01-25,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Not available - Not available - CloudFire - Not available - Not available,Italy; Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health -  - Telecommunications - Food - Telecommunications,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,16886,2024-01-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.suspectfile.com/italian-companies-hit-by-cyber-attack-cloudfire-data-breach-exposes-9-firms-to-extensive-data-theft/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://research.checkpoint.com/2024/5th-february-threat-intelligence-report/; https://www.suspectfile.com/italian-companies-hit-by-cyber-attack-cloudfire-data-breach-exposes-9-firms-to-extensive-data-theft/,2024-02-06,2024-03-05
3106,"Unknown Hacker Disrupted Three Hospitals in District of Soest, Germany encrypted and stole data, on 2 February 2024","On 2 February 2024, the IT infrastructure of three hospitals in the district of Soest, North Rhine-Westphalia, Germany, was targeted by a network disruption. Affected hospitals included the Dreifaltigkeits-Hospital in Lippstadt, the Marien-Hospital in Erwitte and the Hospital zum Heiligen Geist in Geseke, all of which are connected via a shared network with the Dreifaltigkeits-Hospital in Lippstadt as the central node.
This incident led to operational limitations, as the hospitals were unable to admit new patients or carry out planned operations. Emergency services remained in place. 
The North Rhine-Westphalia Cybercrime Centre (ZAC NRW) in cooperation with the Dortmund police initiated an investigation into the origin of the intrusion and the impact of the disruption. The threat actors also encrypted and stole data during the attack, the hospitals announced in a joint statement in the beginning of March. At the time of reporting, it remained unclear what specific data had been compromised, although affected records are believed to contain patient information and internal documents.",2024-02-02,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,Marien-Hospital - Dreifaltigkeits-Hospital - Hospital zum Heiligen Geist,Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health,Not available,Not available,Not available,,1,18360,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.soester-anzeiger.de/lokales/kreis-soest/wieder-ein-cyberangriff-keine-op-und-neuaufnahmen-in-krankenhaeusern-lippstadt-erwitte-und-geseke-92811347.html; https://www1.wdr.de/nachrichten/cyberangriffe-auf-krankenhaeuser-100.amp; https://www.heise.de/news/Nach-Cyberangriff-Kliniken-im-Kreis-Soest-von-Notfallversorgung-abgemeldet-9621642.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Datenabfluss-nach-Ransomware-Angriff-auf-Klinikverbund-im-Kreis-Soest-9647316.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://dreifaltigkeits-hospital.de/informationen-veranstaltungen/meldung-gemaess-34-kdg,2024-02-05,2024-03-28
3105,Unknown Hackers Hijacked Facebook Page of Argentina's Ministry of Social Development on 2 February 2024,Unknown actors took control over the Facebook page of Argentina's Ministry of Social Development on 2 February 2024. Facebook remains a crucial communication link between the public and the ministry. ,2024-02-02,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Ministry Of Social Development (Santa Cruz),Argentina,SOUTHAM,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,16953,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Account Access Removal,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.opisantacruz.com.ar/2024/02/02/gobierno-anuncio-el-pago-de-prestaciones-sociales/,2024-02-05,2024-02-09
3104,Medusa Ransomware Group targeted Venezuelan Telecommunications Company Digitel With Ransomware on 2 February 2024,"The ransomware group Medusa initiated a ransomware attack against the Venezuelan telecommunications company Digitel on 2 February 2024. The criminal collective compromised personal user data and encrypted corporate databases. To unlock the data and refrain from leaking internal information, the cybercriminals demanded a payment of $5 million within nine days by 11 February. On 12 February, personal data of millions of users have been released.",2024-02-02,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Digitel,Venezuela,SOUTHAM,Critical infrastructure,Telecommunications,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,18362,2024-02-02 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://venezuelavision.com/ciberdelincuentes-piden-5-millones-para-devolver-los-datos-de-los-usuarios-de-digitel/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://nuevodia.com.ve/sabes-cuanto-le-piden-los-hackers-a-digitel-para-liberar-los-datos/; https://nuevodia.com.ve/sabes-cuanto-le-piden-los-hackers-a-digitel-para-liberar-los-datos/; https://www.aporrea.org/tecno/n390089.html; https://www.aporrea.org/tecno/n390089.html; https://elclarinweb.com/digitel-activa-bloqueo-tras-amenazas-de-ciberataque/; https://cactus24.com.ve/2024/02/03/5-millones-la-cifra-millonaria-de-los-hackers-a-digitel-para-liberar-datos-secuestrados/; https://cactus24.com.ve/2024/02/03/5-millones-la-cifra-millonaria-de-los-hackers-a-digitel-para-liberar-datos-secuestrados/; https://www.descifrado.com/2024/02/02/ciberdelincuentes-piden-5-millones-para-devolver-los-datos-de-los-usuarios-de-digitel/; https://www.elimpulso.com/2024/02/02/son-titulares-viernes-2feb/; https://venezuelavision.com/ciberdelincuentes-piden-5-millones-para-devolver-los-datos-de-los-usuarios-de-digitel/; https://www.lapatilla.com/2024/03/05/en-febrero-aumento-la-intimidacion-y-la-censura-a-la-libertad-de-expresion-en-venezuela/; https://elnuevopais.net/2024/03/05/febrero-de-mordaza-en-venezuela-reporta-espacio-publico/; https://www.lapatilla.com/2024/03/05/en-febrero-aumento-la-intimidacion-y-la-censura-a-la-libertad-de-expresion-en-venezuela/,2024-02-05,2024-04-04
3103,Pro-Russian Group NoName057(16) carried out DDoS attack against multiple Finnish website on 1 February 2024,"The pro-Russian hacktivist group NoName057(16) carried out multiple DDoS attacks against several Finnish websites in early February 2024, as confirmed by the group via its Telegram channel on 2 February 2024. The city administrations of Helsinki, Tampere and Turku were among the entities affected by these DDoS attacks. In addition to the city portals, the Bank of Finland, the Agency for Regulation and Development of Transport and Communications Infrastructure and the Association of Engineers in Finland were also listed as victims.
NoName057(16) linked the selection of targets in Finland to the country's continuous support for Ukraine.",2024-02-01,2024-02-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,City of Turku website - Bank of Finland - Association of Engineers in Finland - City of Tampere website  - City of Helsinki website - Agency for Regulation and Development of Transport and Communications,Finland; Finland; Finland; Finland; Finland; Finland,EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU,State institutions / political system - Critical infrastructure - Other - State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Finance -  - Civil service / administration - Civil service / administration - Civil service / administration,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,16951,2024-02-02 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/2778,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://yle.fi/a/74-20072771; https://t.me/noname05716eng/2778; https://www.hs.fi/talous/art-2000010200893.html; https://www.mtvuutiset.fi/artikkeli/venajalta-historian-suurin-verkkohyokkays-suomalaisyrityksiin/8870826; https://www.mtvuutiset.fi/artikkeli/kyberturvallisuuskeskus-venaja-mielisten-haktivistien-palvelunestohyokkaykset-ohi-perjantain-ennatysiskun-jalkeen/8871288; https://t.me/noname05716eng/2779,2024-02-05,2024-03-28
3102,Rhysida ransomware group suspected of disrupting Italian regional healthcare provider ASP Basilicata on 28 January 2024,"The Rhysida ransomware group is suspected to have targeted the regional healthcare provider ASP Basilicata in Italy on 28 January 2024, causing disruptions. The regional authority responded by evaluating the incident's impact and forming an internal crisis unit for management. Essential services like the Unique Booking Center, Arca, and Laboratory services partially restored soon after the incident. The National Cybersecurity Agency's CISIRT Italia supported the recovery efforts, which reportedly took two weeks. On 15 February, Rhysidia claimed responsibility for the incident, issuing a ransom demand of €723,000. ",2024-01-28,2024-01-28,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,ASP Basilicata,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Health,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,18370,2024-02-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,4.0,Weeks (< 4 weeks),,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.ondanews.it/attacco-hacker-alla-regione-basilicata-violati-i-dati-degli-utenti-delle-aziende-sanitarie/; https://www.wired.it/article/regione-basilicata-attacco-cybercriminali/; https://www.aspbasilicata.it/2024/01/28/registrati-disagi-informatici-nel-sistema-sanitario-regionale/; https://www.lemagit.fr/actualites/366568773/Cyberhebdo-du-2-fevrier-2024-une-semaine-intense; https://www.trmtv.it/cronaca/2024_02_02/413009.html; https://www.basilicata24.it/2024/02/sanita-lucana-dopo-lattacco-informatico-riprendono-le-attivita-bloccate-allasp-134406/; https://www.trmtv.it/tecnologia/2024_02_09/413972.html; https://www.materalife.it/notizie/asm-ripristinati-i-sistemi-sanitari-telematici-dopo-gli-attacchi-hacker/; https://twitter.com/H4ckManac/status/1758120535278473325,2024-02-05,2024-03-28
3101,Unknown Threat Actor targeted German IT Service Provider AnyDesk on 20 December 2023,"The German IT service provider AnyDesk publicly confirmed a compromise of its production systems on 20 December 2023 after some technical issues had first been reported to the company on 25 January. On 29 January, the German Federal Office for Information Security (BSI) had alerted CERT-FR within the French cybersecurity agency ANSSI about the incident. A BSI advisory, released on 5 February, disclosed the theft of source code elements and certificates, raising concerns that these could enable supply-chain compromises or adversary-in-the-middle attacks. By 7 February, AnyDesk confirmed that security certificates had been revoked, and the company was in the process of rescinding code-signing certificates.
The cyber security company Resecurity discovered a significant number of AnyDesk customer credentials, possibly over 30,000, available for purchase on the Dark Web. Further analysis revealed this user data likely stemmed from previous unrelated infostealer infections on end-user devices.",2023-12-20,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim; Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,AnyDesk,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,17329,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2024-02-05 00:00:00,EU member states: Preventive measures,Awareness raising,Germany,Federal Office for Information Security (BSI),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/158595/cyber-crime/anydesk-credentials-leaked-dark-web.html; https://tarnkappe.info/artikel/it-sicherheit/anydesk-gehackt-angreifer-dringen-in-produktionsserver-ein-288860.html; https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/; https://stadt-bremerhaven.de/fernwartung-anydesk-wurde-opfer-eines-cyberangriffs/; https://www.karar.com/teknoloji-haberleri/o-uygulamayi-kullananlar-dikkat-hacklenmis-olabilirsiniz-siber-1833913; https://anydesk.com/en/public-statement; https://www.resecurity.com/blog/article/following-the-anydesk-incident-customer-credentials-leaked-and-published-for-sale-on-the-dark-web; https://www.heise.de/news/Montag-Cyberangriff-auf-Anydesk-Daten-Microsoft-mit-Dark-Patterns-fuer-Edge-9618022.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://unaaldia.hispasec.com/2024/02/anydesk-confirma-ciberataque-a-servidores-de-produccion-codigo-fuente-y-claves-robadas.html; https://unaaldia.hispasec.com/2024/02/anydesk-confirma-ciberataque-a-servidores-de-produccion-codigo-fuente-y-claves-robadas.html; https://www.heise.de/news/Kundendaten-von-Anydesk-zum-Verkauf-angeboten-9617991.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.yenialanya.com/haber/19098621/anydesk-kullananlara-flas-uyari-hacklendiniz; https://www.hwupgrade.it/news/web/anydesk-conferma-la-violazione-dei-server-di-produzione-cambiate-la-password-subito_124041.html; https://research.checkpoint.com/2024/5th-february-threat-intelligence-report/; https://www.usine-digitale.fr/article/l-editeur-de-logiciels-anydesk-victime-d-une-cyberattaque-des-identifiants-mis-en-vente-sur-le-dark-web.N2207810; https://www.netzwoche.ch/news/2024-02-05/anydesk-faellt-cyberangriff-zum-opfer; https://www.infosecurity-magazine.com/news/anydesk-hit-cyberattack-customer/; https://www.inside-it.ch/fernwartungssoftware-anydesk-gehackt-20240205; https://therecord.media/anydesk-software-safe-to-use-cyberattack; https://www.linformaticien.com/61640-cyberattaque-des-donnees-de-l-editeur-anydesk-sur-le-darkweb.html; https://www.bitmat.it/cyber-security-culture/anydesk-colpita-da-attacco-informatico-si-consiglia-il-reset-delle-password/; https://www.zdnet.de/88414079/anydesk-meldet-hackerangriff/; https://securityaffairs.com/158632/hacking/anydesk-disclosed-security-breach.html; https://digitalreport.com.tr/anydesk-hacklendi-151451/; https://www.heise.de/news/Anydesk-Einbruch-datiert-vermutlich-auf-Dezember-2023-9621134.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://anydesk.com/en/public-statement; https://anydesk.com/en/faq-incident; https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/; https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf?__blob=publicationFile&v=2; https://securityaffairs.com/158881/security/cyber-security-stats.html; https://www.sporx.com/anydesk-hacklendi-mi-anydesk-hacked-nedir-SXHBQ1056445SXQ; https://securityaffairs.com/158965/breaking-news/security-affairs-newsletter-round-458-by-pierluigi-paganini-international-edition.html; https://www.heise.de/news/Malware-ueber-kritische-Luecke-in-ConnectWise-ScreenConnect-verteilt-9637247.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.cybereason.com/blog/threat-alert-the-anydesk-breach-aftermath,2024-02-05,2024-02-21
3099,Unconfirmed threat actor deployed Lockbit 3.0 ransomware against Spanish municipality of Sant Antoni de Portmany on 31 January 2024,"An unidentified threat actor targeted the City Council of Sant Antoni de Portmany, a Spanish municipality on the western coast of Ibiza, with Lockbit 3.0 malware on 31 January 2024. Municipal officials confirmed that the council experienced a ransomware attack, rendering internal systems inaccessible. At the time of reporting, no ransomware collective had declared responsibility for the targeting of the Council. According to a statement by the Sant Antoni de Portmany Town Hall from 17 February 2024, Lockbit 3.0 ransomware was used for encrypting the municipal files.
",2024-01-31,2024-01-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,City Council of Sant Antoni de Portmany ,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,18367,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2024-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Spain,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.diariodeibiza.es/ibiza/2024/02/02/ibiza-ciberataque-secuestra-sistema-informatico-97633663.html; https://www.diariodeibiza.es/ibiza/2024/02/02/ibiza-ciberataque-secuestra-sistema-informatico-97633663.html; https://www.diariodeibiza.es/ibiza/2024/02/03/sant-antoni-salva-ciberataque-esencial-97683166.html; https://www.diariodeibiza.es/ibiza/2024/02/03/sant-antoni-salva-ciberataque-esencial-97683166.html; https://www.diariodeibiza.es/ibiza/2024/02/02/sant-antoni-sigue-sistema-informatico-97651854.html; https://www.diariodeibiza.es/ibiza/2024/02/02/sant-antoni-sigue-sistema-informatico-97651854.html; https://www.noudiari.es/noticias-ibiza-formentera-sidebar/el-ayuntamiento-de-sant-antoni-no-pagara-el-rescate-por-el-secuestro-de-datos-municipales/; https://www.diariodeibiza.es/ibiza/2024/02/06/sant-antoni-restablece-servicios-tramitaciones-97830372.html; https://www.diariodeibiza.es/ibiza/2024/02/06/sant-antoni-restablece-servicios-tramitaciones-97830372.html; https://cadenaser.com/baleares/2024/02/06/sant-antoni-dice-que-nunca-pagara-un-rescate-tras-el-ciberataque-sufrido-la-semana-pasada-radio-ibiza/; https://cadenaser.com/baleares/2024/02/06/sant-antoni-dice-que-nunca-pagara-un-rescate-tras-el-ciberataque-sufrido-la-semana-pasada-radio-ibiza/; http://www.gentedigital.es/ibiza/noticia/3775245/sant-antoni-preve-tener-operativos-la-proxima-semana-la-mayoria-de-servicios-tras-el-ciberataque/; https://www.santantoni.net/es_ES/actualidad/noticias/-/asset_publisher/Nh0NuarPB00q/content/comunicat-situacio-actual-del-ciberatac-a-l-ajuntament-de-sant-antoni/24432; https://www.noticiasde.es/islas-baleares/sant-antoni-planea-tener-en-funcionamiento-la-mayoria-de-servicios-la-semana-proxima-despues-del-ciberataque/; https://cadenaser.com/baleares/2024/02/17/el-ayuntamiento-de-sant-antoni-ya-ha-recuperado-el-90-de-sus-equipos-informaticos-tras-el-ciberataque-sufrido-a-finales-de-enero-radio-ibiza/; https://www.noudiari.es/noticias-ibiza-formentera-sidebar/sant-antoni-tendra-operativos-la-semana-que-viene-la-mayoria-de-servicios-tras-el-ciberataque-sufrido/; https://cadenaser.com/baleares/2024/02/21/una-operacion-policial-internacional-jaquea-los-servicios-del-grupo-responsable-del-ciberataque-a-sant-antoni-radio-ibiza/; https://www.cronicabalear.es/2024/cae-el-grupo-de-hackers-que-ataco-al-ayuntamiento-de-calvia-y-de-sant-antoni/; https://www.diariodeibiza.es/ibiza/2024/02/21/hackers-sant-antoni-cercados-operacion-98464175.html; https://www.noudiari.es/local-ibiza/desmantelado-el-grupo-responsable-del-ciberataque-al-ayuntamiento-de-sant-antoni/; https://www.noudiari.es/opinion-ibiza/ciberseguridad-una-prioridad-politica-por-javier-torres/; https://www.noudiari.es/opinion-ibiza/ciberseguridad-una-prioridad-politica-por-javier-torres/; https://www.diariodemallorca.es/sucesos/sucesos-mallorca/2024/03/09/piratas-encriptan-ordenador-pague-ataquescalvia-guardia-civil-mallorca-99249437.html; https://www.noudiari.es/noticias-ibiza-formentera-sidebar/el-ayuntamiento-de-sant-antoni-recupera-el-90-de-los-sistemas-de-informacion-afectados-por-el-ciberataque/; https://cadenaser.com/baleares/2024/03/15/los-sistemas-informaticos-de-sant-antoni-se-recuperan-al-90-tras-el-ciberataque-sufrido-hace-unos-meses-radio-ibiza/; https://www.noudiari.es/noticias-ibiza-formentera-sidebar/sa-veu-des-poble-propone-la-puesta-en-marcha-de-un-plan-de-ciberseguridad-en-el-ayuntamiento-de-sant-joan/,2024-02-05,2024-03-28
3098,Rhysida ransomware suspected of causing disruption at US Lurie Children's Hospital in Chicago on 1 February 2024,"The Lurie Children’s Hospital in Chicago, in the US state of Illinois, experienced network disruptions on 1 February 2024. Outages affecting Internet connectivity, email, telephone services, and a virtual consultation platform caused delays in medical services. In response to the incident, certain elective surgeries and procedures had to be postponed. Lurie Children’s Hospital is the primary provider of paediatric healthcare in Illinois, with a total capacity of 360 beds. The network had been offline for at least two weeks, affecting some surgeries that had to rely on manual procedures, as electronic devices could not be used. On 27 February, the ransomware gang Rhysida listed the hospital on their extortion website in the darknet. The group claimed to have stolen 600 GB of data and offered to sell the data for $3.4 million. ",2024-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Lurie Children's Hospital ,United States,NATO; NORTHAM,Critical infrastructure,Health,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,18366,2024-02-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Minor,4.0,Weeks (< 4 weeks),,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/158609/cyber-crime/lurie-childrens-hospital-cyberattack.html; https://www.statnews.com/2024/02/02/healthcare-cyber-security-lurie-childrens-hospitals-hacking/; https://www.bleepingcomputer.com/news/security/lurie-childrens-hospital-took-systems-offline-after-cyberattack/; https://x.com/LurieChildrens/status/1753576663189786654?s=20; https://x.com/LurieChildrens/status/1753272103522968046?s=20; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-2nd-2024-no-honor-among-thieves/; https://www.foxnews.com/world/chicago-childrens-hospital-targeted-cyber-attack-limiting-access-medical-records-nearly-week; https://blockclubchicago.org/2024/02/05/lurie-childrens-hospital-offline-for-days-amid-cyber-attack/; https://securityaffairs.com/158965/breaking-news/security-affairs-newsletter-round-458-by-pierluigi-paganini-international-edition.html; https://scnow.com/news/nation-world/business/health-care/cyberattacks-hospital-lurie-childrens-ransom/article_9350e17b-086e-5350-a7e3-848fc25b2ef5.html; https://www.wusf.org/health-news-florida/2024-02-17/hospital-cyberattacks-are-likely-to-increase-and-put-lives-at-risk-experts-warn; https://www.bleepingcomputer.com/news/security/rhysida-ransomware-wants-36-million-for-childrens-stolen-data/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-1st-2024-healthcare-under-siege/; https://research.checkpoint.com/2024/4th-march-threat-intelligence-report/; https://www.itworldcanada.com/article/healthcare-sector-stretched-thin-in-fight-against-cyber-attacks-warns-cso-of-health-isac/559886; https://eltiempolatino.com/2024/03/06/noticias-locales/chicago/la-principal-institucion-pediatrica-de-chicago-se-recupera-de-ciberataque/; https://eltiempolatino.com/2024/03/06/noticias-locales/chicago/la-principal-institucion-pediatrica-de-chicago-se-recupera-de-ciberataque/; https://www.govinfosecurity.com/ehrs-back-at-kids-hospital-but-patient-portal-still-offline-a-24548; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax,2024-02-05,2024-03-28
3095,Unknown Threat Actors targeted 35 Members of Civil Society in Jordan with Pegasus Spyware between 2019 and September 2023,"A partnership of civil society organisations identified 35 individuals in Jordan, including activists, journalists, and lawyers, that were targeted with the NSO Group's Pegasus spyware between 2019 and September 2023. During 2022 and 2023, Access Now's Digital Security Helpline, in collaboration with the Citizen Lab, conducted a forensic investigation confirming the deployment of NSO Group's Pegasus spyware against nine devices of members of Jordan's civil society. The investigation identified traces of Pegasus' zero-click and one-click exploits on iOS devices (specifically, PWNYOURHOME, FINDMYPWN, FORCEDENTRY, and BLASTPASS). For an additional 21 individuals, the probe confirmed forensic findings indicating that they had been targeted. Investigative partners at Human Rights Watch, Amnesty International’s Security Lab, and the Organized Crime and Corruption Reporting Project identified five further victims.
Affected individuals that agreed to be identified include Adam Coogle and Hiba Zayadin of Human Rights Watch, focusing on Middle East and North Africa issues; Manal Kasht, a Jordanian translator and civil society activist; lawyers Omar Atout, Hala Ahed, Alaa Al-Hiyari, Jamal Jeet, Asem Al-Omari, and Loay Obeidat, known for their activism and legal defense of human rights; journalists Rana Sabbagh of the Organized Crime and Corruption Reporting Project (OCCRP) and Daoud Kuttab, a Palestinian-American media activist, along with Lara Dihmis, also from OCCRP; and Hosam Gharaibeh, director of Husna Radio. Out of privacy and safety concerns, the identities of the remaining victims were not disclosed.

",2019-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,Unnamed information technologist  - (Un)Named NGO representatives - (Un)Named human rights lawyers - (Un)Named journalists and media organizations staff - Unnamed politician - (Un)Named activists ,Jordan; Not available; Jordan; Jordan; Jordan; Jordan,ASIA; MENA; MEA -  - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA,Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Social groups - Media - State institutions / political system - Social groups, -  - Advocacy / activists (e.g. human rights organizations) -  -  - Advocacy / activists (e.g. human rights organizations),Not available,Not available,Not available,,1,16945,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,multiple,Drive-By Compromise,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.accessnow.org/publication/between-a-hack-and-a-hard-place-how-pegasus-spyware-crushes-civic-space-in-jordan/; https://apnews.com/article/jordan-hacking-pegasus-spyware-nso-group-99b0b1e4ee256e0b4df055f926349a43#; https://www.accessnow.org/wp-content/uploads/2024/01/Public-Pegasus-infections-in-Jordan-in-2022-and-2023-a-technical-brief.pdf; https://citizenlab.ca/2024/02/confirming-large-scale-pegasus-surveillance-of-jordan-based-civil-society/; https://netzpolitik.org/2024/spionagetechnologie-in-jordanien-mehr-spionageopfer-durch-staatstrojaner-pegasus/; https://cyberscoop.com/visa-travel-commercial-spyware/; https://cyberscoop.com/google-governments-need-to-do-more-to-combat-commercial-spyware/; https://securityaffairs.com/159847/security/nso-group-vs-meta-pegasus-hand-over.html,2024-02-02,2024-03-28
3094,Unknown State Nexus Actor Gained Access to Systems of US IT Service Management Company Cloudflare in Mid-November 2023,"In November 2023, Cloudflare suffered a breach when its internal Atlassian server was compromised by threat actors leveraging credentials from a previous Okta breach. The intrusion, suspected to have been carried out by a state nexus actor, targeted Cloudflare's Confluence wiki, Jira bug database, and Bitbucket source code management system. The operation traces back to 14 November when the threat actor conducted reconnaissance before accessing critical systems and attempted to infiltrate a Cloudflare data centre in São Paulo, Brazil, which at the time was still under construction. While these attempts failed, equipment at the centre was pulled and returned to vendors as a precautionary measure.
Upon discovering the malicious activity, Cloudflare quickly shut down access on 24 November, initiated a thorough investigation, and conducted a ""Code Red"" security review. Under this comprehensive response plan, the company updated over 5,000 production credentials, reimaged and rebooted all systems throughout its global network.  
Cloudflare assessed that no customer data or services were compromised.",2023-11-14,2023-11-24,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on critical infrastructure target(s)",,Incident disclosed by victim,Hijacking without Misuse,Cloudflare,United States,NATO; NORTHAM,Critical infrastructure,Digital Provider,Not available,Not available,State,,1,16943,2024-02-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker,Matthew Prince (Co-founder & CEO of Cloudflare) et al. ,Not available,United States,Not available,Not available,State,https://blog.cloudflare.com/thanksgiving-2023-security-incident,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/cloudflare-hacked-using-auth-tokens-stolen-in-okta-attack/; https://therecord.media/nation-state-actor-used-stolen-okta-credentials-to-target-cloudflare; https://blog.cloudflare.com/thanksgiving-2023-security-incident; https://securityaffairs.com/158504/hacking/cloudflare-thanksgiving-day-attack.html; https://www.lemondeinformatique.fr/actualites/lire-les-soupcons-etatiques-derriere-la-cyberattaque-contre-cloudflare-92856.html; https://www.channelnewsasia.com/business/cloudflare-says-state-backed-hackers-tried-burrow-its-global-network-4093436; https://thehackernews.com/2024/02/cloudflare-breach-nation-state-hackers.html; https://securityaffairs.com/158881/security/cyber-security-stats.html; https://www.bleepingcomputer.com/news/security/okta-says-data-leaked-on-hacking-forum-not-from-its-systems/; https://www.heise.de/news/Okta-warnt-vor-vermehrten-Credential-Stuffing-Angriffen-9703174.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.dailysecu.com/news/articleView.html?idxno=155576,2024-02-02,2024-05-02
3097,Iranian hackger group Homeland Justice supposedlyattacked Albanian Institute of Statistics (INSTAT) on 31 January 2024,"Unknown threat actors attacked the Albanian Institute of Statistics (INSTAT) on 31 January 2024, the institute reported. INSTAT communicated in a media release the following day that its IT systems had been subject to an intrusion. The institute disconnected internet connections and activated emergency protocols to protect data and statistical information. In collaboration with national authorities, the agency is investigating the motive behind and origin of the compromise. INSTAT confirmed that census data is stored in separate dedicated systems and not affected by the breach. On February 1, Iranian linked hacking group ""Homeland Justice"" claimed responsibility for the attack. On their telegram channel they claimed that data had been copied and removed along with a video showing allegdly stolen data. The institute denied those claims. Cybersecurity researchers said Iranian hackers have been responsible for recent attacks on the Albanian parliament, two local telecom companies, and Albania’s flagship air carrier. Cybersecurity researchers said Iranian hackers have been responsible for recent attacks on the Albanian parliament, two local telecom companies, and Albania’s flagship air carrier.
",2024-01-31,2024-01-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,Institute Of Statistics (INSTAT) of Albania,Albania,EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system,Civil service / administration,Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS),Not available,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,17030; 17030,2024-02-01 00:00:00; 2024-02-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms; Attacker confirms,Not available; Not available,Not available; Not available,"Iran, Islamic Republic of; Iran, Islamic Republic of",Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS); Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS),Not available; Not available,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://abcnews.go.com/Technology/wireStory/albanias-institute-statistics-suffers-cyberattack-systems-affected-106857357; https://www.facebook.com/institutistatistikave/posts/pfbid0WDNCm1Jf8zZryg4Tj4UT9eGNrN4u2hp9Xr9gxrZjsDb5HVwktDAyesPMbenmpQNql; https://securityaffairs.com/158588/breaking-news/security-affairs-newsletter-round-457-by-pierluigi-paganini-international-edition.html; https://www.lemagit.fr/actualites/366568773/Cyberhebdo-du-2-fevrier-2024-une-semaine-intense; https://www.darkreading.com/ics-ot-security/iran-israel-cyber-war-goes-global; https://www.haberler.com/guncel/arnavutluk-istatistik-enstitusune-iran-destekli-siber-saldiri-suclamasi-16852778-haberi/; https://www.sondakika.com/guncel/haber-arnavutluk-iran-destekli-bir-grup-tarafindan-yapil-16852785/,2024-02-02,2024-02-12
3096,Unknown Threat Actor disrupted business systems at US Utility Provider Muscatine Power and Water (MPW) in January 2024,"US utility provider Muscatine Power and Water (MPW) experienced a brief disruption of company business systems, as disclosed in a press release on 29 January 2024. MPW subsequently engaged forensic experts to assess the extent of the breach and restore secure operations. Office, field and power generation operations continued unaffected.
",2024-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Muscatine Power and Water (MPW),United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure; Critical infrastructure,Energy; Water; Telecommunications,Not available,Not available,Not available,,1,16946,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://mpw.org/publications/mpw-customer-update/,2024-02-02,2024-02-08
3093,LockBit Ransomware Group targeted US Saint Anthony Hospital in Chicago on 18 December 2023,"The LockBit Ransomware Group attacked US Saint Anthony Hospital in Chicago on 18 December 2023, the hospital disclosed in a statement on 29 January 2024. The following investigations revealed that an unidentified actor had copied patient information files from the network. While the precise categories of affected information remain undisclosed, there is no indication that the hospital's Electronic Medical Record (EMR) database or overall financial systems were compromised, the hospital stated.
The LockBit ransomware group claimed responsibility for the compromise on its leak site on 30 January 2024, setting a deadline of two days for the payment of an extortion sum of almost $900,000.",2023-12-18,2023-12-18,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware; Data theft; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Health; Health,,Not available,Non-state-group; Non-state-group,Criminal(s); Criminal(s),1,16757,2024-01-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,LockBit,Not available,Not available,,Not available,Non-state-group,https://therecord.media/ransomware-saint-anthony-hospital-chicago,Not available; Not available,Not available; Not available,,Not available; Not available,,0,,Not available,,Not available,Not available,No; No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity); For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available; Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity); Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none; none,none; none,3,Moderate - high political importance; Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/ransomware-saint-anthony-hospital-chicago; https://sahchicago.org/images/cybersecurity/Saint-Anthony-HIPAA-Notification_website_English_2024Jan29.pdf; https://www.inside-it.ch/ransomware-bande-lockbit-wirft-skrupel-ueber-bord-20240202; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-2nd-2024-no-honor-among-thieves/,2024-02-01,2024-02-15
3092,Knight ransomware group obtained confidential information from Romanian Chamber of Deputies in January 2024,"The Knight ransomware group obtained an estimated 300MB of partly public and partly confidential information from the Romanian Chamber of Deputies in January 2024, comprising the identity documents of senior politicians - including of the Romanian prime minister - bank information and medical records.  The incident became public when the Romanian news website Digi24 reported on 30 January about hackers that threatened to release stolen data from the parliament in case they would not receive a ransom. Digi24 reported that the group had started to disclose a preview of the stolen information online. A spokesperson of the Chamber clarified that no ransom demand had been received. The Romanian Directorate for Investigating Organized Crime and Terrorism opened a criminal case concerning the incident.",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse; Ransomware,,Romania,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system,Legislative,Not available,Not available,Non-state-group,Criminal(s),1,18385,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://www.romania-insider.com/hackers-confidential-information-cyber-attack-parliament-romania-2024,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.romania-insider.com/hackers-confidential-information-cyber-attack-parliament-romania-2024; https://www.digi24.ro/stiri/actualitate/politica/atac-cibernetic-la-camera-deputatilor-buletinul-lui-ciolacu-a-ajuns-pe-mana-hackerilor-2668783; https://www.news.ro/politic-intern/bresa-de-securitate-de-la-camera-deputatilor-ciolacu-o-sa-imi-schimb-buletinul-avem-de-a-face-cu-un-razboi-hibrid-si-nu-numai-romania-intreaga-europa-este-supusa-acestui-atac-1922400331002024011321477874; https://www.news.ro/politic-intern/update-bresa-securitate-camera-deputatilor-s-au-furat-316-documente-inclusiv-copii-actelor-identitate-parlamentarilor-atac-cibernetic-masiv-asupra-site-ului-dnsc-25-000-atacuri-zilnic-romania-1922403831002024011021477704; https://www.agerpres.ro/politica/2024/01/31/bogdan-ivan-316-fisiere-cu-un-volum-de-300-de-megabytes-copiate-in-atacul-cibernetic-asupra-camerei-deputatilor--1240835; https://www.agerpres.ro/english/2024/02/17/no-ransom-for-cyber-attacks-no-negotiation-on-this-issue-cyber-security-directorate--1250519; https://www.agerpres.ro/english/2024/01/30/we-have-confirmation-of-chamber-of-deputies-cyber-attack-digital-transformation-minister--1240516; https://www.agerpres.ro/english/2024/01/30/cyber-security-breach-at-chamber-of-deputies--1240252; https://stirileprotv.ro/stiri/politic/hackerii-care-au-spart-baza-de-date-a-camerei-deputatilor-cer-o-rascumparare-de-40-000-de-euro-avem-250-000-mb-de-documente.html; https://mastodon.social/@PogoWasRight@infosec.exchange/111847806079156208,2024-02-01,2024-03-29
3091,Unknown hackers targeted Croatian Financial Services Supervisory Agency (Hanfa) on 23 January 2024,"The servers of the Croatian Financial Services Supervisory Agency (Hanfa) were targeted by unknown hackers on 23 January 2024, disrupting the website and electronic communications of the organisation. Access to these systems was gradually restored by 25 January. The agency's reporting and public register remained unavailable for an unspecified period. ",2024-01-23,2024-01-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Croatian Financial Services Supervisory Agency (Hanfa),Croatia,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17137,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2024-01-30 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Croatia,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hanfa.hr/news/notice-on-cyber-attack/; https://www.hanfa.hr/news/recovery-from-cyber-attack-on-hanfas-system/,2024-01-31,2024-02-14
3090,Unknown threat actors infiltrated interal network of Global Affairs Canada between 20 December 2023 and 24 January 2024,"An internal network of Global Affairs Canada (GAC), the country's foreign ministry, was compromised by unknown actors between 20 December 2023 and 24 January 2024, the government department confirmed in a statement on 30 January. The breach targeting the virtual private network (VPN) used by staff to connect to and access resources of Global Affairs's Ottawa headquarters is estimated to have affected at least two internal drives, in additional to emails, calendars and official contacts, according to a GAC memo. As a precautionary measure, some staff members were ordered to stop working remotely when the incident was detected on 24 January. All users of laptops connected to SIGNET (Secure Integrated Global Network), the department's secure network, were notified that their information may have been exposed. Shared Services Canada, the government service managing the VPN system, and the Canadian Centre for Cyber Security conduct an investigation into the incident, including to assess whether classified information has been accessed. ",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Global Affairs Canada,Canada,NATO; NORTHAM,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,17138,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Shared Services Canada,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.cbc.ca/news/politics/global-affairs-security-breach-1.7099290; https://www.ctvnews.ca/politics/data-breach-at-global-affairs-canada-affecting-some-users-personal-information-1.6748693,2024-01-31,2024-02-14
3089,"IT architectuer of continuous adult education centre in Vaterstetten, Germany, disrupted on 28 January 2024",The IT architecture of the continuous adult education centre Volkshochschule Vaterstetten in Germany was taken down by unknown actors on 28 January 2024. The school isolated affected servers were isolated but had to contend with limited access to its email services until 31 January. Courses continued unaffected. ,2024-01-28,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Volkshochschule Vaterstetten,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Unknown - not attributed,,1,17139,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-01-28 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Bayrische Polizei (Bavarian Police),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.vhs-vaterstetten.de/; https://www.merkur.de/lokales/ebersberg/vaterstetten-ort29638/cyberangriff-auf-die-vhs-vaterstetten-helmut-ertel-polizei-sicherungsmassnahmen-92804982.html; https://www.lemagit.fr/actualites/366568773/Cyberhebdo-du-2-fevrier-2024-une-semaine-intense; https://b304.de/vhs-wieder-einsatzfaehig/,2024-01-31,2024-02-14
3088,"Unknown hackers launched ransomware attack against Misbourne School in Great Missenden, UK, on 23 January 2024","On 23 January 2024, the Misbourne School in Great Missenden in the United Kingdom was targeted by unknown hackers with ransomware. School servers were encrypted, taking down communication systems. In response to the incident, the school initially suspended classes until 31 January for its over 1,000 students. Classes for year 11 and 13 students were already resumed on 29 January. Certain services continued to be unavailable beyond this time, including Wi-Fi connections. The school also confirmed in the beginning of Feburary that sensitive personal information was also tapped during the attack, which has been exposed on the dark web. All individuals related to The Misbourne are advised to change their online passwords.
",2024-01-23,2024-01-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,,Not available,Not available,,1,17140,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bucksfreepress.co.uk/news/24085517.misbourne-great-missenden-reopening-cyber-attack/; https://misbourne.s3.amazonaws.com/uploads/lettershome/Letter-to-families-30-Jan-2024.pdf?t=1706631785; https://uk.news.yahoo.com/sensitive-personal-data-linked-people-123734076.html; https://www.bucksfreepress.co.uk/news/24111374.personal-data-misbourne-school-stolen-cyber-attack/; https://uk.news.yahoo.com/students-staff-personal-data-stolen-163000830.html,2024-01-31,2024-02-14
3087,Unknown hackers disrupted services of Colombian health insurance provider Salud Total on 27 January 2024,"On 27 January 2024, the Colombian health insurance provider (EPS) Salud Total was targeted by unknown threat actors, disrupting access to operational information, the company announced on January 29. To protect its application, the company shut down part of its systems and activated a contingency plan. The company has published a criminal complaint. Salud Total EPS-S specializes in the management of health risks and the provision of health insurance services in the healthcare sector. The company offers a comprehensive health benefits plan, virtual health services and health promotion and prevention programs. Virtual consultation services and other medical resources offered through Salud Total's mobile application were temporarily unavailable to its 4.8 million subscribers. ",2024-01-27,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,EPS Salud Total,Colombia,SOUTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,17371,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-01-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Colombia,Office of the Attorney General of Colombia (Fiscalía General de la Nación),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.pulzo.com/economia/eps-salud-total-supero-ciberataque-quienes-medicos-duenos-empresa-PP3423080; https://saludtotal.com.co/plan-de-beneficios-en-salud/salud-total-eps-s-esta-siendo-objeto-de-ataque-informatico-externo-2/; https://www.rcnradio.com/salud/supersalud-estudia-plan-de-contingencia-de-salud-total-eps-tras-sufrir-ataque-cibernetico; https://www.alertatolima.com/noticias/tendencias/por-ciberataque-salud-total-activo-plan-de-contingencia; https://www.rcnradio.com/salud/supersalud-estudia-plan-de-contingencia-de-salud-total-eps-tras-sufrir-ataque-cibernetico; https://www.alaskacommons.com/salud-total-cyber-attack-eps-confirms-impact-on-services/120556/; https://www.elcolombiano.com/colombia/tras-ataque-cibernetico-a-salud-total-supersalud-anuncia-plan-de-contingencia-GE23637526,2024-01-31,2024-02-21
3082,Unknown hackers paralysed network of municipal servers of City of Teo in Spain,"The computer services of Teo City Council in the Spanish province of A Coruña were paralysed on 24 January 2024, impairing the administrative operations of the municipality. More data-intensive functions, such as accounting or municipal e-services, are hosted on resources of the Provincial Council of A Coruña or maintained third-party providers and remained unaffected.",2024-01-24,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking without Misuse,Teo City Council,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17373,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2024-01-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Spain,Guardia Civil/Civil Guard (Spain),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.noticiasde.es/galicia/la-red-de-servidores-municipales-del-ayuntamiento-de-teo-se-encuentra-paralizada-debido-a-un-ataque-informatico-que-comenzo-el-pasado-miercoles/; https://www.galiciapress.es/articulo/ultima-hora/2024-01-29/4698470-ataque-informatico-paraliza-desde-pasado-miercoles-red-servidores-municipales-ayuntamiento-teo; https://teo.gal/gl/actualidade/2024/o-concello-traballa-na-recuperacion-dos-seus-servizos-principais-tras-sufrir-o; https://www.farodevigo.es/galicia/2024/01/30/ciberataque-paraliza-red-servidores-web-97508178.html; https://esradio.libertaddigital.com/galicia/2024-01-30/teo-recupera-parte-de-sus-servicios-informaticos-tras-el-ciberataque-del-miercoles-que-investiga-la-guardia-civil-7092131/; https://www.elespanol.com/quincemil/articulos/actualidad/teo-a-coruna-recupera-parte-de-sus-servicios-informaticos-tras-el-ciberataque-del-miercoles; https://www.elespanol.com/quincemil/articulos/actualidad/teo-a-coruna-recupera-parte-de-sus-servicios-informaticos-tras-el-ciberataque-del-miercoles; https://esradio.libertaddigital.com/galicia/2024-01-30/teo-recupera-parte-de-sus-servicios-informaticos-tras-el-ciberataque-del-miercoles-que-investiga-la-guardia-civil-7092131/; https://www.galiciapress.es/articulo/santiago/2024-01-30/4699424-teo-recupera-parte-servicios-informaticos-ciberataque-miercoles-investiga-guardia-civil; https://www.galiciapress.es/articulo/santiago/2024-01-30/4699424-teo-recupera-parte-servicios-informaticos-ciberataque-miercoles-investiga-guardia-civil; https://www.lavozdegalicia.es/noticia/santiago/2024/02/19/ciberataques-bloquear-concellos-pedir-rescates-disparan/0003_202402S19C5994.htm,2024-01-30,2024-02-21
3080,Cactus ransomware group targeted French electrical engineering company Schneider Electric on 17 January 2024,"The Cactus ransomware syndicate targeted electrotechnology company Schneider Electric on 17 January 2024, causing disruptions to the cloud platform of the firm's Sustainability Business division. The criminal group reportedly stole 2.5 terabytes of corporate data and threatened to leak obtained files if a ransom is not paid. The company, headquartered in Rueil-Malmaison, France, manufactures electronic devices and automation products and offers services for secure of building management. On 19 February, 25 MB of allegedly stolen data was published on the dark web site of the Cactus ransomware syndicate. ",2024-01-17,Not available,"Attack on (inter alia) political target(s), politicized",,,Data theft; Disruption; Hijacking with Misuse; Ransomware,Schneider Electric,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Cactus,Not available,Non-state-group,Criminal(s),1,17440,2024-01-29 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Not available,Not available,Not available,Cactus,Not available,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/energy-giant-schneider-electric-hit-by-cactus-ransomware-attack/; https://therecord.media/schneider-electric-ransomware-attack-sustainability-division; https://www.inside-it.ch/cactus-hackt-schneider-electric-20240130; https://www.infosecurity-magazine.com/news/schneider-electric-data-ransomware/; https://www.usine-digitale.fr/article/cybersecurite-l-equipementier-francais-schneider-electric-touche-par-le-ransomware-cactus.N2207250; https://securityaffairs.com/158320/data-breach/schneider-electric-cactus-ransomware-attack.html; https://securityaffairs.com/158588/breaking-news/security-affairs-newsletter-round-457-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-2nd-2024-no-honor-among-thieves/; https://research.checkpoint.com/2024/5th-february-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/cactus-ransomware-claim-to-steal-15tb-of-schneider-electric-data/; https://securityaffairs.com/159353/hacking/cactus-ransomware-gang-schneider-electric.html; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-lockbit; https://securityaffairs.com/159555/breaking-news/security-affairs-newsletter-round-460-by-pierluigi-paganini-international-edition.html; https://www.manufacturing.net/cybersecurity/article/22890116/inside-the-schneider-electric-ransomware-attack,2024-01-30,2024-02-23
3081,Unknown hackers conducted ransomware attack against Japanese agricultural company Gran Tomato,"The Japanese company Gran Tomato Co. Ltd., specialising in agricultural production materials, was targeted with ransomware on 7 July 2023. Data on five servers was encrypted. The threat actor returned on 27 October and deployed ransomware on an additional three servers. A subsequent investigation found no evidence of data exfiltration. The concluding report published on 19 January 2024 did not identify possible suspects. ",2023-07-07,2023-10-27,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Ransomware,Grantomato Co Ltd,Japan,ASIA; SCS; NEA,Critical infrastructure,Food,Not available,Not available,Not available,,1,17439,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,External Remote Services,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-11-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Japan,Fukushima Prefectural Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://scan.netsecurity.ne.jp/article/2024/01/29/50516.html; https://www.grantomato.jp/topics/topics.php?id=837#topicpath,2024-01-30,2024-02-23
3083,Website of Ukrainian Coordination Headquarters for Treatment of Prisoners of War targeted with DDoS attack on 28 January 2024,"The Ukrainian Coordination Headquarters for the Treatment of Prisoners of War announced its website was hit by a DDoS attack 28 January 2024. Access to the website was restored on the following day. In a Telegram message posted on the same day, the Headquarters directed responsibility for the disruption against Russia, noting that ""Apparently, the enemy decided that the information, in particular, about the details of the exchange of prisoners of war and the downing of the IL-76 plane, posed a threat"".
The incident occurred several days after a Russian IL-76 transport aircraft crashed on 24 January 2024. According to Ukrainian news sources, the plane was carrying S-300 missiles. Russian sources disputed this claim, stating that the aircraft carried 65 Ukrainian soldiers in transit for a prisoner exchange. ",2024-01-28,2024-01-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Coordination Headquarters for the Treatment of Prisoners of War,Ukraine,EUROPE; EASTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17372,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Armed conflict; Sovereignty; Armed conflict,; Conduct of hostilities; ; Certain persons,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/ukraine-pow-agency-cyberattack-russia; https://t.me/Koord%5Fshtab/4004; https://t.me/Koord_shtab/4003,2024-01-30,2024-02-21
3085,The LockBit ransomware group caused IT outage in US county of Fulton on 28 January 2024,"On 28 January 2024, Fulton County in the US state of Georgia experienced an IT outage due to a cyber attack by the Lockbit Ransomware Group. The disruptions affected the phone systems and most offices are unable to accept phone calls. of several systems were impaired, including those used for property tax transactions and by the justice system to issue documents, such as marriage licences. The downtown Atlanta office of the Fulton County Tax Commissioner remained closed.
On 13 February 2024, the LockBit ransomware group asserted responsibility for the attack on Fulton County. They provided 25 screenshots to prove their access to the country’s systems and claimed to have stolen sensitive data. LockBit stated that documents marked as confidential will be made public, including those related to citizens' personal data and records related to the County’s case against former president Donald Trump, and set a deadline of 16 February for Fulton County before they initiate data leaks.
As of 4 March 2024, Fulton County is still dealing with the outage of half of the phone lines and several online systems due to the cyber attack. The online systems include vehicle and marriage registrations. In the meantime the public websites and servers of Lockbit have been seized by authorities as disclosed by the FBI, NCSC and NCA on 20 February 2024. Hence Fulton County has not payed any ransom yet, though some gang members of Lockbit reappeared on the dark web launching new threats to the County and reiterating their demands. According to TechReport there has been no signs of the stolen data being exposed online yet. Another effect of the attack is the delay in the case against Trump: According to Fulton County District Attorney Fani Willis the case documents are still safe - contradictory to the claim of Lockbit -  though they have to wait until the systems are back up to continue with the case. ",2024-01-27,2024-01-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Fulton County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,LockBit,Not available,Non-state-group,Criminal(s),1,17731,2024-02-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-fulton-county-georgia/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2024-01-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.fultoncountyga.gov/news/2024/01/28/fulton-county-system-outage; https://www.fox5atlanta.com/news/fulton-county-hit-by-unexpected-county-wide-it-outage; https://therecord.media/fulton-county-georgia-atlanta-cyberattack-causing-outages; https://eltiempolatino.com/2024/02/02/politica-comunidad-latino/condado-fulton-fallas-registro-de-votantes-ciberataque/; https://www.lemagit.fr/actualites/366568773/Cyberhebdo-du-2-fevrier-2024-une-semaine-intense; https://www.tgrthaber.com.tr/teknoloji/bu-sehirde-gunlerdir-internet-yok-evlilik-bile-2929489; https://eltiempolatino.com/2024/02/02/politica-comunidad-latino/condado-fulton-fallas-registro-de-votantes-ciberataque/; https://research.checkpoint.com/2024/5th-february-threat-intelligence-report/; https://www.sabah.com.tr/yazarlar/gunaydin/sb-mevlut_tezel/2024/02/06/internet-tamamen-giderse; https://abcgazetesi.com/abdde-siber-saldiri-hukumet-sistemleri-coktu-721062; https://www.theguardian.com/us-news/2024/feb/12/computer-hack-fulton-county-trump-case?ref=upstract.com; https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-fulton-county-georgia/; https://iowacapitaldispatch.com/2024/02/17/feds-deliver-stark-warnings-to-state-election-officials-ahead-of-november/; https://www.giornalettismo.com/lockbit-ultimi-attacchi/; https://www.fox5atlanta.com/news/law-enforcement-disrupts-lockbit-ransomware-group-believed-to-be-behind-fulton-county-attack; https://www.heise.de/news/Zwischen-Selbstkritik-und-Trotz-LockBit-rechtfertigt-cyberkriminelle-Handlungen-9638063.html?wt_mc=rss.red.security.security; https://www.heise.de/news/Zwischen-Selbstkritik-und-Trotz-LockBit-rechtfertigt-cyberkriminelle-Handlungen-9638063.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://krebsonsecurity.com/2024/02/fbis-lockbit-takedown-postponed-a-ticking-time-bomb-in-fulton-county-ga/; https://cyberscoop.com/lockbit-comeback-less-than-a-week-after-major-disruption/; https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/; https://securityaffairs.com/159757/cyber-crime/lockbit-gang-resuming-operation.html; https://www.wired.com/story/lockbit-fulton-county-georgia-trump-ransomware-leak/; https://www.wired.com/story/push-notification-privacy-security-roundup/; https://www.heise.de/news/LockBit-Drohung-mit-Leak-zu-Verfahren-gegen-Donald-Trump-wohl-nur-ein-Bluff-9643336.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/fulton-county-services-restored-rolling; https://techreport.com/news/georgias-largest-county-is-still-struggling-with-januarys-cyber-attack-new-threats-launched-from-the-lockbit-gang/; https://michiganadvance.com/2024/03/03/feds-deliver-stark-warnings-to-state-election-officials-ahead-of-november/; https://www.player.it/fuorigioco/554066-ritorna-lincubo-del-gruppo-hacker-piu-spaventoso-che-ci-sia-scatta-lallarme-previsti-migliaia-di-nuovi-attacchi.html,2024-01-30,2024-03-05
3084,"Database of Mexican president's press accreditation office containing personal information on journalists, YouTubers and activists from government networks leaked on 26 January 2024","Unidentified actors leaked a database containing personal information of journalists, YouTubers and activists from government networks. The dataset including pictures, contact details, addresses, voter registration numbers of journalists attending regular morning briefings of Mexican President Andrés Manuel López Obrador was obtained from the president's press accreditation office. During a press conference on 29 January 2024, López Obrador suspected members of Mexico's conservative opposition to be involved in the leak, without providing any further evidence. The presidential statement referred to the leak as an attempt to discredit the sitting government as persecuting journalists amid the campaign of Mexico's general election scheduled for 2 June.
The compromise of the database was detected on 26 January 2024, when related data surfaced on online forums. ",2024-01-26,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,Not available,Mexico,,State institutions / political system,Government / ministries,Not available,Mexico,State,,1,17220,2024-01-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,"Andres Manuel Lopez Obrador (President of Mexico, Mexico)",Not available,Mexico,Not available,Mexico,State,https://diario.mx/nacional/atribuye-amlo-a-hackeo-filtracion-de-datos-de-mananeras-20240129-2146487.html,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights,Civic / political rights,Not available,1,2023-01-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Mexico,"National Institute for Transparency, Access to Information and Protection of Personal Data (INAI, Mexico)",Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://diario.mx/nacional/atribuye-amlo-a-hackeo-filtracion-de-datos-de-mananeras-20240129-2146487.html; https://elpais.com/https:/elpais.com/mexico/2024-01-29/lopez-obrador-afirma-que-la-filtracion-de-datos-de-los-periodistas-que-cubren-las-mananeras-es-guerra-sucia.html; https://imagenpoblana.com/24/01/28/hackeos-y-vulneracion-de-servidores-publicos---iquest-otra-muestra-de-la-ineficacia-del-gobierno-en-ciberseguridad-; https://tribunadelabahia.com.mx/amlo-confirma-hackeo-mananera/; https://imagenpoblana.com/24/01/28/hackeos-y-vulneracion-de-servidores-publicos---iquest-otra-muestra-de-la-ineficacia-del-gobierno-en-ciberseguridad-; https://lopezdoriga.com/nacional/gobierno-entrega-a-inai-reporte-sobre-filtracion-de-datos-de-periodistas-que-asisten-a-mananeras-de-amlo/; https://www.launion.com.mx/morelos/nacional/noticias/243479-hackeo-a-datos-de-263-periodistas-se-origino-en-espana-confirma-gobierno.html; https://suracapulco.mx/amlo-atribuye-a-un-hackeo-la-filtracion-de-datos-de-periodistas-y-culpa-a-opositores/; https://suracapulco.mx/amlo-atribuye-a-un-hackeo-la-filtracion-de-datos-de-periodistas-y-culpa-a-opositores/; https://esdiario.com.mx/hackeo-a-presidencia-se-hizo-desde-espana-a-traves-de-la-cuenta-de-un-extrabajador/; https://www.elsoldeacapulco.com.mx/mexico/sociedad/presidencia-no-registra-gastos-para-enfrentar-ciberataques-desde-2019-11359129.html,2024-01-30,2024-02-16
3079,"Unidentified Hackers Hit ICN Business School in Nancy, France, with Ransomware on 22 January 2024","The private ICN Business School, located on the ARTEM campus in Nancy, France, fell victim to a ransomware attack on 22 January 2024. The school received a message from cybercriminals announcing the intrusion and demanding a ransom, threatening to publish the stolen data on the darknet. In response, the ICN Business School immediately activated a crisis unit, notified the French cybersecurity agency ANSSI, and contacted the police.
A formal complaint was filed on 24 January, and the school reported the incident to the public prosecutor's office, which opened an investigation. Noticing the theft of personal data, the school cut its network links with the University of Lorraine as a protective measure.",2024-01-22,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse; Ransomware,ICN Business School,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Critical infrastructure; Education; Education,Research; Research; ; ,,Not available,Not available; Not available,,1,17441,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-01-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Agence nationale de la sécurité des systèmes d’information (ANSSI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.francebleu.fr/infos/faits-divers-justice/nancy-l-icn-business-school-victime-d-une-cyberattaque-8328268,2024-01-29,2024-02-23
3078,Disruption at Ukrainian Data Service Centre Parkovy Led to service outages affecting State-Owned Companies and Other Businesses Beginning on 25 January 2024,"Disruptions at the Ukrainian data service centre Parkovy led to impaired operations at Ukrainian state-owned companies on 25 January 2024.  At least five companies were affected by the attack, including the energy company Naftogaz, the postal service provider Ukrposhta, the state railway company Ukrzaliznytsia, the company responsible for transport safety DSBt and the state television station for residents of the occupied territories of Ukraine. The attack on the data service centre meant that the call centre and the Naftogaz website were no longer accessible. According to the managing director of Ukrposhta, Igor Smelyansky, the incident caused very minor disruptions to Ukrposhta's services, including the acceptance of payments, and delays in deliveries. The DSBT website was not accessible during the interruption. Ukrzaliznytsia said that online ticket purchases were affected by an attack on some of its systems. Parkovy's website was also not accessible due to the attack.
Parkovy also hosts data for the Ukrainian e-government service Diia. The spokesperson for the Ukrainian Ministry of Digital Transformation, which launched Diia, told Recorded Future News that the attack had not affected Diia's operations. On 26 January, Parkovy stated that it restored some of its services.",2024-01-25,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s); Attack on critical infrastructure target(s)",; ; ; ,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,None - None - None - None - None - None,Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,Media - State institutions / political system - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure, - Civil service / administration - Digital Provider - Transportation - Energy - Transportation,,Not available,Not available,,1,17765,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,https://therecord.media/ukraine-parkovy-data-center-cyberattack-recovery,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Armed conflict; Sovereignty,Civic / political rights; Conduct of hostilities; ,Not available,1,2024-01-25 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Ukraine,State Service of Special Communications and Information Protection of Ukraine (SSSCIP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/ukraine-parkovy-data-center-cyberattack-recovery; https://therecord.media/ukraine-cyberattacks-energy-postal-transportation; https://www.facebook.com/DSBT.UA/posts/pfbid027jPiFaUSaVnQ7aWyAziQwaRYQELNENLC45BV7AEGhnpZ3zadDCxfufep4zxnbabel; https://t.me/CyberArmyofRussia_Reborn/6387; https://www.facebook.com/igor.smelyansky/posts/pfbid06MTAwgYgHKqCDrsexZNJJQcTumLSRA7JcQE5GLDRYKAjxfprXwoftzemndBhqmRVl; https://t.me/NaftogazUA/1836; https://news.yahoo.com/pro-russian-hackers-plan-attack-142200518.html; https://research.checkpoint.com/2024/29th-january-threat-intelligence-report/,2024-01-29,2024-03-05
3077,"Unknown actors targeted computer system of Capital Health Communication Center (CCSC) in Quebec, Canada, with ransomware on 24 January 2024","The Capital Health Communication Center (CCSC) in Quebec, Canada, experienced outages affecting their call and location tracking systems due to a ransomware attack on 24 January 2024. The incident was discovered on 25 January 2024. Calls for ambulance services from the Capitale-Nationale region, Saguenay-Lac-St-Jean and Nord-du-Québec had to be redirected. The computer system allowing paramedics on the ground to locate emergency calls was paralysed.",2024-01-24,2024-01-25,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Ransomware,Capital Health Communication Center (CCSC) (Canada),Canada,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,17445,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lesoleil.com/actualites/justice-et-faits-divers/2024/01/25/des-pirates-sen-prennent-aux-services-ambulanciers-JTIY6MSQNVDFJKCF2YOWJ5QDUE/; https://www.ciusss-capitalenationale.gouv.qc.ca/actualites/attaque-informatique-avis-a-la-population; https://www.computerweekly.com/de/news/366567995/Die-Cyberangriffe-der-KW4-2024-im-Ueberblick,2024-01-29,2024-02-23
3076,Black Basta Ransomware Group Hit Private UK Wastewater Utility Company Southern Water With Ransomware Attack In January 2024 ,"Southern Water, a large private utility company responsible for the public wastewater collection that serves areas in the South East of England, has confirmed a cyber-attack by the ransomware syndicate Black Basta. The incident, which resulted in unauthorised access to Southern Water's IT systems and limited data exfiltration, was publicly confirmed after Black Basta claimed responsibility on 22 January 2024. 
Black Basta is suspected of having exfiltrated around 750GB of data. While Southern Water's services continued to operate normally, the company has identified suspicious activity and appointed independent cyber security specialists to investigate. At the direction of the National Cyber Security Centre, the company is in contact with government departments, regulators and the Information Commissioner's Office.
The Black Basta ransomware group had earlier claimed to have successfully attacked Southern Water and published a small sample of the allegedly stolen data on its Tor leak page. This information is said to include scans of identity documents, personal details of potential customers, including home address, office address, dates of birth, nationalities and email addresses, as well as car leasing documents. Black Basta has threatened to release the rest of the data it claims to hold by 29 February if its ransom demand is not fulfilled. 
On February 12, Southern Water confirmed on its website that the attackers stole data from a limited part of the company's server which the attackers could use for illegal activities.",2024-01-01,Not available,Attack on critical infrastructure target(s),,,Data theft & Doxing; Hijacking with Misuse; Ransomware,Southern Water,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Waste Water Management,Black Basta Ransomware Gang,Not available,Non-state-group,Criminal(s),1,17446,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Black Basta Ransomware Gang,Not available,Not available,Black Basta Ransomware Gang,Not available,Non-state-group,https://securityaffairs.com/157951/cyber-crime/black-basta-gang-claims-the-hack-of-the-uk-water-utility-southern-water.html,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-01-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,UK National Cyber Security Centre,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.southernwater.co.uk/the-news-room/the-media-centre/2024/january/cyber-investigation; https://www.computerweekly.com/news/366567455/Southern-Water-confirms-cyber-attack-after-Black-Basta-claims; https://www.bleepingcomputer.com/news/security/water-services-giant-veolia-north-america-hit-by-ransomware-attack/; https://securityaffairs.com/157951/cyber-crime/black-basta-gang-claims-the-hack-of-the-uk-water-utility-southern-water.html; https://www.cpomagazine.com/cyber-security/water-companies-veolia-north-america-and-uks-southern-water-ransomware-attack-and-data-breach-leaked-pii/; https://www.sussexexpress.co.uk/news/people/contact-details-and-national-security-numbers-could-have-been-stolen-from-southern-water-customers-following-cyber-attack-4515348; https://www.bleepingcomputer.com/news/security/us-govt-shares-cyberattack-defense-tips-for-water-utilities/; https://uk.news.yahoo.com/experian-safe-southern-water-tells-160000292.html,2024-01-29,2024-02-26
3075,Unknown Hackers Gained Unauthorised Access to Facebook Page of Colombia Office of US Agency for International Development (USAID) in January 2024,"The Facebook page of the US Agency for International Development (USAID) in Colombia, the lead agency for administering US foreign aid and development initiatives, has been hijacked. The US embassy in Bogotá joined USAID in a statement on 27 January 2024, saying that agency staff had discovered unauthorised access to its Facebook account, which posed a potential risk. Following the incident, USAID's Colombia programme Facebook page was inaccessible and displayed the message ""This content is currently unavailable"". The statement assures that the agency's team is working diligently to restore security to the account and thoroughly investigate the extent of the breach.",2024-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,U.S. Agency for International Development in Colombia,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,17447,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty; Aid and development,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.portafolio.co/tecnologia/lo-que-se-sabe-del-hackeo-a-la-pagina-de-facebook-de-la-usaid-en-colombia-597048; https://www.globovision.com/internacional/16586/hackean-pagina-de-facebook-de-la-agencia-de-eeuu-para-desarrollo-internacional-en-colombia; https://www.lapatilla.com/2024/01/27/hackean-pagina-de-facebook-de-la-agencia-de-eeuu-para-desarrollo-internacional-en-colombia/; https://www.globovision.com/internacional/16586/hackean-pagina-de-facebook-de-la-agencia-de-eeuu-para-desarrollo-internacional-en-colombia; https://www.portafolio.co/tecnologia/lo-que-se-sabe-del-hackeo-a-la-pagina-de-facebook-de-la-usaid-en-colombia-597048; https://www.lapatilla.com/2024/01/27/hackean-pagina-de-facebook-de-la-agencia-de-eeuu-para-desarrollo-internacional-en-colombia/; https://www.eluniversal.com.co/colombia/hackean-pagina-de-facebook-de-usaid-en-colombia-YD9858890; https://apnews.com/article/colombia-usaid-bogota-embassy-facebook-hack-breach-f8710e54b9099220f2a6b63b1741df6e#; https://www.kejixun.com/article/625604.html,2024-01-29,2024-02-23
3074,Kansas City Area Transportation Authority hit by Medusa ransomware attack in January 2024,"As reported on 24 January 2024, the Kansas City Area Transportation Authority (KCATA) was hit by a ransomware attack on 23 January, which led to an interruption in its call service. According to the company, KCATA's public transport services in Missouri and Kansas were not affected. The Medusa ransomware group added the company to its leak list. The criminal collective threatened to release all stolen data, unless KCATA paid a $2 million ransom. KCATA has informed authorities about the incident and launched an investigation into the incident.
",2024-01-23,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Kansas City Area Transportation Authority (KCATA),United States,NATO; NORTHAM,Critical infrastructure,Transportation,,Not available,Non-state-group,Criminal(s),1,17448,2024-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Medusa Ransomware Group,Not available,Not available,,Not available,Non-state-group,https://securityaffairs.com/158233/cyber-crime/kansas-city-area-transportation-authority-ransomware-attack.html,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-01-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/158233/cyber-crime/kansas-city-area-transportation-authority-ransomware-attack.html; https://www.bleepingcomputer.com/news/security/kansas-public-transportation-authority-hit-by-ransomware/; https://www.kcata.org/news/cyber-attack-hits-kcata-communications-affected; https://www.computerweekly.com/de/news/366567995/Die-Cyberangriffe-der-KW4-2024-im-Ueberblick,2024-01-29,2024-02-23
3073,Unknown Hackers Encrypted and Stole Data from German District Hospitals in Middle Franconia on 27 January 2024,"Unknown hackers stole and encrypted data from the district hospitals of Middle Franconia, Germany, on 27 January 2024, leading to the disruption of their IT service. The stolen data includes personal and internal information. After the intrusion was detected on 27 January, all systems were separated from the network to contain the threat actor. Activating its emergency plan, the hospital cluster was able to continue regular operations but decided to temporarily suspend admissions for emergency care. The healthcare hub informed the relevant ministries, police and prosecutor's office and the state data protection agency of Bavaria.",2024-01-27,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse,Bezirkskliniken Mittelfranken ,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,,Not available,Not available,,1,17484,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-02-02 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Bayrische Polizei (Bavarian Police),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.nordbayern.de/region/krisenstab-eingesetzt-hackerangriff-lahmt-frankische-kliniken-ausmass-noch-unklar-1.13998030; https://www.bezirkskliniken-mfr.de/presse/detail-news/article/hackerangriff-in-den-bezirkskliniken-mittelfranken; https://www.br.de/nachrichten/bayern/hackerangriff-auf-bezirkskliniken-mittelfranken,U2jU9a2; https://www.tagesschau.de/inland/regional/bayern/br-hackerangriff-auf-bezirkskliniken-mittelfranken-102.html; https://www.aerztezeitung.de/Wirtschaft/Hackerangriff-Kliniken-gehen-auf-Erpressungsversuch-nicht-ein-446816.html; https://www.lemagit.fr/actualites/366568773/Cyberhebdo-du-2-fevrier-2024-une-semaine-intense",2024-01-29,2024-02-26
3070,Pro-Ukrainian hacktivists BO Team targeted Russian State Research Center on Space Hydrometeorology 'Planeta' in January 2024,"According to a statement published by Ukraine's defence intelligence directorate (GUR) on 24 January 2024, pro-Ukrainian hacktivists BO Team targeted the Russian State Research Center on Space Hydrometeorology Planeta in January 2024.
The GUR reports that the cyberattack targeted the eastern branch of the centre and severely impacted its satellite data processing. Ukrainian officials claimed the hackers destroyed 2 petabytes of data and incapacitated 280 servers and significantly impaired the functioning of the centre's high-cost supercomputers. The hardware and software components for one device are estimated at around $350,000, although the GUR assessed it highly unlikely that Russia would be able to restore the supercomputers in light of sanctions that restrict access to specialised software. The operation reportedly also interfered with Planeta's air conditioning, humidification systems, and emergency power supply regulation.
Planeta is a state-owned Russian enterprise tasked with receiving and analysing data from 11 domestic and 23 international Earth observation satellites. The collected data is utilised by various other state entities in Russia, including the ministry of war, the general staff.",2024-01-23,2024-01-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,Research Center On Space Hydrometeorology Planeta,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure; Critical infrastructure,Space; Research,BO Team,Not available,Non-state-group,Hacktivist(s),1,17485,2024-01-24 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ,Not available,Ukraine,BO Team,Not available,Non-state-group,https://gur.gov.ua/content/znyshchyly-vorozhu-planietu-detali-kiberataky-proty-tsentru-kosmichnoi-hidrometeorolohii-rf.html,System / ideology,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Armed conflict; Due diligence; Sovereignty,"Economic, social and cultural rights; Conduct of hostilities; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/ukrainian-hackers-hit-russian-scientific-center; https://gur.gov.ua/content/znyshchyly-vorozhu-planietu-detali-kiberataky-proty-tsentru-kosmichnoi-hidrometeorolohii-rf.html; https://securityaffairs.com/158214/hacktivism/ukraines-ministry-of-defense-hit-russian-recent-center.html; https://www.bleepingcomputer.com/news/security/ukraine-hack-wiped-2-petabytes-of-data-from-russian-research-center/; https://research.checkpoint.com/2024/29th-january-threat-intelligence-report/,2024-01-26,2024-03-01
3057,Unknown threat actor targeted website of Czech Ministry of Labour and Social Affairs with DDoS Attack on 23 January 2024,An unknown threat actor targeted the website of the Czech Ministry of Labour and Social Affairs with a DDoS Attack on 23 January 2024. The ministry confirmed the temporary disruption in the availability of the ministry's online services in a statement subsequently released on its website. ,2024-01-23,2024-01-23,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Czech Republic,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Government / ministries,,Not available,Not available,,1,16727,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.mpsv.cz/web/cz,2024-01-25,2024-02-01
3056,Lockbit claims responsibility for ransomware attack on US finance company EquiLend on 22 January 2024 resulting in stolen data of employees,"An unidentified threat group attacked the US finance company EquiLend on 22 January 2024, as confirmed by the company in a statement on their website. According to their statement from 24 January 2024 the company hat to shut down some of their systems in order to contain a data breach. 
According to a statement to news agency Bloomberg on 24 January 2024, Lockbit claimed responsibility for the attack on EquiLend. Even though the company did not confirm such claims yet, they disclosed that the attack was a ransomware attack, as published on the EquiLend page dedicated to the incident. 
Initial investigations revealed only unauthorised access to EquiLend's systems. However, in breach notification letters delivered to Equilend employees in the beginning of March 2024, the adressed were informed, that the incident involved the theft of information on their payroll, names, dates of birth and social security numbers.",2024-01-22,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,EquiLend,United States,NATO; NORTHAM,Critical infrastructure,Finance,LockBit,Not available,Not available,,1,17889,2024-01-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Not available,https://www.bleepingcomputer.com/news/security/equilend-warns-employees-their-data-was-stolen-by-ransomware-gang/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/global-fintech-firm-equilend-offline-after-recent-cyberattack/; https://equilend.com/press-releases/equilend-cyber-security-incident/; https://therecord.media/equilend-cyberattack-financial-recovery-two-days; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-26th-2024-govts-strike-back/; https://www.computerweekly.com/de/news/366567995/Die-Cyberangriffe-der-KW4-2024-im-Ueberblick; https://research.checkpoint.com/2024/29th-january-threat-intelligence-report/; https://www.risk.net/risk-management/7958953/equilend-cyber-hack-exposes-trade-reporting-dependence; https://www.bleepingcomputer.com/news/security/equilend-warns-employees-their-data-was-stolen-by-ransomware-gang/; https://finance.yahoo.com/news/hackers-roil-entire-industries-attacks-100000390.html,2024-01-25,2024-03-12
3055,Russian state affiliated group APT29 breached cloud-based email environment of Hewlett Packard Enterprise Co.’s (HPE) in May 2023 and exfiltrated data,"Hewlett Packard Enterprise Co. (HPE)  was notified on 12 December 2023 that the Russian state-affiliated group APT29 (Cozy Bear/Midnight Blizzard/Blue Bravo) had breached the company's Microsoft Office 365 email environment in May 2023. The group subsequently exfiltrated email correspondence from a small set of HPE mailboxes linked to the firm's cybersecurity department and other teams. HPE reported the intrusion as connected to threat activity detected on its networks in June 2023, which resulted in the theft of a limited number of SharePoint files also around May 2023, according to filings with the US Securities and Exchange Commission. The threat group has been linked to Russia's Foreign Intelligence Service (SVR), known for engaging in political and economic intelligence collection.",2023-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Hewlett Packard Enterprise Co. (HPE),United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Critical Manufacturing; Digital Provider,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,1,17980,2024-01-19 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Not available,Not available,Not available,Not available,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",https://www.sec.gov/ix?doc=/Archives/edgar/data/1645590/000164559024000009/hpe-20240119.htm,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,; Civic / political rights; ,Not available,1,2023-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/hpe-tells-sec-breached-by-cozy-bear; https://www.bleepingcomputer.com/news/security/hpe-russian-hackers-breached-its-security-teams-email-accounts/; https://www.sec.gov/ix?doc=/Archives/edgar/data/1645590/000164559024000009/hpe-20240119.htm; https://www.wired.com/story/microsoft-hpe-midnight-blizzard-email-breaches/; https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html; https://securityaffairs.com/158097/security/midnight-blizzard-hacked-hpe.html; https://new.qq.com/rain/a/20240126A04VZ800; https://thehackernews.com/2024/01/microsoft-warns-of-widening-apt29.html; https://securityaffairs.com/158164/apt/midnight-blizzard-apt-cyberespionage.html; https://www.bleepingcomputer.com/news/security/microsoft-reveals-how-hackers-breached-its-exchange-online-accounts/; https://therecord.media/microsoft-says-russian-hackers-used-previously-identified-technique-to-breach-executive-emails; https://research.checkpoint.com/2024/29th-january-threat-intelligence-report/; https://www.portail-ie.fr/non-classe/2024/apt29-suspecte-dune-nouvelle-cyberattaque-contre-une-entreprise-americaine/; https://www.bleepingcomputer.com/news/security/hpe-investigates-new-breach-after-data-for-sale-on-hacking-forum/,2024-01-25,2024-03-14
3058,"Unknown actors targeted the adult education center in Minden - Bad Oeynhausen, Germany, leading to a partial disruption of services on 22 January 2024,","According to the director of the continuous adult education centre Volkshochschule Minden - Bad Oeynhausen in Germany, unknown actors broke into systems at the education centre. The incident was detected on 22 January 2024, leading to a partial disruption of services, including email services.",2024-01-22,2024-01-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Volkshochschule (VHS) Minden - Bad Oeynhausen,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,18814,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.vhs-minden.de/aktuelles/detailansicht/pressemitteilung; https://www.computerweekly.com/de/news/366567995/Die-Cyberangriffe-der-KW4-2024-im-Ueberblick,2024-01-25,2024-04-19
3054,"Emergency dispatch system of Bucks County, Pennsylvania, experienced outages in January 2024","The emergency dispatch system of Bucks County in the US state of Pennsylvania suffered a sustained outage following a not further specified cyber incident in January 2024. On 22 January, the Bucks County Department of Emergency Communications announced that its computer-aided dispatch (CAD) system, which allows the agency to determine the status and location of emergency responders in the field, went down on 21 January. With the CAD system unavailable, which has left law enforcement without access to the Commonwealth Law Enforcement Assistance Network and National Crime Information Center databases, the county needs to manage emergency services without the automated incident documentation and prioritisation features,. The incident has not disrupted the county's ability to receive or dispatch 911 calls. Officials reported they are working with state and federal partner agencies to investigate the incident and bring systems back online.",2024-01-21,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Bucks County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16724,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2024-01-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,United States Department of Homeland Security (DHS),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.nbcphiladelphia.com/news/local/bucks-co-emergency-dispatch-system-down-since-sunday-due-to-cyberattack/3754282/; https://www.buckscounty.gov/CivicAlerts.aspx?AID=958; https://www.computerweekly.com/de/news/366567995/Die-Cyberangriffe-der-KW4-2024-im-Ueberblick; https://www.aol.com/bucks-county-identified-culprits-cyber-210128221.html; https://iowacapitaldispatch.com/2024/02/17/feds-deliver-stark-warnings-to-state-election-officials-ahead-of-november/,2024-01-24,2024-02-19
3053,Turkish hacktivist group MeshSec suspected to have defaced billboards of Israeli cinema chain Lev Group on 23 Janaury 2024,"Digital billboards of Lev Group, one of Israel's largest cinema chains, were defaced on 23 January 2024, to show messages denouncing Israel's military response in Gaza following the Hamas attack of 7 October 2023 alongside images of the assault. Postings on the hijacked screens were signed by the Turkish hacktivist group MeshSec. Whether the group is responsible has not been independently verified.  ",2024-01-23,2024-01-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Lev Group,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,MeshSec,Turkey,Non-state-group,Hacktivist(s),1,16723,2024-01-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,MeshSec,Not available,Turkey,MeshSec,Turkey,Non-state-group,https://www.turkiyegazetesi.com.tr/dunya/turk-hackerlar-israile-siber-saldiri-gazzedeki-savas-suclari-gozler-onune-serildi-1016591,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence,,Not available,1,2023-01-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Israel,Israel Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.turkiyegazetesi.com.tr/dunya/turk-hackerlar-israile-siber-saldiri-gazzedeki-savas-suclari-gozler-onune-serildi-1016591; https://www.ynetnews.com/article/bygmwdtft,2024-01-24,2024-02-01
3052,State of Togo suspected of spying on phones of two Togolese journalists since 2021,"According to a report by Reporters Without Borders (RWB) in January 2024, the state of Togo is suspected of spying on the phones of Togolese journalists Loic Lawson and Anani Sossou in 2021 using the spyware Pegasus developed by the Israeli company NSO Group. The phone of Loic Lawson, director of the independent Togolese newspaper ""Flambeau des démocrates"", was infected at least during the period of 1 February and 10 July 2021, according to an investigation by RWB's Berlin-based Digital Security Lab. The phone of independent journalist Anani Sossou was targeted several months later, on 25 October 2021. An analysis by Amnesty International's Security Lab had previously confirmed the state of Togo as a Pegasus customer. RWB had been working on the cases of the two Togolese journalists since early December 2023. At that time, the two had spent 18 days in detention after the Togolese Minister of Urbanism, Housing and Land Reform, Kodjo Adedze, brought unspecified defamation charges against them over reporting related to a break-in at the minister's private residence.",2021-02-01,2021-10-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"Anani Sossou (Journalist, Togo) - Loic Lawson (Editor of the weekly newspaper Le Flambeau des Democrates, Togo)",Togo; Togo,AFRICA; SSA - AFRICA; SSA,Media - Media, - ,Not available,Togo,State,,1,16733,2024-01-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,Reporter sans frontieres,Not available,Germany,Not available,Togo,State,https://www.reporter-ohne-grenzen.de/pressemitteilungen/meldung/zwei-journalisten-mit-pegasus-spyware-angegriffen,National power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,2.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://netzpolitik.org/2024/ueberwachung-mit-staatstrojanern-erstmals-pegasus-infektionen-in-togo-enthuellt/; https://www.reporter-ohne-grenzen.de/pressemitteilungen/meldung/zwei-journalisten-mit-pegasus-spyware-angegriffen,2024-01-24,2024-02-02
3051,IT Army of Ukraine claimed disruption of Russian telecommunications company AKADO Telekom,"Cyber volunteers disrupted the Russian telecommunications company AKADO Telekom, the Ukrainian Main Directorate of Intelligence (GURMO) reported on 23 January 2024. 
The statement noted that Russian customers complained about difficulties connecting to services provided by AKADO during 21-22 January 2024. GURMO reported AKADO operates as provider for Russia's federal and certain local administrations as well as the FSB, the Federal Guard Service (FSO) and Russia's largest bank Sberbank. The GURMO statement refer to unknown cyber volunteers in Russia as responsible for the operation. In a Telegram post published on 22 January, the IT Army of Ukraine claimed to have disrupted AKADO's services on several occasions, including on 30 December 2023, 4 January 2024 and 22 January.  The most recent targeting appears to overlap with the operation reported by GURMO.",2023-12-30,2024-01-22,Attack on critical infrastructure target(s),,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,AKADO Telekom,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Telecommunications,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),2,17488; 17487,2024-01-22 00:00:00; 2024-01-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by third-party,IT Army of Ukraine; Main Directorate of Intelligence of the Ministry of Defence of Ukraine,Not available; Not available,Ukraine; Ukraine,IT Army of Ukraine; Not available,Ukraine; Russia,Non-state-group; Unknown - not attributed,https://t.me/DIUkraine/3341,System / ideology,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Service Stop,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence,; ; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.infobae.com/america/mundo/2024/01/23/un-ciberataque-atribuido-por-ucrania-a-voluntarios-desconocidos-provoco-una-caida-del-servicio-en-instituciones-del-estado-ruso/; https://t.me/DIUkraine/3341; https://www.infobae.com/america/agencias/2024/01/23/un-ciberataque-deja-sin-servicio-a-instituciones-del-estado-ruso-segun-ucrania/; https://www.infobae.com/america/agencias/2024/01/23/un-ciberataque-deja-sin-servicio-a-instituciones-del-estado-ruso-segun-ucrania/; https://gur.gov.ua/content/u-moskvi-zlamavsia-provaider-iakyi-zabezpechuvav-internetom-derzhstruktury-rf.html; https://t.me/itarmyofukraine2022/1951; https://therecord.media/ukrainian-hackers-hit-russian-scientific-center,2024-01-24,2024-02-26
3050,Ransomware attack on North American water operator Veolia North America in January 2024,"The North American water operator Veolia North America dealt with a ransomware attack in mid-January 2024 which affected some of its software applications. In response to the attack, the company took parts of its systems offline, leading to disruptions of its bill payment system. The intrusion was limited to the internal back-end system, without reported impact on water or wastewater treatment operations. The company is cooperating with law enforcement to investigate the incident. An initial review identified personal data possibly compromised in the breach, with the company preparing to inform affected customers.
Veolia North America provides water and wastewater services to roughly 550 communities and industrial water solutions at around 100 industrial facilities, treating over 2.2 billion gallons of water and wastewater daily at 416 facilities across the United States and Canada.",2024-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Veolia North America,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Water; Water; Waste Water Management; Waste Water Management,,Not available,Not available; Not available,,1,17489,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2024-01-01 00:00:00,Not available,,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/water-services-giant-veolia-north-america-hit-by-ransomware-attack/; https://mywater.veolia.us/veolia-responds-cyber-incident; https://www.digitaljournal.com/world/us-consumers-caught-up-in-veolia-ransomware-attack/article; https://www.cpomagazine.com/cyber-security/water-companies-veolia-north-america-and-uks-southern-water-ransomware-attack-and-data-breach-leaked-pii/; https://www.bleepingcomputer.com/news/security/us-govt-shares-cyberattack-defense-tips-for-water-utilities/; https://www.bleepingcomputer.com/news/security/what-the-latest-ransomware-attacks-teach-about-defending-networks/,2024-01-24,2024-04-18
3047,Unknown Actors Gained Access To Systems Of Swedish Municipality of Bjuv on 19 January 2024,"During the night of 19-20 January 2024, unknown threat actors broke into the IT environment of the municipality of Bjuv in southern Sweden. The intrusion affected various operational systems and employees' logins to work stations.  The municipality warned that the breach caused disruptions in the access to certain digital services and the operation of official email addresses. City officials assured that alternative communication channels such as telephone and social media continued to work in the meantime.
Several other municipalities, which together with Bjuv rely on a shared IT department (EttIT), remained affected and were able to ensure the normal functioning of its systems.
Operational systems and computers of Bjuv were restored by 21 Janaury.",2024-01-19,2024-01-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Bjuv Municipality,Sweden,EUROPE; EU(MS); NORTHEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17494,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.orkelljunga.se/16/kommun-och-politik/kommunfakta/nyhetsarkiv/nyhetsarkiv/2024-01-22-information-om-laget-i-orkelljunga-kommun-med-anledning-av-it-attack-i-bjuvs-kommun.html; https://www.bjuv.se/om-bjuv.se/nyhetsarkiv/artiklar/2024-01-20-med-anledning-av-it-attacken-mot-bjuvs-kommuns-it-miljo.html; https://astorp.se/arkiv/nyhetsarkiv/nyheter/2024-01-21-it-attack-mot-bjuvs-kommuns-it-miljo.html; https://siecledigital.fr/2024/03/06/depuis-plusieurs-semaines-la-suede-est-la-cible-du-groupe-cybercriminel-akira/; https://www.lemonde.fr/international/article/2024/03/05/la-suede-victime-d-une-vague-d-attaques-au-rancongiciel_6220281_3210.html,2024-01-23,2024-02-26
3046,Hacker group R00TK1T breached website of Lebanese Ministry of Social Affairs on 22 January 2024,"The hacker group R00TK1T hacked the website of the Lebanese Ministry of Social Affairs on 22 January 2024, a spokesperson for the ministry confirmed on the same day.
The Lebanese daily L'Orient-Le Jour reported that R00TK1T had claimed responsibility via Telegram. The cybersecurity researcher Majd Dhaini pointed out in an interview with L'Orient-Le Jour that R00TK1T regularly expressed support for Israel in its social media postings.",2024-01-22,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking without Misuse,Ministry of Social Affairs (Lebanon),Lebanon,ASIA; MENA; MEA,State institutions / political system,Government / ministries,R00tk1t,Not available,Non-state-group,Hacktivist(s),1,17502,2024-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,ROOTK1T,Not available,Not available,R00tk1t,Not available,Non-state-group,https://www.lorientlejour.com/article/1365268/apres-celui-du-parlement-le-site-web-du-ministere-libanais-des-affaires-sociales-pirate.html,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-01-22 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Lebanon,Department for Combating Cybercrime (Lebanon),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lorientlejour.com/article/1365268/apres-celui-du-parlement-le-site-web-du-ministere-libanais-des-affaires-sociales-pirate.html; https://www.lorientlejour.com/article/1365268/apres-celui-du-parlement-le-site-web-du-ministere-libanais-des-affaires-sociales-pirate.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2024-01-23,2024-02-26
3045,Carnegie Mellon University hit by cyberattack on August 25 2023,"On 12 January 2024, Carnegie Mellon University sent notification letters to 7,300 persons affiliated or otherwise in contact with the university, whose data is likely to have been affected by a data breach detected on 25 August 2023. On 25 August, the university noticed suspicious activity at a university data centre, leading to the discovery of an unauthorised third party that had gained access to the personal data of university employees, current and former students, applicants and contractors. The university subsequently launched an investigation in collaboration with law enforcement to determine the scope of the compromise, which was completed on 4 December. ",2023-08-01,2023-08-25,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Carnegie Mellon University,United States,NATO; NORTHAM,Critical infrastructure; Education,Research; ,Not available,Not available,Not available,,1,17503,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-08-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govtech.com/education/higher-ed/carnegie-mellon-cyber-attack-compromises-data-of-7-300-people; https://www.mass.gov/doc/assigned-data-breach-number-2024-070-carnegie-mellon-university/download,2024-01-23,2024-02-26
3037,Akira ransomware gang suspected of carrying out ransomware attack on Finnish IT service provider and cloud hosting provider Tietoevry in January 2024,"The Finnish IT services and cloud hosting provider Tietoevry fell victim to a ransomware attack in the night of 19-20 January 2024, which was presumably carried out by the Akira Ranosmware gang. A Swedish data centre of the company was affected, causing several Swedish entities to struggle with network outages following the incident. Companies concerned included discount retail chain Rusta, the gardening retailer Granngården and building material supplier Moelven. Granngarden had to close its shops because of non-functioning checkout systems in its stores. The disruptions also affected the functioning of Tietroevly's payroll and HR system, Primula, which is used by Swedish universities in particular. The affected universities include Karolinska Institutet, SLU, University West, Stockholm University, Lunds University, and Malmö University. On 20 January, Tetoevry stated that they were currently working on restoring the affected IT system.",2024-01-19,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,University West - Uppsala County - Stockholm University - Tietoevry - Lunds Universitet - Swedish University of Agricultural Sciences - Malmö University - Loomis - Statens servicecenter - Vellinge municipality - Karolinska Institutet,Sweden; Sweden; Sweden; Finland; Sweden; Sweden; Sweden; Sweden; Sweden; Sweden; Sweden,EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU,Critical infrastructure - State institutions / political system - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - State institutions / political system - State institutions / political system - Critical infrastructure,Research - Civil service / administration - Research - Digital Provider - Research - Research - Research - Transportation - Civil service / administration - Civil service / administration - Research,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),2,17597; 17596,2024-01-22 00:00:00; 2024-01-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Receiver attributes attacker; Media-based attribution,Tietoevry; Bleeping Computer,Not available; Not available,Finland; Not available,Akira Ransomware Group/Storm-1567; Akira Ransomware Group/Storm-1567,Not available; Not available,Non-state-group; Non-state-group,https://www.bleepingcomputer.com/news/security/tietoevry-ransomware-attack-causes-outages-for-swedish-firms-cities/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,11.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,1,2024-01-22 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Sweden,Swedish Police Authority,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/tietoevry-ransomware-attack-causes-outages-for-swedish-firms-cities/; https://www.bleepingcomputer.com/news/security/finland-warns-of-akira-ransomware-wiping-nas-and-tape-backup-devices/; https://securityaffairs.com/157371/breaking-news/akira-ransomware-targets-finnish-organizations.html; https://www.version2.dk/artikel/svenske-myndigheder-og-virksomheder-ramt-af-ransomwareangreb-paa-it-leverandoer; https://sverigesradio.se/artikel/cyber-attack-against-tietoevry-cinemas-and-businesses-affected; https://demokraatti.fi/verkkohyokkays-tietoevryn-palvelimelle-ruotsissa-yritysten-verkkosivuja-alhaalla; https://www.hs.fi/talous/art-2000010135850.html; https://www.tietoevry.com/en/newsroom/all-news-and-releases/other-news/2024/01/mim-jan-20/; https://www.tietoevry.com/en/newsroom/all-news-and-releases/other-news/2024/01/ransomware-attack-in-sweden-update/; https://www.tietoevry.com/en/newsroom/all-news-and-releases/other-news/2024/01/update-on-ransomware-attack-in-sweden-restoration-work-progressing-at-tietoevry/; https://fr.news.yahoo.com/sport/su%C3%A8de-cyberattaque-perturbe-administration-achats-132851577.html; https://www.sudinfo.be/id776477/article/2024-01-23/60000-employes-affectes-120-administrations-touchees-une-cyberattaque-bloque-la; https://securityaffairs.com/158031/cyber-crime/tietoevry-akira-ransomware-attack.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-26th-2024-govts-strike-back/; https://securityaffairs.com/158225/breaking-news/security-affairs-newsletter-round-456-by-pierluigi-paganini-international-edition.html; https://www.centralbanking.com/fintech/cyber/7960745/swedish-central-bank-affected-by-ransomware-attack; https://www.tietoevry.com/en/newsroom/all-news-and-releases/press-releases/2024/tietoevry-continued-focus-on-recovery-from-the-ransomware-attack/; https://siecledigital.fr/2024/03/06/depuis-plusieurs-semaines-la-suede-est-la-cible-du-groupe-cybercriminel-akira/; https://therecord.media/akira-ransomware-attacked-hundreds-millions,2024-01-22,2024-02-29
3039,Qilin ransomware group targeted Serbian state-owned electricity provider Elektroprivreda Srbije (EPS) in December 2023,"Elektroprivreda Srbije (EPS), Serbia's state-owned and sole electricity provider was targeted by Qilin Ransomware Group in December 2023, the company disclosed on 19 December 2023 speaking of a ""crypto-type attack"". While the exact extent of the compromise remains unknown, the incident affected access to the customer billing portal, managed by EPS. On 18 January 2024, Qilin started to leak information containing documents, such as contracts, invoices, and screenshots of employee folders. Media reporting acknowledged that investigations by the Serbian Special Prosecution Office for High-Tech Crime were ongoing.",2023-12-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,,Data theft & Doxing; Disruption; Ransomware,Elektroprivreda Srbije (EPS),Serbia,EUROPE; BALKANS; WBALKANS,State institutions / political system; Critical infrastructure,Civil service / administration; Energy,Qilin Ransomware Group,Not available,Non-state-group,Criminal(s),1,17511,2024-01-18 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Qilin Ransomware Group,Not available,Not available,Qilin Ransomware Group,Not available,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Medium,12.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Serbia,Special Prosecutor Office for High-Tech Crime,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.rferl.org/a/serbia-electricity-provider-ransomware-cyberattack/32783953.html; https://balkaninsight.com/2023/12/21/hacking-attack-on-serbian-utility-leaves-payment-portal-out-of-action/,2024-01-22,2024-02-26
3038,Russian Ransomware Group Medusa Suspected of Compromising Belgian Waste Management Organisation Limburg.Net on 13 December 2023,"On 13 December 2023, Limburg.net, the inter-municipal organisation for waste prevention and collection in the province of Limburg and the city of Diest in Belgium, became the subject of an intrusion through which data from over 300,000 Belgian households was compromised. In response to the breach, all systems were immediately shut down to prevent further damage. The organisation's website remained offline for several days. 
Subsequent investigations revealed that threat actors of suspected Russian origin had infiltrated an old data server and copied documents containing public or outdated data, with media reports linking the activity to the ransomware group Medusa. The compromised data mainly dates back to before the merger of three municipalities in 2005 and contained personal data such as names, addresses and national register numbers of 311,000 heads of household from several municipalities in 2014 and 2015. These contents match with leaked data. Limburg.net rejected the hackers' ransom demand of $100,000 and reported the incident to the police. ",2023-12-13,2023-12-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Limburg.net,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Civil service / administration,Medusa Ransomware Group,Russia,Non-state-group,Criminal(s),1,17512,2024-01-23 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Not available,Not available,Not available,Medusa Ransomware Group,Russia,Non-state-group,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.lesoir.be/562412/article/2024-01-19/les-donnees-de-plus-de-300000-belges-volees; https://www.limburg.net/nieuws/de-impact-van-de-cyberaanval; https://www.lesoir.be/563256/article/2024-01-23/les-donnees-de-plus-de-300000-familles-belges-volees-la-plateforme-sexcuse?referer=%2Farchives%2Frecherche%3Fdatefilter%3Dlastyear%26sort%3Ddate%2Bdesc%26word%3Dlimburg,2024-01-22,2024-02-26
3036,"Russian state-sponsored threat actor Midnight Blizzard gained access to Microsoft Corporate e-mail accounts and stole data since November 2023, as discovered by Microsoft on 12 January 2024","In a disclosure filing to the SEC dated 19 January 2024, Microsoft announced that it discovered an intrusion to its systems on 12 January 2024. The compromise is suspected to have begun in late-November 2023 following a password spray attack. Based on a preliminary analysis, the US technology giant investigated that the threat actor ""gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in [Micorsoft's] cybersecurity, legal, and other functions.""
Microsoft attributed the intrusion to the nation-state sponsored group Midnight Blizzard (previously tracked as NOBELIUM and also known as APT29, Cozy Bear, or Dukes) with alleged ties to Russia's foreign intelligence service SVR. On 8 March, Microsoft updated its SEC, noting that Midnight Blizzard had been observed using information obtained from the corporate email systems to gain, or attempt to gain to Microsoft controlled systems. This activity has targeted source code repositories and other internal systems.
On 2 April the Cybersecurity and Infrastructure Security Agency issued an emergency directive to adress federal agencies which were also impacted by the breach.",2023-11-01,Not available,Attack on critical infrastructure target(s),,,Data theft; Hijacking with Misuse,Microsoft,United States,NATO; NORTHAM,Critical infrastructure,Digital Provider,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,1,18510,2024-01-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker,Microsoft,Not available,United States,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,Civic / political rights; ,Not available,1,2024-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://cyberscoop.com/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials/; https://www.cybersecurity360.it/nuove-minacce/microsoft-sotto-attacco-informatico-complice-la-russia/; https://gestion.pe/tecnologia/microsoft-dice-que-ciberataque-vinculado-a-rusia-afecto-correos-de-sus-ejecutivos-noticia/; https://gestion.pe/tecnologia/microsoft-dice-que-ciberataque-vinculado-a-rusia-afecto-correos-de-sus-ejecutivos-noticia/; https://cybeout.com/2024/01/i-criminali-informatici-russi-sono-riusciti-a-hackerare-microsoft-e-ad-accedere-alle-e-mail-dei-suoi-dirigenti/; https://www.igizmo.it/microsoft-sotto-attacco-informatico-dalla-russia-violate-le-mail/; https://eltiempolatino.com/2024/01/20/tecnologia/grupos-rusos-hackean-correos-ejecutivos-microsoft/; https://eltiempolatino.com/2024/01/20/tecnologia/grupos-rusos-hackean-correos-ejecutivos-microsoft/; https://www.wired.com/story/cisa-emergency-directive-ivanti-vpn-patch-security-roundup/; https://www.lapresse.ca/affaires/2024-01-19/microsoft/des-cadres-superieurs-victimes-d-une-cyberattaque-liee-a-l-etat-russe.php; https://www.bluradio.com/tecnologia/microsoft-denuncia-ciberataque-por-parte-de-rusos-a-miembros-del-equipo-directivo-cb20; https://www.muycomputer.com/2024/01/20/microsoft-es-victima-de-un-ciberataque-de-origen-ruso-que-ha-comprometido-informacion-interna/; https://www.muycomputer.com/2024/01/20/microsoft-es-victima-de-un-ciberataque-de-origen-ruso-que-ha-comprometido-informacion-interna/; https://www.bluradio.com/tecnologia/microsoft-denuncia-ciberataque-por-parte-de-rusos-a-miembros-del-equipo-directivo-cb20; https://securityaffairs.com/157802/apt/midnight-blizzard-hacked-microsoft-email-accounts.html; https://www.20min.ch/fr/story/technologie-microsoft-a-subi-une-cyberattaque-de-pirates-lies-a-letat-russe-169275365750; https://www.rferl.org/a/russian-group-hacks-microsoft/32784539.html; https://www.hdblog.it/microsoft/articoli/n577579/microsoft-attacco-hacker-russi-mail-dirigenti/; https://www.tunisienumerique.com/microsoft-visee-par-une-cyberattaque-dorigine-russe/; https://www.xataka.com/seguridad/microsoft-sufre-ciberataque-que-afecta-a-cuentas-directivos-apunta-a-hackers-rusos-solarwinds; https://timesofindia.indiatimes.com/gadgets-news/microsoft-hacked-by-russiasponsored-group-latest-cybersecurity-breach/articleshow/107006500.cms; https://www.ilpost.it/2024/01/20/attacco-hacker-russi-microsoft/; https://www.elperiodico.com/es/tecnologia/20240120/microsoft-ataque-cibernetico-actor-ruso-97134673; https://www.orientaldaily.com.my/news/international/2024/01/20/625619; https://www.ilsussidiario.net/news/microsoft-violati-account-e-mail-dirigenti-lazienda-gruppo-hacker-legato-ai-servizi-segreti-russi/2649720/; https://fr.news.yahoo.com/hackers-russes-acc%C3%A9d%C3%A9-mails-dirigeants-093211365.html; https://www.channelnewsasia.com/business/microsoft-says-russian-state-sponsored-hackers-spied-its-executives-4061756; http://www.osservatoriosullalegalita.org/24/acom/01/20newtoninternet.htm; https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html; https://www.business-standard.com/world-news/russia-linked-group-attacked-corporate-systems-hacked-emails-microsoft-124012000068_1.html; https://metronews.it/2024/01/20/cyberattacco-a-microsoft-violati-account-aziendali-il-sospetto-e-su-gruppi-legati-alla-russia/; https://www.japantimes.co.jp/business/2024/01/20/tech/russia-hack-microsoft/; https://www.parismatch.be/actualites/societe/2024/01/20/microsoft-a-subi-une-cyberattaque-de-pirates-lies-a-letat-russe-V56RAUBAP5G7ROEFWCXBGLDEEM/; http://www.uniindia.com/news/world/microsoft-says-detected-disrupted-alleged-russian-state-sponsored-cyber-attack/3127482.html; https://www.bleepingcomputer.com/news/security/russian-hackers-stole-microsoft-corporate-emails-in-month-long-breach/; https://www.tasnimnews.com/en/news/2024/01/20/3025714/microsoft-s-corporate-system-targeted-in-cyber-attack; https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html; https://www.teknofilo.com/ciberdelincuentes-rusos-accedieron-a-emails-de-altos-ejecutivos-de-microsoft/; https://arstechnica.com/security/2024/01/microsoft-network-breached-through-password-spraying-by-russian-state-hackers/; https://www.spiegel.de/politik/deutschland/news-bahnpuenktlichkeit-werteunion-demos-gegen-rechts-a-4d170e2a-d7c1-4e28-b935-e7498d2eb12f; https://www.boursier.com/actualites/economie/e-mails-pirates-hackers-russes-ce-que-l-on-sait-de-la-cyberattaque-qui-a-vise-microsoft-50480.html; https://www.cybersecurity360.it/nuove-minacce/microsoft-sotto-attacco-informatico-complice-la-russia/; https://www.01net.com/actualites/hackers-russes-pirate-microsoft-mot-passe-epu-securise.html; https://www.tecnoandroid.it/2024/01/22/microsoft-la-russia-ha-attaccato-la-potente-azienda-multinazionale-1336556/; https://thetechportal.com/2024/01/22/microsoft-faces-cyber-breach-as-midnight-blizzard-infiltrates-microsofts-email-system/; https://siecledigital.fr/2024/01/22/des-hackers-russes-se-sont-infiltres-dans-les-e-mails-des-dirigeants-de-microsoft/; https://www.gizbot.com/internet/news/microsoft-security-breach-midnight-blizzard-russian-linked-hackers-behind-attack-gen-090541.html; https://www.computerweekly.com/news/366567100/SolarWinds-hackers-attack-Microsoft-in-apparent-recon-mission; https://webrazzi.com/2024/01/22/microsoftun-kurumsal-e-posta-hesaplari-hacklendi/; https://therecord.media/russian-hackers-accessed-emails-of-senior-microsoft-leaders; https://research.checkpoint.com/2024/22nd-january-threat-intelligence-report/; https://www.agefi.fr/news/entreprises/microsoft-cible-par-une-cyberattaque-orchestree-par-des-pirates-lies-au-renseignement-russe; https://www.aksiyon.com.tr/rus-bilgisayar-korsanlari-microsoft-a-saldirdi-13537; https://securityaffairs.com/157829/breaking-news/security-affairs-newsletter-round-455-by-pierluigi-paganini-international-edition.html; https://www.techrepublic.com/article/microsoft-midnight-blizzard-nation-state-attack/; https://www.bitmat.it/cyber-security-culture/microsoft-attaccata-da-midnight-blizzard/; https://assodigitale.it/news/internet/microsoft-attaccata-dalla-russia-ecco-i-nuovi-scenari-inquietanti-della-guerra-nascosta-su-internet/; https://www.societe.com/actualites/microsoft_vise_par_une_cyberattaque_du_renseignement_russe-78536.html; https://cyberscoop.com/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach/; https://therecord.media/hpe-tells-sec-breached-by-cozy-bear; https://www.bleepingcomputer.com/news/security/hpe-russian-hackers-breached-its-security-teams-email-accounts/; https://www.wired.com/story/microsoft-hpe-midnight-blizzard-email-breaches/; https://securityaffairs.com/158097/security/midnight-blizzard-hacked-hpe.html; https://www.techrepublic.com/article/microsoft-midnight-blizzard-nation-state-attack/; https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/; https://new.qq.com/rain/a/20240126A04VZ800; https://arstechnica.com/security/2024/01/in-major-gaffe-hacked-microsoft-test-account-was-assigned-admin-privileges/; https://securityaffairs.com/158164/apt/midnight-blizzard-apt-cyberespionage.html; https://www.bleepingcomputer.com/news/security/microsoft-reveals-how-hackers-breached-its-exchange-online-accounts/; https://www.dailysecu.com/news/articleView.html?idxno=153161; https://therecord.media/microsoft-says-russian-hackers-used-previously-identified-technique-to-breach-executive-emails; https://www.tomshw.it/hardware/gaffe-di-microsoft-un-account-compromesso-e-stato-dotato-di-privilegi-amministrativi; https://www.01net.com/actualites/microsoft-revele-comment-pirates-midnight-russes-pirate-messagerie.html; https://www.schneier.com/blog/archives/2024/01/microsoft-executives-hacked.html; https://siecledigital.fr/2024/01/29/des-hackers-russes-ciblent-les-e-mails-des-grandes-entreprises-et-organisations/; https://www.lanacion.com.ar/agencias/midnight-blizzard-utilizo-pulverizacion-de-contrasenas-y-servidores-aposproxyapos-residenciales-en-nid29012024/; https://www.lanacion.com.ar/agencias/midnight-blizzard-utilizo-pulverizacion-de-contrasenas-y-servidores-aposproxyapos-residenciales-en-nid29012024/; https://www.cope.es/actualidad/tecnologia/noticias/midnight-blizzard-utilizo-pulverizacion-contrasenas-servidores-proxy-residenciales-ciberataque-microsoft-20240129_3116516; https://www.cope.es/actualidad/tecnologia/noticias/midnight-blizzard-utilizo-pulverizacion-contrasenas-servidores-proxy-residenciales-ciberataque-microsoft-20240129_3116516; https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/; https://www.bleepingcomputer.com/news/security/hpe-investigates-new-breach-after-data-for-sale-on-hacking-forum/; https://www.techrepublic.com/article/australian-cyber-security-pros-state-sponsored-attacks/; https://www.bleepingcomputer.com/news/security/russian-hackers-shift-to-cloud-attacks-us-and-allies-warn/; https://cyberscoop.com/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments/; https://www.techrepublic.com/article/ncsc-uk-svr-cyber-threat-actors/; https://www.wired.com/story/russia-hackers-microsoft-source-code/; https://cyberscoop.com/microsoft-cozy-bear-russia/; https://securityaffairs.com/160207/hacking/russia-midnight-blizzard-breached-microsoft.html; https://arstechnica.com/security/2024/03/microsoft-says-kremlin-backed-hackers-accessed-its-source-and-internal-systems/; https://therecord.media/microsoft-warning-svr-russia-breach-stolen-information; https://www.bleepingcomputer.com/news/microsoft/microsoft-says-russian-hackers-breached-its-systems-accessed-source-code/; https://www.iltempo.it/esteri/2024/03/08/news/microsoft-attacco-hacker-midnight-blizzard-russia-codice-sorgente-38682426/; https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/; https://www.sec.gov/Archives/edgar/data/789019/000119312524062997/d808756d8ka.htm; https://www.watson.ch/fr/international/hacker/286092407-des-hackers-d-elite-russes-ont-pirate-microsoft; https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/; https://www.generation-nt.com/actualites/cyberattaque-microsoft-code-source-hackers-russes-midnight-blizzard-2045178; https://www.usine-digitale.fr/article/microsoft-reconnait-que-des-pirates-russes-lui-ont-vole-du-code-source-et-des-documents-sensibles.N2209713; https://research.checkpoint.com/2024/11th-march-threat-intelligence-report/; https://www.itmedia.co.jp/enterprise/articles/2403/12/news074.html; https://www.cnnturk.com/teknoloji/microsoftun-rus-hacker-grubu-ile-basi-dertte-2094550; https://cyberscoop.com/federal-government-russian-breach-microsoft/; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://cyberscoop.com/cisa-emergency-directive-tells-agencies-to-fix-credentials-after-microsoft-breach/; https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-impacted-by-microsoft-hack-to-mitigate-risks/; https://therecord.media/cisa-microsoft-breach-emergency-directive; https://www.abc.es/internacional/washington-acusa-hackers-apoyados-rusia-robar-correos-20240412075351-nt.html; https://www.xataka.com/seguridad/eeuu-acusa-a-rusia-grupo-hackers-ruso-ha-robado-e-mails-gobierno-estadounidense; https://www.elperiodico.com/es/internacional/20240412/riesgo-grave-estados-unidos-denuncia-100973426; https://www.elperiodico.com/es/internacional/20240412/riesgo-grave-estados-unidos-denuncia-100973426; https://www.defenseone.com/threats/2024/04/russian-hackers-accessed-us-government-emails-microsoft-breach-cisa-says/395667/; https://www.usine-digitale.fr/article/des-hackers-russes-sont-bien-a-l-origine-de-la-cyberattaque-contre-microsoft-en-janvier.N2211490; https://www.channelnews.fr/trois-mois-apres-le-piratage-de-microsoft-par-midnight-blizzard-134526; https://www.wired.com/story/the-us-government-has-a-microsoft-problem/,2024-01-22,2024-04-24
3040,DDoS attack interrupted operations of cryptocurrency exchange HTX on 19 January 2024,"On 19 January 2024, a DDoS attack paralysed the services of the cryptocurrency exchange HTX for around 15 minutes. Shortly after the attack, HTX confirmed its recovery and assured that no assets were affect. The platform experienced a significant security breach on 10 November last year, resulting in the theft of around $97 million.",2024-01-19,2024-01-19,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption,HTX Global,Seychelles,AFRICA; SSA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,17927,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://coingape.com/htx-overcomes-ddos-hurdle-assures-user-fund-safety/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service; Service Stop,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://coingape.com/htx-overcomes-ddos-hurdle-assures-user-fund-safety/,2024-01-22,2024-03-13
3044,DDoS Attack Disrupted Access to Website of Swiss canton Basel-Stadt on 19 January 2024,"Access to the website of the Swiss canton Bsael-Stadt was disrupted in the early morning of 19 January 2024 following a DDoS attack of unknown origin. The service was available again a few hours later, although the city communicated that access restrictions could flare up temporarily.",2024-01-19,Not available,"Attack on (inter alia) political target(s), not politicized",,,Disruption,Canton of Basel City,Switzerland,EUROPE; WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17505,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bluewin.ch/de/newsregional/nord/cyberangriff-auf-die-kantonale-website-des-kantons-basel-stadt-2047369.html; https://www.bluewin.ch/de/newsregional/nord/cyberangriff-auf-die-kantonale-website-des-kantons-basel-stadt-2047369.html,2024-01-22,2024-02-26
3043,Pro-Ukrainian Blackjack hacktivist group stole construction work plans for Russian military sites in January 2024,"The pro-Ukrainian hacktivist group Blackjack obtained files from a Russian state-owned enterprise responsible for the construction of military sites (the Main Military Construction Directorate for Special Projects), the Ukrainian military intelligence service GURMO reported via Telegram on 19 January 2024. The report claims that 1.2 TB of ""valuable data"" were extracted, including technical documentation for more than 500 Russian military facilities. According to the GURMO statement, the operation succeeded in obtaining ""critical information"" about Russian military facilities, whose construction is completed, currently underway or foreseen. This information has been passed on to the armed forces of Ukraine. Following the extraction, the data was subsequently wiped from the enterprise's servers.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,,Data theft; Disruption; Hijacking with Misuse,"Russian Federal State Unitary Enterprise ""GVSU for Special Objects""",Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; State institutions / political system,Civil service / administration; Military,Blackjack (Security Service of Ukraine),Not available,"Non-state actor, state-affiliation suggested",,1,17598,2024-01-19 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ,Not available,Ukraine,Blackjack (Security Service of Ukraine),Not available,"Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Destruction,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Sovereignty,Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://news.yahoo.com/hur-confirms-successful-cyber-attack-102300450.html; https://t.me/DIUkraine/3314,2024-01-22,2024-02-29
3035,"Unknown actors disrupted website, app and information screens at the stations of the Belgian railroad company NMBS/SNCB through DDoS attack on 18 January 2024","Unknown actors disrupted access to the website, the application Belgian railroad company NMBS/SNCB through a DDoS attack in the early morning of 18 January 2024, announced NMBS/SNCB spokesman Bart Crols on the same day. The disruption also affected the feeds of information screens at train stations. ",2024-01-18,2024-01-18,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,National Railway Company of Belgium (NMBS/SNCB),Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,17602,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.vrt.be/vrtnws/de/2024/01/18/die-kommunikation-der-belgischen-bahn-funktioniert-wieder-gross/,2024-01-19,2024-02-29
3034,Unknown Hackers Exploited Vulnerability in Socket.Tech leading to Theft of $3.3 Million in Cryptocurrency on 16 January 2024 ,"On 16 January 2024, Socket.Tech, a major cross-chain infrastructure provider, was found to have a security vulnerability affecting multiple Web3 applications. The Bungee exchange, a key link between Ethereum and 12 other chains, became the target of unauthorised asset transfers that caused a loss of $3.3 million. The threat actor exploited a vulnerability in a newly added module of the Socket Aggregator system, compromising the integrity of the protocol.
A vulnerability in the mistakenly deployed module allowed the threat actor to steal funds from users who had given the Socket Gateway contract unlimited authorisation for tokens. The theft involved two malicious transactions using Ethereum. The tokens transferred included USDC, USDT, DAI, WETH, WBTC and MATIC.
In response to the incident, Socket.Tech disabled the compromised route and restored the protocol service after a six-hour interruption. The attack was limited to Ethereum, while applications on other chains remained unaffected. In total, according to a statement from Socket.Tech, 200 to 210 users were affected. 
DApps from third-party providers such as Rainbow and Zeal Wallets, which rely on Socket's bridging protocol, were not targeted as part of the incident.",2024-01-16,2024-01-16,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Socket Technology,United Arab Emirates,ASIA; MENA; MEA; GULFC,Critical infrastructure,Finance,Not available,Not available,Not available,,1,17608,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,3300000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://koinbulteni.com/defi-protokolunden-33-milyon-dolarlik-kripto-para-calindi-ekipten-aciklama-var-206162.html; https://blockworks.co/news/socket-bridge-protocol-exploit; https://sockettech.notion.site/Socket-Incident-Report-16-Jan-9aba3bbf08814fc49e4f2ffb58284912,2024-01-19,2024-03-01
3033,Unspecified Subgroup Of Iranian APT Mint Sandstorm (Also Known As APT35 / Charming Kitten) conducted Espionage Campaign Against International High-Level Targets In Academia Since At Least November 2023,"An unspecified subset of Mint Sandstorm (formerly tracked as PHOSPHORUS), an Iran-based subgroup of the Islamic Revolutionary Guard Corps (IRGC), has been actively conducting a campaign since November 2023, which specifically targeted high-level individuals involved in Middle Eastern affairs at universities and research institutions in Belgium, France, Gaza, Israel, the United Kingdom and the United States. The group used advanced social engineering techniques, customised phishing lures and new post-exploitation techniques, including the use of a special backdoor called MediaPl, according to Microsoft.
Impersonating a journalist and a news outlet alongside other high-profile researchers through spoofed and compromised email accounts, the threat actor attempted to develop trust with their targets before delivering malicious content. The goals of the campaign appear to be centred on gathering information about the war between Israel and Hamas, with a focus on individuals in contact with or in a position to influence members of intelligence and policy communities. It is not yet known exactly which institution has been compromised. ",2023-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available,Belgium; France; United States; United Kingdom; Israel; Palestine,EUROPE; EU(MS); NATO; WESTEU - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - EUROPE; NATO; NORTHEU - ASIA; MENA; MEA - ASIA; MENA; MEA,State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research; ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,17609,2024-01-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft Security Intelligence,United States,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/,System / ideology; Territory,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2024/01/iranian-hackers-masquerades-as.html; https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-target-researchers-with-new-mediapl-malware/; https://therecord.media/microsoft-iranian-hackers-high-profile-experts; https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/; https://new.qq.com/rain/a/20240118A077LT00; https://research.checkpoint.com/2024/22nd-january-threat-intelligence-report/,2024-01-19,2024-03-08
3032,Unknown actors disrupted network systems at Kansas State University,"Unknown actors disrupted certain network systems at Kansas State University, the university announced on its website on 16 January 2024.",2024-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Kansas State University,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,17612,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/kansas-state-university-cyberattack-disrupts-it-network-and-services/; https://www.k-state.edu/media/update/; https://securityaffairs.com/157729/security/kansas-state-university-cyber-attack.html; https://research.checkpoint.com/2024/22nd-january-threat-intelligence-report/; https://securityaffairs.com/157829/breaking-news/security-affairs-newsletter-round-455-by-pierluigi-paganini-international-edition.html; https://therecord.media/kansas-state-university-ccc-oregon-cyberattacks; https://www.k-state.edu/media/update/it-cybersecurity/incident-response/,2024-01-19,2024-02-29
3030,Chinese Espionage Groups Actively Exploited Multiple Zero-Day Vulnerabilities in Ivanti VPN Appliances Since December 2023,"The threat group UTA0178 has been actively exploiting two zero-day vulnerabilities in Ivanti's Connect Secure (ICS) VPN solution (CVE-2024-21887 and CVE-2023-46805) since at least December 2023, the security company Volexity assesses with medium confidence. On 10 January 2024, Volexity reported the Ivanti vulnerabilities, which they discovered on 3 December. Ivanti published mitigation measures on the same day. On 15 January, Volexity announced in an update that the vulnerability had been exploited at scale by the same threat actor on at least 1,700 ICS devices. This conclusion is based on the use of the GIFTEDVISITOR webshell, deployed by UTA0178 during its initial exploitation of ICS appliances. Volexity suspects UTA0178 to be a threat actor with connections to the Chinese state. On the day after Volexity's first publication, Mandiant announced that it had created a new designator, UNC5221, to track the activity targeting the two ICS zero days. Following its reporting on the vulnerabilities, Volexity detected exploitation attempts from two dozens additional IP addresses. Reviewing these intrusion attempts, Volexity identified a second threat actor, UTA0188 (tracked by Mandiant as UNC5325). The globally distributed victims include government and military institutions, national telecommunications companies, defence organisations, technology companies, banks, financial, accounting and global consulting firms, as well as aerospace and engineering companies. In addition to UTA0178, Volexity has discovered other threat actors exploiting the vulnerability, including UTA0188. On 31 January, Ivanti disclosed two additional zero-day vulnerabilities (CVE-2024-21888 and CVE-2024-21893). Mandiant on the same day reported that UNC5325 had been observed exploiting CVE-2024-21893 as early as 19 January, to circumvent mitigation measures released by Ivanti to prevent exploitation of the two zero-day vulnerabilities reported on 10 January. Vulnerability researchers at watchTowr identified a fifth software flaw on 2 February (CVE-2024-22024), which Ivanti disclosed on 8 February, prior to exploitation in the wild. ",2023-12-03,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,,Data theft; Hijacking with Misuse,Not available - Not available - Not available,Not available; Not available; Not available, -  - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system - Critical infrastructure; Critical infrastructure; Critical infrastructure, - Government / ministries; Military - Telecommunications; Finance; Space,UTA0188,Not available,Not available,,4,17874; 17872; 17873; 17875,2024-01-15 00:00:00; NaT; 2024-01-31 00:00:00; 2024-02-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Volexity; Volexity; Mandiant; Mandiant,Volexity; Volexity; Mandiant; Mandiant,United States; United States; United States; United States,UTA0188; UTA0178; UTA0178/UNC5221; UTA0188/UNC5325,Not available; China; China; China,"Not available; Non-state actor, state-affiliation suggested; Unknown - not attributed; Unknown - not attributed",https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,multiple,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/; https://www.heise.de/news/Ivanti-VPN-Sicherheitsluecken-fuehren-zu-tausenden-kompromittierten-Geraeten-9599887.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/; https://therecord.media/ivanti-vpn-vulnerabilities-exploited-devices-worldwide; https://securityaffairs.com/157558/hacking/ivanti-connect-secure-vpn-flaws-attacks.html; https://www.techrepublic.com/article/volexity-ivanti-connect-secure-vpn-vulnerabilities/; https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-exploited-to-deploy-custom-malware/; https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html; https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day; https://securityaffairs.com/157320/security/cisa-ivanti-microsoft-sharepoint-known-exploited-vulnerabilities-catalog.html; https://securityaffairs.com/157306/hacking/ivanti-connect-secure-policy-secure-0days.html; https://www.wired.com/story/cisa-emergency-directive-ivanti-vpn-patch-security-roundup/; https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html; https://federalnewsnetwork.com/cybersecurity/2024/01/cisa-mandates-agencies-close-2-cyber-vulnerabilities-immediately/; https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/; https://securityaffairs.com/157829/breaking-news/security-affairs-newsletter-round-455-by-pierluigi-paganini-international-edition.html; https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html; https://securityaffairs.com/158393/malware/ivanti-connect-secure-vpn-deliver-krustyloader.html; https://thehackernews.com/2024/01/alert-ivanti-discloses-2-new-zero-day.html; https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-zero-day-exploited-in-attacks/; https://securityaffairs.com/158403/hacking/ivanti-actively-exploited-zero-day-cve-2024-21893.html; https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html; https://securityaffairs.com/158440/apt/malware-ivanti-vpn-flaws-attacks.html; https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-disconnect-ivanti-vpn-appliances-by-saturday/; https://securityaffairs.com/158456/security/cisa-order-fix-ivanti-vpn.html; https://arstechnica.com/security/2024/02/agencies-using-vulnerable-ivanti-products-have-until-saturday-to-disconnect-them/; https://www.bleepingcomputer.com/news/security/newest-ivanti-ssrf-zero-day-now-under-mass-exploitation/; https://therecord.media/ivanti-urgent-warning-new-vulnerability; https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/; https://www.techrepublic.com/article/volexity-ivanti-connect-secure-vpn-vulnerabilities/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/here-are-the-microsoft-and-google-security-updates-you-need-right-now/; https://www.bleepingcomputer.com/news/security/cisa-cautions-against-using-hacked-ivanti-vpn-gateways-even-after-factory-resets/; https://cyberscoop.com/cisa-ivanti-integrity-checker-vulnerabilty/; https://research.checkpoint.com/2024/4th-march-threat-intelligence-report/; https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence; https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure; https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b; https://labs.watchtowr.com/are-we-now-part-of-ivanti/; https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/; https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/; https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation,2024-01-18,2024-04-04
3029,Unknown Threat Actors encrypted and leaked patient data of Healthcare System IZIS in Republika Srpska on 31 December 2023,"The Integrated Health Information System (IZIS) of the Serb-majority entity of Bosnia and Herzegovina, Republika Srpska, fell victim to a ransomware cyberattack on 31 December 2023. After being offline for 17 days, IZIS systems were partially restored in mid-January, allowing healthcare workers in six of the 74 healthcare centres across the entity to access IZIS applications except for laboratory services. IZIS is an essential platform for internal communication and managing digital health records of patients in the Republika Srpska.
The Health Insurance Fund of Republika Srpska announced that citizens' data remained protected in light of the ransomware attack. Reporting by SocSecurity, a platform for monitoring leaked personal data, that some of the compromised information had been offered for sale on the dark web seemed to contest this assessment.

",2023-12-31,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,Integrated Health Information System (IZIS),Bosnia and Herzegovina,EUROPE; BALKANS; WBALKANS,State institutions / political system; Critical infrastructure,Civil service / administration; Health,Not available,Not available,Not available,,1,17616,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://balkaninsight.com/2024/01/17/bosnian-serb-entity-healthcare-system-partly-back-online-after-cyber-attack/,2024-01-18,2024-02-29
3028,External Provider of Spanish Employment Agency Lanbide Fell Victim to Blackcat Ransomware Attack Starting in 2021 ,"Two servers of an external service provider of the federal Basque employment agency Lanbide in Spain were infected with the Blackcat ransomware in 2021, according to an announcement by the employment agency on 17 January 2024. The ransomware was discovered on the subcontractor's servers in November 2023. At the time of the attack in 2021, the servers were no longer actively in use and have not been used since, which is why the incident was only discovered two years later. Lanbide explained that the attackers obtained personal customer data such as identity and contact information. The data belonged to a survey Lanbide conducted for the years 2017 to 2021, as well as job applicants during the same time period. Lanbide stated that the stolen data has not been made public yet. The agency explained that the data protection authority and the Basque police force Ertzaintza were immediately informed of the incident in November. ",2021-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Lanbide - Not available,Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Civil service / administration - ,Not available,Not available,Not available,,1,17617,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.lanbide.euskadi.eus/informacion-adicional/y94-general/es/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lanbide.euskadi.eus/informacion-adicional/y94-general/es/; https://cadenaser.com/euskadi/2024/01/17/un-ciberataque-a-lanbide-se-hace-con-los-datos-identificativos-de-140000-usuarios-radio-bilbao/; https://www.eitb.eus/es/noticias/sociedad/detalle/9400905/lanbide-alerta-sobre-posibles-usurpaciones-de-identidad-tras-detectar-ataque-informatico-a-sus-servidores/,2024-01-18,2024-02-29
3027,Taiwanese semiconductor company Foxsemicon hit by ransomware attack in mid-January 2024,"The Lockbit group targeted the Taiwanese semiconductor manufacturer Foxsemicon Integrated Technology, a subsidiary of technology group Foxconn also known as Hon Hai Technology, with ransomware in mid-January 2024. Access to the company's regular website was disrupted by a message from the threat actors declaring that customers' personal data had been stolen and that the data would be published on the dark net. The group claimed to have stolen 5 TB of data. Publishing a message on the victim's website is an uncharacteristic practice for Lockbit. Foxsemicon stated that the incident had no significant impact on the company's operations but did not disclose any information about the stolen data. ",2024-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Foxsemicon,Taiwan,ASIA; SCS,Critical infrastructure,Critical Manufacturing,LockBit,Not available,Non-state-group,Criminal(s),1,17618,2024-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Non-state-group,https://therecord.media/foxsemicon-ransomware-attack-taiwan,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/foxsemicon-ransomware-attack-taiwan; https://www.eet-china.com/news/202401174479.html; https://tech.ifeng.com/c/8WQXYpJ81cp,2024-01-18,2024-02-29
3026,Pro-Russian Hacker Group NoName057(16) Carried Out DDoS Attacks On Swiss Federal Administration Websites on 17 January 2024,"A DDoS attack by the pro-Russian hacker group NoName057(16) temporarily blocked access to the websites of the Swiss Federal Administration on 17 January 2024. The group claimed responsibility for the attack, stating that the visit of Ukrainian President Zelensky to Davos (Switzerland) for the World Economic Forum prompted the attack. Among others, the websites of the federal departments and a number of federal offices were affected. Access to the websites was restored on 17 January.",2024-01-17,2024-01-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Rhaetian Railway  - Swiss government websites,Switzerland; Switzerland,EUROPE; WESTEU - EUROPE; WESTEU,Critical infrastructure - State institutions / political system,Transportation - Civil service / administration,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,17619,2024-01-17 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Switzerland,NoName057(16),Russia,Non-state-group,https://securityaffairs.com/157651/hacking/pro-russia-noname-hit-switzerland.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/157651/hacking/pro-russia-noname-hit-switzerland.html; https://www.infobae.com/america/agencias/2024/01/17/suiza-sufre-un-ciberataque-ruso-durante-la-participacion-de-zelenski-en-el-foro-de-davos/; https://www.infobae.com/america/agencias/2024/01/17/suiza-sufre-un-ciberataque-ruso-durante-la-participacion-de-zelenski-en-el-foro-de-davos/; https://www.rts.ch/info/suisse/14632910-la-confederation-victime-dune-cyberattaque-prorusse-sans-fuite-de-donnees.html; https://www.20min.ch/fr/story/confederation-sites-internet-bloques-en-represailles-a-la-visite-de-zelensky-103022704; https://www.watson.ch/fr/suisse/volodymyr%20zelensky/505672336-la-confederation-encore-victime-d-une-cyberattaque-prorusse; https://www.lapresse.ca/international/europe/2024-01-17/la-suisse-se-dit-victime-de-hackers-prorusses-apres-la-visite-du-president-ukrainien.php; https://www.letemps.ch/suisse/des-hackers-russes-ciblent-a-nouveau-les-sites-web-de-la-confederation; https://www.admin.ch/gov/fr/accueil/documentation/communiques.msg-id-99736.html; https://t.me/noname05716eng/2730; https://t.me/noname05716eng/2732; https://lenews.ch/2024/01/19/swiss-government-victim-of-pro-russian-cyber-attack/; https://www.admin.ch/gov/fr/accueil/documentation/communiques/flux-rss/par-office/communiques-de-presse-et-discours.msg-id-99736.html; https://securityaffairs.com/157829/breaking-news/security-affairs-newsletter-round-455-by-pierluigi-paganini-international-edition.html,2024-01-18,2024-02-29
3021,Singaporean Restaurant Company RE&S hit by ransomware attack before 11 January 2024,"The Singapore-based restaurant chain RE&S announced on 11 January 2024 that it was the victim of a ransomware attack by unnamed actors. 
Following a damage and data recovery investigation by outside experts, RE&S stated that there is no indication that data was leaked, or any personal data compromised. But an unknown party had gained access to corporate servers and ""impacted"" data, necessitating the initiation of data recovery processes.",2024-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,RE&S,Singapore,ASIA,Critical infrastructure,Food,Not available,Not available,Not available,,1,17700,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.ajunews.com/view/20240116121132528; https://repository.shareinvestor.com/rpt_view.pl/id/515561214.1/type/sgxnet/original_filename/1,2024-01-17,2024-03-04
3020,Japanese Soken Chemical targeted with ransomware on 9 January 2024,"The chemical branch of the Japanese chemical manufacturer and engineering company Soken Chemical & Engineering Co. Ltd. became the victim of a ransomware attack by unknown actors on 9 January 2024, the business confirmed on the next day in a press release. 
Follow-up reporting on 16 January revealed that no data was deemed to have been stolen or leaked; however, Soken revealed that, as a result of the intrusion, certain servers and data stored on them were encrypted and made inaccessible. As an investigation worked to determine the origins of the attack, Soken shut down certain services in order to prevent spread and secure the operations of mission-critical systems.",2024-01-09,Not available,Attack on critical infrastructure target(s),,,Disruption; Hijacking with Misuse; Ransomware,"Soken Chemical & Engineering Co., Ltd.",Japan,ASIA; SCS; NEA,Critical infrastructure,Critical Manufacturing,,Not available,Unknown - not attributed,,1,17701,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://scan.netsecurity.ne.jp/article/2024/01/16/50451.html; https://www.soken-ce.co.jp/pdf/20240110.pdf; https://www.soken-ce.co.jp/pdf/20240116.pdf,2024-01-17,2024-03-04
3022,Unknown actors disrupted access to the website of French hospital CHU Nantes on 14 January 2024,"The website and other public-facing applications of French hospital CHU Nantes could not be accessed, following a DDoS attack in the night of 14-15 January 2024. The hospital noted that certain services, such as online appointment scheduling, would remain impacted for several days while access to systems was restored.",2024-01-14,Not available,Attack on critical infrastructure target(s),,,Disruption,CHU Nantes,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,17699,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://actu.fr/pays-de-la-loire/nantes_44109/chu-de-nantes-l-hopital-a-ete-victime-d-une-cyberattaque-ce-week-end_60569792.html; https://www.lemondeinformatique.fr/actualites/lire-le-chu-de-nantes-vise-par-une-attaque-ddos-92684.html; https://www.francebleu.fr/infos/faits-divers-justice/le-chu-de-nantes-victime-d-une-cyberattaque-les-services-administratifs-perturbes-5425272; https://www.lefigaro.fr/nantes/le-chu-de-nantes-victime-d-une-cyberattaque-pendant-deux-jours-20240116; https://www.lefigaro.fr/nantes/le-chu-de-nantes-victime-d-une-cyberattaque-pendant-deux-jours-20240116; https://www.elsoldemexico.com.mx/finanzas/suiza-sufre-ciberataque-ruso-durante-la-participacion-de-zelenski-en-el-foro-de-davos-11298540.html#!; https://www.lemondeinformatique.fr/actualites/lire-l-hopital-d-armentieres-perturbe-par-un-ransomware-92940.html; https://www.zinfos974.com/cyberattaques-un-exercice-de-gestion-de-crise-pour-proteger-notre-systeme-de-sante/; https://theconversation.com/la-lente-convalescence-des-hopitaux-victimes-de-cyberattaques-225372; https://www.clicanoo.re/article/societe/2024/04/23/les-autorites-livrent-des-remedes-pour-prevenir-les-cyberattaques-662716234aa2a,2024-01-17,2024-03-04
3018,  Keating Consulting compromised in Phishing Attack leaking Personally Identifiable Information On 11 January 2024,"On 11 January 2024, a data breach occurred when a phishing attack targeted Keating Consulting, the third-party accounting partner of Framework Computer, Inc. - a US laptop manufacturer. The unknown attacker successfully impersonated the CEO of Framework, resulting in personally identifiable information (PII) related to outstanding invoices for purchases from Framework being compromised. The compromised information comprised full names, email addresses and credit balances.
",2024-01-09,2024-01-11,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Keating Consulting - Framework Computer,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Critical Manufacturing,Not available,Not available,Not available,,1,17702,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://community.frame.work/t/framework-data-breach/43408?utm_source=substack&utm_medium=email; https://www.bleepingcomputer.com/news/security/framework-discloses-data-breach-after-accountant-gets-phished/,2024-01-16,2024-03-04
3014,Chinese APT Volt Typhoon compromised telecommunication provider of Southwest Pacific Islands of New Caledonian in December 2023,"The Chinese APT Volt Typhoon compromised a telecommunication provider of Southwest Pacific Island chain New Caledonian in December 2023, according to a report by SecurityScorecard’s STRIKE Team. The report further highlights that by doing so, government infrastructure in the US, UK, and Australia was potentially compromised, but the researchers could not determine whether the threat actor was successful.
The research findings suggest that the APT compromised Cisco routers, in particular the end-of-lifecycle models RV320 and RV325, by exploiting two publicly known vulnerabilities (CVE-2019-1653 and CVE-2019-1652). Both vulnerabilities have been listed in the Known Exploited Vulnerabilities Catalogue maintained by Cybersecurity and Infrastructure Security Agency since 2021 and 2022, respectively.",2023-12-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,New Caledonia,,Critical infrastructure,Telecommunications,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China,State,,1,17703,2024-01-11 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,SecurityScorecard`s STRIKE Team,,United States,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China,State,,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://therecord.media/cisco-routers-end-of-life-china-espionage-volt-typhoon; https://www.scmagazine.com/brief/us-others-potentially-targeted-by-new-volt-typhoon-attacks-exploiting-cisco-router-bugs; https://securityscorecard.com/blog/threat-intelligence-research-volt-typhoon/; https://www.voachinese.com/a/fbi-calls-out-china-for-making-critical-infrastructure-fair-game-for-cyber-ops-20240418/7576392.html,2024-01-15,2024-03-04
3013,Ransomware Group Medusa targeted water provision NGO Water for People in January 2024,"The Ransomware-as-a-Service group Medusa targeted water provision NGO Water for People in January 2024, according to Medusa’s darknet site, asking for an extortion fee of $300,000.
Water for People confirmed the compromise to Recorded Future. According to the company's statement, the incident affected data from before 2021 but did not disrupt financial systems or business operations.",2024-01-11,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Water For People,United States,NATO; NORTHAM,Critical infrastructure,Water,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,17704,2024-01-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://therecord.media/water-for-people-medusa-ransomware,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/water-for-people-medusa-ransomware; https://www.heise.de/news/Ransomware-Gang-Medusa-erpresst-Hilfsorganisation-9596950.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://research.checkpoint.com/2024/15th-january-threat-intelligence-report/; https://therecord.media/tarrant-county-texas-ransomware-attack-medusa,2024-01-15,2024-03-04
3011,Uruguayan media Youtube channels hacked by unknown actors in January 2024,"Uruguayan media YouTube channels were hacked by unknown actors in January 2024s. Among the affected media entities were Legítima Defensa, Legítima Defensa 2da. Dosis, Dato Mata Relato, El Último Bondi, El mundo tal cual es and Macondo. The police authorities have been notified and launched an investigation in the account compromises.
Senator Mario Bergara was cited as assuring that he would fight for the presence and development of fundamental media in the country in the aftermath of the hack. Bergara's statement further suggested that in addition to temporarily cutting off access to the accounts, the incident also involved the exfiltration of data.",2024-01-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,None - None - None - None - None - None,Uruguay; Uruguay; Uruguay; Uruguay; Uruguay; Uruguay,SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM,Media - Media - Media - Media - Media - Media, -  -  -  -  - ,,Not available,Not available,,1,17706,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Unknown,,Unknown,,1,2024-01-13 00:00:00,State Actors: Legislative reactions,Stabilizing statement by member of parliament,Uruguay,"Mario Bergara (Senator, Uruguay)",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.carasycaretas.com.uy/politica/bergara-hackeo-legitima-defensa-es-preocupante-n70028; https://www.carasycaretas.com.uy/sociedad/certal-rechazo-el-hackeo-que-sufrio-caras-y-caretas-n70004,2024-01-15,2024-03-04
3010,Pro-Ukrainian hacktivist group Blackjack hit Russian water utility company Rosvodokanal on 20 December 2023,"The pro-Ukrainian hacktivist group Blackjack breached networks of the Russian water utility company Rosvodokanal on 20 December 2023, allegedly with the support of the Ukrainian Security Service SBU, the Ukrainian news outlet Ukrainska Pravda reported based on unnamed sources within Ukraine's law enforcement agencies. According to these accounts, the operatives targeted over 6,000 machines, deleting more than 50TB of data, including internal document management, corporate emails, backups, and information of cybersecurity services, impairing the operations of the water supplier. An additional 1.5TB of exfiltrated data reportedly has been shared with the SBU for further analysis. ",2023-12-20,2023-12-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Rosvodokanal,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Water,Blackjack (Security Service of Ukraine),Ukraine,"Non-state actor, state-affiliation suggested",,1,17707,2023-12-20 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Not available,Not available,Ukraine,Blackjack (Security Service of Ukraine),Ukraine,"Non-state actor, state-affiliation suggested",,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Destruction,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",8.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.watson.ch/fr/international/guerre%20contre%20l%27ukraine/912385697-illia-vitiuk-se-bat-contre-les-hackers-russes; https://kyivindependent.com/media-ukrainian-hackers-hit-russia-utilities-company/; https://www.pravda.com.ua/news/2023/12/20/7433934/,2024-01-15,2024-03-04
3008,TeaM NETWORK9 defaced website of Maldivian Juvenile Court on 10 January 2024,"TeaM NETWORK9 targeted the website of Maldivian Juvenile Court on 10 January 2024. Before the website became unavailable, it displayed a message from the threat group TeaM NETWORK9, who claimed to be Indian Bharatiya hackers. The website is no longer available. 
The incident follows other alleged attacks on the website of the Maldivian government, including the Maldivian President’s Office.",2024-01-10,2024-01-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking with Misuse,Juvenile Court of the Republic of Maldives,Maldives,ASIA; SASIA,State institutions / political system,Judiciary,TeaM NETWORK9,India,Non-state-group,Hacktivist(s),1,17708,2024-01-10 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,TeaM NETWORK9,Not available,India,TeaM NETWORK9,India,Non-state-group,https://www.theweek.in/news/world/2024/01/10/maldives-government-website-down-after-suspected-cyber-attack-hackers-claim-to-be-indians.html,System / ideology,System/ideology,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.theweek.in/news/world/2024/01/10/maldives-government-website-down-after-suspected-cyber-attack-hackers-claim-to-be-indians.html,2024-01-11,2024-03-04
3007,Unnamed threat actor breached US HMG Healthcare in August 2023,"An unnamed threat actor breached the US Hospital Management Group (HMG) in August 2023, impacting 40 affiliated nursing facilities, the company disclosed in January 2024. According to the statement, they became aware of the data breach in November 2023. 
The firm disclosed that unidentified hackers gained access to HMG servers and stole unencrypted files, exposing social security numbers and general personal information as well as health records, including general health information and treatment details.",2023-08-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,HMG Healthcare LLC,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,17709,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/157244/data-breach/hmg-healthcare-data-breach.html; https://www.hmghealthcare.com/privacy-update/#substitute-notice,2024-01-11,2024-03-04
3004,South African Tshwane University of Technology hit by cyberattack on 17 December 2023,"South Africa's Tshwane University of Technology (TUT) suffered a disruption of university systems on 17 December 2023, according to a press release. Due to the incident, users were temporarily unable to log into their university account. The disruptions were accompanied by the theft of hundreds of thousands of internal records. On 26 January 2024, TUT placed one of its deputy vice-chancellors, Professor Bhekisipho Twala, responsible for the university's digital transformation initiative on suspension for ""allegedly failing to manage the aftermath of the cyber security breach effectively.""",2023-12-17,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Tshwane University of Technology,South Africa,AFRICA; SSA,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,17711,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.tut.ac.za/index.php/cyber-security-incident; https://bnnbreaking.com/tech/cybersecurity/tut-suspends-deputy-vice-chancellor-after-major-data-breach,2024-01-10,2024-03-04
3003,Unknown actors targeted website of Finland's Ministry of Justice with DDoS attack on 9 January 2024,"According to a social media post by Finland's Ministry of Justice, its website was working slower than usual and facing intermittent availability issues due to a DDoS attack on 9 January 2024.",2024-01-09,2024-01-09,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Ministry of Justice (Finland),Finland,EUROPE; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,17712,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.dailyfinland.fi/national/35808/Ministry-website-comes-under-cyber-attack,2024-01-10,2024-03-04
3002,Paraguyan mobile carrier and cloud operator Tigo Business hit by cyberattack on 4 January 2024,"Tigo Business, Paraguay's largest mobile operator, was hit by a cyberattack on 4 January 2024, which affected the provision of some of the company's services. The company, which also operates an enterprise division that provides cybersecurity consulting, cloud and data centre hosting for businesses, stressed that the incident had no impact on Internet and mobile services. Prior to the company's official confirmation of the incident, client companies were struggling with website outages. On 6 January, the Paraguayan foundation Ciberseguro, which investigated the incident, declared that the company had been affected by a ransomware attack that encrypted data on the company's server. Following the company's official statement, the General Directorate of Information and Communication Technologies of the Paraguayan Armed Forces (FFAA) issued a warning to the country's companies about ransomware attacks by Black Hunt. The warning was related to the incident at Tigo Business. The company previously acknowledged receiving an $8 million ransom demand. The General Directorate later deleted the official statement. ",2024-01-04,2024-01-04,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,Not available - Farmacenter - Ministry of Foreign Affairs (Paraguay) - Tupi - Tigo Business,Not available; Paraguay; Paraguay; Paraguay; Paraguay, - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM,Unknown - Critical infrastructure - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure, - Health - Government / ministries -  - Telecommunications; Digital Provider,Black Hunt,Not available,Non-state-group,Criminal(s),1,17713,2024-01-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Black Hunt,Not available,Not available,Black Hunt,Not available,Non-state-group,https://www.ultimahora.com/telefonia-aclara-que-incidente-de-ciberseguridad-afecta-a-grupo-limitado-de-clientes-corporativos,Unknown,Not available,,Not available,,1,2024-01-01 00:00:00,State Actors: Preventive measures,Awareness raising,Paraguay,General Directorate of Information and Communication Technologies of the Paraguayan Armed Forces (FFAA),No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/paraguay-warns-of-black-hunt-ransomware-attacks-after-tigo-business-breach/; https://www.ultimahora.com/telefonia-aclara-que-incidente-de-ciberseguridad-afecta-a-grupo-limitado-de-clientes-corporativos; https://www.heise.de/news/Cyberattacken-und-Ransomware-Mehrere-Opfer-Code-Verkauf-und-freier-Decryptor-9593275.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://research.checkpoint.com/2024/15th-january-threat-intelligence-report/; https://finance.yahoo.com/news/hackers-roil-entire-industries-attacks-100000390.html,2024-01-10,2024-03-04
2998,US health management provider HealthEC LLC experienced data breach in July 2023,"The US healthcare management provider HealthEC LLC disclosed on 22 December 2023 that company data had been exfiltrated during 14-23 July 2023. The data breach affected 4.5 million patients. The healthcare provider hosts a population health management platform used by healthcare organisations. Stolen data comprised patients' name, address, date of birth, social security number, taxpayer identification number, medical record number, medical information (including diagnosis, diagnosis code, mental/physical condition, prescription information), health insurance information and billing and claims information. At least 17 healthcare organisations had been affected by the breach, including Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee - Division of TennCare, the University Medical Center of Princeton Physicians' Organization and the Alliance for Integrated Care of New York.",2023-07-14,2023-07-23,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"Metro Community Health Centers -  P.A, d/b/a Mid-Florida Cancer Centers - East Georgia Healthcare Center - Mid Florida Hematology & Oncology Centers - Compassion Health Care - Long Island Select Healthcare - Hudson Valley Regional Community Health Centers - Community Health Care Systems - Upstate Family Health Center - Honor Health -  Illinois Heath Practice Alliance - Advantage Care Diagnostic & Treatment Center, Inc. - Corewell Health - Innovative Health Alliance - HealthEC LLC",United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - ,Not available,Not available,Not available,,1,17621,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,17.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://research.checkpoint.com/2024/8th-january-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/data-breach-at-healthcare-tech-firm-impacts-45-million-patients/; https://www.healthec.com/cyber-incident/; https://apps.web.maine.gov/online/aeviewer/ME/40/4680936e-e496-43ed-a35d-59ece9b523b6.shtml,2024-01-09,2024-02-29
2997,Ransomware group BlackCat/ALPHV suspected of stealing data from US security firm Ultra Intelligence & Communications in late 2023,"The ransomware group BlackCat/ALPHV published 30 GB of sensitive data, ostensibly obtained from the US security company Ultra Intelligence & Communications, on the darknet on 27 December 2023. Ultra Intelligence & Communications is a security company that supplies defence companies and governments with communications technology. The leak disclosed contracts between Ultra Intelligence and the Swiss Department of Defence (DDPS) over $5 million, including for encryption technology for the Swiss Air Force. The DDPS confirmed to Swiss state media to have been briefed by Ultra Intelligence on the incident. The leaked files also list the FBI and NATO among the firm's customers.",2023-12-27,2023-12-27,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,"Federal Department of Defence, Civil Protection and Sport (Switzerland) - RUAG - Ultra Intelligence & Communications",Switzerland; Switzerland; United States,EUROPE; WESTEU - EUROPE; WESTEU - NATO; NORTHAM,State institutions / political system - Critical infrastructure - Critical infrastructure,Government / ministries - Defence industry - Defence industry,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,17622,2023-12-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,AlphV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,https://www.srf.ch/news/schweiz/neuer-hackerangriff-vertraege-der-schweizer-luftwaffe-im-darknet-aufgetaucht,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,3.0,1-10,2.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Switzerland,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Cybergang-AlphV-bei-internationalem-Ruestungszulieferer-Ultra-eingedrungen-9590549.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/157144/cyber-crime/swiss-air-force-data-leak.html; https://www.srf.ch/news/schweiz/neuer-hackerangriff-vertraege-der-schweizer-luftwaffe-im-darknet-aufgetaucht; https://www.zataz.com/fuite-de-donnees-des-forces-aeriennes-suisses-sur-le-dark-web/,2024-01-09,2024-02-29
3001,INC Ransom exfiltrated personal information from Xeros Business Solutions US in late 2023,"The criminal group INC Ransom claimed to have compromised the US division of Xerox Business Solutions (XBS) in a post to its leak site on 29 December 2023. Xerox subsequently confirmed a breach involving the exfiltration of a ""limited amount of personal information"" while noting that the incident had no impact on XBS operations. Sample data leaked by INC Ransom on the group's extortion portal comprised email communications, payment information, and purchase histories. ",2023-12-01,2023-12-29,Attack on critical infrastructure target(s),,,Data theft; Hijacking with Misuse; Ransomware,Xerox Business Solutions US,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,INC Ransomware group,Not available,Non-state-group,Criminal(s),1,17620,2023-12-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,INC Ransomware group,Not available,Not available,INC Ransomware group,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/xerox-says-subsidiary-xbs-us-breached-after-ransomware-gang-leaks-data/; https://www.news.xerox.com/news/xerox-releases-statement-regarding-cybersecurity-incident-affecting-xbs-subsidiary,2024-01-09,2024-03-28
2996,Lazarus Group suspected of having drained $7.5 million from crypto payment service provider CoinsPaid on 5 January 2024,"The Estonian crypto payment service CoinsPaid suffered a loss of a converted $7.5 million on 5 January 2024, as reported by the security firm Cyvers. The funds denominated in Binance and Ethereum were extracted from what Cyvers CEO Deddy Lavid assessed were insufficiently secured wallets. Cyvers linked the compromise to the North Korean Lazarus group.",2024-01-05,2024-01-05,Attack on critical infrastructure target(s),,,Hijacking with Misuse,CoinsPaid,Estonia,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,17623,2024-01-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Cyvers,Cyvers,Israel,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,7500000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://crypto.news/coinspaid-gets-hacked-again-7-million-goes-missing/,2024-01-08,2024-03-25
2995,Cross-chain lending platform Radiant Capital targeted in flash loan attack stealing $4.5 million on 2 January 2024,The cross-chain lending protocol Radiant Capital was exploited in a flash loan attack on 2 January 2024 that enabled the extraction $4.5 million in ETH. Unidentified threat actors took advantage of a known rounding error during deposit and withdraw operations to drain additional funds from the platform. Radiant Capital announced a temporary halt of lending and borrowing activities in response to the incident. ,2024-01-02,2024-01-02,Attack on critical infrastructure target(s),,,Hijacking with Misuse,Radiant Capital,Canada,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,17624,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,4500000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://coinpedia.org/news/radiant-capital-suspends-operations-on-arbitrum-following-4-5-million-exploit/,2024-01-08,2024-04-22
2993,ALPHV ransomware group targeted US mortgage lender loanDepot in January 2024,"The company confirmed on social media in January that they have suffered an cyber attack. The incident affected the online payment system. loanDepot’s payment system, phone services, and service portal could not be reached. The company stated that they took parts of their systems offline to aid the response to the incident. On January 22, the company stated that about 16.6 million customer data and personal information had been stolen in the course of the attack. On 16 Feburary, ALPHV ransomware group claimed to be behind the attack and threatened to publish the stolen data.",2024-01-06,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,loanDepot,United States,NATO; NORTHAM,Critical infrastructure,Finance,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,17625,2024-02-16 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2024-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/mortgage-firm-loandepot-cyberattack-impacts-it-systems-payment-portal/; https://www.heise.de/news/Cyberattacken-und-Ransomware-Mehrere-Opfer-Code-Verkauf-und-freier-Decryptor-9593275.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-12th-2024-targeting-homeowners-data/; https://research.checkpoint.com/2024/15th-january-threat-intelligence-report/; https://www.cpomagazine.com/cyber-security/retail-mortgage-lender-loandepot-disrupted-by-ransomware-attack/; https://finance.yahoo.com/news/loandepot-outage-drags-second-week-134508754.html; https://news.yahoo.com/loandepot-outage-drags-second-week-134508754.html; https://finance.yahoo.com/news/loandepot-provides-cyber-incident-124200675.html; https://nationalmortgageprofessional.com/news/loandepot-discloses-cyber-incident-impacted-166-million-customers; https://www.bleepingcomputer.com/news/security/loandepot-cyberattack-causes-data-breach-for-166-million-people/; https://securityaffairs.com/157972/hacking/loandepot-data-breach.html; https://securityaffairs.com/158225/breaking-news/security-affairs-newsletter-round-456-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/; https://notipress.mx/tecnologia/ataque-ransomware-roba-17-millones-datos-clientes-loandepot-20031; https://nationalmortgageprofessional.com/news/cost-ransomware-attack-12-17m; https://securityboulevard.com/2024/03/alert-fbi-warns-of-blackcat-ransomware-healthcare-attack/,2024-01-08,2024-03-04
2992,Milton Town School District in Vermont targeted by ransomware on 11 December 2023,"The Milton Town School District confirmed that it had become the target of a ransomware attack on 11 December 2023. The intrusion led to the encryption of administrative files, causing disruptions to print services and business operations, impeding the district's financial audit.",2023-12-11,Not available,Attack on critical infrastructure target(s); Attack on critical infrastructure target(s),,,Disruption; Hijacking with Misuse; Ransomware; Disruption; Hijacking with Misuse; Ransomware; Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system; Education; Education,Civil service / administration; Civil service / administration; ; ,,Not available,Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ,1,17627,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown; Unknown; Unknown,Not available; Not available; Not available,; ; ,Not available; Not available; Not available,; ; ,0,,Not available,,Not available,Not available,No; No; No,; ; ,Not available,Data Encrypted for Impact,Not available,True,Not available; Not available; Not available,Long-term disruption (> 24h; incident scores 2 points in intensity); Long-term disruption (> 24h; incident scores 2 points in intensity); Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity); Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity); Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none; none; none,none; none; none,4,Moderate - high political importance; Moderate - high political importance; Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/universities-schools-recovering-from-cyber; https://web.archive.org/web/20240106022037/https://www.miltonindependent.com/news/ransomware-cyber-attack-hits-milton-town-school-district/article_2347179a-9ddd-11ee-bb42-abb033dcde66.html,2024-01-08,2024-02-29
2991,"Unknown Ransomware Group Disrupted Computer System of French Commune of Saint-Philippe, Leading to Outages of Online Services on 1 January 2024","Unknown threat actors attacked the municipality of Saint-Philippe on 1 January 2024 in a ransomware attack. As a result, several of the municipality's digital services, including those related to civil registry and the electoral office, were inoperable and unavailable. The incident was reported to the Gendarmerie.",2024-01-01,2024-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,Municipality of Saint-Philippe,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17638,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Gendarmerie nationale,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.linfo.re/la-reunion/faits-divers/la-commune-de-saint-philippe-a-ete-victime-le-1er-janvier-d-une-cyber-attaque-une-plainte-deposee; https://la1ere.francetvinfo.fr/reunion/saint-philippe/touchee-par-une-cyberattaque-la-mairie-de-saint-philippe-revient-aux-documents-papier-1456034.html; https://www.clicanoo.re/article/societe/2024/04/23/les-autorites-livrent-des-remedes-pour-prevenir-les-cyberattaques-662716234aa2a,2024-01-08,2024-02-29
2990,Ransomware group BlackSuit targeted Kershaw County Public School District in late 2023,"The ransomware group BlackSuit claimed to have targeted Kershaw County Public School District serving 10,000 students in South Carolina in a post shared in early January 2024. The district reported disruptions to its Internet and phone connectivity on 27 November 2023. Access was restored two days later.",2023-11-27,2023-11-29,Attack on critical infrastructure target(s),,,Disruption; Hijacking with Misuse; Ransomware,Kershaw County Public School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,BlackSuit,Not available,Non-state-group,Criminal(s),1,17639,2024-01-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackSuit,Not available,Not available,BlackSuit,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/universities-schools-recovering-from-cyber,2024-01-08,2024-02-29
2989,Kaunas University of Technology in Lithuania subjected to network disruptions and data breach on 8 December 2023,"Kaunas University of Technology in Lithuania reported a breach of its infrastructure that on 8 December 2023 led to disruptions of several systems and the theft of internal information. Exfiltrated data included the name, surname, personal identification number, residential address, telephone number, e-mail address, registration number of private cars of university employees.",2023-12-08,Not available,Attack on critical infrastructure target(s),,,Data theft; Disruption; Hijacking with Misuse,Kaunas University of Technology,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,16040,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/universities-schools-recovering-from-cyber; https://en.ktu.edu/cyber-attack-faq/#has-my-personal-data-been-leaked,2024-01-08,2024-01-09
2988,Unknown Threat Actors Targeted Canadian Memorial University of Newfoundland (MUN) On 29 December 2023,"Memorial University of Newfoundland (MUN) was targeted by as yet unknown threat actors on 29 December 2023, resulting in a delay to the start of classes at the Grenfell campus. As the largest public university in Atlantic Canada, MUN is home to over 19,000 students and an academic and administrative staff of 3,800.
Upon detecting the intrusion, MUN isolated the affected systems, including IT services at the Marine Institute, and launched an investigation. Services at the Marine Institute campus have been up and running again since 2 January 2024. The start of the winter semester at the Grenfell campus had to be postponed from 4 January to 8 January, as efforts to restore the full functionality of all systems remained underway. Internet and payment terminals for credit and debit card transactions at Grenfell Campus were still offline during the first week of January. There was no immediate indication that the intrusion affected systems or data of MUN campuses other than at the Grenfell location. On January 17, the University's president confirmed that the attack was a ransomware attack that encrypted the data on Greenfell's servers. No data was compromised.",2023-12-29,2024-01-08,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Hijacking without Misuse; Hijacking with Misuse; Ransomware,Memorial University of Newfoundland (MUN),Canada,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,16269,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/memorial-university-recovers-from-cyberattack-delays-semester-start/; https://gazette.mun.ca/campus-and-community/it-issue/; https://therecord.media/universities-schools-recovering-from-cyber; https://www.mun.ca/updates/; https://vocm.com/2024/01/17/third-party-source-responsible-for-grenfell-campus-ransomware-attack/; https://www.bleepingcomputer.com/news/security/kansas-state-university-cyberattack-disrupts-it-network-and-services/; https://www.bleepingcomputer.com/news/security/canadas-anti-money-laundering-agency-offline-after-cyberattack/,2024-01-08,2024-01-18
2987,Instagram Account of the Police Authority of the Germany city of Brunswick hijacked to push ads on 4 January 2024,"An unknown actor took control over the Instagram account of the police authority of the German city of Brunswick during the night of 4-5 January 2024. The hijacked account with around 13,000 followers subsequently published suggestive ads, including for a wine seller in Boston. Authorities reclaimed the account later on 5 January.",2024-01-04,2024-01-05,"Attack on (inter alia) political target(s), not politicized",,,Hijacking without Misuse,Police Authority of Brunswick,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Police,Not available,Not available,Not available,,1,16038,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Other,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://tarnkappe.info/artikel/cyberangriff/instagram-hack-bei-der-polizei-braunschweig-und-fehlende-2fa-286471.html; https://www.braunschweiger-zeitung.de/braunschweig/article241353408/Instagram-Account-der-Polizei-Braunschweig-gehackt.html,2024-01-08,2024-03-19
2986,Turkey-aligned Sea Turtle APT targeted Dutch companies in IT service and telecommunication sector in 2023,"Turkey-aligned Sea Turtle APT targeted Dutch companies in 2023, according to a report by Dutch security service provider Hunt & Hackett. The observed activity focused on telecommunication, and media organisations, including ISPs, and IT service providers, Hunt & Hackett found. The threat actor was observed collecting potentially sensitive data, including email archives, from the compromised networks.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Media; Critical infrastructure,Telecommunications; ; Digital Provider,Sea Turtle/Teal Kurma/Marbled Dust fka SILICON/Cosmic Wolf,Turkey,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16037,2024-01-05 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Hunt & Hackett B.V.,Hunt & Hackett B.V.,Netherlands,Sea Turtle/Teal Kurma/Marbled Dust fka SILICON/Cosmic Wolf,Turkey,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,External Remote Services; Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/157021/apt/sea-turtle-targets-dutch-entities.html; https://www.huntandhackett.com/blog/turkish-espionage-campaigns; https://therecord.media/turkish-sea-turtle-hackers-espionage; https://www.bleepingcomputer.com/news/security/turkish-hackers-sea-turtle-expand-attacks-to-dutch-isps-telcos/; https://thehackernews.com/2024/01/sea-turtle-cyber-espionage-campaign.html,2024-01-08,2024-01-09
2985,Unknown threat group targeted Lebanese Beirut-Rafic Al Hariri International Airport in January 2024,"An unknown threat group breached the Beirut-Rafic Al Hariri International Airport in Beirut in January 2024, according to Lebanese media.
The attackers compromised the Flight Information Display System (FIDS). They delivered a message on the airport’s screens asserting that Hezbollah and Iran are pushing Lebanon into war against the will of the Lebanese people. Another Lebanese news site claimed the Baggage Handling System (BHS) was disrupted during the intrusion, requiring a switch to manual inspections of luggage.",2024-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Beirut-Rafic Al Hariri International Airport,Lebanon,ASIA; MENA; MEA,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,16036,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement; System Shutdown/Reboot,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/157079/hacking/cyber-attack-hit-beirut-international-airport.html; https://www.hackread.com/beirut-airport-screens-hacked-hezbollah-message/; https://www.lorientlejour.com/article/1364173/la-cyberattaque-a-laib-remet-la-revendication-dun-nouvel-aeroport-sur-le-tapis.html; https://www.ledevoir.com/monde/moyen-orient/805651/sud-liban-etranges-appels-precedent-frappes-israeliennes; https://rotativo.com.mx/internacionales/misteriosas-llamadas-preceden-bombardeos-israelies-en-sur-libano_1514112_102.html; https://es-us.noticias.yahoo.com/misteriosas-llamadas-preceden-bombardeos-israel%C3%ADes-073433875.html; https://www.lorientlejour.com/article/1365268/apres-celui-du-parlement-le-site-web-du-ministere-libanais-des-affaires-sociales-pirate.html; https://www.lorientlejour.com/article/1365268/apres-celui-du-parlement-le-site-web-du-ministere-libanais-des-affaires-sociales-pirate.html,2024-01-08,2024-01-09
2984,City of Beckley experienced disruption of computer networks in January 2024,"The municipal administration of the city of Beckley, a community of 17,000 in West Virginia, experienced an unspecified security breach that led to the shutdown of its computer networks. Confirming the outage to local media on 4 January 2024, the city's mayor declined to comment on whether the incident involved ransomware.",2024-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,,Disruption; Hijacking with Misuse,City of Beckley,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16035,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/west-virginia-city-hit-cyberattack; https://research.checkpoint.com/2024/8th-january-threat-intelligence-report/,2024-01-08,2024-01-09
2983,"Unknown actors hijacked X accounts of businesses, organizations and politicians in order to redirect followers to malicious websites, draining their crypto wallets, since midst of December 2023 with increasing incidents in the first weeks of January 2024","Multiple business accounts of critical manufacturing as well as accounts of politicians and NGOs have been compromised in order to push scams designed to infect potential victims with cryptocurrency wallet drainer malware since midst of December 2023 with increasing incidents in the first weeks of January 2024. The threat actors put the focus for their phishing efforts on verified ""gold"" and ""grey"" ticked accounts.

The following accounts on X (formerly Twitter) have been taken over by unknown hackers: Personal accounts have been hijacked on 2 January 2024, such as the one of Brazilian politician Ubiratan Sanderson and Canadian senator Amina Gerba. The non-profit consortium ""The Green Grid"" fell victim to a similar intrusion the same day, falsely advertising for the LFG project. 

MalwareHunterTeam identified other notable compromises, including one affecting the account of cybersecurity company Mandiant on 3 January, a Google Cloud subsidiary, impersonating the Phantom crypto wallet linked to a cryptocurrency scam. The account of Web 3 security firm CertiK was also compromised to push a crypto drainer on 5 January 2024. One day later on 6 January 2023 US data service provider Netgear fell victim to a similar intrusion, of which the account was used to reply to BRCapp tweets. The X-account of Car manufacturer Hyundai MEA (Middle East & Africa) was also hijacked in the first week of January 2024, impersonating the cross-platform multiplayer RPG Overworld, which is linked to cryptocurrency firm Binance Labs. On 9 January 2024 the United States Securities and Exchange Commission fell victim to a similar compromise, having their account used for advertisements of spot bitcoin exchange-traded products, as posted by the victim. On January 22, the United States Securities and Exchange Commission stated that the attacker gained access to the account through a SIM swap attack. 

According to the digital risk monitoring platform CloudSEK there is an emergence of a new black market where compromised gold and grey x-accounts are sold to criminals.  The gold and grey labels of X-accounts shall symbolize verifications of serious and trustworthy accounts. Scammers are also using the redirect mechanism of X for at least two weeks. With that mechanism, threat actors can create URLs looking like they belong to legitimate organizations but in fact leading to malicious, often wallet-draining websites.
",2024-01-02,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,"United States Securities and Exchange Commission - Hyundai MEA (Middle East & Africa) - Mandiant  - Amina Gerba (Canadian Senator, Canada) -  Ubiratan Antunes Sanderson (Member of Brazilian parliament, Brazil) - Netgear - CertiK - The Green Grid","United States; Korea, Republic of; United States; Canada; Brazil; United States; United States; United States",NATO; NORTHAM - ASIA; SCS; NEA - NATO; NORTHAM - NATO; NORTHAM - SOUTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - Critical infrastructure - Critical infrastructure - Social groups,Civil service / administration - Critical Manufacturing -  - Legislative - Legislative - Telecommunications - Finance - Advocacy / activists (e.g. human rights organizations),Not available,Not available,Not available,,1,17016,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,3.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hackers-hijack-govt-and-business-accounts-on-x-for-crypto-scams/; https://bnnbreaking.com/politics/canadian-senator-amina-gerbas-twitter-account-hacked-amid-global-rise-in-cyber-threats/; https://x.com/malwrhunterteam/status/1742294268075458617?s=20; https://x.com/malwrhunterteam/status/1742589508401443034?s=20; https://x.com/malwrhunterteam/status/1742890463139360816?s=20; https://www.bleepingcomputer.com/news/security/mandiants-account-on-x-hacked-to-push-cryptocurrency-scam/; https://www.bleepingcomputer.com/news/security/web3-security-firm-certiks-x-account-hacked-to-push-crypto-drainer/; https://securityaffairs.com/157039/breaking-news/security-affairs-newsletter-round-453-by-pierluigi-paganini-international-edition.html; https://arstechnica.com/security/2024/01/hacked-x-account-for-google-owned-security-firm-mandiant-pushes-cryptocurrency-scam/; https://www.hackread.com/google-mandiant-cybersecurity-x-hacked-crypto-scam/; https://www.bleepingcomputer.com/news/security/netgear-hyundai-latest-x-accounts-hacked-to-push-crypto-drainers/; https://www.wired.com/story/sec-x-account-compromise/; https://cyberscoop.com/sec-bitcoin-etf-gensler/; https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns; https://www.hackread.com/sec-x-twitter-account-hacked-bitcoin-etfs/; https://securityaffairs.com/157231/hacking/sec-x-account-hacked-etf-approval.html; https://therecord.media/sec-social-media-account-takeover-house-republicans-respond; https://thehackernews.com/2024/01/mandiants-x-account-was-hacked-using.html; https://securityaffairs.com/157296/cyber-crime/mandiant-x-account-hacked-2.html; https://securityaffairs.com/156879/hacking/mandiant-x-account-hacked.html; https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html; https://www.bleepingcomputer.com/news/security/mandiants-account-on-x-hacked-to-push-cryptocurrency-scam/; https://www.wired.com/story/ebay-criminal-charge-bloody-pig-mask/; https://www.wired.com/story/sec-mandiant-x-two-factor-settings/; https://research.checkpoint.com/2024/15th-january-threat-intelligence-report/; https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html; https://cyberscoop.com/sec-x-twitter-bitcoin/; https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/; https://www.spiegel.de/politik/deutschland/news-npd-urteil-nikki-haley-gegen-donald-trump-tuerkei-entscheidung-ueber-schwedens-nato-beitritt-a-bc3f92c6-5dd0-4a88-898d-269158507428; https://news.sbs.co.kr/news/endPage.do?news_id=N1007509567; https://www.kejixun.com/article/623008.html; https://www.dt.co.kr/contents.html?article_no=2024012302109954058006; https://www.bbc.co.uk/news/technology-68025683?at_medium=RSS&at_campaign=KARANGA; https://www.reuters.com/technology/cybersecurity/us-secs-x-account-hacked-with-sim-swapping-agency-says-2024-01-22/; https://cyberscoop.com/federal-government-agency-social-media-security-multifactor-authentication/,2024-01-05,2024-02-22
2982,UAC-0050 targeted Ukrainian government with RemcosRAT surveillance malware in December 2023,"Researchers with Uptycs, a cybersecurity firm, discovered an espionage campaign by UAC-0050 targeting unnamed Ukrainian government agencies on 21 December 2023.
The campaign utilised RemcosRAT, a known tool used for surveillance and control. Initial access is believed to have been developed through phishing emails sent under the guise of consultancy offers to Ukrainian military personnel with the Israeli Defence Forces (IDF). Uptycs report from 3 January 2024 notes that the campaign utilised ""pipe methods"" for data transfer - effectively bypassing antivirus software through creating covert channels within Windows software. Earlier on 21 December, Ukraine's CERT reported on a similar phishing campaign by UAC-0050, which leveraged RemcosRAT as well, further corroborating links between the operation and TTPs identified by Uptycs and UAC-0050.
According to a statement by a CERT-UA’s spokesperson to Recorded Future News, UAC-0050 has been active since at least 2020. The group, which has been targeting government entities across Ukraine, the Baltic region but also Russia, has not been connected to any identified threat actor or a sponsoring state. Remcos is a remote administration tool originally developed and sold by the German company Breaking Security, which for several years has been adopted by various threat actors for malicious purposes.",2023-12-21,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,UAC-0050,Not available,Unknown - not attributed,,1,15874,2024-01-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Uptycs,,United States,UAC-0050,Not available,Unknown - not attributed,https://www.uptycs.com/blog/remcos-rat-uac-0500-pipe-method,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/hackers-using-remcos-getting-stealthier; https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html; https://www.uptycs.com/blog/remcos-rat-uac-0500-pipe-method,2024-01-05,2024-02-07
2981,US county of Cullman hit by ransomware attack in December 2023,Cullman County in the US state of Alabama was hit by a ransomware attack over the Christmas weekend in 2023. Disruptions to the county's servers impaired access to the online property tax payment platform. The online property tax payment system was restored on 29 December 2023.,2023-12-23,2023-12-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Cullman County Revenue Commissioner,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,17714,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://abc3340.com/news/local/cullman-county-revenue-commissioner-barry-willingham-ransomware-attack-christmas-property-tax-payments,2024-01-04,2024-03-04
2980,Website and services of French courier service Colipays disrupted following network intrusion in December 2023,"The French courier service Colipays, based on the island of La Réunion, was subject to an intrusion in December 2023. The breach is believed to have resulted in the manipulation of a database managing the delivery addresses of parcels, resulting in the delay and loss of 3,000 shipments. The company has filed a criminal complaint. Early estimates put the cost for Colipays at several hundred thousand euros.",2023-12-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Colipays,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Other,Not available,Not available,Not available,,1,17717,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://la1ere.francetvinfo.fr/reunion/colipays-victime-d-une-cyberattaque-des-clients-n-ont-jamais-recu-leur-colis-1453478.html; https://www.clicanoo.re/article/societe/2024/01/14/colipays-assure-que-tous-les-clients-touches-seront-rembourses-65a34f22477c2; https://www.clicanoo.re/article/societe/2024/04/23/les-autorites-livrent-des-remedes-pour-prevenir-les-cyberattaques-662716234aa2a,2024-01-04,2024-03-04
2978,Ransomware Gang Cactus targeted Swedish Supermarket Chain Coop on 22 December 2023,"The ransomware gang Cactus targeted the Swedish Supermarket Chain Coop on 22 December 2023. The group claimed responsibility for the targeting on 29 December 2023 via social media. 
Following a media request, Coop confirmed the incident, which briefly took down the company website, prevented card payments at Coop outlets in the county of Värmland and large parts of the IT systems of the Värmland branch, and resulted in the exfiltration of a limited set of employee data (names, addresses, and social security numbers). Stores remained open throughout the incident. ",2023-12-29,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Coop Sverige AB,Sweden,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Food,Cactus,Not available,Non-state-group,Criminal(s),1,17792,2023-12-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cactus Ransomware Group,Not available,Not available,Cactus,Not available,Non-state-group,https://twitter.com/FalconFeedsio/status/1740719323117686820,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/coop-varmland-sweden-supermarket-chain-cyberattack; https://twitter.com/FalconFeedsio/status/1740719323117686820; https://www.coopvarmland.se/; https://research.checkpoint.com/2024/8th-january-threat-intelligence-report/; https://securityaffairs.com/156709/cyber-crime/cactus-ransomware-coop-sweden.html,2024-01-04,2024-03-28
2976,Hacker 'Snow' breached RIPE account of Spanish Mobile Network Operator Orange Spain on 3 January 2024,"A hacker operating under the pseudonym 'Snow' breached the IP network coordination centre (RIPE) account of Spanish Mobile Network Operator Orange Spain on 3 January 2024. Manipulations of account information caused internet outages within Orange Spain's network between 14:45 and 16:15 UTC, affecting some of its customers.
Snow posted about their breach on social media on 3 January, asking Orange to contact them to receive new credentials. The attacker altered the Autonomous System (AS) number linked to the firm’s IP addresses and activated an unauthorised RPKI configuration on them.
Orange Spain confirmed the takeover of their RIPE account and stated that no customer data was compromised. The company did not provide information on how the RIPE account compromise was achieved.",2024-01-03,2024-01-03,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Orange Espagne S.A.U.,Spain,EUROPE; NATO; EU(MS),Critical infrastructure,Telecommunications,Snow,Not available,Individual hacker(s),,1,17719,2023-01-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Snow,Not available,Not available,Snow,Not available,Individual hacker(s),https://twitter.com/Ms_Snow_OwO/status/1742357282917109928,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Manipulation,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",5.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/; https://twitter.com/Ms_Snow_OwO/status/1742357282917109928; https://twitter.com/orange%5Fes/status/1742616775647265035; https://securityaffairs.com/156920/hacking/orange-spain-ripe-account-hacked.html; https://arstechnica.com/security/2024/01/a-ridiculously-weak-password-causes-disaster-for-spains-no-2-mobile-carrier/; https://research.checkpoint.com/2024/8th-january-threat-intelligence-report/; https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html; https://www.linfo.re/magazine/high-tech/attaque-informatique-chez-orange-espagne-un-mot-de-passe-faible-a-l-origine-d-une-faille-de-securite; https://www.diariodepozuelo.es/113015-orange-hackeada-colapsando-el-internet-en-espana-todo-lo-que-necesitas-saber,2024-01-04,2024-03-04
2975,Russian intelligence service suspected to have gained access to surveillance cameras in Kyiv ,"The Ukrainian Security Service (SBU) announced in a statement on Telegram that it had deactivated two surveillance cameras in Kyiv that were allegedly hacked by a Russian intelligence service to spy on critical infrastructure and Ukraine's air defences. The cameras were installed on residential buildings in Kyiv. Following the compromise of the devices, the Russian operators allegedly gained remote access to the cameras, changed their angle of view and connected them to YouTube to stream sensitive footage. This footage potentially aided the Russian military in directing drones and missiles at Kyiv during a large-scale missile attack on Ukraine on 2 January 2024.",2023-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,End user(s) / specially protected groups,,Not available,Russia,State,,1,17720,2024-01-02 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Security Service of Ukraine (SBU),Not available,Ukraine,Not available,Russia,State,https://t.me/SBUkr/10757,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2024-01-02 00:00:00,State Actors: Preventive measures,,Ukraine,Ukrainian Security Service (SBU),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/156812/intelligence/russia-hacked-surveillance-cameras-ukraine.html; https://therecord.media/ukraine-says-russia-hacked-web-cameras-to-spy-on-kyiv-targets; https://t.me/SBUkr/10757; https://www.wired.com/story/23andme-blames-users-data-breach-security-roundup/; https://securityaffairs.com/157039/breaking-news/security-affairs-newsletter-round-453-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/pro-ukraine-hackers-breach-russian-isp-in-revenge-for-kyivstar-attack/; https://www.wired.com/story/anne-neuberger-cybersecurity-q-and-a/,2024-01-04,2024-03-04
2972,Unidentified threat actor targeted ICT provider Gallery Systems on 28 December 2023,"An unknown threat actor targeted US ICT provider Gallery Systems on 28 December 2023, the company stated in a customer notification. As a result of what was identified as a ransomware attack, the company faced IT service outages that also affected its customers. Gallery Systems provides software solutions to over 800 museums, including for virtual tours. To limit the effect of the outage, Gallery Systems had to take parts of its systems offline.",2023-12-28,2023-12-28,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Gallery Systems,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,17721,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/online-museum-collections-down-after-cyberattack-on-service-provider/,2024-01-03,2024-03-04
2970,Qilin Ransomware Group suspected of targeting Independent Australian Authority Court Services Victoria (CSV) on 8 December 2023,"The Court Services Victoria (CSV) discovered on 21 December 2023 that unidentified threat actors had gained access to the audio-visual in-court technology network and thereby sensitive video recordings, audio recordings and transcription services on 8 December. In response, the CSV isolated and disconnected affected networks.
The exposed recordings date back to 1 November. Among the affected associated institutions are the Supreme Court, the County Court, the Magistrates' Court, the Children's Court and the Coroners Court. Independent reporting linked the Qilin ransomware group, which reportedly consists of Russian hackers, to the incident.",2023-12-08,2023-12-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse; Ransomware,County Court of Victoria  - Coroners Court of Victoria - Magistrates' Court of Victoria - Court Services Victoria (CSV) - Children's Court of Victoria - Supreme Court of Victoria,Australia; Australia; Australia; Australia; Australia; Australia,OC - OC - OC - OC - OC - OC,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Judiciary - Judiciary - Judiciary - Civil service / administration - Judiciary - Judiciary,Qilin Ransomware Group,Russia,Non-state-group,Criminal(s),1,17722,2024-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Robert Potter,Internet 2.0,Australia,Qilin Ransomware Group,Russia,Non-state-group,https://www.abc.net.au/news/2024-01-02/victoria-court-system-targeted-in-cyber-attack-russian-hackers/103272118,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/victoria-court-recordings-exposed-in-reported-ransomware-attack/; https://courts.vic.gov.au/news/court-services-victoria-cyber-incident; https://therecord.media/hackers-breach-australian-court-hearing-database; https://www.abc.net.au/news/2024-01-02/victoria-court-system-targeted-in-cyber-attack-russian-hackers/103272118; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/; https://securityaffairs.com/157039/breaking-news/security-affairs-newsletter-round-453-by-pierluigi-paganini-international-edition.html; https://www.heise.de/news/Australien-Cyberangriff-auf-Audio-Video-System-der-Justiz-9586963.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://research.checkpoint.com/2024/8th-january-threat-intelligence-report/,2024-01-03,2024-03-04
2968,Unknown hacker targeted cryptocurrency platform Orbit Chain on 31 December 2023,"An unknown hacker targeted the decentralised finance platform Orbit Chain on 31 December 2023. Orbit Chain confirmed via social media that the platform had detected unauthorised access, leading to the loss of various assets across various currencies, including ETH, USDC, and USDT.
According to several secondary reports, the threat group stole between $81 million and $86 million worth of cryptocurrency. Blockchain research company CertiK quantified the loss at $81.5 million.",2023-12-31,2023-12-31,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,Orbit Chain,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,17723,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/orbit-chain-loses-86-million-in-the-last-fintech-hack-of-2023/; https://therecord.media/korean-police-investigating-cryptocurrency-theft-orbit-chain; https://twitter.com/KGJRTG/status/1741575860635783385; https://twitter.com/Orbit_Chain/status/1741725778956730778; https://twitter.com/Orbit_Chain/status/1742132887301107780; https://securityaffairs.com/156832/cyber-crime/orbit-chain-security-breach.html; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts,2024-01-03,2024-03-04
2967,Unidentified Actor breached US in-flight entertainment and communication provider Panasonic Avionics Corporation beginning on or around 14 December 2022 ,"An unidentified actor breached US in-flight entertainment and communication provider Panasonic Avionics Corporation on or around 14 December 2022, according to a data breach notice by Panasonic issued in December 2023.
Based on the statement, the company investigated a potential data breach that may have impacted personal data, including name, contact details (email address, mailing address, and telephone number), date of birth, medical and health insurance information, financial account numbers, company employment status, and government identifiers, such as social security number. ",2022-12-14,2022-12-14,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Panasonic Avionics Corporation,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,,Not available,Not available,,1,17724,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://research.checkpoint.com/2024/1st-january-threat-intelligence-report/; https://s3.documentcloud.org/documents/24238563/panasonic-avionics-corporation-consumer-notice-letter.pdf,2024-01-02,2024-03-04
2962,US software company MongoDB confirmed data breach in December 2023,"On 13 December 2023, the US software company MongoDB discovered unauthorized access to some of the company's systems. The compromised systems contained customer names, phone numbers and email addresses, as well as other customer account metadata. The company confirmed it had been the victim of a phishing attack and that the incident had been ongoing for some time before shutting the threat actor out of its systems on 20 December. On 3 January 2024, the internal investigation concluded that the MongoDB Atlas cloud infrastructure that houses the data stored by clients was not affected by the intrusion. ",2023-12-01,2023-12-20,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,MongoDB,United States,NATO; NORTHAM,Critical infrastructure,Digital Provider,Not available,Not available,Not available,,1,15835,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/156356/breaking-news/security-affairs-newsletter-round-451-by-pierluigi-paganini-international-edition.html; https://www.mongodb.com/alerts; https://www.mongodb.com/alerts; https://www.hackread.com/mongodb-data-breach-hackers-access-customer-info/; https://www.bleepingcomputer.com/news/security/mongodb-says-customer-data-was-exposed-in-a-cyberattack/; https://tarnkappe.info/artikel/it-sicherheit/angriff-auf-mongodb-sicherheitsvorfall-wirft-fragen-auf-285054.html; https://securityaffairs.com/156008/hacking/mongodb-investigate-cyberattack.html; https://www.hackread.com/mongodb-breach-update-names-emails-atlas-secured/; https://research.checkpoint.com/2023/18th-december-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/ubisoft-says-its-investigating-reports-of-a-new-security-breach/,2023-12-29,2024-01-18
2961,APT28 targeted Ukrainian organisations with malware during 15-25 December 2023,"Russian state-sponsored threat actor APT28 (aka Fancy Bear or Forest Blizzard, formerly tracked as Strontium), was observed by Ukraine's Computer Emergency Response Team (CERT-UA) in a campaign targeting several unnamed Ukrainian organisations between 15 and 25 December 2023. 
The campaign, which used phishing emails to establish access, was observed using MASEPIE, a previously unseen Python malware downloader, to infiltrate systems, then using STEELHOOK PowerShell scripts to steal data from Google Chrome and Microsoft Edge browsers in infected devices. Furthermore, IMPACKET, SMBEXEC, and other programs were utilised to reconnoitre networks and attempt further lateral movement through systems. ",2023-12-15,2023-12-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15834,2023-12-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://cert.gov.ua/article/6276894,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-12-28 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Sovereignty,Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/russian-military-hackers-target-ukraine-with-new-masepie-malware/; https://cert.gov.ua/article/6276894; https://securityaffairs.com/156623/apt/apt28-phishing-new-malware.html; https://therecord.media/fancy-bear-apt28-ukraine-new-malware-masepie; https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html; https://therecord.media/ukraine-pow-agency-cyberattack-russia,2023-12-29,2024-04-23
2956,Indian government entities and defense sector targeted by rust-based malware since October 2023,"Indian government agencies and the Indian defense sector have been targeted by an unknown threat actor with Rust-based malware since October 2023.  The phishing campaign used to deliver the Rust-based malware was first detected by cybersecurity firm SEQRITE in October 2023. The campaign used Rust-based payloads and encrypted PowerShell commands to transmit confidential documents to a web-based service engine instead of a dedicated command-and-control (C2) server. By actively modifying its arsenal, the threat actor also used spoofed domains to host malicious payloads and decoy files. SEQRITE tracked the campaign as Operation RusticWeb, noting several TTPs overlapping with the Pakistan-based APT groups Transparent Tribe (APT36) and SideCopy. 
The discovery came almost two months after Cyble uncovered a malicious Android app used by the DoNot team to attack people in the Kashmir region of India. The DoNot team, also known as APT-C-35, Origami Elephant and SECTOR02, is believed to be of Indian origin and has in the past used Android to infiltrate user devices in Kashmir and Pakistan.",2023-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Indian government,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,15747,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/12/operation-rusticweb-rust-based-malware.html; https://www.seqrite.com/blog/operation-rusticweb-targets-indian-govt-from-rust-based-malware-to-web-service-exfiltration/,2023-12-28,2024-03-28
2953,Unknown actors hit National Insurance Board of Trinidad and Tobago (NIBTT) with ransomware on 26 December 2023,"The National Insurance Board of Trinidad and Tobago (NIBTT) was targeted in a ransomware attack on 26 December 2023, according to a social media statement released by the government agency. Due to operational disruptions caused by the incident, all offices remained closed during 27-29 December. NIBTT runs the social security system of the nation, providing payments to more than 40% of the country’s population.",2023-12-26,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,National Insurance Board of Trinidad and Tobago (NIBTT),Trinidad and Tobago,,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15819,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/trinidad-and-tobago-government-agency-hit-with-post-christmas-cyberattack; https://www.facebook.com/photo?fbid=751885133649213&set=a.621575580013503,2023-12-28,2024-01-05
2954,China nexus actor UNC4841 allegedly exploited zero-day bug CVE-2023-7102 of US email and security company Barracuda in 2023,"China-nexus group UNC4841 is believed to have exploited a zero-day vulnerability in US email and security company Barracuda's third-party library Spreadsheet::ParseExcel through specifically crafted Excel email attachments to attack a limited number of email security gateway (ESG) devices in 2023. Following the exploitation of the arbitrary code execution vulnerability (CVE-2023-7102) by UNC4841, Barracuda (in collaboration with Mandiant) observed new variants of the SEASPY and SALTWATER malware deployed on a limited number of ESG devices. On 21 December 2023, Barracuda deployed a security update to all active ESGs to address the vulnerability in its devices.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Hijacking without Misuse,Not available,Not available,,End user(s) / specially protected groups,,UNC4841 ,China,Unknown - not attributed,,1,15821; 15821,2023-12-24 00:00:00; 2023-12-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Mandiant; Barracuda,,United States; United States,UNC4841 ; UNC4841 ,China; China,Unknown - not attributed; Unknown - not attributed,https://www.barracuda.com/company/legal/esg-vulnerability,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,One,Phishing,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.bleepingcomputer.com/news/security/barracuda-fixes-new-esg-zero-day-exploited-by-chinese-hackers/; https://thehackernews.com/2023/12/chinese-hackers-exploited-new-zero-day.html; https://securityaffairs.com/156502/breaking-news/barracuda-fixed-a-new-esg-zero-day-exploited-by-chinese-group-unc4841.html; https://www.barracuda.com/company/legal/esg-vulnerability; https://socradar.io/latest-zero-day-vulnerabilities-unc4841-targets-barracuda-esg-with-cve-2023-7102-apache-ofbiz-authentication-bypass-cve-2023-51467/; https://research.checkpoint.com/2024/1st-january-threat-intelligence-report/; https://therecord.media/cisa-adds-chrome-open-source-bugs; https://www.heise.de/news/Luecke-in-Barracuda-E-Mail-Security-Gateway-ermoeglichte-Code-Einschleusung-9586090.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-bugs-in-chrome-and-excel-parsing-library/; https://securityaffairs.com/156854/security/cisa-adds-chrome-perl-library-flaws-known-exploited-vulnerabilities-catalog.html; https://securityaffairs.com/156696/breaking-news/security-affairs-newsletter-round-452-by-pierluigi-paganini-international-edition.html; https://www.computerweekly.com/de/feature/10-der-groessten-Zero-Day-Angriffe-im-Jahr-2023,2023-12-28,2024-01-09
2955,Homeland Justice claims responsibility for temporary halt of Albanian Parliament's digital services on 25 December 2023,"The Albanian Parliament was hit with a cyberattack on 25 December 2023 temporarily halting its services. According to the statement of the state cyber agency, the ONE telephone company was also targeted in the operation, though it remains unclear whether the perpetrators achieved the desired effects against this latter target. 
On the day the compromises were discovered, the Iran-linked hacker group Homeland Justice claimed responsibility for the intrusions, as well as the targeting of two local telecom companies and Albania’s flag carrier. This claim has not been independently verified, though local media reported that in addition to the parliament, a cellphone provider and an air flight company also have been targeted. While Homeland Justice alleged to have stolen data, this has been refuted by the Albanian cyber agency. The agency assessed the intrusions to have originated from outside Albania.",2023-12-25,2023-12-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Assembly of the Republic of Albania (Albanian Parliament),Albania,EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system,Legislative,Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15824,2023-12-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Homeland Justice,Not available,"Iran, Islamic Republic of",Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://therecord.media/albanian-parliament-telecom-company-hit-by-cyberattacks,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,Iran (People's Mujahideen); Iran (People's Mujahideen); Iran (People's Mujahideen),Yes / HIIK intensity,HIIK 1,1,2023-12-26 00:00:00,State Actors: Stabilizing measures,,Albania,National Authority for Electronic Certificaton and Cyber Security (AKCESK; Albania),No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/albanian-parliament-telecom-company-hit-by-cyberattacks; https://cesk.gov.al/deklarate-zyrtare-3/?fbclid=IwAR0hr%5F%5FslXrH8Y50Wo0O1UzTesupHUlqVhb6ImGLoAK-xxqM2LTp0F5BhiE; https://apnews.com/article/albania-cyberattack-parliament-iran-cc1a03b58bd753bbe935ad74f1abc0f7; https://research.checkpoint.com/2024/1st-january-threat-intelligence-report/; https://securityaffairs.com/156644/security/cyber-attacks-hit-albania.html; https://securityaffairs.com/156696/breaking-news/security-affairs-newsletter-round-452-by-pierluigi-paganini-international-edition.html; https://thehackernews.com/2023/12/albanian-parliament-and-one-albania.html; https://therecord.media/albania-parliament-telecoms-airline-cyberattacks-wiper-malware; https://thehackernews.com/2024/01/pro-iranian-hacker-group-targeting.html,2023-12-28,2024-02-12
2960,Russian hacker group Lockbit 3.0 claimed responsibility for ransomware attack against Italian cloud service provider Westpole in December 2023,"According to media reports, the Russian hacker group Lockbit 3.0 has claimed responsibility for a ransomware attack against the Italian cloud service provider Westpole on 8 December 2023. The incident affected Westpole's client PA Digitale, which offers its cloud service to 1,300 public administrations in Italy, including 540 municipalities and government institutions such as the Agency for Digital Italy (AGID) and the Anti-Corruption Agency (ANAC). The hackers encrypted databases and sent ransom demands to the provider. As a result of the attack, several Italian municipalities were forced to switch to manual procedures. By 18 December, the Italian newspaper La Repubblica reported that Westpole managed to restore 50% of its systems. The Italian national cybersecurity agency points to a slow and difficult recovery process. According to Wespole, PA Digitale and several municipalities, no data was stolen. The company informed the data protection authority Garante della Privacy and the Italian police, who are investigating the incident.",2023-12-08,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse; Ransomware,Westpole,Italy,EUROPE; NATO; EU(MS),State institutions / political system; Critical infrastructure,Civil service / administration; Digital Provider,Lockbit 3.0,Russia,Non-state-group,Criminal(s),1,15741,2023-12-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,Lockbit 3.0,Not available,Russia,Lockbit 3.0,Russia,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-12-08 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Italy,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.cybersecurity360.it/cybersecurity-nazionale/incrementare-la-cyber-security-nella-pa-gli-obiettivi-del-protocollo-di-intesa-tra-mef-acn-e-consip/; https://www.ilcittadino.it/stories/premium/economia/pieve-fissiraga-pa-digitale-piu-sicurezza-rete-dopo-cyberattacco-degli-o_113315_96/; https://www.giornalettismo.com/lockbit-ultimi-attacchi/; https://www.varesenews.it/2024/02/scacco-matto-alla-piu-grande-gang-di-attacchi-informatici/1855104/; https://www.agendadigitale.eu/sicurezza/levoluzione-della-cybersicurezza-nella-pa-lezioni-dal-passato-e-prospettive-future/,2023-12-28,2024-01-10
2957,Unknown actors hit US company ESO Solutions compromising data and encrypting computer systems on 28 September 2023,"US software provider for healthcare organizations and fire departments ESO Solutions was targeted with a ransomware attack resulting in the encryption of several of their computer systems and data theft affecting 2.7 million patients of affiliated clinics and hospitals on 28 September 2023. 
The attackers were able to gain access to one machine containing sensitive data. The data compromised personal information, such as phone numbers, patient account/medical record number, injury type and date, diagnosis information, treatment type and date, procedure information, and social security numbers. Customers were notified on 12 December 2023. 
Affected institutions include the Mississippi Baptist Medical Center, Community Health Systems Merit Health Biloxi, Merit Health River Oaks, ESO EMS Agency, Forrest Health Forrest General Hospital, HCA Healthcare Alaska Regional Hospital, Memorial Hospital at Gulfport Health System, Providence St Joseph Health (Providence Kodiak Island Medical Center), Providence Alaska Medical Center, Desert View Hospital, Ascension Providence Hospital in Waco, Tallahassee Memorial, Manatee Memorial Hospital, and CaroMont Health.",2023-09-28,2023-09-28,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware; Data theft; Disruption; Hijacking with Misuse; Ransomware,None - None - None - None - None - None - None - None - None - None - None - None - None - None,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health,,Not available,Not available,,1,15746,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown; Unknown,Not available; Not available,,Not available; Not available,,0,,Not available,,Not available,Not available,No; No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity); For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity); Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity); Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none; none,none; none,6,Not available; Not available,0.0,Low,10.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,14.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-22nd-2023-blackcat-hacked/; https://research.checkpoint.com/2023/25th-december-threat-intelligence-report/,2023-12-28,2024-01-04
2958,Unknown actors hit University of Buenos Aires (UBA) with a ransomware attack on 14 December 2023,"Through a ransomware attack, several servers of the University of Buenos Aires (UBA) in Argentina were compromised on 14 December 2023. The intrusion emanated from the UBA data centre and, among other systems, affected the rectorate’s servers. The compromise prevents teachers and students from managing grades and enrolling in courses.",2023-12-14,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,University of Buenos Aires (UBA),Argentina,SOUTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,15913,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-22nd-2023-blackcat-hacked/,2023-12-28,2024-01-08
2949,"Unknown threat actor targeted University of Innsbruck in Austria and Obtained Data of 23,000 Students on 21 December 2023","Unknown criminals targeted the University of Innsbruck in Austria on 21 December in a data breach. As the university announced on 25 December, the personal data of around 23,000 students was unlawfully downloaded, including names, dates of birth, places of residence and email addresses.
For tactical investigative reasons, no further details on the background, motives and possible perpetrators can be given at present, it said. The police have been consulted, and the university has taken ""the necessary countermeasures"". ",2023-12-21,2023-12-21,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,University of Innsbruck,Austria,EUROPE; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,15818,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-12-25 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Austria,Bundespolizei (Österreich),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.unsertirol24.com/2023/12/25/cyberangriff-auf-uni-innsbruck/,2023-12-27,2024-01-08
2948,Lockbit ransomware deployed against German Health Network 'Katholische Hospitalvereinigung (KHO)' and Associated Hospitals on 24 December 2023,"On 24 December 2023, hospitals in the German region of East Westphalia fell victim to a cyberattack. The entire IT systems at Franzikus Hospital Bielefeld, Sankt Vinzenz Hospital Rheda-Wiedenbrück and Mathilden Hospital Herford went down in the early morning of 24 December. This was reported by the operator, Katholische Hospitalvereinigung Ostwestfalen GmbH. 
Initial investigations have revealed that data was specifically encrypted with the Lockbit 3.0 blackmail Trojan. A crisis team has been set up to analyse the situation. The operators emphasise that patients will continue to be cared for and that operations will continue with slight technical restrictions. However, as a precaution, the hospitals have been deregistered from the emergency services. It is still unclear whether the ransomware group Lockbit is directly responsible for the operation, or whether its Trojan was used by another actor.",2023-12-24,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Katholische Hospitalvereinigung Ostwestfalen gGmbH - Franzikus Hospital Bielefeld - Sankt Vinzenz Hospital Rheda-Wiedenbrück - Mathilden Hospital Herford,Germany; Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health - Health,Not available,Not available,Not available,,1,15817,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Cyberangriff-auf-Kliniken-in-Ostwestfalen-9582719.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.kho.de/kho/index.php; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/; https://securityaffairs.com/156545/cyber-crime/lockbit-ransomware-hit-german-hospital-network-network.html; https://research.checkpoint.com/2024/1st-january-threat-intelligence-report/; https://securityaffairs.com/156696/breaking-news/security-affairs-newsletter-round-452-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-29th-2023-lockbit-targets-hospitals/; https://www.bleepingcomputer.com/news/security/capital-health-attack-claimed-by-lockbit-ransomware-risk-of-data-leak/; https://securityaffairs.com/157170/cyber-crime/lockbit-ransomware-hit-capital-health.html; https://www.heise.de/news/Skrupel-nur-vorgeschoben-Ransomware-Banden-attackieren-Kliniken-9591987.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag,2023-12-27,2024-01-09
2946,US Mobile Network Operator Mint Mobile suffered Data Breach in 2023,"Mint Mobile, a US virtual mobile network operator that offers low-cost prepaid mobile phone plans, recently announced a significant data breach that exposed the personal data of its customers. The breach, which was discovered and resolved by the company, involved customer data - potentially enabling SIM swapping attacks. Mint Mobile had subsequently begun notifying affected customers on 22 December. Compromised data includes customer names, phone numbers, email addresses, SIM serial numbers, IMEI numbers (device identifiers) and brief descriptions of purchased service plans. Mint Mobile assured that no credit card numbers were exposed. The company also claims that passwords protected with ""strong encryption technology"" were not compromised, although it is not clear whether the attackers had access to the hashed passwords. While details about the origin of the breach have not yet been disclosed, a report from July 2023 indicated a threat actor had earlier attempted to sell data allegedly stolen from Mint Mobile. The data advertised in July had included partial credit card numbers, leaving it unclear whether the two incidents are related.
",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Mint Mobile,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,15814,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; International telecommunication law; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/; https://securityaffairs.com/156295/data-breach/mint-mobile-data-breach-2.html; https://securityaffairs.com/156356/breaking-news/security-affairs-newsletter-round-451-by-pierluigi-paganini-international-edition.html,2023-12-27,2024-01-05
2945,Unknown Threat Actor Extracted Data from Australian Non-Profit Healthcare Provider St Vincent's Health Starting on 19 December 2023,"Australia's largest non-profit healthcare provider, St Vincent's Health Australia, fell victim to a data breach in December 2023. As yet unidentified, cybercriminals targeted the Australian healthcare institution in the apparent attempt to gain access to sensitive data.
On 19 December, the hospital first detected the incident and initiated mitigation measures. The Australian National Office of Cyber Security is actively working with St Vincent's to respond to and investigate the incident. Despite the breach, St Vincent's Health Australia has assured that its ability to provide health services has not been impacted. The nature of the stolen data remains to be determined. St Vincent's operates six public hospitals, 10 private hospitals and 20 aged care facilities. The company employs more than 20,000 staff in hospitals in New South Wales, Victoria and Queensland.",2023-12-19,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,St Vincent's Health Australia,Australia,OC,Critical infrastructure,Health,Not available,Not available,Not available,,1,15813,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/australia-healthcare-saint-vincent-cyberattack; https://www.svha.org.au/news/latest/media-statement-from-st-vincents; https://securityaffairs.com/156445/data-breach/st-vincents-health-australia-cyberattack.html; https://research.checkpoint.com/2023/25th-december-threat-intelligence-report/; https://therecord.media/hackers-breach-australian-court-hearing-database; https://securityaffairs.com/156696/breaking-news/security-affairs-newsletter-round-452-by-pierluigi-paganini-international-edition.html; https://www.smh.com.au/technology/questions-deepen-over-st-vincent-s-victorian-courts-hacks-20240112-p5ewrd.html,2023-12-27,2024-01-08
2944,Unknown ransomware group gained access to INTEGRIS Health's network and accessed certain files on 28 November 2023,"An unknown ransomware group gained access to INTEGRIS Health's network and accessed certain files on 28 November 2023, INTEGRIS Health reported in an incident notification on 24 December.
On the same day, affected patients received blackmail messages directly from an unnamed ransomware group that claimed responsibility for the data theft, calling on them to pay a ransom of $50 for the deletion of their data before files are transferred to a data broker on 5 January 2024. In these message, the threat actors alleged to have obtained data of more than two million patients. The stolen data is believed to include patients' name, date of birth, contact information, demographic information and the social security number.",2023-11-28,2023-11-28,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,INTEGRIS Health,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Non-state-group,Criminal(s),1,15812,2023-12-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/integris-health-patients-get-extortion-emails-after-cyberattack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/integris-health-patients-get-extortion-emails-after-cyberattack/; https://integrisok.com/landing/cyber-event; https://therecord.media/lockbit-claims-november-attack-on-capital; https://www.bleepingcomputer.com/news/security/integris-health-says-data-breach-impacts-24-million-patients/,2023-12-27,2024-01-09
2940,Unknown Threat Actor Exploited Known Citrix Bleed Vulnerability to Access Data of Over 35 Million Americans via Unauthorised Access to Xfinity's Internal Systems Beginning on 16 October 2023,"Unknown threat actors have exploited a known and previously exploited critical Citrix vulnerability, documented as 'Citrix Bleed' (CVE-2023-4966), in the Citrix Netscaler software. 
The cybercriminals successfully penetrated the systems of telecommunications giant Comcast, specifically its Xfinity division, between 16 and 19 October 2023 and exploited the Citrix vulnerability before the company could take mitigation measures. This intrusion resulted in the access of sensitive data of approximately almost 36 million US citizens. The stolen data included usernames and hashed passwords. For some customers, additional personal information such as names, contact details, the last four digits of national insurance numbers, dates of birth and security questions and answers were also exposed.
",2023-10-16,2023-10-19,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Xfinity,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,15809,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/156147/data-breach/comcasts-xfinity-customer-data-exposed-after-citrixbleed-attack.html; https://www.hackread.com/xfinity-data-breach-impacting-36-million-users/; https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/; https://assets.xfinity.com/assets/dotcom/learn/Data-Incident.pdf?INTCMP=dsi-12152023; https://apps.web.maine.gov/online/aeviewer/ME/40/49e711c6-e27c-4340-867c-9a529ab3ca2c.shtml; https://research.checkpoint.com/2023/25th-december-threat-intelligence-report/; https://www.computerweekly.com/de/feature/10-der-groessten-Zero-Day-Angriffe-im-Jahr-2023; https://www.nationalmortgagenews.com/news/fairway-hit-with-cyber-attack-in-december; https://pacificsun.com/small-biz-targeted-by-cyber-attacks/,2023-12-21,2024-01-05
2938,"Iranian state-sponsored hacking group Seedworm gained access to three telecommunications companies in Egypt, Sudan and Tanzania in November 2023","The Iranian state-sponsored hacking group Seedworm (also known as MuddyWater) gained access to three telecommunications companies in Egypt, Sudan and Tanzania in November 2023, the US IT security firm Symantec reported on 19 December 2023.
One of the telecommunications companies, the names of which remain undisclosed, is believed to have been infiltrated as early as the beginning of 2023.
The hacker group primarily leveraged the MuddyC2Go framework, the legitimate remote maintenance software SimpleHelp, and Venom Proxy.",2023-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,Sudan; Egypt; Tanzania,AFRICA; MEA; NAF - MENA; MEA; AFRICA; NAF - AFRICA; SSA,Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15807,2023-12-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,3.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International telecommunication law; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/muddywater-cyber-espionage-africa-telecoms-iran; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms,2023-12-20,2024-01-05
2937,FBI infiltrated ALPHV/BlackCat ransomware group and obtained 946 public and private key pairs for victim communication and leak sites as revealed by the FBI on 19 December 2023,"The FBI infiltrated the ALPHV/BlackCat ransomware group in an effort to disrupt the criminal collective's operations, the US Department of Justice revealed on 19 December 2023. An unsealed search warrant accompanying the press release detailed the FBI's engagement of a confidential human source, who applied for and was granted access to BlackCat tools as an affiliate. Through a separate search warrant, the FBI received access to an affiliate panel known to the source, allowing the authorities to develop a deeper understanding of the ransomware network's operations. Based on the search warrant published on 19 December, the FBI subsequently obtained 946 public and private key pairs for BlackCat's victim communication, leak sites, and affiliate panels through which the group manages its operations on the Tor network. The warrant did not disclose by which means the FBI developed this visibility into the ransomware group's network.  The Deputy Attorney General, Lisa O. Monaco, broadly summarised the law enforcement intervention as having ""hacked the hackers"". Among the seized keys, the FBI gained possession of the public and private key pair for BlackCat's main leak register. Law enforcement rerouted the associated Tor address to a splashpage declaring that the site had been seized. As both law enforcement and BlackCat share access to the keys, both have been competing for control over the leak site, with BlackCat seeking to reclaim ownership. 
The FBI developed a decryption tool, which based on the information gleaned from the seized victim communication sites, was made available to 500 organisations affected by ALPHV/BlackCat ransomware saving the targets $68 million.",2023-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse,ALPHV/BlackCat Ransomware Group,Not available,,Social groups,Criminal,Federal Bureau of Investigation (FBI),United States,State,,1,17238,2023-12-19 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attacker confirms,US Department of Justice (DoJ),Not available,United States,Federal Bureau of Investigation (FBI),United States,State,https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant,Cyber-specific,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Trusted Relationship; Valid Accounts,Data Exfiltration; Data Manipulation,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/; https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant; https://www.justice.gov/media/1329536/dl?inline; https://securityaffairs.com/156124/breaking-news/alphv-blackcat-ransomware-group-seizure.html; https://www.wired.com/story/alphv-blackcat-ransomware-doj-takedown/; https://www.bleepingcomputer.com/news/security/fbi-alphv-ransomware-raked-in-300-million-from-over-1-000-victims/; https://cyberscoop.com/fbi-seizes-alphv-leak-website-hours-later-ransomware-gang-claims-it-unseized-it/; https://www.bleepingcomputer.com/news/security/how-the-fbi-seized-blackcat-alphv-ransomwares-servers/; https://thehackernews.com/2023/12/fbi-takes-down-blackcat-ransomware.html; https://therecord.media/fbi-warrant-reveals-confidential-source-helped-alphv-ransomware-takedown; https://www.bleepingcomputer.com/news/security/fbi-disrupts-blackcat-ransomware-operation-creates-decryption-tool/; https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/; https://tarnkappe.info/artikel/cyberangriff/ransomware-gang-alphv-mit-hilfe-der-thurgauer-polizei-gestoppt-285366.html; https://www.heise.de/news/Ransomware-Ermittlungsbehoerden-gelingt-Schlag-gegen-Blackcat-ALPHV-9579196.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.wired.com/story/most-dangerous-people-2023/; https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/; https://therecord.media/neuberger-pace-of-ransomware-takedowns-is-not-enough; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/; https://cyberscoop.com/lockbit-comeback-less-than-a-week-after-major-disruption/; https://cyberscoop.com/alphv-website-ransomware-attack-change-healthcare/; https://www.it-daily.net/it-sicherheit/cybercrime/ransomware-zahlungen-auf-rekordhoch; https://www.bleepingcomputer.com/news/security/blackcat-ransomware-turns-off-servers-amid-claim-they-stole-22-million-ransom/; https://www.techrepublic.com/article/blackcat-ransomware-site-seized-in-international-takedown-effort/; https://therecord.media/change-healthcare-brings-some-systems-online; https://fr.news.yahoo.com/gang-pirates-fait-croire-qu-083655279.html; https://www.cpomagazine.com/cyber-security/under-increasing-federal-scrutiny-blackcat-ransomware-gang-pulls-exit-scam-on-its-way-out/; https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-22nd-2023-blackcat-hacked/; https://securityaffairs.com/156356/breaking-news/security-affairs-newsletter-round-451-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/25th-december-threat-intelligence-report/; https://therecord.media/fidelity-national-financial-subsidiary-breach-disclosure; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/rise-in-active-raas-groups-parallel-growing-victim-counts-ransomware-in-2h-2023; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax; https://www.bleepingcomputer.com/news/security/ohio-lottery-hit-by-cyberattack-claimed-by-dragonforce-ransomware/; https://cyberscoop.com/extortion-group-threatens-to-sell-change-healthcare-data/,2023-12-20,2024-03-05
2936,Self-styled Hacktivist Group Predatory Sparrow Hijacked Systems That Led to Nationwide Gas Pump Disruptions in Iran on 18 December 2023,"On 18 December 2023, the purported hacktivist group Gonjeshke Darande (Farsi for Predatory Sparrow) claimed responsibility for disrupting petrol stations across Iran, with Tehran being particularly affected. The attack was carried out in response to what the group perceives as aggression by the Iranian government and its proxies in the region. A statement by the group also directly addressed Iranian Supreme Leader Seyyed Ali Hosseini Khamenei.
Iranian Oil Minister Javad Owji said the attack had disrupted supplies to around 70 per cent of the country's petrol stations, but did not otherwise elaborate on the incident.
In a statement posted on social media, Gonjeshke Darande professed to have conducted the operation in a controlled manner to avoid harm to emergency services and civilians. The group claimed to have sent warnings to emergency services before the operation and declared to have deliberately left some petrol stations operational, even though they purportedly were able to completely disrupt their operations.
While Predatory Sparrow is not officially affiliated with Israel, the group is widely believed to have ties to Israeli security services. The group has previously carried out a number of operations against Iranian critical infrastructure systems. The Iranian Civil Defence Authority launched an investigation into the incident.",2023-12-18,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Not available,"Iran, Islamic Republic of",ASIA; MENA; MEA,Critical infrastructure,Energy,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Israel,Non-state-group,Hacktivist(s),2,16544; 16545,2023-12-18 00:00:00; 2023-12-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Media-based attribution,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200); Not available",Not available; Not available,Israel; Israel,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200); Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Israel; Israel,Non-state-group; State,https://x.com/darandegonjeshk/status/1736632264757264634?s=20,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Unknown,,1,2023-12-18 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,"Iran, Islamic Republic of",Javad Owji (Iran`s Oil Minister),No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-12-18 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,"Iran, Islamic Republic of",Iran Civil Defence Agency,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/iran-gas-stations-disruptions-cyberattack/; https://x.com/darandegonjeshk/status/1736642958177292577?s=20; https://x.com/darandegonjeshk/status/1736632264757264634?s=20; https://cyberscoop.com/israel-iran-cyberattack-houthi/; https://securityaffairs.com/156065/hacktivism/pro-israel-predatory-sparrow-iran-fuel-stations.html; https://www.faz.net/aktuell/wirtschaft/tankstellen-in-iran-lahmgelegt-spekulation-ueber-israelischen-hackerangriff-19392574.html; https://www.rferl.org/a/iran-gas-stations-disruption/32735223.html; https://www.aljazeera.com/news/2023/12/18/iran-says-cyberattack-disrupts-petrol-stations-across-country?traffic_source=rss; https://therecord.media/iran-cyberattack-gas-stations-israel; https://www.defenseone.com/threats/2023/12/the-d-brief-december-18-2023/392830/; https://securityaffairs.com/156356/breaking-news/security-affairs-newsletter-round-451-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/25th-december-threat-intelligence-report/; https://www.wired.com/story/most-dangerous-people-2023/; https://english.elpais.com/technology/2024-02-14/predatory-sparrow-and-other-weapons-of-hybrid-warfare-cheap-fast-undetectable-and-effective.html; https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf; https://cincodias.elpais.com/companias/2024-02-14/google-advierte-del-escaparate-que-suponen-las-guerras-en-ucrania-y-gaza-para-los-hackers.html; https://www.lanacion.com.ar/agencias/iran-afirma-que-israel-es-responsable-del-quotcomplotquot-contra-los-gasoductos-tasnim-nid21022024/; https://es-us.noticias.yahoo.com/ir%C3%A1n-afirma-israel-responsable-complot-081702894.html; https://www.infobae.com/america/agencias/2024/02/21/iran-acusa-a-israel-de-las-explosiones-en-dos-gasoductos/,2023-12-19,2024-01-26
2935,"Estonian genetic analysis company Asper Biogene suffers data breach affecting 10,000 people during ransomware incident in mid-November 2023","The Estonian genetic analysis company Asper Biogene experienced a ransomware incident in mid-November 2023. During that incident, around 100,000 data sets were copied and downloaded, consisting of personal and health data of around 10,000 people, including results from genetic tests. According to the general Director of the Estonian Data Protection Agency, over 40 health care companies were affected by the data theft. 
The Estonian ministry of justice released a press statement on 18 December 2023, naming the affected companies and warning citizens about phishing emails leveraging stolen data.
The list of the 40 health companies includes: Jelena Pletnjova's MealMind, Miltop OÜ, Merelahe TK OÜ, Sports Gene OÜ, Renmar OÜ, Reveron Baltic OÜ, AS Clinic Elite, Confido Medical Center, Elva Hospital, Fitlap OÜ, Ida-Tallinn Central Hospital, Ida-Viru Central Hospital, Kuressaare Hospital, Läänemaa Hospital, Western Tallinn Central Hospital, MediTA Baltics OÜ, Nova Vita Clinic, OÜ Silmalaser, Northern Estonia Regional Hospital, Pärnu Hospital, Rakvere Hospital, SA Tartu University Clinic, Tallinn Children's Hospital, Viljandi Hospital, Bioclinic, Biotheka OÜ, DNA Test OÜ, Estonian Vegan Society, Genorama OÜ, Innomedica OÜ, Linnamõisa Family Medical Center, LS Health OÜ, Mari Viik OÜ, Medifum Group OÜ, Nutrition Coach OÜ, Selfdiagnostics OÜ, Star Company OÜ, Stigma Private Clinic, Synlab Estonia OÜ, Krista Turman OÜ, Asper Biogene OÜ.",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse; Ransomware,Asper Biogene - Elva Hospital - Synlab Estonia OÜ - Ida-Viru Central Hospital - Mari Viik OÜ - OÜ Miltop - OÜ Silmalaser - Merelahe TK OÜ - Reveron Baltic OÜ - SA Tartu University Clinic - Linnamõisa Family Medical Center - Star Company OÜ - Läänemaa Hospital - Tallinn Children's Hospital - Stigma Private Clinic -  Jelena Pletnjova (mealmind) - Fitlap OÜ - Confido Medical Center - Sports Gene OÜ - Rakvere Hospital - LS Health OÜ - Selfdiagnostics OÜ - Western Tallinn Central Hospital - DNA-Test OÜ - MediTA Baltics OÜ - AS Clinic Elite - Bioclinic - Nova Vita Clinic - Renmar OÜ - Genorama OÜ - Biotheka OÜ - Pärnu Hospital - Northern Estonia Regional Hospital - Kuressaare Hospital - Nutrition Coach OÜ - Viljandi Hospital - Ida-Tallinn Central Hospital - Krista Turman OÜ  - Medifum Group OÜ - Estonian Vegan Society - Innomedica OÜ,Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia; Estonia,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Social groups - Critical infrastructure; Critical infrastructure, - Health -  - Health - Health - Health - Health - Health - Health - Health - Health -  - Health - Health - Health - Health -  - Health - Health - Health - Health -  - Health -  - Health - Health - Health - Health -  -  - Health - Health - Health - Health - Health - Health - Health - Health -  - Advocacy / activists (e.g. human rights organizations) - Health; Research,Not available,Not available,Not available,,1,15796,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-12-18 00:00:00,EU member states: Preventive measures,Awareness raising,Estonia,Ministry of Justice (Estonia),No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,41.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Estonia,Estonian Data Protection Inspectorate (AKI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Estland-10-000-Menschen-von-Gendaten-Leak-betroffen-9577868.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.aki.ee/et/uudised/andmelekkega-seotud-ongitsused,2023-12-19,2024-01-12
2933,Unknown Threat Actor Gained Access to Campbell County School District's Network and Stole Personal Data in Ransomware Attack Detected in December 2023,"Campbell County Schools in Alexandria, Kentucky, fell victim to a ransomware attack that affected their computer network. An unauthorised actor accessed certain files containing employee data, including names, national insurance numbers and financial account numbers. The incident was reported to law enforcement and measures were taken to secure the network.
On 14 December 2023, notification letters were sent to potentially affected individuals offering free identity monitoring services. The breach may lead to the unauthorised online publication of stolen data. Authorities have not attributed the attack to any specific actor or group, as the investigation is ongoing. ",2023-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Campbell County School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15795,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-12-01 00:00:00,Not available,,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.campbell.kyschools.us/ransomware-incident-notice; https://www.cbc.ca/news/canada/london/cyber-incident-behind-major-system-outage-at-london-public-library-1.7058881,2023-12-18,2024-01-05
2931,"London Public Library In Ontario, Canada, Suffered System Outage On 14 December 2023","The London Public Library in Ontario had to suspend most of its services on 14 December 2023 due to a system outage. As a result of the incident, telephone, email, Wi-Fi, website, collection catalogues, printers, computers and digital resources were unavailable. In addition, the Carson, Glanworth and Lambeth library branches remained closed until 2 January 2024, while library programmes and personal loans remain available. ",2023-12-14,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,London Public Library (Ontario; Canada),Canada,NATO; NORTHAM,State institutions / political system; State institutions / political system,Civil service / administration; Civil service / administration,Not available,Not available,Not available; Not available,,1,15794,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/ontario-public-library-shuts-down-services; https://research.checkpoint.com/2023/18th-december-threat-intelligence-report/; https://therecord.media/toronto-public-library-remains-crime-scene; https://www.cbc.ca/news/canada/london/london-library-ransomware-almost-recovered-1.7131984,2023-12-18,2024-04-17
2930,Russian state-sponsored hacking group APT29 gained access to servers hosting JetBrains TeamCity software and stole data beginning in late September 2023,"The Russian state-sponsored hacking group APT29 gained access to servers hosting JetBrains TeamCity software and stole data beginning in late September 2023, according to a joint cybersecurity advisory published by the FBI, CISA, and the NSA in cooperation with the Polish Military Counter-intelligence Service (SKW), the Polish Cyber Emergency Response Team (CERT Polska) and the British NCSC.
The Russian hacker group used the corresponding vulnerability in JetBrains TeamCity software (CVE-2023-42793) to gain initial access to the respective servers running the software. The targets are identified as technology companies. The report also wrote that the hackers exfiltrated data and used the GraphicalProton backdoor.",2023-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,Not available,,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,,1,17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422; 17422,2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00; 2023-12-13 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); CERT Polska; CERT Polska; CERT Polska; Military Counterintelligence Service of Poland; Military Counterintelligence Service of Poland; Military Counterintelligence Service of Poland,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland; United States; United Kingdom; Poland,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State,https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a; https://cert.pl/en/posts/2023/12/apt29-teamcity/,International power,Unknown,,Unknown,,1,2023-12-13 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/155846/apt/apt29-targeting-jetbrains-teamcity-servers.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a; https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html; https://www.hackread.com/russian-apt29-hacked-us-biomedical-teamcity/; https://www.computerweekly.com/news/366567100/SolarWinds-hackers-attack-Microsoft-in-apparent-recon-mission; https://www.bleepingcomputer.com/news/security/cisa-russian-hackers-target-teamcity-servers-since-september/; https://www.rferl.org/a/russia-hacking-czech-jetbrains/32729529.html; https://cert.pl/en/posts/2023/12/apt29-teamcity/; https://www.fortinet.com/blog/threat-research/teamcity-intrusion-saga-apt29-suspected-exploiting-cve-2023-42793; https://therecord.media/jet-brains-advisory-teamcity-vulnerabilities; https://www.hackread.com/uac-0099-hackers-winrar-flaw-cyberattack-ukraine/,2023-12-15,2024-03-12
2929,Iranian state-sponsored hacker group OilRig gained access to unspecified Israeli organisations using SC5k v1 downloader beginning in November 2021,"The Iranian state-sponsored hacker group OilRig gained access to unspecified Israeli organisations and used the SC5k v1 downloader between November 2021 and August 2022, the Slovakian IT security company ESET assessed in a technical report on 14 December 2023.
The technical report describes four operations, all against Israeli targets, all of which have been compromised by OilRig tools in the past. In 2022, both new downloaders and new versions of the SC5k downloader were deployed to maintain access to the respective networks. The downloaders rely on legitimate cloud service providers for C&C communication. The vector for initial access remained unclear at the time of reporting. ",2021-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,Unknown,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15844,2023-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/oilrig-apt34-iran-linked-hackers-new-downloaders-israel; https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/; https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html,2023-12-15,2024-01-05
2928,Iranian state-sponsored hacker group OilRig gained access to an Israeli healthcare organisation using SC5k v3 downloader in December 2022,"The Iranian state-sponsored hacker group OilRig gained access to an Israeli healthcare organisation and used the SC5k v3 downloader in December 2022, the Slovakian IT security company ESET assessed in a technical report on 14 December 2023.
The technical report details four operations, all against Israeli targets, all of which have been compromised by OilRig tools in the past. In 2022, both new downloaders and new versions of the SC5k downloader were deployed to maintain access to the respective networks. The downloaders rely on legitimate cloud service providers for C&C communication. The vector for initial access remained unclear at the time of reporting. ",2022-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,Critical infrastructure,Health,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15845,2023-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/oilrig-apt34-iran-linked-hackers-new-downloaders-israel; https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/; https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html,2023-12-15,2024-01-05
2927,Iranian state-sponsored hacker group OilRig gained access to Israeli local government organisation using new OilBooster as well as SC5k downloaders beginning in June 2022,"The Iranian state-sponsored hacker group OilRig gained access to an Israeli local government organisation and used the new OilBooster as well as the SC5k v1 and v2 downloaders from June to August 2022, the Slovakian IT security company ESET disclosed in a technical report on 14 December 2023.
The technical report describes four opeartions, all against Israeli targets, all of which have been compromised by OilRig tools in the past. In 2022, both new downloaders and new versions of the SC5k downloader were deployed to maintain access to the respective networks. The downloaders rely on legitimate cloud service providers for C&C communication. The vector for initial access remained unclear at the time of reporting. ",2022-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,State institutions / political system,Civil service / administration,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15846,2023-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/oilrig-apt34-iran-linked-hackers-new-downloaders-israel; https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/; https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html,2023-12-15,2024-01-05
2926,Iranian state-sponsored hacker group OilRig gained access to an Israeli manufacturing company using two new downloaders ODAgent as well as OilCheck beginning in February 2022,"The Iranian state-sponsored hacker group OilRig gained access to an Israeli manufacturing company and used the two new downloaders ODAgent as well as OilCheck from February to June 2022, the Slovakian IT security company ESET detailed in a technical report on 14 December 2023.
The technical report identifies four operations, all against Israeli targets, all of which have been compromised by OilRig tools in the past. In 2022, both new downloaders and new versions of the SC5k downloader were deployed to maintain access to the respective networks. The downloaders rely on legitimate cloud service providers for C&C communication. The vector for initial access remained unclear at the time of reporting. ",2022-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15847,2023-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/oilrig-apt34-iran-linked-hackers-new-downloaders-israel; https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/; https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html,2023-12-15,2024-01-05
2925,Previously Unknown Group GambleForce Targeted Asia-Pacific (APAC) companies accros various Industries Starting in September 2023,"In September 2023, a previously unidentified threat actor, referred to as GambleForce or EagleStrike GambleForce, conducted a series of SQL injection attacks. The group mainly targeted various companies and industries in the Asia-Pacific (APAC) region. Six out of the 24 known incidents resulted in successful compromises, affecting different sectors and countries, including Australia (travel), Indonesia (travel, retail), the Philippines (government), and South Korea (gambling). 
A Group-IB report shows that a number of simple but very effective techniques were used, mainly focussing on SQL injection attacks and the exploitation of vulnerable website content management systems (CMS). The aim of these intrusions was to steal confidential information, particularly user credentials. The threat actors' attack tools were based on publicly available open source tools commonly used for penetration testing. The threat actors were observed using Chinese-language frameworks in the deployment of these tools.",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available,"Philippines; Korea, Republic of; Australia; Indonesia",ASIA; SCS; SEA - ASIA; SCS; NEA - OC - ASIA; SCS; SEA,State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries -  -  - ,GambleForce,Not available,Not available,,1,15781,2023-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Group-IB,Group-IB,Singapore,GambleForce,Not available,Not available,https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html; https://www.group-ib.com/blog/gambleforce-gang/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,6.0,1-10,4.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html; https://www.group-ib.com/blog/gambleforce-gang/,2023-12-15,2024-01-04
2902,Iranian-backed Cotton Sandstorm disrupted television networks in UAE on 10 December 2023 to broadcast images from Gaza,"On 10 December 2023, several European TV networks broadcasting in the United Arab Emirates were disrupted playing images of graphic content from Gaza alongside a message stating reading “We have no choice but to hack to deliver this message to you.” The disruption primarily affected users of the HK1RBOXX streaming device, an illicit IPTV streaming service which cybersecurity expert Obaidullah Kazmi described as ""inherently insecure,"" as unauthorized services lack proper cybersecurity measures. In a message to customers, the company who provides the streaming device apologized for the incident and reassured customers that services would be available soon.
The exact motivations for targeting entities in the UAE remained unclear, but the disruptions follow reports earlier in November about the UAE plans to maintain its diplomatic ties with Israel. In a blogpost on 6 Feburary 2024, Microsoft linked the activity to the Iranian-backed actor Cotton Sandstorm, which is also known as NEPTUNIUM or DEV-0198/Vice Leaker with links to Iran's Islamic Revolutionary Guard Corps",2023-12-10,2023-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,HK1RBOXX,Not available,,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,17063,2024-02-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft,United States,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://me.mashable.com/culture/35758/uae-hit-by-cyberattack-disrupts-tv-services-causing-panic-among-residents-with-graphic-content-from; https://www.khaleejtimes.com/uae/uae-cyberattack-disrupts-tv-services-rattles-some-residents-with-graphic-content-from-gaza?_refresh=true; https://therecord.media/tv-service-hacked-to-show-atrocities-palestine-uae; https://cyberscoop.com/microsoft-iran-is-refining-its-cyber-operations/; https://www.theguardian.com/technology/2024/feb/08/iran-backed-hackers-interrupt-uae-tv-streaming-services-with-deepfake-news; https://blogs.microsoft.com/on-the-issues/2024/02/06/iran-accelerates-cyber-ops-against-israel/; https://fr.news.yahoo.com/%25C3%25A9mirats-arabes-unis-hackers-pro-132250246.html,2023-12-14,2024-02-16
2899,Russian ITG05 ( aka APT28 / Fancy Bear) compromised targets from 13 countries with Headlace backdoor between August and December 2023,"Russian APT ITG05 (aka APT28 / Fancy Bear) compromised targets across 13 countries with a backdoor called Headlace, according to a report by IBM Security X-Force from 8 December 2023. Throughout the campaign, the group used documents as lure that predominately feature the Israel-Hamas war to deliver the backdoor, which is exclusively used by ITG05. X-Force said that the campaign was highly targeted since ITG05’s infrastructure ensures ""only targets from a single specific country can receive the malware"". 
Targeted countries were Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia and Romania. X-Force further noted that all but one of them are United Nations Human Rights Council members.
The fabricated phishing documents were associated with the United Nations, the Bank of Israel, the United States Congressional Research Service, the European Parliament, a Ukrainian think tank and an Azerbaijan-Belarus Intergovernmental Commission.",2023-08-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Saudi Arabia; Azerbaijan; Hungary; Australia; Kazakhstan; Ukraine; Latvia; Italy; Poland; Belgium; Turkey; Romania; Germany,ASIA; MENA; MEA; GULFC - ASIA; CENTAS - EUROPE; NATO; EU(MS); EASTEU - OC - ASIA; CSTO; SCO - EUROPE; EASTEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); EASTEU - EUROPE; EU(MS); NATO; WESTEU - ASIA; NATO; MEA - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available, -  -  -  -  -  -  -  -  -  -  -  - ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,1,15880,2023-12-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,IBM Security X-Force,,United States,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html; https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/; https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html,2023-12-13,2024-01-06
2898,Ukrainian Defence Intelligence compromised Russian Federal Taxation Service and wiped tax data in December 2023,"The Ukrainian Ministry of Defence announced on 12 December 2023 that cyber units within the Ukrainian defence intelligence services were behind a malware infection operation which led to the shutdown of central servers and 2,300 regional servers of the Russian Federal Taxation Service (FNS) for at least four days, as well as the infiltration of a Russian IT company that hosts FNS data, Office.ed-it.ru. The regional servers included systems in Russia, as well as in occupied Crimea, according to the Ministry of Defence.
According to Ukraine's Ministry of Defence, the deployed malware caused the shutdown of all communications between the FNS central office and the regional offices, as well as those between the IT company servicing them, and Ukrainian sources claim that the configuration files, databases, and their backups within the IT company have all been ""destroyed,"" while Internet traffic of tax data was also accessed by Ukrainian defence intelligence.

",2023-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Office.ed-it.ru - Russian Federal Taxation Service (FNS),Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system, - Civil service / administration,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,15881,2023-12-12 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attacker confirms,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ,Not available,Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,https://gur.gov.ua/en/content/zlam-federalnoi-podatkovoi-sluzhby-rf-detali-cherhovoi-kiberspetsoperatsii-hur.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Destruction,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,Low,10.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Armed conflict; Sovereignty,Civic / political rights; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/ukrainian-military-says-it-hacked-russias-federal-tax-agency/; https://gur.gov.ua/en/content/zlam-federalnoi-podatkovoi-sluzhby-rf-detali-cherhovoi-kiberspetsoperatsii-hur.html; https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service; https://securityaffairs.com/155727/cyber-warfare-2/ukraine-hacked-russian-federal-taxation-service.html; https://www.bleepingcomputer.com/news/security/ukraine-hack-wiped-2-petabytes-of-data-from-russian-research-center/; https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-russian-ministry-of-defense-servers/,2023-12-13,2024-02-09
2897,Presumed Russian Sandworm Hackers infiltrated Networks Of Ukrainian Telecommunications Provider Kyivstar As Early As May 2023 And Caused Massive Disruption On 12 December 2023 ,"The services of Kyivstar, Ukraine's largest telecommunications provider, were disrupted due to a cyber operation on 12 December 2023. Kyivstar linked this intrusion to a compromised employee account. Services such as phone calls and internet access were inaccessible throughout the day of the incident, and though databases containing user data were deemed to have been ""damaged and currently locked,"" Kyivstar stated that personal user data was not compromised. The disruption in services led to further disruptions within other providers' networks due to the large influx of Kyivstar users attempting to switch to working networks, e.g., through backup phones. The attackers are said to have infiltrated the telecommunications provider's networks as early as May 2023, as announced by the SBU's cyber security chief in January 2024.
The attack coincided with Ukrainian President Volodomyr Zelensky meeting with US President Joe Biden on 12 December, and while it is unknown exactly who the actors were, the Security Service of Ukraine (SBU) stated that it had opened criminal proceedings under 8 different articles of the Ukrainian criminal code as a result of the disruption and were investigating the possibility that Russian special services/state actors were behind the attack. On the 13th, a Russian hacker group which the SBU linked to Sandworm (and the General Staff of the Russian Armed Forces), called Solntsepek, had claimed responsibility for the attack via Telegram. Kyivstar CEO Oleksandr Komarov referred to the incident as “the largest cyberattack on telecom infrastructure in the world.” In a similar assessment, the UK Ministry of Defence considered the operation ""likely one of the highest-impact disruptive cyber attacks on Ukrainian networks since the start of Russia’s full-scale invasion"".",2023-05-01,2023-12-20,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Kyivstar,Ukraine,EUROPE; EASTEU,Critical infrastructure,Telecommunications,"Solntsepek < Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,1,17257,2023-12-13 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,"Solntsepek < Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Not available,Russia,"Solntsepek < Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,Yes,One,Valid Accounts,Not available,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,Low,9.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,95000000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; International telecommunication law; International peace; Armed conflict; Sovereignty; International peace,Civic / political rights; ; Prohibition of intervention; Conduct of hostilities; ; Use of force,Not available,1,2023-12-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Ukraine,Security Service of Ukraine (SBU),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/155701/hacking/cyberattack-brought-down-ukraine-kyivstar.html; https://cyberscoop.com/ukraines-largest-mobile-communications-provider-down-after-apparent-cyber-attack/; https://www.bleepingcomputer.com/news/security/ukraines-largest-mobile-carrier-kyivstar-down-following-cyberattack/; https://t.me/SBUkr/10631; https://www.rferl.org/a/ukraine-mobile-operator-bank-targeted-cyberattacks-russia/32727579.html; https://www.bleepingcomputer.com/news/security/ukrainian-military-says-it-hacked-russias-federal-tax-agency/; https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-security-helping-kyivstar-internet-cyberattack/32729012.html; https://www.wired.com/story/ukraine-kyivstar-solntsepek-sandworm-gru/; https://t.me/solntsepekZ/1283; https://t.me/SBUkr/10641; https://www.channelnewsasia.com/business/kyivstar-starts-restoring-voice-services-ceo-3987261; https://www.lavanguardia.com/internacional/20231214/9448103/hackers-vinculados-rusia-dejan-moviles-ucrania.html; https://www.rferl.org/a/ukraine-kyivstar-hack-attack-internet-access-restored/32730835.html; https://www.wired.com/story/google-geofence-warrants-security-roundup/; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://twitter.com/DefenceHQ/status/1735993232247476720; https://cip.gov.ua/en/news/fakhivci-cert-ua-doslidzhuyut-kiberataku-na-merezhu-telekom-operatora-kiyivstar; https://research.checkpoint.com/2023/18th-december-threat-intelligence-report/; https://www.rferl.org/a/donation-nation-ukrainians-support-army-war/32744651.html; https://www.wired.com/story/most-dangerous-people-2023/; https://www.rferl.org/a/ukraine-telecoms-russian-hackers-vityuk/32759739.html; https://cyberscoop.com/russia-ukraine-kyivstar-vitiuk/; https://www.bleepingcomputer.com/news/security/russian-hackers-wiped-thousands-of-systems-in-kyivstar-attack/; https://www.heise.de/news/Ukraine-Krieg-Russische-Cracker-seit-Mitte-2023-im-Kyivstar-Netzwerk-9588438.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/156958/cyber-warfare-2/sandworm-inside-kyivstar-for-months.html; https://www.wired.com/story/23andme-blames-users-data-breach-security-roundup/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/; https://www.politico.eu/article/ukraines-cyber-spy-chief-vitiuk-says-russia-hackers-penetrated-kyvstarg-telecoms-system-for-months/; https://www.reuters.com/world/europe/russian-hackers-were-inside-ukraine-telecoms-giant-months-cyber-spy-chief-2024-01-04; https://www.heise.de/news/Cyberwar-Ukraine-und-Russland-haben-auch-Finanzinstitutionen-im-Visier-9592679.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.elmundo.es/internacional/2024/01/04/65964d9c736e9b002c8781b7-directo.html; https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html; https://securityboulevard.com/2024/01/cyber-attack-on-telecommunications-company/; https://www.hstoday.us/subject-matter-areas/cybersecurity/ukraine-is-on-the-front-lines-of-global-cyber-security/; https://therecord.media/kyivstar-cyberattack-costs-100-million-waived-fees; https://www.infobae.com/america/agencias/2024/01/23/un-ciberataque-deja-sin-servicio-a-instituciones-del-estado-ruso-segun-ucrania/; https://www.infobae.com/america/mundo/2024/01/23/un-ciberataque-atribuido-por-ucrania-a-voluntarios-desconocidos-provoco-una-caida-del-servicio-en-instituciones-del-estado-ruso/; https://www.infobae.com/america/agencias/2024/01/23/un-ciberataque-deja-sin-servicio-a-instituciones-del-estado-ruso-segun-ucrania/; https://news.yahoo.com/pro-russian-hackers-plan-attack-142200518.html; https://therecord.media/kyivstar-ceo-on-russian-cyberattack-telecom; https://www.kyivpost.com/post/27895; https://www.larazon.es/emergente/10-ciberataques-rusos-mas-potentes-ultimos-tiempos_2024021765cb12e94129260001b2e1c4.html; https://www.bbc.co.uk/news/world-europe-67701246?at_medium=RSS&at_campaign=KARANGA; https://kyivindependent.com/parliaments-website-reportedly-hit-by-cyberattack/; https://therecord.media/massive-missile-russian-barrage-internet-outages-blackouts; https://therecord.media/ukraine-cybersecurity-sbu-illia-vitiuk-suspended; https://www.darkreading.com/cyberattacks-data-breaches/cyber-warfare-6-key-lessons-from-ukraine,2023-12-13,2024-03-08
2900,Chinese APT Volt Typhoon compromised US critical infrastructure targets in 2022,"According to unnamed US officials and industry security officials cited by the Washington Post on 11 December 2023, the Chinese APT Volt Typhoon compromised several US infrastructure entities, including ""power and water utilities as well as communications and transportation systems"". The report links the activities of Volt Typhoon to China's People's Liberation Army. More specifically, the article mentions a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline as affected victims. There's currently no evidence that hacking attempts against two entities involved with operating Texas's power grid, the Public Utility Commission of Texas and the Electric Reliability Council of Texas, were successful in establishing access. Unnamed experts interviewed by the Washington Post further reported compromises of organisations outside the US, including electric utilities.
In line with findings related to the breaches of military infrastructure in Guam by Volt Typhoon, which Microsoft and government reporting detailed in May 2023, the observed activity reaffirmed concerns the threat actors may leverage the access to US infrastructure to carry out disruptive or potentially destructive cyberattacks in circumstances of escalating tensions between China and the US or its allies.
On 18 March 2024, the Biden administration sent a letter to the US governors, raising awareness for cyber operations against water and wastewater systems in the US, citing the Volt Typhoon operations as an example.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Hijacking without Misuse,None - Not available,Not available; United States, - NATO; NORTHAM,Critical infrastructure - Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Energy - Energy; Water; Transportation; Telecommunications,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",4,18181; 18181; 18183; 18183; 18182; 18182; 18184,2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution; Attribution by receiver government / state entity; Media-based attribution; Attribution by receiver government / state entity; Media-based attribution; IT-security community attributes attacker; Media-based attribution,Eric Goldstein (CISA’s executive assistant director); Eric Goldstein (CISA’s executive assistant director); Morgan Adamski (Director of the National Security Agency’s Cybersecurity Collaboration Center); Morgan Adamski (Director of the National Security Agency’s Cybersecurity Collaboration Center); Jonathan Condra (Recorded Future); Jonathan Condra (Recorded Future); Not available,Not available; Not available; Not available; Not available; ; ; Not available,United States; United States; United States; United States; United States; United States; Not available,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China; China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State",https://www.washingtonpost.com/technology/2023/12/11/china-hacking-hawaii-pacific-taiwan-conflict/,International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,1,2024-03-18 00:00:00,State Actors: Executive reactions,,United States,The White House,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.washingtonpost.com/technology/2023/12/11/china-hacking-hawaii-pacific-taiwan-conflict/; https://www.wired.com/story/google-geofence-warrants-security-roundup/; https://www.c4isrnet.com/opinion/2023/12/20/how-to-bolster-security-against-intellectual-property-theft/; https://www.wired.com/story/most-dangerous-people-2023/; https://www.wired.com/story/worst-hacks-2023/; https://therecord.media/taiwan-elections-china-interference; https://cyberscoop.com/ai-china-hacking-operations/; https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html; https://news.kbs.co.kr/news/pc/view/view.do?ncd=7878525; https://www.dt.co.kr/contents.html?article_no=2024013002109954058001; https://cyberscoop.com/feds-chinese-hacking-operations-have-been-in-critical-infrastructure-networks-for-five-years/; https://securityaffairs.com/158842/apt/apt-volt-typhoon-us-infrastructure.html; https://cyberscoop.com/cisa-jcdc-2024-priorities/; https://www.defenseone.com/threats/2023/12/the-d-brief-december-11-2023/392637/; https://www.voachinese.com/a/europe-warns-of-rampant-chinese-spying-20240214/7486874.html; https://cyberscoop.com/biden-executive-order-coast-guard-cyber/; https://www.itmedia.co.jp/enterprise/articles/2402/25/news006.html; https://www.voachinese.com/a/us-moves-to-shore-up-ports-from-cyberattacks-20240221/7497248.html; https://www.defenseone.com/defense-systems/2024/02/fbi-prepare-election-year-fast-paced-threats-powered-bad-guys-ai/394577/; https://therecord.media/fbi-director-christopher-wray-interview-click-here-podcast; https://www.infobae.com/estados-unidos/2024/03/05/la-amenaza-de-los-ataques-ciberfisicos-impulsados-por-la-inteligencia-artificial-enciende-las-alarmas-en-estados-unidos/; https://new.qq.com/rain/a/20240304A02WLO00; https://cyberscoop.com/nstac-white-house-advisory-group-critical-infrastructure/; https://www.rferl.org/a/romania-china-cameras-security-concerns/32853039.html; https://cyberscoop.com/intelligence-national-security-artificial-intelligence-threats/; https://therecord.media/water-industry-wants-to-write-its-own-cyber-rules; https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/; https://www.bleepingcomputer.com/news/security/cisa-shares-critical-infrastructure-defense-tips-against-chinese-hackers/; https://therecord.media/epa-water-sector-cyber-task-force-china-iran; https://www.bleepingcomputer.com/news/security/white-house-and-epa-warn-of-hackers-breaching-water-systems/; https://www.hstoday.us/subject-matter-areas/cybersecurity/article-cyber-threats-are-here-to-stay-3-tips-for-defending-u-s-critical-infrastructure-under-siege/; https://www.govinfosecurity.com/us-cisa-urges-preventative-actions-against-volt-typhoon-a-24657; https://arstechnica.com/security/2024/03/critical-us-water-systems-face-disabling-cyberattacks-white-house-warns/; https://www.mk.co.kr/news/world/10969697; https://www.epa.gov/system/files/documents/2024-03/epa-apnsa-letter-to-governors_03182024.pdf; https://www.wired.com/story/apple-m-chip-flaw-leak-encryption-keys/; https://www.wired.com/story/china-apt31-us-uk-hacking-espionage-charges-sanctions/; https://new.qq.com/rain/a/20240321A0AMPS00; https://www.dailysecu.com/news/articleView.html?idxno=154935; https://therecord.media/china-ai-influence-operations; https://www.handelszeitung.ch/insurance/china-nimmt-us-infrastruktur-ins-visier-704651; https://www.hackread.com/muddling-meerkat-espionage-great-firewall-china/,2023-12-13,2024-03-22
2901,Ukrainian Monobank targeted in DDoS attack on 12 December 2023,"The Ukrainian Monobank, one of the largest banks in the country, was targeted through a DDoS attack on 12 December 2023, according to its co-founder and CEO Oleh Horokhovskyi. No official attribution claims have been communicated publicly. A separate incident targeting the Ukrainian telecommunications company Kyivstar that occurred on the same day sparked speculations about Russian responsibility.
",2023-12-12,2023-12-12,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption,Monobank,Ukraine,EUROPE; EASTEU,Critical infrastructure,Finance,Not available,Not available,Not available,,1,15798,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://kyivindependent.com/massive-hacker-attack-reported-on-ukrainian-bank-monobank/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Armed conflict; Sovereignty,Conduct of hostilities; ,Not available,1,2023-12-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Ukraine,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://kyivindependent.com/massive-hacker-attack-reported-on-ukrainian-bank-monobank/; https://www.zeit.de/politik/ausland/2023-12/ukraine-krieg-kyivstar-cyberangriff-mobilfunk-anbieter; https://www.rferl.org/a/donation-nation-ukrainians-support-army-war/32744651.html; https://news.yahoo.com/one-most-attacked-companies-ukraine-131300273.html; https://www.siliconrepublic.com/enterprise/ukraine-monobank-ddos-cyberattack-russia; https://research.checkpoint.com/2024/29th-january-threat-intelligence-report/; https://kyivindependent.com/parliaments-website-reportedly-hit-by-cyberattack/; https://www.darkreading.com/cyberattacks-data-breaches/cyber-warfare-6-key-lessons-from-ukraine,2023-12-13,2024-01-26
2896,Unknown actors compromised reserach laboratories at University of Sherbrooke (UdeS) in early December 2023,"The University of Sherbrooke (UdeS) in Canada experienced a cyberattack in the beginning of December 2023. According to the university, some data from two research laboratories was compromised. No other impact has been reported by the university, besides the attack apparently not being a ransomware attack.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,University of Sherbrooke (UdeS),Canada,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,15799,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://ici.radio-canada.ca/nouvelle/2033246/cyber-attaque-udes-universite-sherbrooke,2023-12-12,2024-01-05
2895,Unknown actors hit province of Loyalty Island in New Caledonia with ransomware on 8 December 2023,"The provincial administration of Loyalty Island (La province des îles Loyauté) in New Caledonia, France, was targeted in a ransomware attack on 8 December 2023. 
Access to work stations and operational data was blocked. The first files were encrypted at 3 am, according to the provincial director of digital and communications information system. An undisclosed group demanded one million US dollars as a ransom.",2023-12-08,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware, Province of Loyalty Island (La province des îles Loyauté),New Caledonia,,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15803,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,New Caledonia,Gendarmerie pour la Nouvelle-Calédonie,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://la1ere.francetvinfo.fr/nouvellecaledonie/province-iles/la-province-des-iles-loyaute-victime-d-une-cyber-attaque-1449239.html,2023-12-12,2024-01-05
2894,State-sponsored North Korean hacker group Andariel stole sensitive information from South Korean defense companies as well as research institutes and pharmaceutical companies since at least 22 December 2022,"The state-sponsored North Korean hacker group Andariel stole sensitive information from South Korean defence companies as well as research institutes and pharmaceutical companies, tracing back to at least 22 December 2022 and continuing at least until 23 March 2023, the Seoul Metropolitan Police Agency's (SMPA) National Security Investigation Support Division assessed in cooperation with the FBI in a press release released on 5 December. 
Andariel is suspected to have stolen 1.2TB worth of data in addition to extorting money from the affected companies. The collected ransom is believed to have been laundered via the bank account of an individual only identified as Ms. A. by law enforcement. Police in South Korea seized servers, cell phones and laptops allegedly used by the group and searched the apartment of the woman, described as a foreigner.",2022-12-22,2023-03-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse; Ransomware,Not available - Not available,"Korea, Republic of; Not available",ASIA; SCS; NEA - ,Critical infrastructure - Critical infrastructure; Critical infrastructure,Defence industry - Health; Research,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,15305; 15305; 15305; 15305,2023-12-05 00:00:00; 2023-12-05 00:00:00; 2023-12-05 00:00:00; 2023-12-05 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Seoul Metropolitan Police Agency (SMPA); Seoul Metropolitan Police Agency (SMPA),Not available; Not available; Not available; Not available,"Korea, Republic of; United States; Korea, Republic of; United States","Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.smpa.go.kr/user/nd42986.do?View&boardNo=00300907,International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,1,2023-12-05 00:00:00,State Actors: Preventive measures,Awareness raising,"Korea, Republic of",Seoul Metropolitan Police Agency (SMPA),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,1,2023-12-05 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,"Korea, Republic of",Seoul Metropolitan Police,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/north-korea-hackers-stole-anti-aircraft-system-data; https://www.smpa.go.kr/user/nd42986.do?View&boardNo=00300907,2023-12-12,2024-04-24
2892,"North Korean state-sponsored hacker group Lazarus targeted companies in manufacturing, agriculture and physical security sectors with new malware families as part of operation 'Blacksmith' since March 2023","The North Korean state-sponsored hacker group Lazarus exploited the Log4Shell vulnerability (CVE-2021-44228) as part of a campaign dubbed 'Blacksmith', which opportunistically targeted manufacturing, agricultural and physical security companies worldwide. Talos Intelligence observed Lazarus proceeding to install the previously unknown DLang-based RAT from the NineRAT malware family. Initial targeting activities linked to the campaign trace back to March 2023 and surfaced again in September 2023. The campaign shares overlaps with malicious activity Microsoft reported in October 2023 and attributed to Onyx Sleet (previously tracked as PLUTIONIUM), which is also known as Andariel and suspected to operate as a subgroup of Lazarus.",2023-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available,"Europe (region); Korea, Republic of; South America", - ASIA; SCS; NEA - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, -  - Food,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,15364,2023-12-11 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,,United States,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,3.0,1-10,3.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html; https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-new-rat-malware-using-2-year-old-log4j-bug/; https://therecord.media/north-korean-hackers-using-log; https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/; https://securityaffairs.com/155681/apt/operation-blacksmith-lazarus-log4j.html,2023-12-12,2024-03-01
2883,Akira Ransomware Group Disrupted Several Systems of Nissan Oceania and Stole Data on 5 December 2023,"Nissan Oceania announced on 5 December 2023 that an intrusion had compromised several of its systems. On 22 December, the Akira ransomware gang claimed to have infiltrated the network of Nissan Australia, the Australian division of Japanese car manufacturer Nissan, and to have stolen almost 100GB of data. In the beginning of March 2024 Nissan began notifying around 100,000 customers affected by the data breach. According to the company an estimated 10% of these individuals have had some form of government identification compromised, which includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers. The remaining 90% of individuals notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.",2023-12-05,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Nissan Oceania,Australia,OC,Critical infrastructure,Critical Manufacturing,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),1,18047,2023-12-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.nissan.com.au/website-update.html; https://research.checkpoint.com/2023/11th-december-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/nissan-australia-cyberattack-claimed-by-akira-ransomware-gang/; https://securityaffairs.com/156283/cyber-crime/akira-ransomware-breached-nissan-australia.html; https://socradar.io/disney-data-leak-meduza-stealer-sale-nissan-australia-and-the-economist-targeted-in-cyberattacks/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-22nd-2023-blackcat-hacked/; https://www.bleepingcomputer.com/news/security/nissan-is-investigating-cyberattack-and-potential-data-breach/; https://www.tomshw.it/hardware/rubano-dati-per-4-mesi-a-una-prestigiosa-universita-prima-che-se-ne-accorgano; https://www.bleepingcomputer.com/news/security/nissan-confirms-ransomware-attack-exposed-data-of-100-000-people/; https://securityaffairs.com/160458/data-breach/nissan-oceania-data-breach-impacted-100000-people.html; https://securityaffairs.com/160586/breaking-news/security-affairs-newsletter-round-463-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2024/18th-march-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/eagers-automotive-halts-trading-in-response-to-cyberattack/; https://www.bleepingcomputer.com/news/security/fbi-akira-ransomware-raked-in-42-million-from-250-plus-victims/,2023-12-11,2024-03-18
2881,Play Ransomware group disrupted Greater Richmond Transit Company in late November 2023,"The IT network of Greater Richmond Transit Company (GRTC), a local public transportation provider in central Virginia, experienced network disruptions around the end of November 2023. While certain parts of the IT infrastructure have been affected, GRTC services have continued to run as normal. GRTC declined to comment whether ransomware was involved. A post by the ransomware group Play on its leak site listed GRTC as a victim, indicating the company had become the target of an extortion attempt.",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Disruption; Hijacking with Misuse; Ransomware,Greater Richmond Transit Company (GRTC),United States,NATO; NORTHAM,Critical infrastructure,Transportation,PLAY,Not available,Non-state-group,Criminal(s),1,15181,2023-12-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,PLAY,Not available,Not available,PLAY,Not available,Non-state-group,https://therecord.media/central-va-transit-system-cyberattack,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/central-va-transit-system-cyberattack; https://twitter.com/BrettCallow/status/1732821456495714716; https://research.checkpoint.com/2023/11th-december-threat-intelligence-report/; https://therecord.media/play-ransomware-targets-hundreds,2023-12-11,2023-12-14
2882,North Korean State-Sponsored Hacking Group Kimsuky Infiltrated South Korean Research Institutes to Steal Information for an Undisclosed Period of Time ,The North Korean threat actor known as Kimsuky has been conducting a targeted spear-phishing campaign against research institutes in South Korea. The primary objective of this campaign has been to infiltrate systems and implant backdoors for the purpose of maintaining access and setting up data exfiltration channels.,2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Research,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15884,2023-11-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,"Korea, Republic of",Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://thehackernews.com/2023/12/n-korean-kimsuky-targeting-south-korean.html; https://asec.ahnlab.com/en/59387/,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/12/n-korean-kimsuky-targeting-south-korean.html; https://asec.ahnlab.com/en/59387/; https://asec.ahnlab.com/ko/54804/,2023-12-11,2024-01-06
2890,Unknown hackers stole and leaked data from Turkish e-government portal in June 2023,"In June 2023, the private data of Turkish citizens was offered for sale online. The data was stolen from e-devlet, Turkey's e-government platform, and included citizens' information, such as ID numbers, phone numbers, family members, full addresses, land registry records and education data. The leaked data is expected to also contain information of high-ranking state and government officials, including President Erdoğan and Turkey's main opposition leader, Kemal Kilicdaroglu. E-devllet is the central administrative portal in Turkey.
",2023-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing; Hijacking with Misuse,e-devlet,Turkey,ASIA; NATO; MEA,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15804,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://balkaninsight.com/2023/06/09/turkish-citizens-personal-data-offered-online-after-govt-site-hacked/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://balkaninsight.com/2023/06/09/turkish-citizens-personal-data-offered-online-after-govt-site-hacked/,2023-12-11,2024-03-07
2885,Russian state-sponsored Callisto group conducted Spear-phishing campaign against several US defence institutions,"The threat actor Callisto Group - also known as Star Blizzard (previously tracked as SEABORGIUM), Dancing Salome, or Coldriver - conducted a spear-phishing campaign against various US defence institutions and companies in the defence sector, becoming publicly known through an indictment of two members of Callisto Group by the United States District Court for the Northern District of California on 6 December 2023. Listed as targets and victims were current and former members of intelligence services, the Department of State, the Department of Defense and defence contractors. The indictment stated that significant amounts of data were transferred to servers with Russian IP addresses between April and October 2020. However, it remains unclear where the data was transferred from and whether the exfiltrated data contained sensitive information. The indictment deems Callisto Group operates as a unit within Center 18 of Russia's internal intelligence service FSB.",2020-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,United States,NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system,Government / ministries; ; Intelligence agencies,"Star Blizzard fka SEABORGIUM/Callisto Group/TA446/COLDRIVER/TAG:53/Blue Charlie/Reuse Team (FSB Centre 18, Unit 64829)",Russia,"Non-state actor, state-affiliation suggested",,1,15883,2023-12-06 00:00:00,Domestic legal action,Attribution by receiver government / state entity,US Department of Justice (DoJ),Not available,United States,"Star Blizzard fka SEABORGIUM/Callisto Group/TA446/COLDRIVER/TAG:53/Blue Charlie/Reuse Team (FSB Centre 18, Unit 64829)",Russia,"Non-state actor, state-affiliation suggested",https://www.justice.gov/media/1327601/dl?inline,System / ideology; International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,3,2023-12-07 00:00:00; 2023-12-07 00:00:00; 2023-12-07 00:00:00,State Actors: Stabilizing measures; State Actors: Preventive measures; State Actors: Stabilizing measures,; Awareness raising; ,United States; United States; United States,Department of Justice (DOJ); Cybersecurity and Infrastructure Security Agency (CISA); U.S. Department of the Treasury ,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,1,2023-12-07 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,United States,US Department of the Treasury,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.justice.gov/media/1327601/dl?inline; https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer; https://home.treasury.gov/news/press-releases/jy1962; https://cyberscoop.com/russia-hacking-cold-river/; https://www.bleepingcomputer.com/news/security/google-russian-fsb-hackers-deploy-new-spica-backdoor-malware/; https://therecord.media/russia-state-hackers-deploying-malware-nato; https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html; https://securityaffairs.com/157705/apt/google-warns-coldriver-malware.html; https://securityaffairs.com/155564/breaking-news/security-affairs-newsletter-round-449-by-pierluigi-paganini-international-edition.html,2023-12-11,2024-02-14
2886,Russian state-sponsored Callisto group conducted Spear-phishing campaign against US Department of Energy beginning in May 2022,"The threat actor Callisto Group - also known as Star Blizzard (previously tracked as SEABORGIUM), Dancing Salome, or Coldriver - conducted a spear-phishing campaign against the US Department of Energy lasting from at least May to October 2022, which became publicly known through an indictment of members of Callisto Group by the United States District Court for the Northern District of California. In at least one incident, the adversaries were able to harvest credentials through malicious PDFs. The indictment identifies Callisto Group as a unit within Center 18 of Russia's internal intelligence service FSB.",2022-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,US Department of Energy (DoE),United States,NATO; NORTHAM,State institutions / political system,Government / ministries,"Star Blizzard fka SEABORGIUM/Callisto Group/TA446/COLDRIVER/TAG:53/Blue Charlie/Reuse Team (FSB Centre 18, Unit 64829)",Russia,"Non-state actor, state-affiliation suggested",,1,16251,2023-12-05 00:00:00,Domestic legal action,Attribution by receiver government / state entity,US Department of Justice (DoJ),Not available,United States,"Star Blizzard fka SEABORGIUM/Callisto Group/TA446/COLDRIVER/TAG:53/Blue Charlie/Reuse Team (FSB Centre 18, Unit 64829)",Russia,"Non-state actor, state-affiliation suggested",https://www.justice.gov/media/1327601/dl?inline,System / ideology; International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,3,2023-12-07 00:00:00; 2023-12-07 00:00:00; 2023-12-07 00:00:00,State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Preventive measures,; ; Awareness raising,United States; United States; United States,Department of Justice (DOJ); U.S. Department of the Treasury ; Cybersecurity and Infrastructure Security Agency (CISA),No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,1,2023-12-07 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,United States,US Department of the Treasury,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.justice.gov/media/1327601/dl?inline; https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer; https://home.treasury.gov/news/press-releases/jy1962; https://cyberscoop.com/russia-hacking-cold-river/; https://www.bleepingcomputer.com/news/security/google-russian-fsb-hackers-deploy-new-spica-backdoor-malware/; https://therecord.media/russia-state-hackers-deploying-malware-nato; https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html; https://securityaffairs.com/157705/apt/google-warns-coldriver-malware.html; https://securityaffairs.com/155564/breaking-news/security-affairs-newsletter-round-449-by-pierluigi-paganini-international-edition.html,2023-12-11,2024-02-14
2879,Russian state-sponsored hacking group Seashell Blizzard (aka Sandworm) gained access to and disrupted networks of organisations linked to Ukrainian agricultural sector beginning on 25 July 2023,"Microsoft Threat Intelligence observed network penetration, data exfiltration and the deployment of destructive malware by Russian state-sponsored hacking groups against Ukrainian organisations of the food/agricultural sector and grain-related shipping infrastructure between June and September 2023.
In one operation, Russian state-sponsored hacking group Seashell Blizzard (formerly tracked as IRIDIUM; also known as Sandworm) deployed destructive malware (WalnutWipe/SharpWipe) against networks of Ukrainian organisations of the food/agricultural sector from July to August 2023.  On 31 July 2023, Seashell Blizzard conducted wiper attacks against two Ukrainian agricultural organisations. In another instance identified for 2 August 2023, Seashell Blizzard conducted a reconnaissance operation on another network. ",2023-07-25,2023-08-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available - Not available,Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Food - ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15886,2023-12-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft,United States,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://aka.ms/mtac1,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Armed conflict; Sovereignty; Aid and development,"Economic, social and cultural rights; Conduct of hostilities; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://aka.ms/mtac1,2023-12-08,2024-01-06
2877,Russian state-sponsored hacking group Aqua Blizzard aka Gamaredon exfiltrated data of organisations linked to Ukrainian agricultural industry between June and July 2023,"Microsoft Threat Intelligence observed network penetration, data exfiltration and the deployment of destructive malware by Russian state-sponsored hacking groups against Ukrainian organisations active in the food/agricultural sector and grain-related shipping infrastructure between June and September 2023.
Russian state-sponsored threat actor Aqua Blizzard (formerly tracked as ACTINIUM and also known as Gamaredon) exfiltrated data from a Ukrainian company that assists with tracking crop yields in June and July 2023. ",2023-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15887,2023-12-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft Security Intelligence,United States,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",https://aka.ms/mtac1,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Armed conflict; Sovereignty; Aid and development,"Economic, social and cultural rights; Conduct of hostilities; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://blogs.microsoft.com/on-the-issues/2023/12/07/russia-ukraine-digital-threat-celebrity-cameo-mtac/; https://aka.ms/mtac1; https://therecord.media/ukraine-pow-agency-cyberattack-russia; https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html,2023-12-08,2024-01-06
2878,Polish train manufacturer Newag SA suspected of installing programming errors in its own trains since 2022,"On 5 December 2023, a trio of Polish security researchers (part of Dragon Sector, a Polish pentesting team) that were hired in May 2022 by Serwis Pojazdów Szynowych (SPS), an independent train maintenance firm, claimed that trains manufactured by Polish Newag SA have embedded software that disables them when their hardware is serviced by competitors. More specifically, the research collective found out that train systems locked up for no apparent reason after being serviced in third-party workshops. Dragon Sector speculated that Newag engineers introduced the code responsible for the malfunctions to ensure maintenance contracts would be awarded to Newag, in light of the apparent failure of competitors to complete the task. Prior to commissioning Dragon Sector for the review of the train systems, SPS had accrued 2 million złoty (€462,000) in fines for delays in fulfilling its contractual maintenance obligations.
Newag denied those allegations on the day following the presentation of these findings, stating that the technical issues are the result of the work of unknown hackers and threatened to file a lawsuit against Dragon Sector.
Janusz Cieszyński, Poland’s former minister of digital affairs, communicated on 6 December that Newag assured to him of no wrongdoing, but said that the report he saw indicated otherwise. 
 ",2022-01-01,Not available,Attack on critical infrastructure target(s),,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,Newag SA,Poland,EUROPE; NATO; EU(MS); EASTEU,Critical infrastructure,Transportation,Newag SA,Poland,Other,,1,15806,2023-12-05 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,Dragon Sector,Not available,Poland,Newag SA,Poland,Other,https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/,Other,Not available,,Not available,,1,2023-12-06 00:00:00,EU member states: Legislative reactions,,Poland,Janusz Cieszyński (Member of Polish Parliament),No,,Trusted Relationship,System Shutdown/Reboot,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.theregister.com/2023/12/08/polish_trains_geofenced_allegation/; https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/; https://notesfrompoland.com/2023/12/06/polish-manufacturer-accused-of-programming-failures-into-its-trains-to-gain-more-servicing-business/; https://twitter.com/jciesz/status/1732411016221524070?s=20; https://www.hackread.com/hackers-fix-polish-train-glitch-face-legal-pushback/,2023-12-08,2024-01-06
2874,"Unknown threat actors targeted website of French Service National Universel (SNU) and accessed data of almost 150,000 citizens in early December 2023","Following a breach of the online platform of Service National Universel (SNU), France's network for youth volunteers, the data of 150,000 people, including that of volunteers and their parents, has been affected. Those affected were informed by email about the theft of their personal data, including surnames, first names, postal addresses and email addresses. The Ministry of Education, which oversees the SNU, confirmed the incident and stated that the public prosecutor's office was involved as investigations of the incident were proceeding. The national data protection authority, CNIL, has also been informed.",2023-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Service National Universel,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15810,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Procureure de la République de Paris (Parquet de Paris),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lemondeinformatique.fr/actualites/lire-apres-une-cyberattaque-sur-le-snu-les-donnees-de-150-000-personnes-volees-92350.html; https://www.sudouest.fr/sciences-et-technologie/piratage-les-cyberattaques-via-rancongiciels-en-hausse-de-30-en-2023-attention-aux-failles-sur-les-smartphones-en-2024-18836194.php,2023-12-07,2024-01-05
2873,US-American Hermon School Department hit with ransomware in November 2023,"The Hermon School Department in the US state of Maine was hit with ransomware in November 2023, according to a report released by the school's superintendent on 29 November. The attack was first discovered on 5 November. By 6 November, a virus introduced by the attackers had propagated to several servers. All servers were shut down to prevent further spread.  On 7 November, the systems were back online and the school was functioning normally. There is no confirmation yet on what data has been accessed, but directory data such as names and addresses are believed to have been affected. No ransom was paid. The superintendent stated that the ransomware operators focused on PowerSchool as entry vector, a platform which provides software and cloud services for schools.",2023-11-01,2023-11-07,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None,United States; United States,NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - Critical infrastructure,Civil service / administration - Telecommunications,,Not available,Not available,,1,15816,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/schools-maine-indiana-georgia-ransomware; https://www.bangordailynews.com/2023/12/04/news/bangor/hermon-school-department-ransomware-attack/,2023-12-07,2024-01-05
2871,ALPHV/BlackCat stole data from HTC Global Services in November 2023,"HTC Global Services, an IT service provider and consulting company based in the United States, was the victim of data theft and subsequent partial leaking of data by the ransomware group ALPHV/BlackCat, which cybersecurity expert Kevin Beaumont believes utilised the Citrix Bleed vulnerability to infiltrated the company on 30 November 2023.
Based on the files already leaked on ALPHV/BlackCat's leak site, personal data stolen includes passports and emails, as well as business documents containing confidential information.
",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,HTC Global Services,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,15888,2023-11-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/htc-global-services-confirms-cyberattack-after-data-leaked-online/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/htc-global-services-confirms-cyberattack-after-data-leaked-online/; https://twitter.com/HTCInc/status/1730656106324914291; https://www.bleepingcomputer.com/news/security/htc-global-services-confirms-cyberattack-after-data-leaked-online/; https://research.checkpoint.com/2023/11th-december-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-15th-2023-ransomware-drama/,2023-12-06,2024-01-16
2870,Unknown threat actors targeted Lac-Mégantic municipal administration in Canada on 30 November ,"The municipal administration of Lac-Mégantic in Canada was targeted by unknown threat actors on 30 November 2023. The intrusion resulted in the outage of city services, including the eco-centre, the town hall, the Centre sportif Mégantic and the Station touristique Baie-des-Sables. Several services continued to be unavailable a week after the incident, such as the email system, the public Wi-Fi network and the car park ticket payment system.",2023-11-29,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Lac-Mégantic,Canada,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15820,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.facebook.com/villelacmegantic/; https://www.latribune.ca/actualites/actualites-locales/estrie-et-regions/2023/12/05/plusieurs-services-de-la-ville-de-lac-megantic-paralyses-par-une-cyberattaque-VCUNESR6TRHH7HS3XTZU7R7L3Y/,2023-12-06,2024-01-05
2869,US sweets manufacturer Hershey experienced data breach in September 2023,"US sweets manufacturer Hershey found sustained a data breach conducted by an unknown actor as part of a phishing campaign between 3 and 4 September 2023. According to Hershey's filing with the Maine Attorney General on 1 December 2023 the breach concerned 2,214 individuals. While Hershey reported no evidence that data was ""acquired or misused,"" the company warned that the victims' personal data was nevertheless accessed, including financial data such as account numbers and credit card numbers, as well as access codes/passwords and PINs for accounts; additional data included health insurance information.
According to the letter sent to victims by Hershey and the Maine AG filing, Hershey discovered the activity soon after the intrusion and blocked the unauthorized access within the day.",2023-09-03,2023-09-04,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,The Hershey Company,United States,NATO; NORTHAM,Critical infrastructure,Food,Not available,Not available,Not available,,1,15826,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/hershey-data-breach-phishing; https://apps.web.maine.gov/online/aeviewer/ME/40/0bde9ba2-ba66-4741-9b54-208987b13c24.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/0bde9ba2-ba66-4741-9b54-208987b13c24/7ffe52c5-9c75-49d0-b2fe-b408abace48d/document.html; https://research.checkpoint.com/2023/11th-december-threat-intelligence-report/; https://therecord.media/kraft-heinz-reviewing-claims-of-cyberattack-operating-normally,2023-12-06,2024-01-05
2868,Hunters International ransomware gang claimed to have targeted Fred Hutch Cancer Center in Washington State on 19 November,"The Fred Hutchinson Cancer Center, an independent research facility in Seattle, Washington, that also operates as the cancer programme of the University of Washington School of Medicine, declared on 1 December that it had been the victim of a cyber incident. The Hunters International ransomware gang subsequently claimed responsibility for the incident on 15 December, adding the healthcare company to its leak site and threatening to release 533 GB of data allegedly obtained during the compromise.
Previously, the Fred Hutch Cancer Center had suspected the threat actors to be a criminal group operating from outside the United States. On 22 December, the Center confirmed that the breach of the clinical network discovered on 19 November facilitated the exfiltration of data, including patients' name, address, phone number, email address, date of birth, Social Security number, health insurance information, medical record number, patient account number, date(s) of service and/or certain clinical information such as treatment/diagnosis information, lab results, or provider name.",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Fred Hutchinson Cancer Center,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Health; Research,Unknown; Hunters International ransomware gang,Not available; Not available,Non-state-group; Not available,Criminal(s); ,2,15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890; 15890,2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00; 2023-12-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Fred Hutchinson Cancer Center; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available,Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang; Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang; Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang; Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang; Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang; Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang; Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang; Unknown; Unknown; Hunters International ransomware gang; Hunters International ransomware gang,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available; Non-state-group; Not available,https://www.fredhutch.org/en/about/about-the-hutch/accountability-impact/data-security-incident.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available; Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.healthcareitnews.com/news/fred-hutch-cancer-center-clinical-network-breached; https://www.fredhutch.org/en/news/releases/2023/12/notice-of-information-security-incident-involving-fred-hutchinso.html; https://www.fredhutch.org/en/about/about-the-hutch/accountability-impact/data-security-incident.html; https://www.bleepingcomputer.com/news/security/ransomware-gang-behind-threats-to-fred-hutch-cancer-patients/; https://therecord.media/seattle-fred-hutch-cancer-center-ransomware-attack; https://securityaffairs.com/155955/data-breach/hunters-international-hacked-fred-hutch.html; https://therecord.media/nearly-three-mil-affected-ransomware-medtech; https://www.bleepingcomputer.com/news/security/integris-health-patients-get-extortion-emails-after-cyberattack/; https://www.fredhutch.org/en/news/releases/2023/12/fred-hutchinson-cancer-center-notifies-patients-of-data-security.html; https://therecord.media/lockbit-claims-november-attack-on-capital; https://www.heise.de/news/Skrupel-nur-vorgeschoben-Ransomware-Banden-attackieren-Kliniken-9591987.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.columbian.com/news/2024/mar/03/why-health-care-has-become-a-top-target-for-cybercriminals/; https://www.dallasnews.com/business/health-care/2024/03/02/why-health-care-has-become-a-top-target-for-cybercriminals/; https://therecord.media/australia-healthcare-saint-vincent-cyberattack,2023-12-05,2024-01-09
2867,Mayor's office of the Puerto Rican municipality of Rio Grande was hit by a cyber attack that was detected in November 2023,"The mayor's office of the Puerto Rican municipality of Río Grande suffered a cyberattack in November 2023. On 27 November, the municipality's IT manager noticed that no data was being displayed on the monitors and that administrative data had been extracted.
Forensic analysis by a private IT company confirmed that criminals had disrupted the municipality's online portal and encrypted administrative systems.
The damage to the system was estimated at approximately US$ 75,000.
Agents from the Criminal Investigations and Cybercrime Unit within the Puerto Rico's Department of Justice continue with the investigation.",2023-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse,Municipality of Rio Grande,Puerto Rico,,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15891,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,=< 10 Mio,75000.0,dollar,Not available,Sovereignty,,Not available,1,2023-11-30 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Puerto Rico,Puerto Rico Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.telemundopr.com/noticias/puerto-rico/investigan-ataque-cibernetico-a-la-casa-alcaldia-de-rio-grande/2556029/; https://www.lemagit.fr/actualites/366561813/Cyberhebdo-du-1er-decembre-2023-une-semaine-detonante,2023-12-05,2024-01-06
2866,"Data from city admistration of Baden, Switzerland, leaked on darknet by unknown hackers in late November 2023","On 29 November 2023, unknown hackers published stolen data from the city administration of Baden, Switzerland, on the hacker forum dragonforce on the darknet. The extracted files contain various tables with the names and addresses of residents. Parts of the municipal budget from 2013 to 2023, data on municipal investments and revenue for various products were also published. Invoices to citizens as well as reminders, parts of accounts payable or information on which deceased persons were cremated and when were also published. Entries that were only created a few months ago indicate that the data is genuine and up-to-date.
It is believed that the data leak was enabled by an older security vulnerability. A ransom demand has not been published.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,"City administration Baden, Switzerland",Switzerland,EUROPE; WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15842,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.nzz.ch/zuerich/hackerangriff-auf-baden-sensitive-daten-von-buergerinnen-und-buerger-sind-im-darkweb-zu-finden-ld.1768723,2023-12-05,2024-01-05
2865,Unknown Threat Actors Gained Unauthorised Access to Systems and Parts of Databases of German Gräbener Maschinentechnik GmbH in early December 2023,"Unknown threat actors targeted the internal IT system of Gräbener Maschinentechnik GmbH in Germany between 1 December and 3 December 2023 and gained unauthorised access to parts of its databases, according to a statement by the company. Quickly implemented mitigation measures were able to prevent further damage.
Gräbener Maschinentechnik is a family-run mechanical engineering company that provides solutions for the hydroforming and automotive industries, large pipe production, container construction, wind tower production and shipbuilding markets worldwide.",2023-12-01,2023-12-03,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Gräbener Maschinentechnik GmbH,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,15892,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-12-03 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.graebener.com/de/blog/datenschutzvorfall-bei-graebener,2023-12-05,2024-01-06
2864,English Weald of Kent Grammar School hit by cyberincident in November 2023,"The Weald of Kent Grammar School, a school in the district of Kent, England, primarily attended by girls, was subject to a network intrusion in November 2023. On 24 November, the principal declared that a school email distribution group had been compromised. Parents have claimed that an ""indecent image"" was sent via email. Following the attack, the school deactivated the email accounts of all its students. The police have been informed of the incident and the school is working with them to find the attacker.",2023-11-20,2023-11-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Kent Grammar School,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15893,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.kentonline.co.uk/malling/news/indecent-image-sent-to-grammar-school-students-during-cybe-297761/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-11-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,Kent Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.kentonline.co.uk/malling/news/indecent-image-sent-to-grammar-school-students-during-cybe-297761/,2023-12-05,2024-01-06
2858,US American cloud service provider Ongoing Operations hit by ransomware attack on 26 November 2023,"The US cloud service provider Ongoing Operations, LLC, based in Maryland, was hit by a ransomware attack on 26 November 2023. Ongoing Operations, a subsidiary of credit union technology company Trellancy, provides third-party services to numerous credit unions. As a result of the attack, 60 credit unions experienced outages, including FedComp. The company stated that no misuse of information has been detected. The US Treasury Department, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have been notified of the incident.",2023-11-26,Not available,Attack on critical infrastructure target(s),,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse; Ransomware,"Ongoing Operations, LLC",United States,NATO; NORTHAM,Critical infrastructure,Digital Provider,Not available,Not available,Not available,,1,14830,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://therecord.media/credit-unions-facing-outages-due-to-ransomware,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/credit-unions-facing-outages-due-to-ransomware; https://research.checkpoint.com/2023/4th-december-threat-intelligence-report/; https://therecord.media/credit-union-services-restored-after-ransomware-attack-technology-provider; https://therecord.media/2023-year-in-review-highlights,2023-12-04,2023-12-08
2860,Iranian State-Aligned AGRIUS and Lebanese Terrorist Hezbollah Cyber Unit extraced medical records of military personnel from Israeli Ziv Medical Centre in November 2023,"An Iranian hacker group claims to be responsible for an intrusion of networks at northern Israel's Ziv Medical Centre in November 2023. The group claimed on their own Telegram channel that they stole 100,000 IDF medical records, more than 500 GB of data, from the hospital and shared screenshots of medical documents dating to 2022. The hospital confirmed the incident and acknowledged evidence of leaked documents. In addition, recent investigations by the Israel National Cyber Directorate, the IDF and the Israeli Security Agency have revealed that Iran and Hezbollah were behind the cyberattack on the Ziv hospital, according to a government statement. The attack was allegedly orchestrated by an Iranian cyber group AGRIUS aka Agonizing Serpens which is close to the Ministry of Intelligence, in which Hezbollah's cyber units were also involved. Despite the failed disruption, the attackers managed to extract and publish the data.
The compromise was the third incident Ziv Medical Centre has faced in 2023. ",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim; Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Ziv Medical Center,Israel,ASIA; MENA; MEA,Critical infrastructure,Health,"Not available; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of; Lebanon; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Terrorist(s); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",3,16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16865; 16864,2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2023-11-01 00:00:00; 2024-01-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Media-based attribution,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Israel National Cyber Directorate; Iran International,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel; United Kingdom","Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Not available; Not available; Not available; Not available; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS); Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested",https://www.jpost.com/israel-news/defense-news/article-775843; https://www.gov.il/en/departments/news/ziv181223,Resources; Secession,System/ideology; Resources; International power; Secession,Iran – Israel; Israel (Hamas et al.); Iran – Israel; Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International peace; Armed conflict; Due diligence; Sovereignty,"Economic, social and cultural rights; Prohibition of intervention; Conduct of hostilities; ; ",Not available,0,,Not available,,Not available,Not available,Not available; Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.jpost.com/israel-news/defense-news/article-775843; https://therecord.media/ziv-hospital-israel-hackers-claim-to-leak-data; https://research.checkpoint.com/2023/4th-december-threat-intelligence-report/; https://www.gov.il/en/departments/news/ziv181223; https://www.iranintl.com/en/202401267648?utm_source=substack&utm_medium=email; https://thehackernews.com/2023/12/microsoft-warns-of-new-falsefont.html,2023-12-04,2024-03-15
2859,Unknown threat actors targeted Irish water utility Drum/Binghamstown Group Water Scheme causing disruptions on 30 November 2023 ,"The Drum/Binghamstown Group Water Scheme Co-Operative Society Limited, a prominent Irish water supplier located in Binghamstown, Connacht, Ireland, experienced disruptions to its electronic systems on 30 November 2023. In response to the intrusion, water delivery to customers of the utility was halted for at least one and a half days. Moreover, the user interface of the electronic water pumping system was defaced with an Anti-Israeli message. The incident mirrored another one affecting an US water plant in Aliquippa, Pennsylvania a few days earlier.",2023-11-30,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Drum/Binghamstown Group Water Scheme Co-Operative Society Limited,Ireland,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Water,Cyber Avengers/Cyber Av3ngers < Storm-0784/Shahid Kaveh Group (IRGC-CEC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,15051,2023-11-30 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Cyber Avengers / Cyber Av3ngers,Not available,Not available,Cyber Avengers/Cyber Av3ngers < Storm-0784/Shahid Kaveh Group (IRGC-CEC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Economic, social and cultural rights; ; Other human rights instruments",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lemagit.fr/actualites/366561813/Cyberhebdo-du-1er-decembre-2023-une-semaine-detonante; https://www.midwestradio.ie/index.php/news/72292-cyber-attack-hits-group-water-scheme-in-north-mayo; https://securityaffairs.com/155552/hacktivism/hacktivist-hacked-irish-water-utility.html,2023-12-04,2023-12-11
2861,Unknown hackers encrypted and stole data from Singaporean engineering company Koh Brothers Eco Engineering Limited in late 2023,"Unknown threat actors have compromised Singaporean company Koh Brothers Eco Engineering Limited and a number of its subsidiaries over an as yet unknown period of time. 
The company announced in a notification to its shareholders on 4 December 2023 that the servers of some of the company's subsidiaries had been accessed without authorisation and encrypted. The encryptions did not affect business operations.
",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Koh Brothers Eco Engineering Limited,Singapore,ASIA,Critical infrastructure; Critical infrastructure,Waste Water Management; Critical Manufacturing,Not available,Not available,Not available,,1,14827,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.businesstimes.com.sg/companies-markets/koh-brothers-eco-units-face-cyberattack-investigation-ongoing; https://media-kohbrother.todayir.com/2023120407511932635083_en.pdf,2023-12-04,2023-12-06
2857,"City of Hendersonville (North Carolina, USA) suffered data theft in November 2023","In November 2023, unknown actors stole government employee data from networks of the city of Henderson, a community of 15,000 in North Carolina, USA. According to the city manager, John Connet, the threat actor accessed software used to store employee data. Following an investigation by the North Carolina Joint Cybersecurity Task Force and third-party digital forensics specialists, Connet warned that data from certain employees hired before 1 January 2021 was likely accessed in the incident. Connet clarified that no other systems were impacted, and no customer data was stolen.",2023-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,"City of Hendersonville, NC (US)",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,14831,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-11-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,North Carolina Joint Cybersecurity Task Force,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/hack-on-north-carolina-city-led-to-data-leak; https://www.hendersonvillenc.gov/news/city-manager-cybersecurity-statement; https://eu.blueridgenow.com/story/news/local/2023/11/29/hendersonville-city-employees-target-of-cybersecurity-breach/71746976007/,2023-12-01,2023-12-05
2850,"Unknown actor disrupted diagnostic systems and deleted administrative data at Hospital in Esslingen, Germany, on 28 November 2023","On 28 November 2023, an unknown actor gained access to the server of a hospital in Esslingen, Germany, and deleted hospital administration data as well as data from the image processing systems in the radiology, ultrasound and endoscopy departments. No patient data was affected, and the hospital was able to continue operating its facilities. The police have been informed about the incident.",2023-11-28,2023-11-28,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Critical infrastructure,Health; Health,Not available,Not available,Not available; Not available,,1,15160,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Destruction,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.kma-online.de/aktuelles/klinik-news/detail/daten-geloescht-bei-digitalem-einbruch-ins-klinikum-esslingen-51112; https://www.heise.de/news/Nach-Cyberangriff-auf-Klinikum-Esslingen-Analyse-laeuft-auf-Hochtouren-9546201.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.lemagit.fr/actualites/366561813/Cyberhebdo-du-1er-decembre-2023-une-semaine-detonante; https://www.silicon.de/41712271/was-tun-gegen-cyberangriffe-auf-kliniken,2023-11-30,2023-12-12
2845,Japanese Space Agency JAXA targeted during summer of 2023,"The Japanese space agency JAXA was compromised by unknown actors during the summer of 2023. The intrusion was discovered in the fall of 2023 when law enforcement agencies notified the Japanese space agency that its systems had been breached. The threat actor gained access to an Active Directory server storing employee credentials. The compromise likely provided visibility into this information, though no data exfiltration has been confirmed, 
Networks of the agency had been infiltrated in 2016 and 2017, when nearly 200 Japanese research institutions and defence-related companies became targets as part of a larger campaign. These activities were later attributed to Chinese military hackers, identified as Tick in April 2021.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,JAXA,Japan,ASIA; SCS; NEA,State institutions / political system,"Other (e.g., embassies)",Not available,Not available,Not available,,1,15161,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Space law; Sovereignty,,Not available,1,2023-11-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Japan,Tokyo Metropolitan Police Department,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/japanese-space-agency-jaxa-hacked-in-summer-cyberattack/; https://japannews.yomiuri.co.jp/society/general-news/20231129-152511/; https://research.checkpoint.com/2023/4th-december-threat-intelligence-report/,2023-11-30,2023-12-12
2844,Ransomware group Lockbit claims responsibilty for the attack on US hospital company Capital Health causing network outages at the end of November 2023.,"The US hospital company Capital Health was the target of disruptions in the access to data and networks at the end of November 2023. Lockbit claimed responsibility for the attack on 7 January 2024 declaring the theft of over 7 terabytes of confidential data. 

The company operates two hospitals - the Regional Medical Center in Trenton and the Capital Health Medical Center in Hopewell - as well as several smaller healthcare facilities in the New Jersey-Pennsylvania region. Despite the affirmation of the ransomware group not having encrypted any files to ensure patient care, the facilities experienced outages the day of the attack. Due to the outage, the hospital company rescheduled certain non-emergency procedures. Several non-essential services, including outpatient radiology, were temporarily suspended.",2023-11-27,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Capital Health,United States,NATO; NORTHAM,Critical infrastructure,Health,LockBit,Russia,Non-state-group,Criminal(s),1,16064,2024-01-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Russia,Non-state-group,https://therecord.media/lockbit-claims-november-attack-on-capital; https://securityaffairs.com/157170/cyber-crime/lockbit-ransomware-hit-capital-health.html; https://www.bleepingcomputer.com/news/security/capital-health-attack-claimed-by-lockbit-ransomware-risk-of-data-leak/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/new-jersey-pennsylvania-hospitals-affected-by-cyberattack; https://www.capitalhealth.org/information-technology-security-incident; https://www.bleepingcomputer.com/news/security/capital-health-hospitals-hit-by-cyberattack-causing-it-outages/; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/hhs-proposes-cyber-requirements-for-hospitals; https://therecord.media/nearly-three-mil-affected-ransomware-medtech; https://therecord.media/lockbit-claims-november-attack-on-capital; https://www.bleepingcomputer.com/news/security/capital-health-attack-claimed-by-lockbit-ransomware-risk-of-data-leak/; https://securityaffairs.com/157170/cyber-crime/lockbit-ransomware-hit-capital-health.html; https://www.heise.de/news/Skrupel-nur-vorgeschoben-Ransomware-Banden-attackieren-Kliniken-9591987.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-12th-2024-targeting-homeowners-data/; https://therecord.media/lockbit-ransomware-disrupted-international-operation; https://therecord.media/lockbit-affiliates-arrested-in-ukraine-poland; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax,2023-11-30,2024-01-20
2843,Ransomware group Daixin Team targeted North Texas Municipal Water District (NTMWD) in November 2023,"The ransomware group Daixin Team targeted the North Texas Municipal Water District (NTMWD), which caters to 13 cities combining two million people. NTMWD first reported disruptions to its telephone service on 12 November 2023 that continued to persist two weeks later. Daixin Team claimed to have stolen board meeting minutes, internal project documents, personnel data, and audit reports. Core operations related to water, wastewater and waste management were not affected by the incident. ",2023-11-12,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,North Texas Municipal Water District (NTMWD) ,United States,NATO; NORTHAM,Critical infrastructure,Water,Daixin Team,Not available,Non-state-group,Criminal(s),1,14832,2023-11-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Daixin Team,Not available,Not available,Daixin Team,Not available,Non-state-group,https://twitter.com/BrettCallow/status/1729292015882641810,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Economic, social and cultural rights; ; ; Other human rights instruments",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/north-texas-water-utility-cyberattack; https://securityaffairs.com/154881/cyber-crime/daixin-team-north-texas-municipal-water-district.html; https://twitter.com/BrettCallow/status/1729292015882641810; https://arstechnica.com/security/2023/11/2-municipal-water-facilities-report-falling-to-hackers-in-separate-breaches/; https://cyberscoop.com/cisa-goldstein-secure-by-design/; https://securityaffairs.com/155128/breaking-news/security-affairs-newsletter-round-448-by-pierluigi-paganini-international-edition.html; https://www.lemagit.fr/actualites/366561813/Cyberhebdo-du-1er-decembre-2023-une-semaine-detonante; https://therecord.media/florida-water-agency-ransomware-cisa-warning-utilities; https://therecord.media/water-industry-wants-to-write-its-own-cyber-rules,2023-11-29,2023-12-11
2842,Chinese hacker group Chimera accessed IT system of Dutch semiconductor manufacturer NXP during 2017-2020,"The Chinese hacker group Chimera compromised user accounts of the Dutch semiconductor manufacturer NXP between 2017 and 2020, gaining access to the company's IT system and collecting information about the company's chip design and other intangible assets. 
According to the Dutch newspaper NRC, the threat actor used accounts belonging to NXP employees to log into the company's internal network. They obtained the necessary access data from previous data leaks in social networks such as LinkedIn. From the first infiltrated account, the members of the cyber gang are believed to have gradually expanded their access rights to cover their tracks and sneak into other supposedly secure parts of the networks. According to NRC, Chimera encrypted sensitive data identified by the group with ransomware and transferred it to cloud storage services such as Microsoft OneDrive, Google Drive and Dropbox. Log files show that the cybercriminals returned in intervals of several weeks to access new data and take control over additional user accounts. 
In January 2020, NXP was informed about the intrusion by Transavia, a Dutch airline company that had been attacked by Chinese hackers in September 2019. The investigation into the breach at Transavia facilitated the detection of the NXP compromise. Based on reporting by NRC, the company did not consider it necessary to warn customers about the incident, as the manufacture of semiconductors requires specialised knowledge beyond the blueprint.",2017-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,NXP Semiconductor,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Chimera,China,Unknown - not attributed,,1,15183,2023-11-24 00:00:00,"Attribution given, type unclear",Media-based attribution,NRC newspaper,Not available,Netherlands,Chimera,China,Unknown - not attributed,https://www.heise.de/news/Chinesische-Cyberkriminelle-hatten-jahrelang-Zugriff-auf-Chiphersteller-NXP-9539891.html,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.heise.de/news/Chinesische-Cyberkriminelle-hatten-jahrelang-Zugriff-auf-Chiphersteller-NXP-9539891.html; https://www.nrc.nl/nieuws/2023/11/24/spionage-chinese-hackersgroep-zat-jarenlang-in-het-netwerk-van-de-nederlandse-chipfabrikant-nxp-a4182149; https://www.heise.de/news/Montag-Todesfall-bei-Amazon-mit-wenig-Folgen-Kritik-an-Schul-Digitalisierung-9540197.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://arstechnica.com/security/2023/11/hackers-spent-2-years-looting-secrets-of-chipmaker-nxp-before-being-detected/; https://menafn.com/1107898438/Chinas-Involvement-In-Cyber-Espionage-In-The-US-And-The-Netherlands-Raise-Global-Concern,2023-11-28,2024-01-23
2841,Ukraine's military intelligence service compromised and published data from Russia's Federal Air Transport Agency Rosaviatsia in 2023,"The Ukrainian defense intelligence directorate GUR, which reports to the Ukrainian Ministry of Defense, compromised data from the Russian aviation agency Rosaviatsia in 2023 and published it in November 2023. Rosaviatsia is the agency responsible for monitoring civil aviation in Russia and keeps records of flight and emergency incidents. According to the GUR, the data obtained includes a list of Rosaviatsiya's daily reports for the entire Russian Federation, spanning than a year and a half. Ukraine published the stolen data on a file-sharing website, which is currently no longer available. A summary of the information obtained was published on a government website.",2023-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Russian Federal Air Transport Agency (Rosaviatsia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Civil service / administration,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,16052,2023-11-23 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attacker confirms,Main Directorate of Intelligence of the Ministry of Defence of Ukraine,Not available,Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,https://gur.gov.ua/en/content/voienna-rozvidka-ukrainy-zdiisnyla-kiberspetsoperatsiiu-shchodo-rosaviatsii-sanktsii-pryskoriuiut-aviakolaps-rf.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Air law; Armed conflict; Sovereignty,; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/ukraine-says-it-hacked-russian-aviation-agency-leaks-data/; https://securityaffairs.com/154839/cyber-warfare-2/ukraine-hacked-russia-rosaviatsia.html; https://gur.gov.ua/en/content/voienna-rozvidka-ukrainy-zdiisnyla-kiberspetsoperatsiiu-shchodo-rosaviatsii-sanktsii-pryskoriuiut-aviakolaps-rf.html; https://www.hackread.com/ukraine-hacks-russia-aviation-agency/; https://securityaffairs.com/155128/breaking-news/security-affairs-newsletter-round-448-by-pierluigi-paganini-international-edition.html; https://therecord.media/ukrainian-hackers-hit-russian-scientific-center; https://www.bleepingcomputer.com/news/security/ukraine-hack-wiped-2-petabytes-of-data-from-russian-research-center/; https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-russian-ministry-of-defense-servers/; https://securityaffairs.com/159981/cyber-warfare-2/ukraine-gur-hacked-russian-ministry-of-defense.html,2023-11-28,2024-01-09
2836,IRGC-linked hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023,"The Iranian IRGC-associated hacking group Cyber Av3nger infiltrated the Municipal Water Authority in Aliquippa, Pennsylvania, and took control of one of its booster stations on 25 November 2023. An image showing a message from the hacking group released by KDKA-TV suggests that the threat actors took over Unitronics programmable logic controller that manage pumps maintaining water pressure and regulating water flow. The intrusion had no impact on the facility's operations. The machine that was targeted uses a system called Unitronics, whose components are Israeli owned. Cyber Av3ngers announced via Telegram that they had targeted several SCADA systems in Israeli water plants, adding that ""any equipment 'Made in Israel' is Cyber Av3ngers legal target!"".
On 1 December 2023, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) disseminated a joint Cybersecurity Advisory (CSA) regarding the activities. 
On 2 February 2024, the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury identified several IRGC-associated individuals as involved in the hacking of Unitronics PLCs.
Based on these findings, OFAC imposed sanctions on six members of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), also known as the IRGC Electronic Warfare and Cyber Defense Organization. Adopted under the Global Terrorism Sanctions Regulations and Iranian Financial Sanctions Regulations, the measures extend to Hamid Reza Lashgarian, the head of the IRGC-CEC, alongside five senior IRGC-CEC offials.
One of the officials, Mohammad Bagher Shirinkar, had been previously designated in two instances on 18 November 2021 and 13 February 2019 for his role as manager of Emennet Pasargad and Net Peygard Samavat, two companies providing technological or material support to IRGC-CEC operations.  
The IRGC-CEC was first added to the sanctions list on 13 February 2019. ",2023-11-25,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Hijacking without Misuse,Municipal Water Authority of Aliquippa,United States,NATO; NORTHAM,Critical infrastructure,Water,IRGC Cyber-Electronic Command (IRGC-CEC)/IRGC Electronic Warfare and Cyber Defense Organization (IRGC-EWCD),"Iran, Islamic Republic of",State,,3,17370; 17368; 17369,2024-02-02 00:00:00; 2023-11-25 00:00:00; 2023-12-01 00:00:00,"Domestic legal action; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attacker confirms; Attribution by receiver government / state entity,Department of the Treasury’s Office of Foreign Assets Control (OFAC); Cyber Avengers / Cyber Av3ngers; Cybersecurity and Infrastructure Security Agency (CISA),Not available; Not available; Not available,United States; Not available; United States,IRGC Cyber-Electronic Command (IRGC-CEC)/IRGC Electronic Warfare and Cyber Defense Organization (IRGC-EWCD); Cyber Avengers/Cyber Av3ngers < Storm-0784/Shahid Kaveh Group (IRGC-CEC); Cyber Avengers/Cyber Av3ngers < Storm-0784/Shahid Kaveh Group (IRGC-CEC),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","State; Non-state-group; Non-state actor, state-affiliation suggested",https://beavercountian.com/content/special-coverage/iranian-linked-cyber-army-had-partial-control-of-aliquippa-water-system,Unknown,Unknown,,Unknown,,1,2023-12-01 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,2,2023-11-25 00:00:00; 2024-02-02 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Peaceful means: Retorsion (International Law)",; Economic sanctions,United States; United States,Pennsylvania State Police; Pennsylvania State Police,Human rights; Sovereignty,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/154818/hacktivism/cyber-av3ngers-hacked-municipal-water-authority-of-aliquippa.html; https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group; https://www.cbsnews.com/amp/pittsburgh/news/municipal-water-authority-of-aliquippa-hacked-iranian-backed-cyber-group/; https://www.facebook.com/RepChrisDeluzio/posts/320599184243702?ref=embed_post; https://beavercountian.com/content/special-coverage/iranian-linked-cyber-army-had-partial-control-of-aliquippa-water-system; https://cyberscoop.com/pennsylvania-water-facility-hack-iran/; https://therecord.media/cisa-water-utilities-unitronics-plc-vulnerability; https://www.bleepingcomputer.com/news/security/hackers-breach-us-water-facility-via-exposed-unitronics-plcs/; https://arstechnica.com/security/2023/11/2-municipal-water-facilities-report-falling-to-hackers-in-separate-breaches/; https://cyberscoop.com/cyber-av3ngers-israel-iran/; https://www.hackread.com/cyberattack-deface-israel-equipment-us-water-agency/; https://english.elpais.com/economy-and-business/2023-12-03/breaches-by-iran-affiliated-hackers-spanned-multiple-us-states-federal-agencies-say.html; https://cyberscoop.com/cisa-goldstein-secure-by-design/; https://www.wired.com/story/chatgpt-poem-forever-security-roundup/; https://securityaffairs.com/155128/breaking-news/security-affairs-newsletter-round-448-by-pierluigi-paganini-international-edition.html; https://therecord.media/florida-water-agency-ransomware-cisa-warning-utilities; https://research.checkpoint.com/2023/4th-december-threat-intelligence-report/; https://cyberscoop.com/cisa-fbi-epa-water-unitronics/; https://www.defenseone.com/threats/2023/12/cisa-fbi-warn-iran-backed-infrastructure-hacks/392471/; https://socradar.io/cisa-issues-ics-advisories-on-mitsubishi-delta-franklin-electric-bd-unitronics-plcs-active-exploitation/; https://www.waterisac.org/portal/tlpclear-water-utility-control-system-cyber-incident-advisory-icsscada-incident-municipal; https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems; https://www.c4isrnet.com/federal-oversight/doj-fbi/2023/12/10/white-house-aide-says-iranian-hack-of-us-waterworks-is-call-to-action/; https://securityaffairs.com/155552/hacktivism/hacktivist-hacked-irish-water-utility.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a; https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html; https://therecord.media/muddywater-cyber-espionage-africa-telecoms-iran; https://www.techrepublic.com/article/top-cybersecurity-threats/; https://socradar.io/dark-web-profile-cyber-av3ngers/; https://securityaffairs.com/156405/reports/2024-cyber-threat-landscape-forecast.html; https://socradar.io/cisa-issues-ics-advisories-for-vulnerabilities-affecting-rockwell-automation-mitsubishi-electric-and-unitronics/; https://www.manufacturing.net/cybersecurity/article/22883872/inside-the-cyber-av3ngers-global-plc-hack; https://www.bleepingcomputer.com/news/security/water-services-giant-veolia-north-america-hit-by-ransomware-attack/; https://www.automation.com/en-us/articles/january-2024/industry-protect-critical-infrastructure-2024; https://securityaffairs.com/158621/cyber-warfare-2/iranian-intel-officials-sanctions-critical-infrastructure.html; https://www.cpomagazine.com/cyber-security/water-companies-veolia-north-america-and-uks-southern-water-ransomware-attack-and-data-breach-leaked-pii/; https://home.treasury.gov/news/press-releases/jy2072?utm_source=substack&utm_medium=email; https://blogs.microsoft.com/on-the-issues/2024/02/06/iran-accelerates-cyber-ops-against-israel/; https://cyberscoop.com/microsoft-iran-is-refining-its-cyber-operations/; https://www.politico.eu/article/us-democrats-warn-grim-future-us-cyber-agency-donald-trump/; https://cyberscoop.com/google-iranian-regional-hacking-operations-that-target-israel-remain-opportunistic-but-focused/; https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf; https://cyberscoop.com/dragos-manufacturing-industrial-ransomware/; https://therecord.media/iranian-indicted-cyber-espionage-campaign-us-defense-contractors; https://cyberscoop.com/water-digitization-critical-infrastructure-attacks/; https://www.elperiodico.com/es/internacional/20240309/israel-hamas-libran-guerra-ciberespacio-99025624; https://cyberscoop.com/what-resources-do-small-utilities-need-to-defend-against-cyberattacks/; https://therecord.media/water-industry-wants-to-write-its-own-cyber-rules; https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/; https://therecord.media/epa-water-sector-cyber-task-force-china-iran; https://www.bleepingcomputer.com/news/security/white-house-and-epa-warn-of-hackers-breaching-water-systems/; https://cyberscoop.com/epa-water-threats-governors/; https://arstechnica.com/security/2024/03/critical-us-water-systems-face-disabling-cyberattacks-white-house-warns/; https://www.mk.co.kr/news/world/10969697; https://www.zaobao.com.sg/news/world/story20240320-3186317; https://laopinion.com/2024/03/22/hackers-iranies-y-chinos-estan-atacando-los-sistemas-de-agua-de-todo-el-pais/; https://new.qq.com/rain/a/20240423A07PYZ00; https://www.bleepingcomputer.com/news/security/us-govt-sanctions-iranians-linked-to-government-cyberattacks/,2023-11-28,2024-02-21
2825,North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023,"In a joint advisory from 23 November 2023, South Korea's National Intelligence Service (NIS) and the UK National Cyber Security Centre (NCSC) provided details for the exploitation of a zero-day vulnerability in the authentication solution MagicLine4NX of South Korean company Dream Security by North Korean state-linked actors. The South Korean cybersecurity firm AhnLab, which first disclosed the threat activity on 13 October, associated the operation with the Lazarus group. The joint advisory outlines a layered supply chain attack dating back to March 2023. Lazarus is believed to have initiated the compromise by planting a malicious script in articles of a news website, turning the reports into watering holes. The script activates for connections from a specific band of IPs designated by the threat actors. Lazarus subsequently leveraged vulnerabilities in MagcLine4NX running on systems of visitors of the media site to move laterally to connected Internet-facing networks of the victim. For at least one unidentified organisation, the advisory observed the threat actors were in a position to exfiltrate a large volume of internal data only prevented by a security policy that stopped communications with a command-and-control server.",2023-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,"Korea, Republic of; Korea, Republic of",ASIA; SCS; NEA - ASIA; SCS; NEA,Unknown - Media, - ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,,2,14870; 14871; 14871; 14871; 14871; 14871; 14871; 14871; 14871,2023-10-13 00:00:00; 2023-11-23 00:00:00; 2023-11-23 00:00:00; 2023-11-23 00:00:00; 2023-11-23 00:00:00; 2023-11-23 00:00:00; 2023-11-23 00:00:00; 2023-11-23 00:00:00; 2023-11-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,AhnLab; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); National Intelligence Service (NIS); National Intelligence Service (NIS); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); National Intelligence Service (NIS); National Intelligence Service (NIS),; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,"Korea, Republic of; Korea, Republic of; United Kingdom; Korea, Republic of; United Kingdom; Korea, Republic of; United Kingdom; Korea, Republic of; United Kingdom","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State; State; State; State; State; State; State; State,https://eng.nis.go.kr/ECM/1_3_1_1.do?seq=83&currentPage=1,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,One,Drive-By Compromise; Supply Chain Compromise,Data Exfiltration,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/uk-and-south-korea-hackers-use-zero-day-in-supply-chain-attack/; https://eng.nis.go.kr/ECM/1_3_1_1.do?seq=83&currentPage=1; https://asec.ahnlab.com/wp-content/uploads/2023/10/20231013%5FLazarus%5FOP.Dream%5FMagic.pdf,2023-11-27,2024-03-08
2826,Unknown threat actors disrupted services of infrastructure service provider CTS to UK law firms on 24 November 2023,"Unknown threat actors targeted the UK infrastructure service provider CTS, which specializes in the legal sector, on 24 November 2023. The attack resulted in a service outage that affected the cloud-based services that CTS provides to its customers. It is estimated that between 80 and 200 law firms in the United Kingdom have been left without phone and email service and running case management systems due to the disruptions. CTS claims that no data has been compromised. Industry reports suspect the compromise may be linked to the CitrixBleed vulnerability affecting NetScaler ADC and NetScaler Gateway, zero-day exploitation of which was reported earlier in October 2023.",2023-11-24,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,CTS,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Digital Provider,Not available,Not available,Not available,,1,18213,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://therecord.media/uk-cyberattack-msp-cts-law-firms,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/uk-cyberattack-msp-cts-law-firms; https://www.bleepingcomputer.com/news/security/cyberattack-on-it-provider-cts-impacts-dozens-of-uk-law-firms/; https://securityaffairs.com/154807/hacking/cts-suffered-cyber-attack.html; https://research.checkpoint.com/2023/27th-november-threat-intelligence-report/; https://securityaffairs.com/155128/breaking-news/security-affairs-newsletter-round-448-by-pierluigi-paganini-international-edition.html; https://www.insurancetimes.co.uk/expert-views/professional-services-third-party-risk-and-cyber-insurance-coalition/1451009.article,2023-11-27,2024-03-25
2827,Ransomware group Meow compromised database of Vanderbilt University Medical Center around 23 November 2023,"The ransomware group Meow added Vanderbilt University Medical Center to its leak site on 23 November 2023. A VUMC spokesperson confirmed the breach of a database, noting that based on a preliminary investigation, affected records did not contain personal or otherwise protected information of patients or employees. Meow had announced it would suspend its activities earlier in the year, posting decryption keys. Ransomware researcher Allan Liska suspected the group may have shifted tactics in this present campaign, foregoing the encryption of victim data and focusing on extortion based on threats to leak stolen data instead.",2023-11-23,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Vanderbilt University Medical Center,United States,NATO; NORTHAM,Critical infrastructure,Health,Meow,Not available,Non-state-group,Criminal(s),1,14839,2023-11-23 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,Meow,Not available,Not available,Meow,Not available,Non-state-group,https://therecord.media/vanderbilt-university-medical-center-investigating-cyber-incident-meow-ransomware,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/vanderbilt-university-medical-center-investigating-cyber-incident-meow-ransomware; https://research.checkpoint.com/2023/27th-november-threat-intelligence-report/,2023-11-27,2023-12-05
2828,Unknown actors obtained confidential medical information from network intrusion at British Edward VII's hospital in November 2023,Unknown actors obtained confidential medical information from a network intrusion at the UK's Edward VII's Hospital in November 2023. The stolen data included information such as doctors' letters and pathology reports for some patients. The hospital's website was also affected by the incident. The private institution is known as primary point of care for the British royal family. Medical data of the royal family reportedly is stored in segregated systems separate from those compromised in the present incident.,2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Edward VII's hospital,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,14838,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://news.yahoo.com/gchq-investigates-cyber-attack-hospital-200000432.html?guccounter=1&guce_referrer=aHR0cHM6Ly9rb25icmllZmluZy5jb20v&guce_referrer_sig=AQAAAJpePP0iywiuIGcoLtdgj_h-GlpPR8evlS6mywqz5zvquE6sNz3GpeMR5-k_Q-gEoLHHj0WH29wKIrs4CVZaUX1VJi3uNrfvVU6DMHAkcnJr27mhBOR2UYkcsHPO4Z9t6w3N1f3Xi65x8u1p8KkGeD06TJCzTe7Xy2QrAg5Ny7IQ,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,1,2023-11-25 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,UK National Cyber Security Centre,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://news.yahoo.com/gchq-investigates-cyber-attack-hospital-200000432.html?guccounter=1&guce_referrer=aHR0cHM6Ly9rb25icmllZmluZy5jb20v&guce_referrer_sig=AQAAAJpePP0iywiuIGcoLtdgj_h-GlpPR8evlS6mywqz5zvquE6sNz3GpeMR5-k_Q-gEoLHHj0WH29wKIrs4CVZaUX1VJi3uNrfvVU6DMHAkcnJr27mhBOR2UYkcsHPO4Z9t6w3N1f3Xi65x8u1p8KkGeD06TJCzTe7Xy2QrAg5Ny7IQ; https://securityaffairs.com/154999/cyber-crime/rhysida-ransomware-king-edward-viis-hospital.html; https://www.heise.de/news/London-Ransomware-Gruppe-Rhysidia-droht-Krankenhausdaten-zu-versteigern-9545660.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.heise.de/news/Ransomware-Forscher-decken-dummen-Krypto-Fail-auf-und-veroeffentlichen-Decryptor-9626575.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag,2023-11-27,2023-12-05
2830,Hospitals across US belonging to Ardent experienced network disruptions on 23 November 2023,"Unknown hackers attacked the US hospital company Ardent on 23 November 2023, causing a disruption of services at several of its hospitals in Oklahoma, Kansas, Texas and Idaho. Several of the 37 hospitals operated by Ardent that were affected by the incident rerouted ambulances to other facilities, as it confronted network outages. BSA Health Systems in Amarillo, Texas, and UT Health, which operates 10 hospitals across East Texas, had to temporarily close their emergency rooms until systems managing digital medical records could be brought back online. The attack was later determined by Ardent to be a ransomware attack. The event has been reported to law enforcement and retained third-party forensic and threat intelligence advisors",2023-11-23,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Ardent,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14837,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://abc7amarillo.com/news/local/cybersecurity-incident-much-larger-than-just-bsa-hospital-ardent-health-services-oklahoma-divert-ambulance-emergency-room-er,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; International peace; Sovereignty,"Economic, social and cultural rights; Prohibition of intervention; ",Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://abc7amarillo.com/news/local/cybersecurity-incident-much-larger-than-just-bsa-hospital-ardent-health-services-oklahoma-divert-ambulance-emergency-room-er; https://www.bleepingcomputer.com/news/security/ardent-hospital-ers-disrupted-in-6-states-after-ransomware-attack/; https://therecord.media/ardent-health-services-ransomware-hospitals-divert-ambulances; https://www.darkreading.com/attacks-breaches/ardent-health-hospitals-disrupted-after-ransomware-attack; https://securityaffairs.com/154855/cyber-crime/ardent-health-services-ransomware-attack.html; https://therecord.media/new-jersey-pennsylvania-hospitals-affected-by-cyberattack; https://www.heise.de/news/Nach-Cyberangriff-auf-Klinikum-Esslingen-Analyse-laeuft-auf-Hochtouren-9546201.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://cyberscoop.com/cisa-goldstein-secure-by-design/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-1st-2023-police-hits-affiliates/; https://securityaffairs.com/155128/breaking-news/security-affairs-newsletter-round-448-by-pierluigi-paganini-international-edition.html; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/hhs-proposes-cyber-requirements-for-hospitals; https://www.c4isrnet.com/federal-oversight/doj-fbi/2023/12/10/white-house-aide-says-iranian-hack-of-us-waterworks-is-call-to-action/; https://www.malwarebytes.com/blog/threat-intelligence/2023/12/ransomware-review-december-2023; https://www.techrepublic.com/article/top-cybersecurity-threats/; https://therecord.media/nearly-three-mil-affected-ransomware-medtech; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/; https://www.columbian.com/news/2024/mar/03/why-health-care-has-become-a-top-target-for-cybercriminals/,2023-11-27,2023-12-28
2832,Unknown actors target Swiss municipilaty Zollikhofen in suspected ransomware attack during November 2023,"The Swiss municipality of Zollikhofen in the canton of Bern was hit by a ransomware attack by unknown hackers in November 2023. The incident, which was discovered on the night of 22 November 2023, led to the encryption of municipality data. Whether data was also exfiltrated during the course of the incident remains under investigation. In response to the intrusion, the municipality shut down its ICT systems and disconnected its networks from the Internet.",2023-11-22,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,municipality of Zollikhofen ,Switzerland,EUROPE; WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,14835,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.inside-it.ch/gemeinde-zollikofen-von-ransom%C2%ADware-angriff-lahmgelegt-20231123,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,,,Not available,,https://www.inside-it.ch/gemeinde-zollikofen-von-ransom%C2%ADware-angriff-lahmgelegt-20231123,2023-11-27,2024-01-08
2833,Unknown hackers stole data from Spanish telecommunication company Vodafone España in November 2023,"Unknown actors stole customer data from the Spanish telecommunications company Vodafone España, a subsidiary of the British company Vodafone, in November 2023. The company stated that only a limited number of customers were affected by the attack. The stolen data based on the account type affected variably included names, contact details and bank account details. 
   
",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Vodafone,Spain,EUROPE; NATO; EU(MS),Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,14834,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://nachrichten.es/vodafone-spanien-erleidet-cyberangriff/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://nachrichten.es/vodafone-spanien-erleidet-cyberangriff/,2023-11-27,2023-12-05
2834,Slovenia's largest power utility Holding Slovenske elektrarne (HSE) targeted on 22 November 2023,"Unknown actors compromised the networks of Slovenia's largest energy supplier HSE between 22 November and 24 November 2023. HSE was able to maintain the operation of its systems and power supply. On 25 November, the director of the Government Office for Information Security confirmed the discovery of ransomware on HSE systems, while not specifying whether or to which extent data had been locked. In the same statement, the authority noted that to date no ransom demand had been received.",2023-11-22,2023-11-24,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Hijacking without Misuse,Holding Slovenske elektrarne (HSE),Slovenia,EUROPE; BALKANS; NATO; EU(MS),Critical infrastructure,Energy,Not available,Not available,Not available,,1,14833,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://english.sta.si/3240098/power-utility-hse-suffers-serious-cyberattack,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://english.sta.si/3240098/power-utility-hse-suffers-serious-cyberattack; https://newsbeezer.com/sloveniaeng/new-details-about-the-cyber-attack-on-the-hse-group-are-known/; https://www.hse.si/sl/proizvodnja-elektricne-energije-v-skupini-hse-kljub-vdoru-v-informacijski-sistem-zanesljiva/; https://www.bleepingcomputer.com/news/security/slovenias-largest-power-provider-hse-hit-by-ransomware-attack/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-1st-2023-police-hits-affiliates/,2023-11-27,2023-12-05
2835,Pro-Russian hacking group NoName057(16) targeted websites of Swiss government and critical infrastructure organisations with DDoS attacks on 17 November 2023,"The pro-Russian hacktivist group NoName057(16) conducted DDoS attacks against websites of Swiss government and critical infrastructure organisations on 17 November 2023. Targets included the Department of Home Affairs, the financial services association Geneva Financial Center, the regional airport of St. Gallen-Altenrhein, and the Geneva-based IT services company SITA. SITA manages the industry-based .aero top-level domain and on 14 November decided to exclude Russian airports and airlines from receiving associated domains. NoName057(16) claimed responsibility for the DDoS campaign on Telegram. The disruption attempts follow Switzerland's declaration of support for the creation of a Special Tribunal to address the crime of aggression against Ukraine, announced on 16 November. Earlier in November, Switzerland's National Cyber Security Centre published an after action report analyzing a DDoS campaign by NoName057(16) against Swiss targets during the first half of June 2023.",2023-11-17,2023-11-17,"Attack on (inter alia) political target(s), politicized; Attack on critical infrastructure target(s)",,,Disruption,Geneva Financial Center - Federal Department of Home Affairs (Switzerland) - People’s Airport St.Gallen-Altenrhein - SITA,Switzerland; Switzerland; Switzerland; Switzerland,EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Critical infrastructure - Critical infrastructure, - Government / ministries - Transportation - Digital Provider,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,15053,2023-11-17 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,NoName057(16),Not available,Not available,NoName057(16),Russia,Non-state-group,https://www.nzz.ch/nzzas/nzz-am-sonntag/prorussische-hacker-greifen-die-schweiz-erneut-an-nzz-ld.1767627,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,1,2023-11-25 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Switzerland,Office of the Attorney General of Switzerland,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.nzz.ch/nzzas/nzz-am-sonntag/prorussische-hacker-greifen-die-schweiz-erneut-an-nzz-ld.1767627; https://t.me/noname05716/5281; https://t.me/noname05716/5286; https://t.me/noname05716/5287; https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/berichte/fachberichte/ddos-bericht-6-2023.html,2023-11-27,2023-12-11
2831,Unknown hacker stole $54.7 million from cryptocurrency platform KyberSwap on 22 November 2023,"An unknown hacker stole $54.7 million in user assets from the cryptocurrency platform KyberSwap on 22 November 2023. In response to the attack, KyberSwap paused deposits and entered into negotiations with the attacker, offering a bounty in the amount of 10% of the stolen assets in exchange for the return of all funds. Several external researchers and blockchain security companies backed up KyberSwap's assessment that the theft was engineered through a complex smart contract exploit.",2023-11-22,2023-11-22,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,KyberSwap,Singapore,ASIA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14836,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://therecord.media/kyberswap-crypto-platform-54-million-hack,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,54700000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/kyberswap-crypto-platform-54-million-hack; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://research.checkpoint.com/2023/4th-december-threat-intelligence-report/,2023-11-27,2023-12-05
2823,Unknown ransomware group paralysed shared data centre of eleven municipalities in the Neu-Ulm district in Germany since at least 21 November 2023,"An unknown ransomware group has paralysed the data centre of the joint body and thus also eleven associated municipalities in the Neu-Ulm district in Germany since at least 21 November 2023, reported the Südwest Presse on November 23, 2023.
The eleven affected municipalities include Roggenburg, Altenstadt, Bellenberg, Buch, Holzheim, Kellmünz, Nersingen, Oberroth, Osterberg, Pfaffenhofen and Unterroth. The ransomware group renamed and encrypted data. ",2023-11-23,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,City of Kellmünz - City of Bellenberg - City of Roggenburg - City of Buch - Joint body for municipal data processing in the district of Neu-Ulm - City of Holzheim - City of Altenstadt - City of Unterroth - City of Nersingen - City of Pfaffenhofen - City of Oberroth - City of Osterberg,Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Telecommunications - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration,Not available,Not available,Non-state-group,Criminal(s),1,15190,2023-11-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://www.swr.de/swraktuell/baden-wuerttemberg/ulm/hackerangriff-cyberangriff-neu-ulm-elf-kommunen-roggenburg-100.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,11.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.swr.de/swraktuell/baden-wuerttemberg/ulm/hackerangriff-cyberangriff-neu-ulm-elf-kommunen-roggenburg-100.html; https://www.heise.de/news/Cyberangriff-Zwoelf-Gemeinden-in-Schwaben-betroffen-Erpresser-fordern-Geld-9538902.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag,2023-11-24,2023-12-12
2821,Lockbit Ransomware Group Hit Senegalese Government Agency Ageroute Senegal with Ransomware and Leaked Data Starting in October 2023,"Ageroute Senegal, the government agency responsible for road construction projects in Senegal, fell victim to a ransomware attack carried out by the Russia-aligned cybercriminal group LockBit 3.0 in October 2023. The incident occurred in late October and resulted in the exfiltration of 121 GB of data, including financial records, invoices and documents containing personally identifiable information (PII). LockBit 3.0, utilised ransomware techniques, encrypted important files and published an 18 GB sample of the exfiltrated data on their dark web profile. The cybercriminals have issued a ransom demand, noting 20 November 2023 as payment deadline. ",2023-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Ageroute Senegal,Senegal,AFRICA; SSA,State institutions / political system,Civil service / administration,Lockbit 3.0,Russia,Non-state-group,Criminal(s),1,15191,2023-10-31 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit 3.0,Not available,Not available,Lockbit 3.0,Russia,Non-state-group,https://x.com/FalconFeedsio/status/1719409035596689701?s=20,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.dakaractu.com/Cyberattaque-L-AGEROUTE-victime-de-piratage-par-le-groupe-lockbit_a240850.html; https://www.xalimasn.com/piratage-informatique-lageroute-touchee-par-le-groupe-lockbit/#google_vignette; https://hackmanac.com/news/hacks-of-today-01-11-2023; https://x.com/FalconFeedsio/status/1719409035596689701?s=20,2023-11-24,2024-01-10
2819,North Korean state-sponsored hacking group Diamond Sleet compromised over 100 devices in multiple countries via supply chain compromise ,"Diamond Sleet, a North Korean state-sponsored hacking group, conducted a supply chain attack involving a malicious variant of an application provided by CyberLink Corp., a software company that develops multimedia software products. The file is a functional CyberLink application installer which contains malicious code that downloads, decrypts, and loads a second-stage payload. The file is also signed using a valid certificate issued to CyberLink and is also hosted on update infrastructure owned by CyberLink. So far, the malicious file is installed on at least 100 devices in multiple countries, including Japan, Taiwan, Canada, and the United States.",2023-10-20,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,CyberLink - Not available - Not available - Not available - Not available - Not available,Taiwan; United States; Canada; Not available; Taiwan; Japan,ASIA; SCS - NATO; NORTHAM - NATO; NORTHAM -  - ASIA; SCS - ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Unknown - Unknown - Unknown - Unknown, -  -  -  -  - ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15192,2023-11-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Supply Chain Compromise,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,51-200,100.0,1-10,4.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage,State actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/north-korea-attack-cyberlink-microsoft; https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-breach-cyberlink-in-supply-chain-attack/; https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/; https://www.wired.com/story/google-chrome-youtube-ad-blocker-crackdown/; https://thehackernews.com/2023/11/north-korean-hackers-distribute.html,2023-11-23,2023-12-12
2818,"North Korea-affiliated hacking group Andariel targeted South Korean companies with TigerRat, NukeSped variants, Black RAT and Lilith RAT malware in 2023","Andariel, a threat actor suspected to operate as a subgroup of the North Korean state-integrated Lazarus group, targeted South Korean companies with a varitey of malware. Andariel has exploited vulnerabilities in a number of software components, such as Log4Shell and Innorix Agent, and installed TigerRat, NukeSped variants, Black RAT and Lilith RAT malware. Targets in the present campaign included South Korean communications companies and semiconductor manufacturers.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Critical Manufacturing; ,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15193,2023-11-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ASEC,ASEC,"Korea, Republic of","Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/en/59073/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,1,2023-12-05 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,"Korea, Republic of",Seoul Metropolitan Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://asec.ahnlab.com/en/59073/; https://therecord.media/north-korea-hackers-stole-anti-aircraft-system-data,2023-11-22,2023-12-12
2817,Hacking group Al-Toufan disrupted access for two Bahraini government websites on 21 November 2023,"The hacking group Al-Toufan carried out a DDoS attack against the websites of the Ministry of Foreign Affairs and the Ministry of Information Affairs of Bahrain on 21 November 2023. The websites became inaccessible, with the Bahraini government claiming that government business was not affected by the attacks. In a statement, the hacker group said the disruptions were conducted in retaliation for Bahrain's political stance in the war between Israel and Hamas. Bahrain hosted a summit during the previous week, calling for an exchange of prisoners and hostages between Hamas and Israel. In February, the group claimed it had blocked access to the websites of Bahrain's international airport, the state news agency and the chamber of commerce to mark the 12th anniversary of the Arab Spring uprising in the small Gulf state.",2023-11-21,2023-11-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,Ministry of Information (Bahrain) - Ministry of Foreign Affairs (Bahrain),Bahrain; Bahrain,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC,State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,al-Toufan < Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/G0059 (IRGC),Not available,Non-state-group,Hacktivist(s),1,15194,2023-11-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Al-Toufan,Not available,Not available,al-Toufan < Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/G0059 (IRGC),Not available,Non-state-group,https://www.stripes.com/theaters/middle_east/2023-11-21/bahrain-websites-inaccessible-cyberattack-israel-hamas-12126931.html,Resources; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,1,2023-11-21 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Bahrain,Government of Bahrain,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.stripes.com/theaters/middle_east/2023-11-21/bahrain-websites-inaccessible-cyberattack-israel-hamas-12126931.html; https://socradar.io/dark-web-profile-cyber-toufan-al-aqsa/; https://blogs.microsoft.com/on-the-issues/2024/02/06/iran-accelerates-cyber-ops-against-israel/; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/,2023-11-22,2024-04-22
2816,Ukrainian hacktivist group Cyber Resistance gained access to email account of former air force officer Maxim Okss containing sensitive data on arms deliveries to Russia,"The Ukrainian hacktivist group Cyber Resistance passed on sensitive information from Maxim Okss' email inbox to the InformNapalm volunteer intelligence community. Maxim Okss is a former air force officer and now a civilian pilot in command of the Ilyushin IL-76 transport aircraft of the sanctioned airline Aviacon Zitotrans. The accessed data shows that Russia transports weapons, ammunition and sanctioned goods from Iran, South Africa and Mali to Russia by air. ",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Maxim Okss,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Military,Cyber Resistance aka the Ukrainian Cyber Alliance,Ukraine,Non-state-group,Hacktivist(s),1,15195,2023-11-20 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cyber Resistance aka the Ukrainian Cyber Alliance,Not available,Ukraine,Cyber Resistance aka the Ukrainian Cyber Alliance,Ukraine,Non-state-group,https://informnapalm.org/en/hacked-russian-pilot-reveals-schemes-of-weapons-supply-from-iran/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Human rights; Due diligence,Non-state actors; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://informnapalm.org/en/hacked-russian-pilot-reveals-schemes-of-weapons-supply-from-iran/,2023-11-22,2023-12-12
2815,Unknown hackers defaced Pakistani Ministry of Aviation's website on 21 November 2023,Unknown hackers defaced the Pakistani Ministry of Aviation's website on 21 November 2023 and posted several messages in a foreign language on the website. The website was later shut down and restored soon after.,2023-11-21,2023-11-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Aviation Ministry of Pakistan,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,15198,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://arynews.tv/aviation-ministrys-website-hacked/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Air law; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://arynews.tv/aviation-ministrys-website-hacked/,2023-11-22,2023-12-12
2813,Hacktivist group SiegedSec breached human ressources application linked to Idaho National Laboratary in November 2023,"The hacktivist group SiegedSec has breached a human resources app used by the US Idaho National Laboratory, whose work focuses on energy security, reliability and other national security issues such as cybersecurity. The hacker group accessed user, employee and citizen data and posted a selection of the data online. Records included names, dates of birth, email addresse, phone numbers, social security numbers, physical addresses, and employment information.
",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Idaho National Laboratory - Oracle Corporation,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Research - Telecommunications,SiegedSec,Not available,Non-state-group,Hacktivist(s),1,15199,2023-11-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,SiegedSec,Not available,Not available,SiegedSec,Not available,Non-state-group,https://t.me/SiegedSecc/60,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-11-22 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://cyberscoop.com/idaho-national-laboratory-siegedsec/; https://t.me/SiegedSecc/60; https://www.bleepingcomputer.com/news/security/hacktivists-breach-us-nuclear-research-lab-steal-employee-data/; https://therecord.media/agencies-investigating-breach-at-nuclear-lab; https://www.darkreading.com/ics-ot/idaho-national-nuclear-lab-targeted-in-major-data-breach; https://www.hackread.com/hackers-leak-idaho-national-lab-employee-pii-data/; https://tarnkappe.info/artikel/cyberangriff/gay-furry-hacker-cyberangriff-auf-wichtiges-nuklearlabor-283849.html; https://socradar.io/dark-stroms-android-rat-sales-of-financial-data-and-uk-rdp-access-siegedsecs-government-breach/; https://research.checkpoint.com/2023/27th-november-threat-intelligence-report/; https://tarnkappe.info/glosse/glosse-im-november-von-zockenden-hackern-und-peinlichen-eltern-284057.html; https://securityaffairs.com/154800/breaking-news/security-affairs-newsletter-round-447-by-pierluigi-paganini-international-edition.html; https://therecord.media/idaho-national-laboratory-data-breach-notifications; https://www.bleepingcomputer.com/news/security/us-nuclear-research-lab-data-breach-impacts-45-000-people/; https://securityaffairs.com/155880/data-breach/idaho-national-laboratory-data-breach.html; https://www.hackread.com/general-electric-security-breach-hackers-darpa-data/,2023-11-21,2023-12-19
2811,Unidentified threat actor targeted Vietnamese government entity using Zimbra vulnerability in July 2023,"Prior to Zimbra's official patch release for CVE-2023-37580 on 25 July that seals a vulnerability in a web client for the company's email servers, Google's Threat Analysis Group (TAG) observed an unidentified party taking advantage of the vulnerability to execute a phishing attack aimed at seizing login details of a Vietnamese government body. According to the report from 16 November, TAG analysts observed an exploit web address directed to a program that showed a fake webpage to obtain users' webmail login details, then shared the stolen details with a link hosted on a government domain that the attackers likely had hijacked.
In the same report, TAG disclosed three other campaigns exploiting the same vulnerability, spanning from 29 July 2023 until 25 August 2023, two of which predated the public disclosure of the vulnerability (13 July) and patch release (25 July). The first, unattributed campaign targeted a government organization in Greece. TAG attributed the second campaign to the Russian APT Winter Vivern, in which the group used multiple exploit URLs that targeted government organizations in Moldova and Tunisia. For those two campaigns, no information about the actual impact of the operations were offered in the public report. The last campaign from 25 August 2023 used the vulnerability against a government organisation in Pakistan.",2023-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Vietnam,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Not available,Not available,Unknown - not attributed,,1,15203,2023-11-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Google's TAG,,United States,Not available,Not available,Unknown - not attributed,https://www.bleepingcomputer.com/news/security/google-hackers-exploited-zimbra-zero-day-in-attacks-on-govt-orgs/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/google-hackers-exploited-zimbra-zero-day-in-attacks-on-govt-orgs/; https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/,2023-11-20,2023-12-12
2809,"Unknown actors caused Internet outage at North Muskegon Public Schools in Michigan, USA, on 15 November 2023","The North Muskegon Public Schools in Michigan had to cancel classes on 15 November 2023 due to a network intrusion that resulted in a disruption of phone and Internet service, as well as the outage of email systems and student platforms, as the school district disclosed on its Facebook account. ",2023-11-15,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,North Muskegon Public Schools,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15207,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://therecord.media/colleges-schools-facing-outages-cyberattacks,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/colleges-schools-facing-outages-cyberattacks,2023-11-20,2023-12-12
2808,Chinese APT Stately Taurus aka Mustang Panda compromised government entities from the Philippines in August 2023,"Chinese APT Stately Taurus aka Mustang Panda compromised government entities from the Philippines in three coordinated campaigns in August 2023, according to a report by Palo Alto Networks from 17 November 2023. Palo Alto associates the campaigns with political tensions straining the relations between China and the Philippines in the same time period, including an incident in which a Chinese Coast Guard vessel fired its water cannon at a Philippine vessel that was performing a resupply mission to the disputed Second Thomas Shoal in the Spratly Islands. Throughout the campaigns, Stately Taurus targeted entities in the South Pacific, including government organisations of the Philippines. The campaigns leveraged legitimate software including Solid PDF Creator and SmadavProtect (an Indonesian-based antivirus solution) to sideload malicious files. The threat actor also creatively configured the malware to impersonate legitimate Microsoft traffic for command and control (C2) connections. 
Palo Alto assessed in its report that ""at least one of these campaigns directly targeted the Philippines government, and that the actors were successful in their attempts to compromise a government entity for five days in August.""
",2023-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",,1,15208,2023-11-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,,United States,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/,Territory; Resources; International power,Territory; Resources; International power,Vietnam et al. – China (South China Sea); Vietnam et al. – China (South China Sea); Vietnam et al. – China (South China Sea),Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/; https://www.darkreading.com/attacks-breaches/military-buildup-china-deploys-mustang-panda-philippines; https://thehackernews.com/2023/11/mustang-panda-hackers-targets.html; https://businessmirror.com.ph/2024/03/21/downloading-this-software-could-enable-cyber-attack/,2023-11-20,2024-03-27
2806,Medusa Ransomware gang targeted Toyota Financial Services in November 2023 ,"The European and African IT-systems of Toyota Financial Services (TFS) were compromised by the Medusa ransomware gang in November 2023, according to announcements by the group and the company itself on 14 November 2023. Medusa demanded a ransom of $8 million for not publishing the allegedly obtained company data. In order to prove their data theft, the group published a sample of supposed Toyota Financial Services data on its leak site, including financial reports, bills and user IDs. The trove reportedly also contained employee-related information, such as emails and hashed passwords. Incident reports did not immediately clarify whether data was encrypted. Medusa's initial access vector remained under investigation when the incident was first reported, though security researchers discussed the possible exploitation of a critical CitrixBleed  vulnerability in Netscaler ADC and gateway (CVE-023-4966), owing to the discovery of a vulnerable Citrix Gateway Endpoint at the German TFS bureau. ",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,Toyota Financial Services,Japan,ASIA; SCS; NEA,Critical infrastructure,Finance,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,15209,2023-11-17 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://securityaffairs.com/154319/data-breach/toyota-financial-services-medusa-ransomware.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-11-17 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.heise.de/news/Ransomwarebande-Medusa-attackiert-Toyota-und-fordert-8-Millionen-US-Dollar-9531735.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/154319/data-breach/toyota-financial-services-medusa-ransomware.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/toyota-cyberattack-financial-services-divison; https://newsroom.toyota.eu/toyota-financial-services-europe-statement/; https://www.heise.de/news/Ransomware-Toyota-informiert-nach-Angriff-auf-Finanzservice-erste-Kunden-9569681.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/toyota-warns-customers-of-data-breach-exposing-personal-financial-info/; https://securityaffairs.com/155652/data-breach/toyota-financial-services-data-breach.html; https://www.malwarebytes.com/blog/threat-intelligence/2023/12/ransomware-review-december-2023; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-15th-2023-ransomware-drama/; https://www.it-daily.net/it-sicherheit/cybercrime/datenleck-bei-toyota-financial-services-wie-geht-es-weiter; https://therecord.media/tarrant-county-texas-ransomware-attack-medusa,2023-11-20,2024-04-18
2805,Russian APT-Gamaredon infected unspecified targets in Ukraine and other countries worldwide since autumn 2023 with USB propagating worm LitterDrifter,"The Russian APT Gamaredon infected unspecified targets in Ukraine and other countries worldwide since autumn 2023 with USB propagating worm LitterDrifter, according to a report by Check Point on 17 November 2023. The LitterDrifter worm operates via VBS and possesses two primary capabilities - automatic distribution through USB drives and communication with a diverse range of command-and-control servers. These functions have been executed to match the group's objectives, ensuring constant control and directives across a variety of targets.
According to Check Point, Gamaredon is still targeting a range of Ukrainian objectives. However, due to the USB worm's characteristics, indications of a potential infection have been detected in various countries, including the United States of America, Vietnam, Chile, Poland and Germany. Furthermore, Check Point noticed evidence of infections in Hong Kong. This infection pattern might indicate a spread of LitterDrifter beyond its intended targets.",2023-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None - None - None - None - None,Ukraine; Poland; United States; Chile; Hong Kong; Germany; Vietnam,EUROPE; EASTEU - EUROPE; NATO; EU(MS); EASTEU - NATO; NORTHAM - SOUTHAM - ASIA - EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; SEA,Unknown; Unknown - Unknown; Unknown - Unknown - Unknown; Unknown - Unknown; Unknown - Unknown; Unknown - Unknown; Unknown,;  - ;  -  - ;  - ;  - ;  - ; ,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,State; State,,1,15210,2023-11-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,,Israel,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,State,https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,7.0,,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Armed conflict; Sovereignty,State actors; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/; https://securityaffairs.com/154362/apt/gamaredon-apt-litterdrifter-usb.html; https://arstechnica.com/security/2023/11/normally-targeting-ukraine-russian-state-hackers-spread-usb-worm-worldwide/; https://www.wired.com/story/google-chrome-youtube-ad-blocker-crackdown/; https://www.schneier.com/blog/archives/2023/11/litterdrifter-usb-worm.html; https://research.checkpoint.com/2023/20th-november-threat-intelligence-report/,2023-11-20,2023-12-12
2804,"Unknown actors caused disruptions to campus technology systems of North Carolina Central University (NCCU) in Durham, USA, on 12 November 2023",A spokesperson of North Carolina Central University (NCCU) confirmed to the media that the school's technology systems became the target of networks disruptions affecting the campus Wi-Fi and the university's student portal MyEOL on 12 November 2023. The school has taken several services requiring logins with NCCU credentials offline to contain a further spread of the intrusion.,2023-11-12,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,,Not available,Not available,,1,15212,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,https://therecord.media/colleges-schools-facing-outages-cyberattacks,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-11-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/colleges-schools-facing-outages-cyberattacks; https://www.nccu.edu/news/notice-campus-cyberintrusion-incident-nov-12-2023,2023-11-20,2023-12-12
2803,INC Ransomware Group Claimed to Have Hit Yamaha Motor's Philippine Subsidiary with Ransomware Beginning in October 2023,"The Philippine subsidiary of Yamaha Motor (YMPH), which manufactures motorbikes, fell victim to a ransomware attack on 25 October 2023. An outside party gained unauthorised access to a server managed by YMPH, resulting in the theft and partial leak of personal employee data, as well as suspected backup files, and corporate and sales information. The attack was confirmed by Yamaha Motor, which launched an investigation with the help of external security experts. INC Ransomware claimed responsibility for the attack by adding Yamaha Motor Philippines to their dark web leak site on 15 November and publishing around 37GB of allegedly stolen data. The ransomware group usually gives its victims an ultimatum of 72 hours to negotiate before releasing stolen data if no agreement is reached.",2023-10-01,2023-11-15,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,"Yamaha Motor Philippines, Inc (YMPH)",Philippines,ASIA; SCS; SEA,Critical infrastructure,Critical Manufacturing,INC Ransomware group,Not available,Non-state-group,Criminal(s),1,15213,2023-11-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,INC Ransomware group,Not available,Not available,INC Ransomware group,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/yamaha-motor-confirms-ransomware-attack-on-philippines-subsidiary/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/yamaha-motor-confirms-ransomware-attack-on-philippines-subsidiary/; https://therecord.media/yamaha-welllife-network-confirm-cyberattacks; https://global.yamaha-motor.com/news/2023/1116/corporate.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/,2023-11-20,2023-12-12
2810,"Unknown Threat Actor Caused Disruptions to German Public Transport Company in Rostock, Mecklenburg-Vorpommern, Starting on 18 November 2023","The Rostocker Straßenbahn AG (RSAG), the primary public transportation provider in the largest city of the German state of Mecklenburg-Vorpommern, has fallen victim to a cyberattack that has caused extensive disruption. The company faced disruptions to various services, including ticket machines, online portals for subscriptions and the telecommunications system. A number of news reports suggest that operational company computers had been blocked and encrypted. Experts from the state criminal police are investigating the case, but the threat actors behind the incident have not yet been identified. The bus and tram lines continued to run regularly. Disruptions affected the communication flow as delays cannot be displayed online and the digital displays at the stops are down. The disruptions limited the available services at RSAG customer centres, as well as for internal financial accounting processes.",2023-11-18,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Rostocker Straßenbahn AG,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,15206,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-11-20 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Landeskriminalamt Mecklenburg-Vorpommern,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.stern.de/gesellschaft/regional/mecklenburg-vorpommern/cyberkriminalitaet--hackerangriff-auf-rostocker-strassenbahn-ag-34212106.html; https://www.ndr.de/nachrichten/mecklenburg-vorpommern/Nach-Hackerangriff-Busse-und-Bahnen-in-Rostock-fahren-planmaessig,kurzmeldungmv13170.html; https://www.rsag-online.de/aktuell/neuigkeiten/details/technische-stoerung; https://www.ostsee-zeitung.de/lokales/rostock/rostock-abo-portal-des-verkehrsverbunds-warnow-laeuft-wieder-PNV3ASGGOZE25BGK2WFBECMU2U.html",2023-11-20,2023-12-12
2812,Unidentified threat actor targeted Pakistani government organisation exploiting Zimbra vulnerability in August 2023,"An unidentified threat actor targeted a Pakistani government organization by exploiting a vulnerability in a web client managing access to Zimbra email servers (CVE-2023-37580) in August 2023, according to Google's Threat Analysis Group (TAG). By using the exploit, the hackers were able to steal the Zimbra authentication token, which was exfiltrated to ntcpk[.]org.
In the same report, TAG disclosed three other campaigns exploiting the same vulnerability, spanning from 29 July 2023 until 25 August 2023,two of which predated the public disclosure of the vulnerability (13 July) and patch release (25 July). The first, unattributed campaign targeted a government organisation in Greece. TAG attributed the second campaign to the Russian APT Winter Vivern, in which the group used multiple malicious URLs that targeted government organisations in Moldova and Tunisia. For those two campaigns, no information about the actual impact of the operations were offered in the public report. The third campaign targeted a Vietnamese government entity in late July 2023, including the posting of stolen credentials to a URL hosted on an official government domain that the attackers likely compromised.",2023-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Not available,Not available,Unknown - not attributed,,1,15202,2023-11-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Google's TAG,,United States,Not available,Not available,Unknown - not attributed,https://www.bleepingcomputer.com/news/security/google-hackers-exploited-zimbra-zero-day-in-attacks-on-govt-orgs/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/google-hackers-exploited-zimbra-zero-day-in-attacks-on-govt-orgs/; https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/,2023-11-20,2023-12-12
2802,Unsecured database of Bangladeshi National Telecommunications Monitoring Centre leaked and wiped in November 2023,"A database managed by the National Telecommunications Monitoring Centre (NTMC) of Bangladesh, an intelligence agency involved in the collection of cell phone user data and internet activity, was wiped by unknown actors in November 2023.
The unsecured database, containing personal information together with metadata of calls, IMEI numbers and bank account details, was detected by a security researcher from CloudDefense.AI, who reported inadvertent disclosure of the data to Bangladesh's Computer Incident Response Team (CIRT) on 8 November.
During the same week, an unidentified threat actor downloaded the database, which was likely left exposed online due to a misconfiguration. On 12 November, the perpetrators wiped the stored data and replaced it with a ransom note demanding a payment of $360 to avoid the publication or deletion of the data. Efforts by Wired to establish whether information in the database was collected as part of the Centre's monitoring mandate identified several entries that appeared to be training data, while verifying others as matching real-world records. The purpose for which the information was collected remained unclear, but did not seem to be linked to suspected criminal activity.",2023-11-12,2023-11-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse; Ransomware,National Telecommunications Monitoring Centre (Bangladesh),Bangladesh,ASIA; SASIA,State institutions / political system,Intelligence agencies,Not available,Not available,Not available,,1,14388,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.wired.com/story/ntmc-bangladesh-database-leak/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Destruction,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/ntmc-bangladesh-database-leak/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2023-11-17,2023-11-20
2801,Unknown hackers breached systems of International Criminal Court in September 2023,"Unknown hackers breached the systems of the International Criminal Court (ICC) in September 2023, according to an ICC statement released on 19 September 2023. The ICC detected ""anomalous activity affecting its information systems"". On 20 October 2023, the ICC revealed further information about the incident, describing the operation as targeted and sophisticated and conducted for espionage purposes. The statement notes that data has been compromised but did not further specify the nature at the time of the announcement. The press release did not explicitly address whether the incident involved a compromise of data held by the Court.",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,International Criminal Court (ICC),Netherlands,EUROPE; NATO; EU(MS); WESTEU,International / supranational organization,,Not available,Not available,Not available,,1,14389,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty; International organizations,; ; ,Not available,1,2023-10-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Netherlands,Nationale Politie,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/152830/intelligence/international-criminal-court-attack-evidence.html; https://www.bleepingcomputer.com/news/security/international-criminal-court-systems-breached-for-cyber-espionage/; https://www.icc-cpi.int/news/measures-taken-following-unprecedented-cyber-attack-icc; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html; https://therecord.media/ukraine-pow-agency-cyberattack-russia,2023-11-17,2024-03-18
2798,Unknown Threat Actors Targeted Telecommunications Infrastructure of German City Council of Neuss in November 2023,"The city council of Neuss in Germany detected an intrusion of its telecommunications infrastructure on 10 November 2023. The isolation of compromised devices prevented a disruption of the city administration's operations and stopped the threat actor from spreading to other systems. In likely connection with the incident, several schools experienced minor disruptions to telephone service on the morning of 14 November, which were promptly mitigated. A strict separation of the telecommunications network from the wider administrative network prevented the possibility of sensitive data being accessed. ",2023-11-01,2023-11-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,Neuss City Council,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,14879,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-11-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.neuss.de/presse/aktuell/15-11-2023-hackerangriff-auf-die-telekommunikations-infrastruktur,2023-11-16,2023-12-06
2797,Unknown actor interfered with emergency signal network of health technology provider Tunstall Nederland in mid-November 2023,"An unknown actor targeted at Tunstall Nederland, the Dutch branch of a Swedish health technology provider specialising in long-term care solutions, on 12 November 2023. The infiltration resulted in a disruption of company systems involved in the relaying of reports from Tunstall's emergency buttons used by ill or injured patients or elderly customers to call for help after a fall. Distress signals sent from buttons did not reach Tunstall's control room, from where they are normally forwarded to emergency rooms. Envida, a welfare organisation, reported that over 3,000 patient buttons across Limburg, the Netherlands' southernmost province, were affected. Assessments of the nationwide impact were not immediately available. An internal investigation concluded that the threat actor was able to access data handled by Tunstall.
Tunstall restored key systems and availability of services by 14 November, but had not yet returned to full coverage, according to a company briefing from 15 November. ",2023-11-12,2023-11-14,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Tunstall Nederland,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,14880,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.tunstall.nl/cyberaanval/; https://www.computable.nl/artikel/nieuws/security/7575484/250449/cyberaanval-legde-noodknoppen-tunstall-lam.html; https://cyberwarzone.com/cyberattack-on-tunstalls-emergency-button-system/; https://www.tunstall.nl/q-a-cyberaanval-update-16-november-2023/; https://www.malwarebytes.com/blog/news/2023/11/alarm-system-cyberattack-leaves-those-in-need-struggling-to-call-for-help; https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-november-13-november-19-2,2023-11-16,2023-12-06
2792,Unknown actor disrupted and stole data from county administration of Bladen in North Carolina in early November 2023,"An unknown actor targeted the local administration of Bladen County in North Carolina. County government operations have been limited in capacity due to restricted access to administrative systems. The county leadership confirmed that the perpetrators were able to access unspecified county data. The intrusion targeting the country of 30,000 people was discovered in the week of 6 November 2023.",2023-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse,Bladen County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15244,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-11-14 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,North Carolina Joint Cybersecurity Task Force,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/north-carolina-county-cyberattack-national-guard-called-in; https://bladenonline.com/public-notice-bladen-county-government-victim-of-a-cybercriminal-attack/; https://research.checkpoint.com/2023/20th-november-threat-intelligence-report/; https://therecord.media/hack-on-north-carolina-city-led-to-data-leak,2023-11-15,2023-12-13
2796,Unknown actor stole $2.4 million from Australian crypto exchange CoinSpot in November 2023,"An unknown actor drained the equivalent of $2.4 million in Ether from CoinSpot, Australia’s largest crypto exchange, on 8 November 2023. The theft is assessed to have been enabled by a private key compromise of one of the exchange's hot wallets.",2023-11-08,2023-11-08,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,CoinSpot,Australia,OC,Critical infrastructure,Finance,Not available,Not available,Not available,,1,15214,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,2400000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://cointelegraph.com/news/australia-crypto-exchange-coinspot-suffers-hot-wallet-hack-exploit-report; https://t.me/investigations/70,2023-11-15,2023-12-12
2793,Black Basta ransomware deployed against Chilean National Customs Service ,"On 17 October 2023, the Chilean CSIRT and the National Customs Service reported that Black Basta ransomware had been deployed in a limited segment of networks of the Chilean National Customs Service.",2023-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse; Ransomware,National Customs Service (Chile),Chile,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15221,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/chile-black-basta-ransomware-attack-customs-department; https://www.csirt.gob.cl/noticias/10cnd23-00112-01/; https://www.facebook.com/AduanasdeChile/posts/636992521942204?locale=it_IT; https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/; https://therecord.media/blackbasta-ransom-payments,2023-11-15,2024-02-09
2795,Unknown actor targeted server infrastructure of German Energy Agency (dena) on 11 November 2023,"An unknown threat actor targeted the server infrastructure of the German Energy Agency (dena), a state-owned company, on 11 November 2023. The agency reported on 14 November that the incident had put a practical stop to the agency's work and blocked its phone and email communications. dena operates as a centre of excellence supporting Germany's applied energy transition in service of the government's climate policy objectives. On December 13, Lockbit ransomware group added dena to their victim list, claiming to be responsible for the attack.",2023-11-11,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,German Energy Agency (dena),Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Research,LockBit,Not available,Non-state-group,Criminal(s),1,17926,2023-12-13 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.dena.de/newsroom/meldungen/2023/cyberangriff-auf-die-dena/; https://www.dena.de/newsroom/meldungen/2023/hinweis-zur-datensicherheit/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/,2023-11-15,2024-03-13
2791,Unknown hacker stole $3.3 million from decentralized finance platform Raft on 10 November 2023,"An unknown hacker stole $3.3 million worth of ether from the decentralized finance platform Raft on 10 November 2023 by mining $6.7 million of uncollateralised R, a dollar-pegged stablecoin maintained by Raft. The actor subsequently exchanged the obtained R for ether causing a sudden depreciation of R and ultimately forcing a depeg of R. After an initial drop of 50% from the $1 mark, the price of R dwindled to $0.05 by 15 November. The actor orchestrating the theft burned almost all ether obtained in the gambit by sending it to a null address, an unusable wallet, removing the funds from circulation.",2023-11-10,2023-11-10,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Raft,Finland,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Finance,Not available,Not available,Individual hacker(s),,1,15245,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Individual hacker(s),,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,=< 10 Mio,3600000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://tarnkappe.info/artikel/cyberangriff/raft-defi-hacker-verlor-womoeglich-grossteil-des-erbeuteten-geldes-282593.html; https://www.coindesk.com/tech/2023/11/10/defi-platform-raft-suffers-33m-exploit-but-hacker-likely-takes-a-loss-on-the-attack/; https://mirror.xyz/0xa486d3a7679D56D545dd5d357469Dd5ed4259340/_Nk6_1_VvInyC0pdvHiZuAXiqm6tYSsGYGHSfOhcO1I; https://tarnkappe.info/artikel/krypto/illegale-krypto-mining-rigs-im-polnischen-obersten-verwaltungsgericht-gefunden-282717.html,2023-11-14,2023-12-13
2789,Suspected russian false-flag hacktivists Anonymous Sudan claimed responsibility for DDoS attacks on OpenAI causing periodic disruptions on 8 November 2023,"The suspected Russian false-flag hacktivist group Anonymous Sudan claimed to be responsible for intermittent outages of the ChatGPT user interface and the application's API during 8-9 November 2023. Initially linking the periodic outages to a surge in interest, OpenAI - the company behind ChatGPT - identified an “abnormal traffic pattern reflective of a DDoS attack“ as the source of returning disruptions. The outages affected ChatGPT itself, all OpenAI API services, Labs and Playground.
Anonymous Sudan tied its targeting of OpenAI to the company's cooperation with Israel, claiming the firm harboured ""general biases towards Israel and against Palestine"" and allowed its technologies to be used in ""the development of weapons and by intelligence agencies"".",2023-11-08,2023-11-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Russia,Non-state-group,Hacktivist(s),1,17297,2023-11-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,,Russia,Non-state-group,https://t.me/xAnonymousSudan/243,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/signal-usernames/; https://www.darkreading.com/attacks-breaches/chatgpt-openai-attributes-regular-outages-ddos-attacks; https://status.openai.com/incidents/21vl32gvx3hb; https://t.me/xAnonymousSudan/243; https://securityaffairs.com/153939/hacktivism/chatgpt-chatgpt-ddos-attack.html; https://www.zdnet.com/article/chatgpt-down-openai-suggests-ddos-attack-is-to-blame/; https://www.bleepingcomputer.com/news/security/openai-confirms-ddos-attacks-behind-ongoing-chatgpt-outages/; https://www.hackread.com/chatgpt-down-openai-ddos-attacks-outages/; https://www.diyadinnet.com/stm-siber-tehdit-durum-raporu-nu-yayimladi-h302057/; https://www.habervakti.com/en-cok-siber-saldiri-gerceklestiren-ulkeler-belli-oldu,2023-11-14,2024-02-20
2788,Unknown actors targeted website of Catalan political party during internal vote on 11 November 2023,"Unidentified threat actors blocked access to the website of Junts per Catalunya (Junts), the political party of former Catalan President and proponent of Catalan independence Carles Puigdemont. The disruption attempt coincided with party members' internal consultation on an agreement with Spain's Socialist Party of incumbent Prime Minister Pedro Sanchez during 11-12 November 2023. The deal brokered with PSOE secured Junts' support for another term of Sanchez as Prime Minister. Malicious requests directed at the website did not affect the voting process on the agreement.",2023-11-11,2023-11-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Junts per Catalunya,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Political parties,Not available,Not available,Not available,,1,14224,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lavanguardia.com/politica/20231112/9372379/militancia-junts-respalda-forma-amplia-acuerdo-psoe.html,2023-11-14,2023-11-15
2787,Unknown actors spread XorDDoS Trojan to build botnet spanning 21 countries beginning December 2022,"Unknown actors infected Linux devices of a variety of organisations across 21 countries with the XorDDoS Trojan between December 2022 and 15 August 2023, IT security company Palo Alto Networks reported on 16 October 2023.
The unidentified threat actors compromised systems of organisations active in the semiconductor, telecommunications and retail industries as well as of transportation and finance companies. Hijacked devices were integrated into a botnet for conducting DDoS attacks. ",2022-12-01,2023-08-15,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"India; Slovenia; Turkey; Thailand; Norway; United States; Korea, Democratic People's Republic of; Brazil; Mexico; Azerbaijan; Pakistan; Italy; Peru; Colombia; Djibouti; Senegal; United Arab Emirates; Malaysia; Burkina Faso",ASIA; SASIA; SCO - EUROPE; BALKANS; NATO; EU(MS) - ASIA; NATO; MEA - ASIA; SEA - EUROPE; NATO; NORTHEU - NATO; NORTHAM - ASIA; NEA - SOUTHAM -  - ASIA; CENTAS - ASIA; SASIA; SCO - EUROPE; NATO; EU(MS) - SOUTHAM - SOUTHAM - MENA; AFRICA; SSA - AFRICA; SSA - ASIA; MENA; MEA; GULFC - ASIA; SCS; SEA - AFRICA; SSA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure,Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing - Transportation; ; Telecommunications; Finance; Critical Manufacturing,Not available,Not available,Not available,,1,14225,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Valid Accounts,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware/,2023-11-14,2024-04-18
2786,Unknown hackers stole and published sensitive data of US plastic surgeon's office Hankins & Sohn in February 2023,"Unknown hackers stole and published sensitive data from the plastic surgeon's practice Hankins & Sohn, which operates offices in Henderson and Las Vegas, in February 2023. The data, including sensitive personal information as well as nude images, taken for medical purposes, was published online and shared with the victim's friends and family. A class-action lawsuit filed by victims against Hankins & Sohn accuses the practice of failing to implement adequate and reasonable cybersecurity procedures and protocols, noting that disclosed photos did not appear to have been encrypted. The FBI has launched an investigation into the data breach.",2023-02-23,2023-02-23,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft & Doxing; Hijacking with Misuse,Hankins and Sohn,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14246,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-11-09 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-november-06-november-12; https://www.malwarebytes.com/blog/blog/news/2023/11/nude-before-and-after-photos-stolen-from-plastic-surgeon-posted-online-and-sent-to-victims-family-and-friends,2023-11-14,2023-11-15
2778,Lorenz group targeted Codgell Memorial Hospital in Texas with ransomware on 1 November 2023,"The ransomware group Lorenz claimed responsibility for a ransomware attack against Codgell Memorial Hospital in Texas on 1 November 2023. The group alleged to have stolen 5 TB containing information of patients and employees, 95% of which it says have been added to its leak site.
Codgell Memorial Hospital confirmed a disruptions that prevented access to some of its systems and restricting its phone systems without detailing whether the incident affected data. In the same press release, the facility declared that it had notified law enforcement about the incident.",2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Codgell Memorial Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,Lorenz group,Not available,Non-state-group,Criminal(s),1,15247,2023-11-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lorenz group,Not available,Not available,Lorenz group,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/154101/data-breach/the-lorenz-ransomware-group-hit-texas-based-cogdell-memorial-hospital.html; https://cogdellhospital.com/network-incident-preventing-the-use-of-systems-and-phones/; https://cogdellhospital.com/2023-data-security-incident/,2023-11-13,2023-12-13
2779,Russian cyber-crime group PLAY disrupted store KaDeWe in Berlin on 3 November 2023,"Russian cyber-crime group PLAY disrupted the department store KaDeWe in Berlin on 3 November 2023. According to a company statement, they were able to thwart the attack in an early stage. However, card payments were not possible over the subsequent weekend due to the attack. Whether data had been stolen remained unclear at the time of the reporting. The Berlin Police said that the attackers tried to blackmail the KaDeWe. German parliament member Misbah Khan from the party Bündnis 90/Die Grünen issued a statement via media calling for increased awareness about cyber security as a part of national security in Germany.
One day after the disclosure, the ransomware group posted alleged KaDeWe data on their leak site, including customer and employee data, Supervisory Board minutes, data from the company's finance department and information on a number of the KaDeWe Group's business partners.
In contrast to initial statements by the head of KaDeWe, who downplayed the impact of the incident and also the amount and severity of stolen data, the final report of the Berlin Commissioner for Data Protection and Freedom of Information stated that data of 850 employees and around 4300 customers were stolen by the attackers. ",2023-11-03,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Kaufhaus des Westens (KaDeWe),Germany,EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,PLAY,Russia,Non-state-group,Criminal(s),1,18935,2023-11-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Kaufhaus des Westens (KaDeWe),Not available,Germany,PLAY,Russia,Non-state-group,https://www.rbb24.de/panorama/beitrag/2023/11/berlin-kadewe-hacker-angriff-bargeld-zahlungen-it-probleme.html,Unknown,Not available,,Not available,,1,2023-11-08 00:00:00,EU member states: Legislative reactions,Stabilizing statement by member of parliament,Germany,Misbah Khan (Bündnis 90/Die Grünen),No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence,,Not available,1,2023-11-07 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Berlin,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.kleinezeitung.at/wirtschaft/17800182/russische-hacker-greifen-berliner-luxuskaufhaus-kadewe-an; https://www.egovernment.de/unbuerokratisch-15-digitalisierung-aber-sicher-misbah-khan-a-121253814f3d7d6bf3915aa40bf4450a/; https://www.rbb24.de/panorama/beitrag/2023/11/berlin-kadewe-hacker-angriff-bargeld-zahlungen-it-probleme.html; https://taz.de/IT-Berater-ueber-Sicherheit-im-Netz/!5983306/; https://www.textilwirtschaft.de/business/news/4300-kundendaten-betroffen-kadewe-alle-details-zum-hacker-angriff-244008; https://www.handelsblatt.com/unternehmen/handel-konsumgueter/cyberattacke-bei-kadewe-group-tausende-kundendaten-durch-hacker-gestohlen/100017650.html,2023-11-13,2024-04-25
2780,ALPHV/BlackCat Ransomware Group Compromised Systems and Stole Data from US-Based Non-Profit Healthcare Provider McLaren Health Care starting on 28 July 2023,"McLaren Health Care, a nonprofit healthcare service operating in the US states of Michigan and Indiana, has announced a data breach affecting close to 2.2 million individuals. First signs of the breach trace back to 28 July 2023. The ransomware group ALPHV/BlackCat claimed responsibility for the attack, adding McLaren Health Care to its leak site on 4 October and threatening to auction off any files obtained from McLaren within 72 hours. The compromised data varied by case but included names, national insurance numbers, health insurance information, dates of birth, billing and claims information, diagnoses, physician information, medical record numbers, Medicare/Medicaid information, prescription and medication information, and diagnosis results and treatment information. 
",2023-07-28,2023-08-23,Attack on critical infrastructure target(s),,,Data theft; Hijacking with Misuse; Ransomware,McLaren Health Care Corporation,United States,NATO; NORTHAM,Critical infrastructure,Health,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,14222,2023-10-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/; https://securityaffairs.com/154014/data-breach/mclaren-health-care-data-breach.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,1,2023-11-10 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/; https://securityaffairs.com/154014/data-breach/mclaren-health-care-data-breach.html; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://apps.web.maine.gov/online/aeviewer/ME/40/40c59f93-d7fd-4133-8148-a05a244b96b7.shtml; https://research.checkpoint.com/2023/13th-november-threat-intelligence-report/; https://therecord.media/michigan-university-warns-that-info-leaked,2023-11-13,2023-11-17
2781,Unknown actors exploited cryptocurrency trading platform Poloniex and stole at least $100 million worth of Bitcoin and Ethereum on 10 November 2023,"Unknown actors targeted the cryptocurency trading platform Poloniex, stealing over $100 million dollars in Bitcoin and Ethereum on 10 November 2023. Poloniex disclosed the incident on social media, offering a 5% payout in exchange for the return of the stolen funds. In a separate statement, Justin Sun, owner of Poloniex, claimed that the company had identified wallets linked to the suspected perpetrators and has taken steps to freeze associated assets.",2023-11-10,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Poloniex,Seychelles,AFRICA; SSA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14220,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,8.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 100 Mio - 1 bn,130000000.0,dollar,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen; https://tarnkappe.info/artikel/krypto/poloniex-kryptoboerse-bietet-hackern-5-der-geklauten-summe-fuers-zurueckbringen-282572.html; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts,2023-11-13,2024-02-02
2784,Pro-Russian Hacking Group 'NoName057(16)' Suspected Of Disrupting Numerous Belgian Government Websites On 9 November 2023,"On 9 November, several Belgian government websites were temporarily unavailable, possibly due to yet another cyber-attack, which is believed to be of pro-Russian origin. The hacker group 'NoName057(16)' expressed their dissatisfaction with Belgium's support for Ukraine on their social media channels, suggesting that they could be behind the attack. The group posted a link to a website status monitoring service together with screenshot of what appeared to be timed-out request for loading the website of the Chamber of Representative, Belgium's lower house of parliament. The Centre for Cyber Security (CCB) confirmed that several government websites were targeted for disruption.
In particular, websites such as the those of the Chamber, the Senate and that of the Belgian Royal Family were affected by this incident. According to CCB spokesperson Katrien Eggers, the reported disruptions were rather limited.",2023-11-09,2023-11-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,Senate (Belgium) - Royal Family (Belgium)  - Chamber of Representatives (Belgium),Belgium; Belgium; Belgium,EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system - State institutions / political system - State institutions / political system,Legislative - Government / ministries - Legislative,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,15055,2023-11-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Not available,NoName057(16),Russia,Non-state-group,https://www.bruzz.be/justitie/verschillende-overheidswebsites-getroffen-door-nieuwe-cyberaanval-2023-11-09; https://t.me/noname05716/5234,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bruzz.be/justitie/verschillende-overheidswebsites-getroffen-door-nieuwe-cyberaanval-2023-11-09; https://t.me/noname05716/5234,2023-11-13,2024-01-18
2782,Unknown Threat Actor Disrupted Numerous Washington State Department of Transportation Online Services on 7 November 2023,"The Washington State Department of Transportation experienced disruptions to its website, app, and traffic monitoring camera feeds on 7 November 2023. These disruptions affected the availability of a variety of services, including travel maps, traffic cameras, video transmissions from ferries and mountain pass reports as well as the platform to obtain freight permits.
An investigation by the department's IT team into the extent and nature of and responsibility for the incident is underway. While a number of services were gradually restored on the afternoon of 9 November, key functions such as the travel map, mobile app, ferry vessel monitoring and online cargo authorizations remained unavailable and recovery was ongoing. 
",2023-11-07,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Not available,Not available,,1,14218,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Law of the sea; Sovereignty; International economic law,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/washington-state-department-of-transportation-recovering-from-cyberattack; https://www.facebook.com/WSDOT/posts/737426395095731; https://www.facebook.com/WSDOT/posts/737426395095731,2023-11-13,2023-11-14
2783,Cyber incident targeting DP World disrupted operations at several Australian ports on 10 November 2023 ,"DP World Australia, a subsidiary of the Dubai-based state-owned company DP World, suspended operations at its container terminals in Melbourne, Sydney, Brisbane, and Perth in response to a cyber incident affected its port facilities. The company restricted land side access to and restricted Internet connectivity at its sites to contain any unauthorized access. On 10 November 2023, DP World Australia entered into communications with the Australian Cyber Security Centre. The Australian government activated the National Coordination Mechanism to provide assistance and support for analysis of the incident. Operations at the terminals resumed on 13 November. Remediation work is expected to remain ongoing for some time.
DP World and Australian Federal Police continue their respective investigations into the cause of the incident and the actors responsible for the intrusion. 
Bleeping Computer reported on 28 November that DP World confirmed to them in a statement that data has been stolen. However, the company said that no ransomware or encryption payload was used. ",2023-11-10,2023-11-13,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,DP World Australia,Australia,OC,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,14704,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-11-13 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Australia,Darren Goldie (cyber-security co-ordinator of Australia`s government),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Not available,Law of the sea; Sovereignty,,Not available,1,2023-11-11 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Australia,Australian Federal Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.channelnewsasia.com/world/australia-ports-operator-cybersecurity-incident-suspends-operations-3914086; https://twitter.com/CatherineKingMP/status/1723928689573065074; https://twitter.com/AUCyberSecCoord/status/1723220086255923512; https://twitter.com/AUCyberSecCoord/status/1723900678681362915; https://www.bleepingcomputer.com/news/security/dp-world-cyberattack-blocks-thousands-of-containers-in-ports/; https://www.darkreading.com/ics-ot/australian-ports-resume-operation-after-crippling-cyber-disruption; https://www.heise.de/news/Nach-Cyberangriff-30-000-Container-gestrandet-Australiens-Haefen-arbeiten-wieder-9424439.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://research.checkpoint.com/2023/13th-november-threat-intelligence-report/; https://www.japantimes.co.jp/news/2023/11/12/asia-pacific/crime-legal/australia-ports-cyber-incident/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-exploits-citrix-bleed-in-attacks-10k-servers-exposed/; https://securityaffairs.com/154145/cyber-crime/dp-world-australian-ports-blocked.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/; https://www.bleepingcomputer.com/news/security/dp-world-confirms-data-stolen-in-cyberattack-no-ransomware-used/; https://www.bleepingcomputer.com/news/security/us-health-dept-urges-hospitals-to-patch-critical-citrix-bleed-bug/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-1st-2023-police-hits-affiliates/; https://www.malwarebytes.com/blog/threat-intelligence/2023/12/ransomware-review-december-2023; https://www.techrepublic.com/article/cybersecurity-trends-australia-2024/; https://therecord.media/hackers-breach-australian-court-hearing-database; https://thediplomat.com/2024/02/maritime-cybersecurity-an-emerging-area-of-concern-for-india/; https://www.defenseone.com/defense-systems/2024/02/biden-sign-executive-order-boosting-cybersecurity-ports-maritime-vessels/394340/; https://apnews.com/article/port-security-cyber-attack-e3da323aebc80c553663e43b77d430e2; https://therecord.media/australia-healthcare-saint-vincent-cyberattack; https://www.bleepingcomputer.com/news/security/eagers-automotive-halts-trading-in-response-to-cyberattack/; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/rise-in-active-raas-groups-parallel-growing-victim-counts-ransomware-in-2h-2023,2023-11-13,2024-04-29
2776,Russia-linked Sandworm caused power outage and deployed wiper coinciding with missile strikes against Ukrainian critical infrastructure in October 2022,"The Russian threat actor Sandworm gained access to an operational technology environment of a Ukrainian critical infrastructure organisation and destroyed data using CADDYWIPER between June and 12 October 2022, the threat intelligence firm Mandiant reported on 9 November 2023. Government assessments from the US, the UK and within the EU have linked Sandworm to the Main Center for Special Technologies (GTsST), also known as Unit 74455, within Russia's military intelligence service GRU.
Sandworm gained access to the target environment via a hypervisor that hosted the Supervisory Control and Data Acquisition (SCADA) management instance for the substation environment of the affected Ukrainian organisation. On 10 October 2022, the group tripped substation circuit breakers controlled by the victim organisation causing a power outage. On 12 October, Sandworm caused a second disruption, deploying CADDYWIPER in the IT networks of the targeted organisation. Limited to the IT environment, the wiper did not affect OT systems, where the threat actor had previously sought to erase signs of its activity. The subsequent execution of the wiper may point to a lack of coordination within the attack team, drawing inadvertent attention to an operation that had already been closed out. Mandiant estimated that Sandworm had developed its capability to disrupt OT systems at least three weeks before causing the power outage. The opening of circuit breakers overlapped with a several-day-long missile barrage against critical infrastructure across Ukraine, including the city in which the affected organisation is based. This overlap may point to efforts at integrating physical and cyber instruments, as well as attempts to cover up the cyber-enabled cause of the electricity outage.",2022-06-01,2022-10-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Critical infrastructure,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,State,,1,15337,2023-11-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,Mandiant,United States,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,State,https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Armed conflict; Sovereignty,; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology; https://www.bleepingcomputer.com/news/security/russian-hackers-switch-to-lotl-technique-to-cause-power-outage/; https://www.rferl.org/a/russia-hackers-ukraine-power-grid-gru-attack-2022/32677652.html; https://www.darkreading.com/ics-ot/sandworm-cyberattackers-ukrainian-power-grid-missile-strikes; https://www.wired.com/story/sandworm-ukraine-third-blackout-cyberattack/; https://cyberscoop.com/sandworm-russia-ukraine-grid/; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology; https://www.techrepublic.com/article/sandworm-threat-actor-disrupts-power-ukraine/; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://thehackernews.com/2023/11/russian-hackers-sandworm-cause-power.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.wired.com/story/most-dangerous-people-2023/; https://www.bleepingcomputer.com/news/security/russian-hackers-wiped-thousands-of-systems-in-kyivstar-attack/; https://elpais.com/internacional/2024-02-12/ucrania-asegura-que-rusia-utiliza-la-colaboracion-china-en-sus-ciberataques.html; https://elpais.com/https:/elpais.com/internacional/2024-02-12/ucrania-asegura-que-rusia-utiliza-la-colaboracion-china-en-sus-ciberataques.html; https://english.elpais.com/international/2024-02-12/ukraine-claims-russia-uses-its-cooperation-with-china-to-carry-out-cyberattacks.html; https://www.wired.com/story/russia-ukraine-power-war-crimes/; https://www.wired.com/story/push-notification-privacy-security-roundup/; https://www.bluewin.ch/fr/infos/international/les-cyberattaques-russes-constituent-une-menace-mondiale-2171003.html,2023-11-10,2023-12-17
2774,Ransomware group Lockbit encrypted a limited number of servers of the electronics manufacturer Kyocera AVX (KAVX) beginning on 16 February 2023,"The Russian ransomware group Lockbit encrypted a limited number of servers of the electronics manufacturer Kyocera AVX (KAVX) during the period of 16 February to 30 March 2023, as claimed by the ransomware group as early as 26 May and as confirmed by KAVX on 30 October. KAVX disclosed that stolen personal data included employee names and social security numbers. Samples of exfiltrated data leaked by Lockbit as proof of compromise had included financial files, non-disclosure agreements, as well as showing technical drawings and schematics, pointing to a potential risk of revealing patented designs.",2023-02-16,2023-03-30,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Kyocera AVX (KAVX),United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,LockBit,Russia,Non-state-group,Criminal(s),1,15250,2023-05-26 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Russia,Non-state-group,https://www.bleepingcomputer.com/news/security/kyocera-avx-says-ransomware-attack-impacted-39-000-individuals/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/kyocera-avx-says-ransomware-attack-impacted-39-000-individuals/; https://s3.documentcloud.org/documents/24139345/kavx-sample-notification-letter.pdf,2023-11-10,2023-12-13
2773,Lockbit suspected of disrupting IT systems of Industrial and Commercial Bank of China in the United States on 8 November 2023,"Lockbit 3.0 ransomware was used to disrupt financial services systems of the Industrial and Commercial Bank of China (ICBC) in the United States on 8 November 2023, the Financial Times reported. Locked systems interfered with the banks ability to settle US Treasury trades for parts of the day.
Whether Lockbit directly conducted the operation or provided tools to a separate actor as part of its ransomware-as-a-service scheme was not immediately reported. ICBC has not been listed on the group's leak site, which may also be a reflection of a common practice among ransomware groups to not identify targets while negotiations remain ongoing. U.S. Secretary of the Treasury Janet Yellen said on 10 November that she spoke about the hack with China`s Vice Premier He Lifeng during talks in San Francisco and that the hack had not interfered with the market for U.S. government debt.",2023-11-08,2023-11-09,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,Industrial and Commercial Bank of China (ICBC),China,ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure; Critical infrastructure,Finance; Finance,LockBit,Russia,Non-state-group,Criminal(s),1,17339,2024-02-20 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,Department of the Treasury’s Office of Foreign Assets Control (OFAC),Not available,United States,LockBit,Russia,Non-state-group,https://home.treasury.gov/news/press-releases/jy2114,Unknown,Not available,,Not available,,1,2023-11-10 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,United States,Janet Yellen (U.S. Secretary of the Treasury),No,,Not available,Data Exfiltration,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.darkreading.com/attacks-breaches/treasury-markets-disrupted-from-icbc-ransomware-attack; https://www.reuters.com/world/china/chinas-largest-bank-icbc-hit-by-ransomware-software-ft-2023-11-09/#:~:text=Nov%209%20%28Reuters%29%20%2D%20A,in%20exchange%20for%20unlocking%20them.; https://www.ft.com/content/8dd2446b-c8da-4854-9edc-bf841069ccb8; http://www.icbcfs.com/; https://therecord.media/icbc-dealing-with-ransomware-attack; https://www.bleepingcomputer.com/news/security/industrial-and-commercial-bank-of-china-hit-by-ransomware-attack/; https://securityaffairs.com/153986/hacking/icbc-ransomware-attack.html; https://www.heise.de/news/US-Tochter-von-Chinas-groesster-Bank-muss-wegen-Ransomware-per-USB-Stick-handeln-9380845.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.darkreading.com/vulnerabilities-threats/ransomware-hit-china-owned-bank-citrixbleed-flaw; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/13th-november-threat-intelligence-report/; https://therecord.media/boeing-investigating-leaked-lockbit-data; https://www.wired.com/story/signal-usernames/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-exploits-citrix-bleed-in-attacks-10k-servers-exposed/; https://www.theguardian.com/technology/2023/nov/18/i-employ-a-lot-of-hackers-how-a-stock-exchange-chief-deters-cyber-attacks; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/; https://www.channelnewsasia.com/singapore/cyber-money-heist-ransomware-lockbit-cybercriminals-ransom-icbc-cyberextortion-attack-3929676; https://www.darkreading.com/vulnerabilities-threats/citrix-bleed-bug-inflicts-mounting-wounds-cisa-warns; https://cyberscoop.com/lockbit-boeing-ransomware-com/; https://therecord.media/citrix-bleed-bug-targeted-cisa; https://www.bleepingcomputer.com/news/security/us-health-dept-urges-hospitals-to-patch-critical-citrix-bleed-bug/; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://www.malwarebytes.com/blog/threat-intelligence/2023/12/ransomware-review-december-2023; https://www.ft.com/content/a8b8de58-8691-4ece-ade3-5b7be63dbef2; https://es.benzinga.com/2024/02/05/powell-aborda-amenazas-ciberneticas-bancos-eeuu/; https://www.euronews.com/2024/02/20/most-harmful-hacker-network-lockbit-disrupted-by-global-police-operation; https://www.bbc.co.uk/news/technology-68344987; https://home.treasury.gov/news/press-releases/jy2114; https://new.qq.com/rain/a/20240220A08FYV00; https://www.digitaltoday.co.kr/news/articleView.html?idxno=507140; https://www.risk.net/risk-management/7959013/beating-the-drum-on-cyber-risk-the-battle-for-boardroom-attention; https://therecord.media/first-american-title-insurance-cyberattack-real-state-industry; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/rise-in-active-raas-groups-parallel-growing-victim-counts-ransomware-in-2h-2023",2023-11-10,2024-04-13
2775,Hacktivist group Anonymous Sudan disrupted website of US information and communication technology company Cloudflare on 9 November 2023,"The hacktivist group Anonymous Sudan disrupted access to the website of the US information and communication technology company Cloudflare on 9 November 2023, the group claimed later that day via Telegram. The group is suspected to be a Russian False-Flag operation by the hacktivist group Killnet. ",2023-11-09,2023-11-09,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Disruption,"Cloudflare, Inc.",United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),1,15249,2023-11-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,https://t.me/xAnonymousSudan/260,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://t.me/xAnonymousSudan/260; https://www.bleepingcomputer.com/news/technology/cloudflare-website-downed-by-ddos-attack-claimed-by-anonymous-sudan/; https://securityaffairs.com/154002/hacktivism/anonymous-sudan-ddos-on-cloudflare.html; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html,2023-11-10,2023-12-13
2772,Unknown actors targeted council computer systems of Western Isles Council in Scotland on 7 November 2023,"IT services of Comhairle nan Eilean, the local authority of the Western Isles in Scotland, suffered an outage on 7 November 2023, the Council reported via social media. The Comhairle chief executive named linked the incident to a „criminal attack“ on the IT system in comments to the media. ",2023-11-07,2023-11-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Comhairle nan Eilean Siar,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,14271,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-11-08 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,Police Service of Scotland,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/scotland-western-isles-comhairle-nan-eilean-siar-incident; https://twitter.com/cne_siar/status/1721958593161830909; https://www.bbc.com/news/uk-scotland-highlands-islands-67355465,2023-11-09,2023-11-16
2771,DumpForums group and Ukrainian Cyber Alliance defaced website of Russian National Payment Card System (NSPK) in October 2023,"Hacktivists from the DumpForums group and the Ukrainian Cyber Alliance defaced the website of the Russian National Payment Card System (NSPK) in October 2023. The hacktivists claimed to have gained access to the company's internal system and stolen 30 GB of data related to Mir, the system's consumer payment network, that serves as a local alternative to Visa and Mastercard. ",2023-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,National Card Payment System (NSPK),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Finance,Cyber Resistance aka the Ukrainian Cyber Alliance; DumpForums,Ukraine; Not available,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,15060; 15060; 15060; 15060; 15060; 15060; 15060; 15060,2023-10-30 00:00:00; 2023-10-30 00:00:00; 2023-10-30 00:00:00; 2023-10-30 00:00:00; 2023-10-30 00:00:00; 2023-10-30 00:00:00; 2023-10-30 00:00:00; 2023-10-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,DumpForums; DumpForums; DumpForums; DumpForums; Cyber Resistance aka the Ukrainian Cyber Alliance; Cyber Resistance aka the Ukrainian Cyber Alliance; Cyber Resistance aka the Ukrainian Cyber Alliance; Cyber Resistance aka the Ukrainian Cyber Alliance,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Cyber Resistance aka the Ukrainian Cyber Alliance; Cyber Resistance aka the Ukrainian Cyber Alliance; DumpForums; DumpForums; Cyber Resistance aka the Ukrainian Cyber Alliance; Cyber Resistance aka the Ukrainian Cyber Alliance; DumpForums; DumpForums,Ukraine; Not available; Ukraine; Not available; Ukraine; Not available; Ukraine; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://t.me/dfhmara/41,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/russia-mir-payment-system-attack-pro-ukraine-group; https://t.me/dfhmara/41; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/russian-state-owned-sberbank-hit-by-1-million-rps-ddos-attack/,2023-11-09,2023-12-11
2770,Chinese APTs targeted Cambodian government organisations since September 2023,"At least two Chinese APT groups have targeted at least 24 Cambodian government organisations through cloud backup services since September 2023, Palo Alto Network assessed with high confidence. The Washington Post reported that Palo Alto's Unit 42 linked the operations to China’s Ministry of State Security and Chengdu 404 Network Technology, a government contractor. China is in the process of constructing one of its first overseas bases in Cambodia, the Ream naval facility, making Cambodia a high-value intelligence target.",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Cambodia,ASIA; SEA,State institutions / political system; State institutions / political system,Government / ministries; Election infrastructure / related systems,Not available,China,Unknown - not attributed,,1,14273,2023-11-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,United States,Not available,China,Unknown - not attributed,https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,24.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/chinese-apt-groups-target-cambodian-organizations; https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/; https://www.hackread.com/chinese-apt-cloud-services-spy-cambodia-govt/; https://thehackernews.com/2023/11/chinese-hackers-launch-covert-espionage.html,2023-11-09,2024-03-27
2769,DAIXIN Team claimed responsibility for ransomware attack on local service provider impacting five hospitals in Ontario on 23 October 2023,"The extortion group DAIXIN Team attacked the Canadian local service provider TransForm Shared Service Organization, indirectly affecting the delivery of patient care and the scheduling of appointments in five hospitals across the province of Ontario. DAIXIN claimed to have stolen a database tables dump of more than 5.6 million records containing personally identifiable information and protected health information, including 160 GB of sensitive documents. The group also reportedly destroyed backups and encrypted several thousand files.
The hospitals affected by the attack were the Windsor Regional Hospital, the Hotel Dieu Grace, the Erie Shores Healthcare, the Hospice of Windsor-Essex and the Chatham-Kent Health Alliance. The ransomware attack disrupted the hospitals’ access to Wi-Fi, email, and patient information systems. 
The hospitals addressed the incident in a joint statement on 23 October. TransForm is a not-for-profit, shared service organization managing the IT, supply chain and accounts of those hospitals. DAIXIN issued a ransom demand in the amount of $4 million, directed at TransForm on the following day. In reaction to a refusal by the affected parties to pay the ransom, DAIXIN began leaking parts of the data on their Tor leak site on 1 November, including information about patients, employees and administrative matters. The group further threatened to sell other parts of the databases. How DAIXIN gained initial access, which the group dates to one week before the drop of the ransomware module, remains unclear.",2023-10-23,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Erie Shores Healthcare - TransForm - Windsor Regional Hospital - Hotel Dieu Grace (hospital) - Hospice of Windsor-Essex - Chatham-Kent Health Alliance - Bluewater Health,Canada; Canada; Canada; Canada; Canada; Canada; Canada,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health -  - Health - Health - Health - Health - Health,Daixin Team,Not available,Non-state-group,Criminal(s),1,15253,2023-11-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Daixin Team,Not available,Not available,Daixin Team,Not available,Non-state-group,https://www.databreaches.net/exclusive-daixin-team-claims-responsibility-for-attacks-affecting-canadian-hospitals-starts-leaking-data/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,7.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-10-30 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Ontario Provincial Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/transform-says-ransomware-data-breach-affects-267-000-patients/; https://securityaffairs.com/153857/cyber-crime/canadian-hospitals-transform-ransomware-attack.html; https://windsorstar.com/news/local-news/very-difficult-time-following-hospital-cyberattack-nurses-union; https://windsorstar.com/news/local-news/southwestern-ontario-hospitals-confirm-patient-data-compromised-in-cyberattack; https://www.databreaches.net/exclusive-daixin-team-claims-responsibility-for-attacks-affecting-canadian-hospitals-starts-leaking-data/; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/toronto-public-library-services-down-following-weekend-cyberattack/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2023-hives-back/; https://www.cbc.ca/news/canada/london/london-library-ransomware-almost-recovered-1.7131984,2023-11-09,2023-12-13
2768,Unknown threat actor compromised AWS account of US cybersecurity company Sumo Logic in November 2023,"An unknown threat actor compromised an AWS account of the US cybersecurity firm Sumo Logic in November 2023, according to the company, which offers cloud-based log management solutions. The company did not observe any immediate impact on its systems or networks, noting that it routinely encrypts customer data.",2023-11-03,2023-11-03,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Sumo Logic,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,15256,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/153882/security/sumo-logic-security-breach.html; https://www.sumologic.com/security-response-center/#eede153a-8f3f-4eff-858d-1b653eaff457; https://socradar.io/sumo-logic-security-breach-unauthorized-access-to-aws-with-stolen-credentials/; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html,2023-11-09,2023-12-13
2767,"French cloud computing service provider Shadow PC suffered theft of user data affectign 500,000 customers in late September 2023","A hacker under the pseudonym 'depressed' claimed to have accessed the database of French cloud computing service provider Shadow PC and stolen data from over 500,000 customers in late September 2023. The hacker advertised the information for sale on the underground market place Breach Forums on 11 October 2023, after Shadow PC had not responded to extortion demands. On the same day, Shadow PC reportedly sent out data breach notifications to affected customers. This notification, as confirmed by customers to Bleeping Computer, traced the intrusion of Shadow PC to an employee, who was tricked into downloading an information stealer from Discord at the end of September 2023. The hacker leveraged this access to steal an authentication cookie, which in turn was used to gain access to the management interface of a Shadow PC software-as-a-service provider. According to the breach notification, exfiltrated data included full names, email addresses, dates of birth, billing addresses and credit card expiry dates of customers. ",2023-09-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Telecommunications,,Not available,Individual hacker(s),,1,15257,2023-10-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,depressed,Not available,Not available,,Not available,Individual hacker(s),https://breachforums.is/Thread-SELLING-Shadow-Database,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/shadow-pc-warns-of-data-breach-as-hacker-tries-to-sell-gamers-info/; https://breachforums.is/Thread-SELLING-Shadow-Database; https://www.reddit.com/r/ShadowPC/comments/175f9ir/shadow_pc_data_breach/; https://www.heise.de/news/Sicherheitsvorfall-bei-Cloud-Gaming-Anbieter-Shadow-PC-9332656.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag,2023-11-09,2023-12-13
2766,Unidentified pro-Hamas hacktivists defaced websites of Israeli basketball teams starting on 5 November,"Pro-Hamas hackers defaced the official website of the Israeli basketball team Maccabi Tel Aviv with a series of anti-Israeli messaging on the night of 5-6 November 2023 in the midst of open hostilities between Israel and Hamas. 
Alongside the image of a man, presumably representing Hamas spokesman Abu Ubaida, wearing a military uniform with a Palestinian flag embroidered on his left sleeve, the logo of Hamas' military wing was also displayed, as reported by Israeli media.
In addition, the websites of the Israeli teams Maccabi Netanya and Hapoel Be'er Sheva were reportedly offline at the same time, but all three sites were restored to regular service within an hour.",2023-11-05,2023-11-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Maccabi Netanya - Maccabi Tel Aviv - Hapoel Be'er Sheva,Israel; Israel; Israel,ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA,Other - Other - Other, -  - ,Not available,Not available,Non-state-group,Hacktivist(s),1,15258,2023-11-05 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://x.com/PAKMoniter/status/1721838091034357913?s=20,Resources; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Armed conflict; Due diligence; Sovereignty,Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.algemeiner.com/2023/11/07/allahs-victory-is-near-website-israeli-basketball-team-hacked-threatening-hamas-message/; https://x.com/PAKMoniter/status/1721838091034357913?s=20,2023-11-08,2023-12-13
2765,ALPHV targeted servers of Japanese electronics and aerospace products maker Japan Aviation Electronis in November 2023,The ransomware group ALPHV/BlackCat accessed servers of Japanese aerospace and electronics products company Japan Aviation Electronics Industry (JAE) in November 2023 leading to the encryption of certain servers and the leak of a limited set of data.,2023-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,Japan Aviation Electronics,Japan,ASIA; SCS; NEA,Critical infrastructure,Critical Manufacturing,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,15259,2023-11-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,https://twitter.com/FalconFeedsio/status/1721725715559903542,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/japan-aviation-electronics-says-servers-accessed-during-cyberattack; https://twitter.com/FalconFeedsio/status/1721725715559903542; https://www.jae.com/en/topics/detail/id=104180; https://www.jae.com/en/topics/detail/id=107486,2023-11-08,2023-12-13
2764,"Hacktivist group ThreatSec disrupted 5,000 servers of Internet service provider Alfanet in Gaza Strip in October 2023","The hacktivist group ThreatSec disrupted 5,000 servers of the Internet service provider Alfanet in the Gaza Strip, the hacktivist group announced via its Telegram channel on 8 October 2023, claiming that its actions disrupted Internet access for Hamas fighters.",2023-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Quintiez Alfa General Trading,Palestine,ASIA; MENA; MEA,Critical infrastructure,Telecommunications,ThreatSec,Not available,Non-state-group,Hacktivist(s),1,15260,2023-10-08 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,ThreatSec,Not available,Not available,ThreatSec,Not available,Non-state-group,https://t.me/ThreatSec/165,Resources; Secession,Resources; Secession; Third-party intervention / third-party affection,Israel (Hamas et al.); Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/dr-global/hackers-for-hire-hit-both-sides-in-israel-hamas-conflict; https://securityaffairs.com/152224/hacktivism/hacktivists-palestine-israel-after-scada-ics.html; https://t.me/ThreatSec/165; https://medium.com/@geofferygideon/threatsec-shut-down-internet-services-across-gaza-3acbcba5ef5f,2023-11-08,2024-03-11
2763,Agonizing Serpens targeted Israeli education and technology organisations since January 2023,"The suspected Iranian state-aligned hacker group Agonizing Serpens (also tracked as Black Shadow/Agrius) has stolen and published information from education and technology organisations in Israel during January and October 2023 in the likely attempt to inflict reputational damage, at times masquerading their operations as a ransomware outfit, according to a report by Palo Alto Networks.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft & Doxing; Disruption; Hijacking with Misuse,Not available - Not available,Israel; Israel,ASIA; MENA; MEA - ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Education, - ,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15261,2023-11-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,Israel,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/#post-131008-_wwfu4qvc6d3j,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration; Disk Wipe,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,2.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Armed conflict; Sovereignty; Human rights,"Civic / political rights; Conduct of hostilities; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/iran-linked-hackers-target-israel-education-tech-sectors; https://thehackernews.com/2023/11/iranian-hackers-launches-destructive.html; https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/; https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/#post-131008-_wwfu4qvc6d3j; https://securityaffairs.com/153703/apt/iranian-agonizing-serpens-apt-wipers.html; https://www.darkreading.com/dr-global/iran-linked-agrius-apt-group-israeli-education-tech-sectors; https://therecord.media/charming-kitten-targeted-israel-cyberattacks; https://www.bleepingcomputer.com/news/security/israel-warns-of-bibi-wiper-attacks-targeting-linux-and-windows/; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html,2023-11-07,2023-12-21
2759,Ransomware group LockBit claimed to have compromised website of US aircraft manufacturer Boeing in October 2023,"The ransomware group LockBit claimed to have compromised the website of US aircraft manufacturer Boeing, which is designed to sell replacement parts, causing it to become unavailable as a result. 
According to the criminal collective, associated operatives penetrated Boeing's network and stole a significant amount of sensitive information, which they would post online five days later should the aircraft manufacturer decide not to respond before the deadline. Boeing is still investigating the alleged data breach.
LockBit had already attempted to blackmail the company at the end of October. They threatened to publish the exfiltration information if Boeing did not pay by 2 November. According to recent media reports, Boeing has been removed from LockBit's self-managed victim list, as negotiations are said to have begun. 
LockBit eventually published all data that it obtained during the 10 November infiltration of Boeing, a combined volume of 50 GB, presumably after negotiations collapsed. The group is believed to have broken into networks of the aerospace manufacturer taking advantage of the Citrix Bleed vulnerability (CVE-2023-4966).",2023-10-01,2023-11-10,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Boeing,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Transportation; Critical Manufacturing,LockBit,Russia,Non-state-group,Criminal(s),1,15262,2023-11-02 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,LockBit,Not available,Russia,LockBit,Russia,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,1,2023-11-02 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.heise.de/news/Cyberangriff-auf-Boeing-laeuft-wohl-weiter-9352493.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2023-hives-back/; https://techcrunch.com/2023/11/02/boeing-cyber-incident-ransomware-gang-claims-data-theft/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAJL5HrGiTFZ9f5WSQ2liSXZjamWAsvnbzBsk4nhFo3VGTRbAb2VAsfKxcBnZr2PiiyXa_rgiPxR0spYq5PTU7pSnIg2KkGKAMwX0cFqe2EOLSYySKaJ8jyEyKiRenzVSDutF2wlRV8HaLT4ukQ9Q26bUnhQC3-a4FW074oRSsBI0; https://research.checkpoint.com/2023/6th-november-threat-intelligence-report/; https://www.heise.de/news/Ransomware-Boeing-Verhandlungen-offenbar-gescheitert-Lockbit-droht-erneut-9356178.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.heise.de/news/Frueher-als-geplant-Lockbit-veroeffentlicht-Daten-von-Flugzeughersteller-Boeing-9358787.html; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-leaks-gigabytes-of-boeing-data/; https://socradar.io/lockbit-shares-boeing-data-software-company-and-us-database-leaks-dutch-rdp-sale/; https://www.hackread.com/lockbit-ransomware-leaks-boeing-data-trove/; https://securityaffairs.com/154115/cyber-crime/lockbit-ransomware-leaked-boeing-data.html; https://therecord.media/boeing-investigating-leaked-lockbit-data; https://www.darkreading.com/risk/sec-suit-ushers-in-new-era-of-cyber-enforcement; https://www.wired.com/story/signal-usernames/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-exploits-citrix-bleed-in-attacks-10k-servers-exposed/; https://www.channelnewsasia.com/singapore/cyber-money-heist-ransomware-lockbit-cybercriminals-ransom-icbc-cyberextortion-attack-3929676; https://www.darkreading.com/vulnerabilities-threats/citrix-bleed-bug-inflicts-mounting-wounds-cisa-warns; https://cyberscoop.com/lockbit-boeing-ransomware-com/; https://therecord.media/citrix-bleed-bug-targeted-cisa; https://www.bleepingcomputer.com/news/security/us-health-dept-urges-hospitals-to-patch-critical-citrix-bleed-bug/; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/; https://securityaffairs.com/153431/cyber-crime/boeing-confirms-lockbit-cyber-attack.html; https://therecord.media/american-airlines-pilot-union-cyberattack; https://www.malwarebytes.com/blog/threat-intelligence/2023/12/ransomware-review-december-2023; https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-kill-netscaler-user-sessions-to-block-hackers/; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2024/; https://www.euronews.com/2024/02/20/most-harmful-hacker-network-lockbit-disrupted-by-global-police-operation; https://www.wired.com/story/lockbit-ransomware-takedown-website-nca-fbi/; https://www.bbc.co.uk/news/technology-68344987; https://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/; https://www.huffingtonpost.it/tecnologia/2024/02/20/news/lockbit_hacker_operazione_polizia_ransomware-422168334/; https://new.qq.com/rain/a/20240220A08FYV00; https://new.qq.com/rain/a/20240212A04BPE00; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/rise-in-active-raas-groups-parallel-growing-victim-counts-ransomware-in-2h-2023,2023-11-06,2023-12-21
2760,Pro-Russian hacking group 'NoName057(16)' suspected of disrupting various websites of Dutch transport sector on 3 November 2023,"The pro-Russian hacker group NoName057 conducted DDoS attacks against the websites of the Dutch railway company Arriva, the bus operator Allgobus and the website of the port authority in Den Helder on 3 November 2023. The websites continued to be unavailable on 6 November, 2023. The attack seems to have been a direct response to the state visit of Dutch Defence Minister Kajsa Ollongren to Ukraine and the minister's meeting with Ukrainian President Volodymyr Zelenskyy in Kyiv the day before.",2023-11-03,2023-11-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Allgobus - Arriva - Port authority of Den Helder ,Netherlands; Netherlands; Netherlands,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation,NoName057(16) ,Russia,Non-state-group,Hacktivist(s),1,15061,2023-11-03 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16) ,Russia,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://t.me/noname05716eng/2529,2023-11-06,2023-12-11
2761,"Unknown hackers attacked Synapxe, a national healthcare technology provider in Singapore, with a DDoS attack on 1 November 2023","Unknown hackers attacked Synapxe a Singaporean national health technology provider with a DDoS attack on 1 November. Due to the incident, several websites of public healthcare institutions such as Singapore General Hospital, National University Hospital or Tan Tock Seng Hospital were not accessible. Internet connectivity at public healthcare institutions was also disrupted between 9.20am and 4.30pm on 1 November 2023, with most of the affected services restored by 5.15pm. During the disruption, services requiring internet connectivity at public healthcare institutions, including websites, emails, productivity tools for staff, were inaccessible. The business-critical systems required for clinical services and operations in public healthcare facilities, including access to patient data, could be maintained. Patient data and internal networks remained accessible and unaffected. Patient care was not affected. 
",2023-11-01,2023-11-01,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption,Agency for Integrated Care (AIC) - National University Health System (NUHS) - SingHealth - Singapore General Hospital - National Healthcare Group (NHG) - National University Hospital - Tan Tock Seng Hospital - Synapxe,Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore,ASIA - ASIA - ASIA - ASIA - ASIA - ASIA - ASIA - ASIA,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure; Critical infrastructure,Health - Health - Health - Health - Health - Health - Health - Health; Digital Provider,Not available,Not available,Not available,,1,14282,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,8.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-11-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Singapore,Cyber Security Agency (Singapore),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.todayonline.com/singapore/cyberattack-caused-7-hour-internet-outage-hit-public-hospitals-polyclinics-attacks-continuing-synapxe-2297036
https://www.synapxe.sg/media-releases/corporate/internet-connectivity-for-public-healthcare-institutions-affected-by-ddos-attack; https://www.synapxe.sg/media-releases/corporate/internet-connectivity-at-public-healthcare-institutions-restored; https://www.synapxe.sg/media-releases/corporate/internet-connectivity-for-public-healthcare-institutions-affected-by-ddos-attack; https://www.zdnet.com/article/ddos-attack-revealed-as-cause-of-online-service-outage-at-public-healthcare-institutions/; https://research.checkpoint.com/2023/6th-november-threat-intelligence-report/; https://cybersecasia.net/news/data-breach-statistics",2023-11-06,2024-01-23
2762,Unknown threat actor targeted US subsidiary of Infosys BPM Ltd. and disrupted operations,"Infosys, a leading global Indian IT services corporation, announced on 3 November a serious cyber incident concerning its US subsidiary Infosys McCamish Systems (IMS), according to a company statement to its shareholders. The unspecified incident is said to have led to disruptions to critical applications and systems within IMS.
The company has initiated a collaboration with a prominent cyber security product provider to accelerate the resolution process. In addition, Infosys has initiated an independent investigation to assess the potential impact on its systems and data. While no further information has yet been released on how the attack occurred, there have been individual media reports indicating a ransomware attack.
In February 2024, filings with the Maine Attorney General indicated that customer data from the Bank of America, which was hosted by IMS, was impacted in the attack.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,None - None,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Digital Provider - Finance,,Not available,Not available,,1,17125,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thecyberexpress.com/infosys-us-cyberattack-investigation-launched/; https://www.sec.gov/Archives/edgar/data/1067491/000106749123000059/exv99w01.htm; https://www.bleepingcomputer.com/news/security/bank-of-america-warns-customers-of-data-breach-after-vendor-hack/; https://securityaffairs.com/159085/data-breach/bank-of-america-third-party-services-data-breach.html; https://apps.web.maine.gov/online/aeviewer/ME/40/c2da936e-14f0-421a-833e-a24cbdd79cfa.shtml; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupted-by-global-police-operation/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/,2023-11-06,2024-02-26
2757,Threat actors RansomedVC and MajorNelsen claimed to have stolen data from Japanese electronics company Sony,"The two threat actors RansomedVC and MajorNelson claimed to have stolen data from the Japanese electronics company Sony, both groups announced at the end of September 2023.
On 28 September, RansomedVC published a post on their website declaring the group had succeeded in compromising Sony networks and put 260GB up for sale for $2.5 million. The group published an unusually small sample of files alleged obtained during the compromise (2MB). A second threat actor, MajorNelson, contested RansomedVC's claim in a post published on the hacker forum BreachForums on 26 September 2023 and disclosing a significantly larger pool of data (3.14GB) as proof of compromise. The 3.14GB cache contained details about the SonarQube platform, Sony certificates, Creators Cloud, incident response policies, a device emulator to generate licences. The title of the threat actor's post suggests the compromise may have occurred on 23 September.
Sony confirmed to Bleeping Computer on 4 October 2023 that it identified ""activity on a single server in Japan"", which is used for internal testing for the Entertainment, Technology and Services (ET&S) business. ",2023-09-23,2023-09-26,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Sony,Japan,ASIA; SCS; NEA,Critical infrastructure,Critical Manufacturing,Ransomed.vc,Not available,Non-state-group,Criminal(s),2,15269; 15269; 15270; 15270,2023-09-28 00:00:00; 2023-09-28 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Contested attribution; Attacker confirms; Contested attribution,RansomedVC; RansomedVC; MajorNelson; MajorNelson,Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available,Ransomed.vc; Ransomed.vc; MajorNelson; MajorNelson,Not available; Not available; Not available; Not available,Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed,https://www.bleepingcomputer.com/news/security/sony-investigates-cyberattack-as-hackers-fight-over-whos-responsible/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/; https://www.bleepingcomputer.com/news/security/sony-investigates-cyberattack-as-hackers-fight-over-whos-responsible/; https://www.bleepingcomputer.com/news/security/dc-board-of-elections-confirms-voter-data-stolen-in-site-hack/; https://www.malwarebytes.com/blog/news/2023/10/a-week-in-security-october-2-october-8; https://therecord.media/washington-dc-voter-roles-hackers; https://www.bleepingcomputer.com/news/security/dc-board-of-elections-hackers-may-have-breached-entire-voter-roll/; https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/160054/cyber-crime/lockbit-3-0s-comeback-torrent-based-p2p-data-leakage.html,2023-11-03,2024-02-26
2756,Employee Data from Okta stolen through vendor compromise,"Personal data of roughly 5,000 employees of Okta, a US-based company specialising in identity and access management systems, was stolen through a data breach at a third-party vendor, Rightway Healthcare. According to an incident notification by Rightway Healthcare, unauthorized activity on company networks was detected on 23 September 2023 and around three weeks later, on 12 October, an unauthorized actor gained access to an eligibility census file managed by Rightway Healthcare, which contained personal data of 4,961 Okta employees. The records included social security numbers of affected employees, as well as health insurance plan numbers.",2023-09-23,2023-09-23,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"Rightway Healthcare - Okta, Inc.",United States; United States,NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Health - Telecommunications,Not available,Not available,Unknown - not attributed,,1,15271,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/153478/data-breach/okta-data-breach-third-party-vendor.html; https://www.darkreading.com/remote-workforce/okta-employee-data-exposed-third-party-vendor; https://therecord.media/okta-employees-impacted-by-third-party-breach; https://www.bleepingcomputer.com/news/security/okta-hit-by-third-party-data-breach-exposing-employee-information/; https://apps.web.maine.gov/online/aeviewer/ME/40/08edf96f-d599-4db9-9e1f-52453c0ba058.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/08edf96f-d599-4db9-9e1f-52453c0ba058/22d1a94b-6042-4961-914c-a043b36ae79b/document.html; https://www.wired.com/story/flipper-zero-iphone-dos-attack-security-roundup/; https://thehackernews.com/2023/11/oktas-recent-customer-support-data.html; https://arstechnica.com/information-technology/2023/11/no-okta-senior-management-not-an-errant-employee-caused-you-to-get-hacked/; https://securityaffairs.com/153581/data-breach/okta-customer-support-system-breach-customers.html; https://www.darkreading.com/attacks-breaches/okta-customer-support-breach-exposed-data-134-customers-; https://therecord.media/okta-identity-token-theft-response; https://www.bleepingcomputer.com/news/security/okta-breach-134-customers-exposed-in-october-support-system-hack/; https://www.bleepingcomputer.com/news/security/okta-october-data-breach-affects-all-customer-support-system-users/; https://www.wired.com/story/okta-breach-disclosure-all-customer-support-users/; https://securityaffairs.com/154965/hacking/okta-update-october-2023-support-system-breach.html; https://www.wired.com/story/chatgpt-poem-forever-security-roundup/; https://securityaffairs.com/155128/breaking-news/security-affairs-newsletter-round-448-by-pierluigi-paganini-international-edition.html; https://www.heise.de/news/Okta-Doch-viel-mehr-als-ein-Prozent-der-Kundschaft-von-Datendiebstahl-betroffen-9542820.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.techrepublic.com/article/top-cybersecurity-threats/; https://therecord.media/nation-state-actor-used-stolen-okta-credentials-to-target-cloudflare; https://www.bleepingcomputer.com/news/security/cloudflare-hacked-using-auth-tokens-stolen-in-okta-attack/; https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/; https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/,2023-11-03,2023-12-13
2755,Ransomware group Rhysida targeted British Library on 26 October 2023,"The ransomware group Rhysida targeted the British Library on 26 October 2023. The attack rendered the website and other services, including phone lines and on-site library services in London or Yorkshire, inaccessible. Additionally, the hackers seized an estimated data volume of 600 GB. The British Library confirmed in an update on 14 November that it was dealing with a ransomware attack and that the library's online systems, services and facilities, such as Wi-Fi, were still restricted. Rhysida added the library to its leak site on 20 November, threatening to publish personal data obtained in the compromise if demands for 20 bitcoin, or about £590,000, went unmet.",2023-10-26,2023-11-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Civil service / administration,,Not available,Not available,,1,18274,2023-11-20 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-10-31 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,UK National Cyber Security Centre,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/british-library-knocked-offline-by-weekend-cyberattack/; https://securityaffairs.com/153309/hacking/british-library-cyber-attack.html; https://twitter.com/britishlibrary/status/1719338957907825151; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2023-hives-back/; https://www.bleepingcomputer.com/news/security/british-library-ongoing-outage-caused-by-ransomware-attack/; https://www.darkreading.com/attacks-breaches/british-library-confirms-ransomware-attack-caused-outages; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/; https://therecord.media/british-library-ransomware-hackers-stole-hr-data; https://www.bleepingcomputer.com/news/security/rhysida-ransomware-gang-claims-british-library-cyberattack/; https://www.theguardian.com/technology/2023/nov/22/personal-data-stolen-in-british-library-cyber-attack-appears-for-sale-online; https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attack; https://www.bl.uk/; https://www.bbc.co.uk/news/entertainment-arts-67544504?at_medium=RSS&at_campaign=KARANGA; https://research.checkpoint.com/2023/27th-november-threat-intelligence-report/; https://www.heise.de/news/London-Ransomware-Gruppe-Rhysidia-droht-Krankenhausdaten-zu-versteigern-9545660.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bbc.co.uk/news/entertainment-arts-67484639?at_medium=RSS&at_campaign=KARANGA; https://www.heise.de/news/British-Library-Wochenlanger-Ausfall-wegen-Ransomware-Angriff-9534532.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://therecord.media/toronto-public-library-remains-crime-scene; https://securityaffairs.com/156430/cyber-crime/rhysida-ransomware-abdali-hospital-jordan.html; https://www.theguardian.com/technology/2024/jan/02/techscape-cybercrime-ai-apple-big-stories-in-tech-for-2024; https://securityaffairs.com/154785/cyber-crime/rhysida-ransomware-china-energy.html; https://www.eldestapeweb.com/cultura/biblioteca-britanica/tras-el-ciberataque-la-biblioteca-britanica-comenzo-a-trabajar-en-la-recuperacion-de-su-archivo-202411513230; https://economictimes.indiatimes.com/news/international/uk/good-news-british-library-is-gradually-resuming-online-services-following-a-cyber-attack/articleshow/106871924.cms; https://therecord.media/british-library-restoring-access-after-ransomware-attack; https://www.theguardian.com/books/2024/jan/15/british-library-begins-restoring-digital-services-after-cyber-attack; https://www.spectator.com.au/2024/01/why-didnt-the-british-library-pay-a-ransom-to-cyber-attackers/; https://www.eldestapeweb.com/cultura/biblioteca-britanica/tras-el-ciberataque-la-biblioteca-britanica-comenzo-a-trabajar-en-la-recuperacion-de-su-archivo-202411513230; https://www.infosecurity-magazine.com/news/british-library-catalogue-online/; https://www.euronews.com/culture/2024/01/16/british-library-puts-catalogue-back-online-after-2023-cyber-attack; https://new.qq.com/rain/a/20240116A05LWN00; https://www.rtbf.be/article/a-londres-une-cyberattaque-met-en-peril-la-british-library-11314117; https://english.elpais.com/culture/2024-01-22/the-british-library-begins-to-recover-from-the-largest-cyber-attack-in-its-history.html; https://elpais.com/cultura/2024-01-22/la-british-library-la-biblioteca-mas-completa-del-mundo-comienza-a-recuperarse-del-mayor-ciberataque-de-su-historia.html; https://elpais.com/cultura/2024-01-22/la-british-library-la-biblioteca-mas-completa-del-mundo-comienza-a-recuperarse-del-mayor-ciberataque-de-su-historia.html; https://www.infobae.com/cultura/2024/01/22/el-ciberataque-a-la-biblioteca-britanica-abre-una-nueva-era-contra-los-espacios-virtuales-del-conocimiento/; https://english.elpais.com/culture/2024-01-22/the-british-library-begins-to-recover-from-the-largest-cyber-attack-in-its-history.html; https://www.prensa-latina.cu/2024/01/23/biblioteca-nacional-de-reino-unido-en-recuperacion-tras-ciberataque; https://actualitte.com/article/115584/distribution/apres-une-cyberattaque-devastatrice-le-distributeur-socadis-reprend-ses-activites; https://www.eliberico.com/los-espanoles-cazados-en-el-ciberataque-a-la-british-library-de-londres/; https://www.heise.de/news/Ransomware-Forscher-decken-dummen-Krypto-Fail-auf-und-veroeffentlichen-Decryptor-9626575.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://scroll.in/article/1063648/digital-technologies-make-ancient-manuscripts-more-accessible-but-there-are-risks-and-losses-too; https://www.darkreading.com/cloud-security/library-cyber-defenses-are-falling-down; https://www.bbc.co.uk/news/business-68225892; https://www.govinfosecurity.com/uk-conservatives-say-no-to-cyber-insurance-backstop-a-24569; https://www.computerweekly.com/news/366573453/British-Library-opens-up-over-ransomware-attack-to-help-others; https://www.ukauthority.com/articles/british-library-shares-lessons-from-cyber-attack/; https://www.theguardian.com/technology/2024/mar/12/ransomware-groups-warned-there-is-no-money-in-attacking-british-state; https://www.theguardian.com/technology/2024/mar/17/british-library-did-the-right-thing-by-not-paying-cybercriminals; https://www.malwarebytes.com/blog/ransomware/2024/03/3-important-lessons-from-a-devastating-ransomware-attack; https://actualitte.com/article/116407/bibliotheque/attaque-de-la-british-library-600-go-partis-sur-le-dark-web; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax; https://www.schneier.com/blog/archives/2024/03/lessons-from-a-ransomware-attack-against-the-british-library.html; https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-march-25-march-31; https://www.onlinepc.ch/internet/sicherheit/kriminelle-moegen-ki-pure-storage-kommentiert-stand-cybersicherheit-2914574.html,2023-11-02,2024-03-27
2753,Iranian state-sponsored hacker group Scarred Manticore gained access to Windows servers of various Middle Eastern state and private institutions using LIONTAIL malware framework since at least 2022,"The Iranian state-sponsored hacker group Scarred Manticore gained access to Windows servers of various Middle Eastern state and private institutions using LIONTAIL malware framework tracing back to at least 2022 and continuing to at a minimum mid- 2023, Israeli IT security firm Check Point reported on 31 October 2023. 
Scarred Manticore targeted government and military institutions, as well as telecommunications, IT security, and a non-governmental organisation's facilities. The activities targeted facilities in the United Arab Emirates, Saudi Arabia, Jordan, Kuwait, Oman, Iraq, and Israel. Scarred Manticore is believed to be associated with Iran's Ministry of Intelligence and Security (MOIS). Check Point linked tools of the group to destructive attacks against Albanian government facilities in 2022.
",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available,Middle East (region); Israel; United Arab Emirates; Jordan; Saudi Arabia; Iraq; Oman, - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC,Social groups - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system,Advocacy / activists (e.g. human rights organizations) - Government / ministries; Telecommunications; ; Military - Government / ministries; Telecommunications; ; Military - Government / ministries; Telecommunications; ; Military - Government / ministries; Telecommunications; ; Military - Government / ministries; Telecommunications; ; Military - Government / ministries; Telecommunications; ; Military,Scarred Manticore/Storm-0861 fka Dev-0861/ShroudedSnooper (Ministry of Intelligence of the Islamic Republic of Iran),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,15273,2023-10-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,Check Point ,Israel,Scarred Manticore/Storm-0861 fka Dev-0861/ShroudedSnooper (Ministry of Intelligence of the Islamic Republic of Iran),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,6.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/11/iranian-cyber-espionage-group-targets.html; https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/; https://therecord.media/iranian-hackers-spy-on-governments-military-middle-east; https://www.hackread.com/iran-scarred-manticore-middle-east-liontail-malware/; https://www.darkreading.com/dr-global/-scarred-manticore-unleashes-most-advanced-iranian-espionage; https://research.checkpoint.com/2023/irans-most-advanced-cyber-attack-yet/; https://therecord.media/muddywater-cyber-espionage-africa-telecoms-iran,2023-11-02,2023-12-14
2752,Alleged Russian hacker group UserSec disrupted access to Manchester Airport website on 30 October 2023,"On 30 October 2023, Manchester Airport's website was targeted by a DDoS attack, with access temporarily disrupted in the afternoon. A group identifying itself as UserSec, reportedly of Russian origin or operating in support of pro-Russian objectives, claimed responsibility for the incident. Access to the website was stable again by 4:15pm UK time. The National Cyber Security Centre has initiated an investigation into the incident.",2023-10-30,2023-10-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Manchester Airport (MAN),United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Transportation,UserSec,Russia,Non-state-group,Hacktivist(s),1,14514,2023-10-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,UserSec,Not available,Not available,UserSec,Russia,Non-state-group,https://t.me/user_sec/952,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,1,2023-10-30 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,UK National Cyber Security Centre,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.manchestereveningnews.co.uk/news/greater-manchester-news/breaking-manchester-airport-website-down-28011797#3398645; https://t.me/user_sec/952,2023-10-31,2023-11-27
2751,Unknown hackers encrypted data at university of Hannover on 30 October 2023,"Unknown hackers encrypted some not further specified data at the public university of Hannover on 30 October 2023, the university announced on its website.
To prevent further damage, the university has shut down large parts of the IT infrastructure, taking offline the single-sign-on service which manages access to digital university resources. 
It is unclear whether data has been stolen during the intrusion. Students' master and examination data remained unaffected by the compromise.",2023-10-30,2023-10-30,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Hochschule Hannover,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,14383,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hs-hannover.de/ueber-uns/organisation/kom/informationen-fuer-hochschulangehoerige-zum-cyberangriff; https://www.heise.de/news/Hochschule-Hannover-Ransomware-Angriff-grosse-Teile-der-IT-Infrastruktur-down-9350254.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag,2023-10-31,2023-11-20
2750,Pro-Hamas hacktivist group targeted Israeli entities with new BiBi-Linux wiper malware,"A pro-Hamas hacktivist group targeted Linux systems belonging to Israeli companies with updated BiBi-Linux wiper malware. The malware conducts file corruption by overwriting files with useless data, damaging both the data and the operating system. Windows versions of the wiper have subsequently been deployed.  ",2023-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Israel,ASIA; MENA; MEA,Unknown,,Pro-Hamas hacktivist group,Not available,Non-state-group,Hacktivist(s),1,14384,2023-10-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Security Joes,Security Joes,Israel,Pro-Hamas hacktivist group,Not available,Non-state-group,https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group,Resources; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/new-bibi-linux-wiper-malware-targets-israeli-orgs-in-destructive-attacks/; https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html; https://www.hackread.com/hamas-hackers-israeli-bibi-linux-wiper-malware/; https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group; https://securityaffairs.com/153341/malware/pro-hamas-group-bibi-linux-wiper.html; https://research.checkpoint.com/2023/6th-november-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2023-hives-back/; https://securityaffairs.com/156065/hacktivism/pro-israel-predatory-sparrow-iran-fuel-stations.html; https://www.hackread.com/hamas-group-sysjoker-malware-leverages-onedrive/; https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf; https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/,2023-10-31,2024-02-16
2749,'Akira' Ransomware Group targeted German IT service provider Südwestfalen-IT via ransomware on 29 October 2023,"The 'Akira' group targeted the German IT service provider Südwestfalen-IT with ransomware during the night of 29-30 October. The threat actors encrypted data on the IT service provider's servers. To prevent further damage, Südwestfalen-IT shut down its data centre. Südwestfalen-IT provides IT services for German local authorities, which have left many without access to communication infrastructure, appointment scheduling services and digital platforms for tracking administrative tasks. According to the mayor of Siegen, as of 16 November, 103 local authorities are known to have suffered damage as a result of the incident. The IT provider ruled out paying the cyber criminals in agreement with the local authorities.",2023-10-29,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Südwestfalen IT,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Telecommunications,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),1,16625,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Federal Ministry of the Interior and Community (Germany),Not available,Germany,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,https://www.heise.de/news/Nach-Ransomware-Angriff-Suedwestfalen-IT-und-Kommunen-lehnen-Loesegeldzahlung-ab-9386564.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,External Remote Services; Valid Accounts,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-10-30 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Not available,Polizei Dortmund,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Ransomware-in-Westfalen-Messe-Essen-und-SIT-NRW-unter-Beschuss-9348855.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; http://sit.nrw/; https://www.wp.de/staedte/kreis-olpe/hacker-angriff-suedwestfalen-it-quasi-stillgelegt-id239912353.html; https://www.wp.de/region/sauer-und-siegerland/cyberattacke-auf-suedwestfalen-was-bislang-bekannt-ist-id239913093.html; https://www1.wdr.de/nachrichten/westfalen-lippe/cyber-angriff-suedwestfalen-kommunen-100.html; https://research.checkpoint.com/2023/6th-november-threat-intelligence-report/; https://www.heise.de/news/Nach-Ransomware-Angriff-Suedwestfalen-IT-und-Kommunen-lehnen-Loesegeldzahlung-ab-9386564.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.heise.de/news/Bericht-IT-Sicherheit-in-Gesundheitsaemtern-vernachlaessigt-9404608.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Cyberangriff-auf-Suedwestfalen-IT-Mehr-Kommunen-betroffen-Notbetrieb-haelt-an-9532453.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Cyberangriff-in-Suedwestfalen-Wiederaufbau-geht-langsamer-als-erhofft-9568724.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Cyberangriff-in-Suedwestfalen-Zeitplan-fuer-Notbetrieb-und-Wiederanlauf-steht-9535521.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://in-gl.de/2024/01/15/traukalender-der-stadt-bergisch-gladbach-ist-wieder-online/; https://in-gl.de/2024/01/17/stadt-zieht-gewerbe-und-hundesteuer-wieder-ein/; https://www.heise.de/news/Suedwestfalen-IT-Angreifer-errieten-Passwort-und-kamen-ueber-bekannte-Cisco-Luecke-9610102.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://tarnkappe.info/artikel/it-sicherheit/it-forensik-bericht-der-suedwestfalen-it-erkenntnisse-zum-ransomware-angriff-288522.html; https://www.rtl.de/cms/nach-cyberangriff-keine-einwohner-daten-erbeutet-167f0e0f-1809-5396-b169-140d16daa5dd.html; https://www.zdnet.de/88413956/hackerangriff-suedwestfalen-it-raeumt-sicherheitsmaengel-ein/; https://www.it-zoom.de/it-director/e/cyberattacke-in-nrw-buergerdaten-sollen-sicher-sein-33839/; https://www.heise.de/news/Montag-Windkraftwerke-gebremst-von-Netzlast-Kritik-an-Datensammlung-wegen-DSA-9611261.html; https://www.heise.de/news/Montag-Windkraftwerke-gebremst-von-Netzlast-Kritik-an-Datensammlung-wegen-DSA-9611261.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://b2b-cyber-security.de/akira-verantwortlich-fuer-angriff-auf-suedwestfalen-it-und-kommunen/; https://www1.wdr.de/nachrichten/ruhrgebiet/witten-trennt-sich-von-suedwestfalen-it-100.html; https://www.it-daily.net/it-sicherheit/cybercrime/cyberresilienz; https://netzpolitik.org/2024/zentrum-fuer-digitale-souveraenitaet-knappe-ressourcen-fuer-open-source/; https://www.heise.de/news/Nach-verheerendem-Angriff-auf-Suedwestfalen-IT-205-Kommunen-lassen-IT-pruefen-9651073.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.siegener-zeitung.de/lokales/siegerland/siegen/siegen-macht-fortschritte-nach-cyberangriff-serviceportal-steht-wieder-zur-verfuegung-EEO2RYVMCNE5LD6323HWSZAB5I.html,2023-10-31,2024-03-12
2748,BlackBasta disrupted services at Toronto Public Library beginning on 28 October 2023,"The ransomware group BlackBasta disrupted services at Toronto Public Library (TPL) tracing back to at least on 28 October 2023. The disruption affected the services of tpl.ca, “your account”, tpl:map passes and digital collections as well as public computers and printing services at their sites. In a press release, TPL disclosed that personal information of current and former staff of the TPL and its associated foundation have been compromised. Affected records, reaching as far back as 1998, included the name, social insurance number, date of birth and home address of concerned individuals. TPL announced that it would not fulfil any ransom demand.",2023-10-28,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Toronto Public Library,Canada,NATO; NORTHAM,State institutions / political system,Civil service / administration,BlackBasta,Not available,Non-state-group,Criminal(s),1,14386,2023-11-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackBasta,Not available,Not available,BlackBasta,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,1,2023-11-14 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Toronto Police Service,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/toronto-public-library-services-down-following-weekend-cyberattack/; https://torontopubliclibrary.typepad.com/tpl_maintenance/toronto-public-library-website-maintenance.html; https://www.bleepingcomputer.com/news/security/toronto-public-library-outages-caused-by-black-basta-ransomware-attack/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2023-hives-back/; https://research.checkpoint.com/2023/6th-november-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/toronto-public-library-confirms-data-stolen-in-ransomware-attack/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/; https://torontopubliclibrary.typepad.com/tpl_maintenance/toronto-public-library-website-maintenance.html; https://therecord.media/toronto-public-library-remains-crime-scene; https://www.bleepingcomputer.com/news/security/toronto-zoo-ransomware-attack-had-no-impact-on-animal-wellbeing/; https://torontopubliclibrary.typepad.com/tpl/library-services-update.html; https://www.hrreporter.com/focus-areas/automation-ai/toronto-public-library-nears-full-recovery-from-cyber-attack/383016; https://www.heise.de/news/Nach-Cyberangriff-Ransomware-Gruppe-Akira-listet-Toronto-Zoo-auf-ihrer-Leaksite-9611087.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://dushi.singtao.ca/toronto/%E6%96%B0%E9%97%BB/%E6%96%B0%E9%97%BB%E5%BF%AB%E9%80%92/%E5%A4%9A%E4%BC%A6%E5%A4%9A%E5%9B%BE%E4%B9%A6%E9%A6%86%E6%81%A2%E5%A4%8D%E6%9C%8D%E5%8A%A1-%E5%A4%A7%E9%87%8F%E7%94%A8%E6%88%B7%E6%B6%8C%E5%85%A5%E7%8E%B0%E6%8A%80%E6%9C%AF%E9%97%AE%E9%A2%98%EF%BC%81/; https://spacing.ca/toronto/2024/04/03/spacing-investigation-toronto-public-library-ransomware-attack-pt-v/,2023-10-31,2024-02-28
2747,Unknown hackers disrupted servers of Franco-Italian ferry operator Corsica Ferries on 27 October 2023,"Corsica Ferries, a well-known Franco-Italian ferry company, suffered a disruption to its servers on 27 October 2023 that rendered parts of its websites inaccessible for more than 30 hours. During this period, the website displayed a maintenance message indicating that the servers were down. The website outage temporarily prevented online reservations. ",2023-10-27,2023-10-27,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Corsica Ferries ,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,14387,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://france3-regions.francetvinfo.fr/corse/haute-corse/bastia/victime-d-une-cyber-attaque-le-site-de-reservation-de-la-corsica-ferries-est-inaccessible-2863859.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Law of the sea; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://france3-regions.francetvinfo.fr/corse/haute-corse/bastia/victime-d-une-cyber-attaque-le-site-de-reservation-de-la-corsica-ferries-est-inaccessible-2863859.html,2023-10-30,2023-11-20
2746,US energy manufacturing firm BHI Energy targeted by Akira ransomware in May 2023,"US energy manufacturing firm BHI Energy was targeted by Akira ransomware in May 2023, according to a data breach notification by the company from 18 October 2023. According to the notification, the company became aware that data within its networks had been encrypted on 29 June 2023. A commissioned cybersecurity company found out that Akira infiltrated the networks on 30 May, using a previously compromised user account of a third-party contractor. The notification further describes in detail the attack stages: Akira exfiltrated 690 gigabytes of data between 20 June and 29 June, including a copy of BHI’s Active Directory database. They completed data exfiltration on 29 June and then deployed their ransomware to a subset of BHI systems. According to Akira, 767,035 files were exfiltrated, totalling 690GB of uncompressed data, which they subsequently deleted from a BHI server. BHI was able to ""successfully recover data in the systems without needing to obtain a ransomware decryption tool from the TA"" (threat actor). They then removed Akira from its networks on or about 7 July. Furthermore, BHI found out on 1 September that some of the files contained individuals’ personal information subsequently identified as comprising names, addresses, date of birth, and Social Security number, and potentially health information. By18 October, BHI confirmed the identities and addresses of the 896 affected Iowa residents and sent written notice to these residents.",2023-05-30,2023-07-07,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,BHI energy,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,,Not available,Non-state-group,Criminal(s),1,15368,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,BHI energy,Not available,United States,,Not available,Non-state-group,https://www.documentcloud.org/documents/24075435-bhi-notice,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,External Remote Services; Trusted Relationship; Valid Accounts,Data Exfiltration; Data Destruction; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/us-energy-firm-shares-how-akira-ransomware-hacked-its-systems/; https://www.documentcloud.org/documents/24075435-bhi-notice,2023-10-30,2024-02-28
2745,"Octo Tempest targeted gaming, hospitality, manufacturing, finance and other sectors with ransomware since Mid 2023","The cyber-crime group Octo Tempest (aka 0ktapus, Scatter Swine, UNC3944) has targeted the gaming, hospitality, manufacturing, retail, finance and other sectors such as MSPs with ransomware since mid-2023, according to a Microsoft report from 25 October 2023. In this phase, the group acted as an affiliate by the Russian-speaking ransomware group ALPHV/BlackCat, deploying ransomware on the victim’s network, stealing and encrypting data for extortion. An English-speaking group acting as an affiliate of a Russian-speaking group is a remarkable dynamic, according to Microsoft.",2023-07-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse; Ransomware,Not available,Not available,,Critical infrastructure; Critical infrastructure; Critical infrastructure,Finance; Critical Manufacturing; Digital Provider,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,Criminal(s),1,15378,2023-10-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing; Valid Accounts,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/10/microsoft-warns-as-scattered-spider.html; https://therecord.media/mgm-resorts-hackers-most-dangerous-microsoft; https://cyberscoop.com/com-scattered-spider-tradecraft/; https://www.darkreading.com/remote-workforce/microsoft-0ktapus-cyberattackers-evolve-most-dangerous-status; https://arstechnica.com/security/2023/10/microsoft-profiles-new-threat-group-with-unusual-but-effective-practices/; https://www.darkreading.com/threat-intelligence/octo-tempest-group-threatens-physical-violence-social-engineering-tactic; https://socradar.io/sim-swappers-collaborate-with-ransomware-gangs/; https://www.bleepingcomputer.com/news/security/microsoft-octo-tempest-is-one-of-the-most-dangerous-financial-hacking-groups/; https://www.malwarebytes.com/blog/news/2023/10/ransomware-affiliate-octo-tempest-is-a-growing-concern-for-organizations-across-multiple-industries; https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/; https://www.techrepublic.com/article/microsoft-octo-tempest-threat-actor/; https://www.bleepingcomputer.com/news/microsoft/microsoft-seizes-domains-used-to-sell-fraudulent-outlook-accounts/; https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/; https://cyberscoop.com/microsoft-seizes-infrastructure-of-top-cybercrime-group/,2023-10-30,2024-02-23
2744,"Octo Tempest targeted Telecommunications, email and tech service providers with data-theft extortion scheme from late 2022 until early 2023","Cyber-crime group Octo Tempest (also known as 0ctapus, Scatter Swine, UNC3944) has targeted telecommunications, email and tech service providers with data-theft extortion scheme from late 2022 until early 2023, according to a Microsoft report from 25 October 2023. The attackers used phishing and social engineering in order to conduct their data exfiltration-extortion scheme. The same report also outlines another campaign by the group, that started in mid-2023, focusing on the gaming, hospitality, retail, manufacturing, financial, technology and MSP sector, this time acting as an affiliate of the Russian-speaking ransomware group ALPHV/BlackCat.
Threat intelligence firm Trellix reported on 17 August 2023 on a similar campaign by Octo Tempest against telecoms providers in December 2022, which may have at least overlapped with the campaign disclosed by Microsoft.",2022-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse; Ransomware,Not available,Not available,,Critical infrastructure; Other,Telecommunications; ,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,Criminal(s),1,15379,2023-10-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing; Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/10/microsoft-warns-as-scattered-spider.html; https://therecord.media/mgm-resorts-hackers-most-dangerous-microsoft; https://cyberscoop.com/com-scattered-spider-tradecraft/; https://www.darkreading.com/remote-workforce/microsoft-0ktapus-cyberattackers-evolve-most-dangerous-status; https://arstechnica.com/security/2023/10/microsoft-profiles-new-threat-group-with-unusual-but-effective-practices/; https://www.darkreading.com/threat-intelligence/octo-tempest-group-threatens-physical-violence-social-engineering-tactic; https://socradar.io/sim-swappers-collaborate-with-ransomware-gangs/; https://www.bleepingcomputer.com/news/security/microsoft-octo-tempest-is-one-of-the-most-dangerous-financial-hacking-groups/; https://www.malwarebytes.com/blog/news/2023/10/ransomware-affiliate-octo-tempest-is-a-growing-concern-for-organizations-across-multiple-industries; https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/; https://www.techrepublic.com/article/microsoft-octo-tempest-threat-actor/; https://www.bleepingcomputer.com/news/microsoft/microsoft-seizes-domains-used-to-sell-fraudulent-outlook-accounts/; https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/; https://cyberscoop.com/microsoft-seizes-infrastructure-of-top-cybercrime-group/,2023-10-30,2023-12-19
2743,North Korean State-Sponsored Hacking Group Lazarus Compromised Unnamed Software Vendor Starting In Mid-2022,"North Korean hacker group Lazarus has exploited known vulnerabilities in the offerings of a high-profile software vendor in an effort to attack its customers. The cybersecurity company Kaspersky first identified these attacks in mid-July and observed recurrent infection attempts against the same target continuing into mid-2023. 
Although the report does not specify the victims or the vulnerabilities exploited, it assesses that the North Korean threat actors used malware strains such as SIGNBT and LPEClient, with SIGNBT showing significant advances in stealth and evasion techniques.",2022-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Critical infrastructure,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15377,2023-10-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,Kaspersky,Russia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securelist.com/unveiling-lazarus-new-campaign/110888/; https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html; https://therecord.media/north-korean-hackers-exploit-software-vulnerability; https://www.bleepingcomputer.com/news/security/lazarus-hackers-breached-dev-repeatedly-to-deploy-signbt-malware/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html; https://therecord.media/north-korean-hackers-exploit-software-vulnerability; https://www.bleepingcomputer.com/news/security/lazarus-hackers-breached-dev-repeatedly-to-deploy-signbt-malware/; https://securelist.com/unveiling-lazarus-new-campaign/110888/,2023-10-30,2023-12-19
2742,Unknown hackers gained access to Clark County School District's email servers in Nevada in October 2023,"Unknown hackers gained access to the Clark County School District's email servers in Nevada in October 2023, according to a District statement from 16 October 2023. They became aware of the incident on 5 October and then engaged a team of forensic experts to investigate the incident. The statement further said that an ""unauthorized party accessed limited personal information related to a subset of students, parents, and employees"". In the meantime, parents reportedly received messages from the attackers warning that their children's data had been leaked. According to DataBreaches, a group calling themselves 'SingularityMD' claimed responsibility for the incident, also declaring that they notified the District about their network infiltration, contradicting the District's statement that they detected the infiltration. The group leaked data such as financial reports, staff salaries and grant information from the district. ",2023-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Clark County School District (Nevada),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,SingularityMD,Not available,Non-state-group,Criminal(s),1,15380,2023-10-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,SingularityMD,Not available,Not available,SingularityMD,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/hackers-email-stolen-student-data-to-parents-of-nevada-school-district/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,1,2023-10-16 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hackers-email-stolen-student-data-to-parents-of-nevada-school-district/; https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/,2023-10-30,2023-12-19
2741,Unknown hackers turned StripedFly cryptominer into espionage framework affecting victims worldwide since 2022,"According to researchers from Kaspersky, unknown hackers have turned the StripedFly malware, which has been in circulation since 2017 and initially only functioned as cryptominer, into a ""multi-functional wormable"" espionage framework targeting victims worldwide since 2022. The cryptominer module also served as an evasion-detection functionality for the malware, according to the blogpost. The framework allowed the attackers to spy on victims, including government entities and large commercial organizations worldwide, according to cybersecurity journalist Kim Zetter. The malware undertakes extensive data collection, harvesting credentials every two hours, ""pilfering sensitive data such as site and Wi-Fi login credentials, along with personal data such as name, address, phone number, company, and job title. Furthermore, the malware can capture screenshots on the victim's device without detection, gain significant control over the machine, and even record microphone input,"" as reported by Kaspersky. Another notable characteristic is the exploitation of the NSA-developed EternalBlue 'SMBv1' exploit for initial victim infiltration, for which Microsoft provided a patch already in 2017 but which can still be instrumentalized for attacks due to missing patch implementations.  Kaspersky further noted similarities to the Equation malware, which is generally attributed to the American intelligence service NSA. The similarities include the coding style and practice, which resembles those seen in the StraitBizzare malware.  The estimated victim number for StripedFly reached over one million worldwide. As outlined in Kim Zetter's blogpost from 27 October, StripedFly is remarkable because of its usage of a custom-coded TOR client to ""transmit communication and siphoned data between infected systems and the attackers’ command and control server"". In addition, it entails a ransomware component (dubbed ThunderCrypt) that has infected a small number of victims, including entities located in Taiwan. According to Kaspersky researcher Sergey Lozhkin, the ransomware component may serve as a cover for a kill-switch functionality, in case the malware is detected, to destroy technical evidence of the compromise. Kim Zetter's blogpost quotes Lozhkin as stating that apart from the observed similarities between StripedFly and the NSA tools, there is “no direct evidence that they are related” or that StripedFly is operated by the NSA. ",2022-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse; Ransomware,None - None,Taiwan; Global (region),ASIA; SCS - ,End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - Government / ministries; ,,Not available,Not available,,1,15381,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,https://www.kaspersky.com/about/press-releases/2023_stripedfly-a-worming-miner-hiding-sophisticated-code-and-espionage-ready-capabilities; https://www.zetter-zeroday.com/p/sophisticated-stripedfly-spy-platform,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,10.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",501-10000,1000000.0,1-10,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/153186/breaking-news/security-affairs-newsletter-round-443-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/cryptominer-espionage-campaign-security-roundup/; https://www.zetter-zeroday.com/p/sophisticated-stripedfly-spy-platform; https://cyberscoop.com/kaspersky-reveals-elegant-malware-resembling-nsa-code/; https://www.bleepingcomputer.com/news/security/stripedfly-malware-framework-infects-1-million-windows-linux-hosts/; https://www.darkreading.com/threat-intelligence/complex-spy-platform-stripedfly-bites-1m-victims-disguised-as-a-cryptominer; https://www.kaspersky.com/about/press-releases/2023_stripedfly-a-worming-miner-hiding-sophisticated-code-and-espionage-ready-capabilities; https://securityaffairs.com/153208/malware/stripedfly-complex-malware.html; https://thehackernews.com/2023/11/stripedfly-malware-operated-unnoticed.html,2023-10-30,2024-01-05
2740,IT Army of Ukraine disrupted internet services in territories occupied by Russia on 27 October 2023,"The IT Army of Ukraine disrupted Internet services in Ukrainian territories occupied by Russia on 27 October 2023 with DDoS attacks targeting three Russian Internet service providers (ISPs), namely Miranda-media, Krimtelekom and MirTelekom. The ISPs were able to restore cellular networks that experienced temporary downtimes, affecting phone calls and Internet connectivity, by the end of the day, according to public statements on their websites.",2023-10-27,2023-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Krimtelekom - MirTelekom - Miranda-media,Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,15382,2023-10-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://securityaffairs.com/153192/hacktivism/it-army-of-ukraine-hit-russia-isp.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",2.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/153192/hacktivism/it-army-of-ukraine-hit-russia-isp.html; https://therecord.media/ukranian-hackers-disrupt-internet-providers-crimea; https://therecord.media/ukraine-detains-member-of-russia-cyber-army,2023-10-30,2023-12-19
2739,Chilean telecommunications company GTD hit by ransomware attack on 23 October 2023,"Chile's Computer Security Incident Response Team confirmed Chilean telecommunications company GTD was hit by a ransomware attack on 23 October 2023. The attack disrupted their online services, including their infrastructure-as-a-service (IaaS) platform and shared services. Media reports linked the incident to the Rorschach/BabLock ransomware.",2023-10-23,2023-10-23,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,GTD,Chile,SOUTHAM,Critical infrastructure,Telecommunications,Rorschach/BabLock,Not available,Non-state-group,Criminal(s),1,18143,2023-12-25 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Not available,Not available,Not available,Rorschach/BabLock,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,International telecommunication law; Due diligence; Sovereignty,; ; ,Not available,1,2024-03-06 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Chile,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/chilean-telecom-giant-gtd-hit-by-the-rorschach-ransomware-gang/; https://www.csirt.gob.cl/noticias/10cnd23-00115-03/; https://www.theclinic.cl/2024/03/19/gtd-demanda-ciberataque-octubre/; https://www.theclinic.cl/2024/03/19/gtd-demanda-ciberataque-octubre/; https://www.df.cl/opinion/cartas/gtd-ionix-y-la-cuantificacion-del-dano-reputacional,2023-10-27,2024-03-21
2737,Threat actor 'YoroTrooper' targeted critical infrastructure and government organizations in CIS countries beginning in June 2023,The threat actor YoroTrooper/SturgeonPhisher has been employing spear-phishing to target critical infrastructure and government organizations in CIS countries beginning in June 2023. Cisco Talos assessed with high confidence that the threat actor is based in Kazakhstan but is masquerading as Azerbaijani.,2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Chamber of Commerce and Industry (Tajikistan) - Ministry of Transport and Roads (Kyrgyzstan) - National Drug Enforcement Agency - Ministry of Energy of the Republic of Uzbekistan - KyrgyzKomur,Tajikistan; Kyrgyzstan; Tajikistan; Uzbekistan; Kyrgyzstan,ASIA; CENTAS; CSTO; SCO - ASIA; CENTAS; CSTO; SCS - ASIA; CENTAS; CSTO; SCO - ASIA; CENTAS; SCO - ASIA; CENTAS; CSTO; SCS,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure,Government / ministries - Government / ministries - Civil service / administration - Government / ministries - Energy,YoroTrooper,Kazakhstan,Unknown - not attributed,,1,15384,2023-10-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,Cisco Talos ,United States,YoroTrooper,Kazakhstan,Unknown - not attributed,https://blog.talosintelligence.com/attributing-yorotrooper/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,5.0,1-10,4.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/10/yorotrooper-researchers-warn-of.html; https://blog.talosintelligence.com/attributing-yorotrooper/,2023-10-27,2023-12-19
2735,Alleged Ukrainian hacktivist group Hassle Bros gained access to Spotify accounts of several Russian musicians spreading pro-Ukrainian messages beginning in October 2023,"An alleged Ukrainian hacktivist group called Hassle Bros gained access to the Spotify accounts of several Russian musicians spreading pro-Ukrainian messages beginning in October 2023, the hacktivists announced via Telegram.
The activities trace back to at least 18 October 2023, based on the timing of the related Telegram post. The hacktivists replaced profile pictures of targeted Russian musicians with Ukrainian flags or the Ukrainian rapper Clonnex.
The Russian musicians affected included Grigori Leps, Oleg Gazmanov, Xäbib, and Galibri & Mavik.",2023-10-18,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Grigori Leps - Xäbib - Galibri & Mavik - Oleg Gazmanov,Russia; Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups, -  -  - ,Hassle Bros,Ukraine,Non-state-group,Hacktivist(s),1,15385,2023-10-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Hassle Bros,Not available,Not available,Hassle Bros,Ukraine,Non-state-group,https://therecord.media/ukraine-hackers-deface-russian-artists-spotify-pages,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/ukraine-hackers-deface-russian-artists-spotify-pages; https://pdmnews.ru/33828/,2023-10-26,2023-12-19
2732,"Pro-Russian hacking group 'NoName057(16)' suspected of attacking Czech government agencies, Prague airport and national police with DDoS attack on 24 October 2023","On 24 October 2023, a series of DDoS attacks disrupted access to various (government) websites across the Czech Republic. The activities, carried out by the pro-Russian hacker group NoName057, as confirmed by the cybersecurity company GenDigital, overwhelmed servers hosting of the Ministry of the Interior, the Czech Police, the Prague Airport and both chambers of parliament. While access to the websites was gradually restored around 2pm the same day, the government portal remained inaccessible for a longer period of time.

",2023-10-24,2023-10-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by authorities of victim state,Disruption,State Police (Czech Republic) - Prague Airport (PRG) - Interior Ministry (Czech Republic),Czech Republic; Czech Republic; Czech Republic,EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU,State institutions / political system - Critical infrastructure - State institutions / political system,Police - Transportation - Government / ministries,NoName057(16),Russia,Non-state-group,Hacktivist(s),2,15389; 15388,2023-10-24 00:00:00; 2023-10-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; IT-security community attributes attacker,NoName057(16);  GenDigital,Not available; GenDigital,Not available; United States,NoName057(16); NoName057(16),Russia; Russia,Non-state-group; Non-state-group,https://brnodaily.com/2023/10/24/news/czech-police-interior-ministry-airport-websites-come-under-cyber-attack/; https://t.me/noname05716eng/2500; https://t.me/noname05716eng/2502,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,1,2023-10-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Czech Republic,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://deutsch.radio.cz/websites-des-tschechischen-innenministeriums-und-der-polizei-von-hackern-8797994; https://x.com/vnitro/status/1716719024413810836?s=20; https://brnodaily.com/2023/10/24/news/czech-police-interior-ministry-airport-websites-come-under-cyber-attack/; https://t.me/noname05716eng/2500; https://t.me/noname05716eng/2502,2023-10-25,2024-01-25
2734,Unknown threat actor gained unauthorised access to personnel data of Canadian government employees after hacking into systems of relocation and real estate services company BGRS and SIRVA Canada,"The private Canadian companies Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services - more specifically SIRVA Canada, which arranges relocations for members of the Canadian military and foreign service, has fallen victim to a network intrusion, according to an internal statement from the Canadian Department of National Defence. As a result of the cyber attack, the BGRS website has been inaccessible since 29 September. The unknown attacker was able to access the Canadian government's personnel data. In a statement issued on 17 November, the Canadian government confirmed that due to the significant scope of data being assessed, it is not yet possible to identify specific individuals impacted, however, preliminary intelligence indicates that the breached personal and financial information could belong to anyone who has used relocation services as early as 1999.",,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,SIRVA Canada - Brookfield Global Relocation Services Ltd - Government of Canada personnel ,Canada; Canada; Canada,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system, -  - Government / ministries; Military,Not available,Not available,Not available,,1,15386,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.cbc.ca/news/politics/military-relocation-hacked-bgrs-1.7003766,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-11-17 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Royal Canadian Mounted Police (RCMP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.cbc.ca/news/politics/military-relocation-hacked-bgrs-1.7003766; https://therecord.media/canadian-govt-armed-forces-rcmp-cyber; https://www.bleepingcomputer.com/news/security/canadian-government-discloses-data-breach-after-contractor-hacks/; https://www.canada.ca/en/treasury-board-secretariat/news/2023/11/message-to-current-and-former-public-service-employees-and-members-of-the-canadian-armed-forces-and-royal-canadian-mounted-police.html; https://securityaffairs.com/159568/hacking/cyber-attack-hit-royal-canadian-mounted-police.html; https://www.bleepingcomputer.com/news/security/rcmp-investigating-cyber-attack-as-its-website-remains-down/,2023-10-25,2024-02-26
2733,Anti-Israel Hacktivists target Brazilian ISPs with DDoS attacks starting on 20 October 2023,"On 23 October 2023, the Association of Internet Providers (InternetSul) in Brazil announced that hundreds of Internet service providers (ISPs) across the country were affected by DDoS attacks, leading to disruptions or complete outages in Internet connectivity for thousands of companies and users. 
The campaign, which started on 20 October, was linked to a hacktivist group called IRoX Team, who had declared a ""cyber-war"" on Israel and its supporters in relation to the ongoing war between Israel and Hamas; the group further listed dates for concerted attacks on countries that supported Israel, with Brazil being identified as focal point for 20 October.",2023-10-23,2023-10-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,Not available,Brazil,SOUTHAM,Critical infrastructure,Telecommunications,IRoX Team,Not available,Non-state-group,Hacktivist(s),1,15387,2023-10-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,IRoX Team,Not available,Not available,IRoX Team,Not available,Non-state-group,https://t.me/IRoX_Team/65,System / ideology; Resources; Secession,Resources; Secession; Third-party intervention / third-party affection,Israel (Hamas et al.); Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,51-200,0.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.minhaoperadora.com.br/2023/10/ataques-ddos-tem-derrubado-provedores-de-internet-no-brasil.html; https://internetsul.com.br/noticias/ciberataques-afetam-milhares-de-provedores-no-brasil; https://twitter.com/DailyDarkWeb/status/1714954638594584860; https://t.me/IRoX_Team/65,2023-10-25,2023-12-19
2729,Unknown actors use zero-day vulnerability to compromise NetScaler ADC and gateway applications of government organisations beginning late August 2023,"Unknown actors have been using a zero-day vulnerability to compromise NetScaler ADC and gateway applications of government organisations, among others, beginning late August 2023, US IT security firm Mandiant reported on 17 October 2023.
This vulnerability (CVE-2023-4966) allowed hackers to steal session data or take over active sessions. Session data obtained in this vein may facilitate threat actors to regain access even after deployment of the patch closing the reported vulnerability. In addition to government organisations, Mandiant also observed session hijacking at professional services and technology companies.",2023-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Not available,,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Not available,Not available,Not available,,1,15390,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,One,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966; https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-patch-netscaler-cve-2023-4966-bug-immediately/; https://therecord.media/uk-cyber-incident-reports-all-time-high; https://www.darkreading.com/vulnerabilities-threats/critical-citrix-bug-exploited-zero-day-patching-not-enough; https://securityaffairs.com/152656/hacking/citrix-netscaler-adc-gateway-zero-day.html; https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html; https://arstechnica.com/security/2023/10/the-latest-high-severity-citrix-vulnerability-under-attack-isnt-easy-to-fix/; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/; https://securityaffairs.com/153016/security/citrix-warns-patch-cve-2023-4966.html; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/cyber-officials-raise-alarms-citrix-apache; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-exploits-citrix-bleed-in-attacks-10k-servers-exposed/; https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-kill-netscaler-user-sessions-to-block-hackers/; https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html,2023-10-24,2023-12-19
2726,European Shipping companies hit by DDoS attack since 19 October 2023,"Shipping companies across Europe were hit by a DDoS attack since 19 October 2023, according to media reports a day after. Among the targeted companies is Viking line, but also other major shipping companies across Europe. The booking system and website were restored on 20 October at 11:30 am, according to Viking line.",2023-10-19,2023-09-20,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Not available - Viking line,Europe (region); Finland, - EUROPE; EU(MS); NORTHEU,Critical infrastructure - Critical infrastructure,Transportation - Transportation,Not available,Not available,Not available,,1,15391,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Law of the sea; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thecyberexpress.com/viking-line-cyberattack-europe-shipping-indust/; https://svenska.yle.fi/a/7-10043889,2023-10-24,2023-12-19
2725,Pro-Ukrainian hacker groups KibOrg and NLB collaborated with Ukrainian security services (SBU) in compromise of Russian private bank Alfa,"The Pro-Ukrainian hacker groups KibOrg and NLB in collaboration with Ukraine's main security agency, the SBU, infiltrated networks of Russia's largest private bank Alfa. The groups claimed to have obtained data of more than 30 million customers including their names, dates of birth, account numbers and phone numbers. According to a source within the department quoted by Recorded Future News, the Ukrainian agency was involved in the operation, but the official did not provide further details.",2023-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Data theft; Hijacking with Misuse,Alfa Bank,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Finance,Security Service of Ukraine (SBU); NLB; KibOrg,Ukraine; Ukraine; Ukraine,State; Non-state-group; Non-state-group,; Hacktivist(s); Hacktivist(s),2,15396; 15396; 15396; 15396; 15396; 15396; 15395; 15395; 15395; 15395,2023-10-23 00:00:00; 2023-10-23 00:00:00; 2023-10-23 00:00:00; 2023-10-23 00:00:00; 2023-10-23 00:00:00; 2023-10-23 00:00:00; 2023-10-19 00:00:00; 2023-10-19 00:00:00; 2023-10-19 00:00:00; 2023-10-19 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Security Service of Ukraine (SBU); Security Service of Ukraine (SBU); Security Service of Ukraine (SBU); Security Service of Ukraine (SBU); Security Service of Ukraine (SBU); Security Service of Ukraine (SBU); KibOrg; KibOrg; NLB; NLB,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,Security Service of Ukraine (SBU); Security Service of Ukraine (SBU); NLB; NLB; KibOrg; KibOrg; KibOrg; NLB; KibOrg; NLB,Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,State; Non-state-group; State; Non-state-group; State; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://therecord.media/sbu-involved-in-alfa-bank-hack; https://kiborg.news/2023/10/19/zlam-rosijskogo-alfa-bank/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Armed conflict; Sovereignty,Civic / political rights; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/sbu-involved-in-alfa-bank-hack; https://kiborg.news/2023/10/19/zlam-rosijskogo-alfa-bank/; https://tass.ru/ekonomika/19062011; https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/,2023-10-24,2023-12-19
2724,Unknown hackers compromised email accounts of city of Philadelphia during May to July 2023,"Unknown hackers compromised administrative email accounts of the city of Philadelphia and accessed personal and protected health information. On 24 May 2023, the city initially became aware of suspicious activity in its email environment and launched an investigation. Between 26 May and 28 July, an unauthorised actor gained access to certain email accounts and information contained therein. Exposed information varied by affected account and may include demographic information (such as name, address, date of birth, social security number, and other contact information), medical information (e.g., diagnosis and other treatment-related information), and limited financial information, such as claims information.
",2023-05-26,2023-07-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,City of Philadelphia,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15397,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/152909/hacking/city-of-philadelphia-data-breach.html; https://www.darkreading.com/attacks-breaches/city-of-philadelphia-releases-cyber-breach-notice; https://www.phila.gov/media/20231018161713/Notice-of-Privacy-Incident%5FPDPH-Website%5F10%5F20%5F23.pdf; https://therecord.media/philadelphia-government-systems-accessed-by-hackers; https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/,2023-10-24,2023-12-19
2723,Unknown actors gained access to personal information from networks of University of Michigan beginning on 23 August 2023,"Unknown actors gained access to personal information from networks of the University of Michigan between 23 and 27 August 2023, the university confirmed on 23 October.
Already at the end of August, the University of Michigan made the incident public without providing additional details. 
The latest statement said that information from certain students, applicants, alumni, donors, staff and contractors had been accessed. In addition, information of research study participants and patients of the University Health Service and the School of Dentistry were also accessed, including records containing diagnosis information, treatment data and medication history.",2023-08-23,2023-08-27,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,,Not available,Not available,,1,15398,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,3.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-08-27 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/michigan-university-warns-that-info-leaked; https://publicaffairs.vpcomm.umich.edu/key-issues/august-2023-data-incident/; https://www.bleepingcomputer.com/news/security/university-of-michigan-employee-student-data-stolen-in-cyberattack/; https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/; https://therecord.media/stanford-investigating-cyberattack-after-ransomware,2023-10-24,2023-12-19
2720,Customer management support system of US identity service provider Okta breached in September 2023 ,"Okta, a provider of multifactor authentication and single-sign on solutions, confirmed a breach of its customer management support system that allowed an unknown threat actor to view files uploaded by customers. Using stolen credentials of an Okta employee, the threat actor was able to access sensitive customer data from so-called HTTP Archive (HAR) files that include cookies and session tokens. IT companies BeyondTrust and Cloudflare, customers of Okta, acknowledged in separate reports that their systems were targeted with this information obtained through session hijacking. BeyondTrust alleged moreover that they reported the issue two weeks prior to Okta's confirmation on 20 October 2023. After initially suggesting that only 1% of customers had been affected, Okta confirmed on 29 November that all customer support users had been impacted - primarily in terms of their name and email address.
On 1 February Cloudflare disclosed, that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The first access was gained on 14 November 2023 by using the stolen tokens during the Okta breach in September 2023.
On 9 March ""Ddarknotevil"" claimed to publish an Okta Database with information of 3,800 customers. An Okta spokesperson denied any connection: ""This is not Okta's data, and it is not associated with the October 2023 security incident"". Intelligence firm KELA came to the same conclusion when reviewing the published data. The data is believed to be from a different company breached in July.",2023-09-28,2023-10-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"Cloudflare, Inc. - BeyondTrust, Inc. - Okta, Inc.",United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications,Not available,Not available,Not available,,1,17886,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,3.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Casino-Hacks-Angreifer-erbeuteten-Zugangscodes-beim-Identitaetsdienst-Okta-9340540.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/152803/data-breach/okta-support-system-breached.html; https://arstechnica.com/security/2023/10/okta-says-hackers-breached-its-support-system-and-viewed-customer-files/; https://www.govinfosecurity.com/okta-support-unit-breached-via-credential-stolen-by-hackers-a-23366; https://thehackernews.com/2023/10/oktas-support-system-breach-exposes.html; https://therecord.media/hackers-used-stolen-credentials-okta; https://www.bleepingcomputer.com/news/security/okta-says-its-support-system-was-breached-using-stolen-credentials/; https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/; https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/; https://therecord.media/1password-cloudflare-affected-by-okta-incident; https://www.darkreading.com/remote-workforce/1password-latest-victim-okta-customer-service-breach; https://www.hackread.com/1password-security-incident-okta-breach/; https://socradar.io/security-breach-in-okta-support-system-continues-sparking-concerns-cloudflare-and-1password-share-disclosures/; https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/; https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html; https://securityaffairs.com/152965/hacking/okta-incident-impact-on-1password.html; https://www.wired.com/story/okta-support-system-breach-disclosure/; https://www.wired.com/story/flipper-zero-iphone-dos-attack-security-roundup/; https://thehackernews.com/2023/11/oktas-recent-customer-support-data.html; https://arstechnica.com/information-technology/2023/11/no-okta-senior-management-not-an-errant-employee-caused-you-to-get-hacked/; https://securityaffairs.com/153581/data-breach/okta-customer-support-system-breach-customers.html; https://www.darkreading.com/attacks-breaches/okta-customer-support-breach-exposed-data-134-customers-; https://therecord.media/okta-identity-token-theft-response; https://www.bleepingcomputer.com/news/security/okta-breach-134-customers-exposed-in-october-support-system-hack/; https://www.hackread.com/okta-breach-employee-google-account-134-customers/; https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-november-06-november-12; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html; https://cyberscoop.com/lockbit-boeing-ransomware-com/; https://www.beyondtrust.com/blog/entry/okta-support-unit-breach; https://sec.okta.com/harfiles; https://www.bleepingcomputer.com/news/security/okta-october-data-breach-affects-all-customer-support-system-users/; https://www.wired.com/story/okta-breach-disclosure-all-customer-support-users/; https://securityaffairs.com/154965/hacking/okta-update-october-2023-support-system-breach.html; https://securityaffairs.com/155128/breaking-news/security-affairs-newsletter-round-448-by-pierluigi-paganini-international-edition.html; https://thehackernews.com/2023/12/non-human-access-is-path-of-least.html; https://www.techrepublic.com/article/top-cybersecurity-threats/; https://www.heise.de/news/Nach-Cyberangriff-auf-Casino-MGM-informiert-betroffene-Kunden-9210630.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/nation-state-actor-used-stolen-okta-credentials-to-target-cloudflare; https://www.bleepingcomputer.com/news/security/cloudflare-hacked-using-auth-tokens-stolen-in-okta-attack/; https://www.computerweekly.com/news/366571853/Okta-doubles-down-on-cyber-in-wake-of-high-profile-breaches; https://www.bleepingcomputer.com/news/security/okta-says-data-leaked-on-hacking-forum-not-from-its-systems/,2023-10-23,2024-03-12
2719,American Family Insurance targeted in October 2023,US-based insurance company American Family Insurance has confirmed an intrusion that forced a partial shutdown of its IT infrastructure. The efforts to disconnect company infrastructure to contain malicious activity reportedly also cut off tenants that shared premises with American Family.,2023-10-01,Not available,Attack on critical infrastructure target(s),,,Hijacking without Misuse,American Family Insurance,United States,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,15401,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/american-family-insurance-confirms-cyberattack-is-behind-it-outages/,2023-10-23,2023-12-19
2721,Hacktivist group Ukrainian Cyber Alliance infiltrated Trigona ransomware group in October 2023,"The Ukrainian Cyber Alliance (UCA) breached the servers of the Trigona ransomware gang in October 2023. The hacktivists claimed that they gained access to Trigona's servers by leveraging an n-day exploit for the vulnerability CVE-2023-22515 affecting Confluence Data Center and Server software. Following this initial access, the Ukraine Cyber Alliance was able to exfiltrate internal data, wipe Trigona's servers and deface its leak site. According to a UCA social media post, exfiltrated data included source code, credentials for cryptocurrency hot wallets and database records, the latter of which may potentially contain decryption keys. UCA affirmed the group would release decryption keys if included in the obtained files.",2023-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Trigona ransomware group,Not available,,Social groups,Criminal,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,Hacktivist(s),1,15399,2023-10-18 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Cyber Resistance aka the Ukrainian Cyber Alliance,Not available,Ukraine,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration; Data Destruction,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.bleepingcomputer.com/news/security/ukrainian-activists-hack-trigona-ransomware-gang-wipe-servers/; https://arstechnica.com/security/2023/10/two-ransomware-gangs-knocked-out-of-commission-in-a-single-week/; https://www.heise.de/news/Ukrainian-Cyber-Alliance-legt-Ransomware-Gruppierung-Trigona-lahm-9340550.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-20th-2023-fighting-back/; https://www.govinfosecurity.com/ukrainian-hacktivists-claim-trigona-ransomware-takedown-a-23343; https://socradar.io/cyber-awakeness-month-takedown-of-trigona-hive-ransomware-resurges-ransomedforum-and-new-raas-qbit/; https://www.heise.de/news/Montag-Aenderungen-am-Strassenverkehrsrecht-Ransomware-Gang-gehackt-und-gelaehmt-9340886.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.malwarebytes.com/blog/threat-intelligence/2023/11/ransomware-review-november-2023; https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomwares-dark-web-extortion-sites-seized-by-police/; https://thehackernews.com/2023/10/europol-dismantles-ragnar-locker.html; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-trigona; https://therecord.media/ransomware-tracker-the-latest-figures; https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/; https://therecord.media/ransomware-tracker-the-latest-figures,2023-10-23,2023-12-19
2717,Iranian Crambus espionage group targeted unnamed Middle Eastern government in eight-month long espionage campaign during 2023,"Crambus, an Iran-linked cyber espionage group also known as OilRig, MuddyWater, and APT34, targeted an unspecified Middle Eastern government in an eight-month long espionage campaign between February and September 2023. The group gained initial access in February but waited until July to establish persistence by installing a PowerShell backdoor.
The Symantec Threat Hunter Team reported that malicious activity was detected on 12 computers during the campaign, and the use of backdoors may have affected numerous other computers.  The campaign involved stealing files, login credentials, and gaining unauthorized access to email accounts, which allowed the group to execute commands. The threat actor also enabled remote access through the Remote Desktop Protocol (RDP). In addition, three new types of malware were deployed, which executed PowerShell commands and stole clipboard data and keystrokes. The malware pieces are tracked as Tokel, Dirps, and Clipog.",2023-02-01,2023-09-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Middle East (region),,State institutions / political system,Government / ministries,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,13868,2023-10-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government; https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html; https://www.darkreading.com/dr-global/iran-linked-muddywater-spies-middle-east-govt-eight-months; https://therecord.media/iran-linked-hackers-8-months-middle-east-government; https://www.bleepingcomputer.com/news/security/iranian-hackers-lurked-in-middle-eastern-govt-network-for-8-months/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Human rights; Due diligence; Sovereignty,Non-state actors; Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government; https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html; https://www.darkreading.com/dr-global/iran-linked-muddywater-spies-middle-east-govt-eight-months; https://therecord.media/iran-linked-hackers-8-months-middle-east-government; https://www.bleepingcomputer.com/news/security/iranian-hackers-lurked-in-middle-eastern-govt-network-for-8-months/; https://www.scmagazine.com/news/unspecified-middle-eastern-country-allegedly-targeted-by-new-cyber-campaign-linked-to-iranian-backed-threat-group; https://www.govinfosecurity.com/iran-traps-middle-east-nation-in-8-month-espionage-campaign-a-23345; https://thehackernews.com/2023/11/iranian-cyber-espionage-group-targets.html; https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/,2023-10-20,2023-11-03
2716,North Korean state-sponsored hacking group Onyx Sleet compromised vulnerable TeamCity servers since early October 2023,"The North Korean state-sponsored hacking group Onyx Sleet has covertly infiltrated vulnerable TeamCity servers since the beginning of October 2023, Microsoft disclosed on 18 October 2023.
Operating alongside a second North Korean outfit, Diamond Sleet, the group took advantage of a vulnerability present in TeamCity servers (CVE-2023-42793). Developed by Czech software enterprise JetBrains, TeamCity is an application that continuously integrates and deploys (CI/CD) software development, popular among its users. Diamond Sleet previously has targeted media, IT services, and organisations in the defense sector in different parts of the world for espionage, data theft, monetary gain, and network destruction. Onyx Sleet has been observed to focus on defense and IT services organizations in South Korea, the United States, and India, prioritising long-term access. Reviewing the victimology for detected intrusions, Microsoft assessed both groups may have been acting opportunistically against exposed servers in this particular campaign.
After successfully compromising a TeamCity server, Onyx Sleet created a new user account and added it to the Local Administrators Group, which positioned the threat actor to initiate system discovery commands and to download payloads via PowerShell.",2023-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Not available,,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,13869,2023-10-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Service Stop,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/teamcity-vulnerability-targeted-by-nk-hackers; https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/; https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-critical-teamcity-flaw-to-breach-networks/; https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/; https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/google-chrome-youtube-ad-blocker-crackdown/; https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html; https://therecord.media/jet-brains-advisory-teamcity-vulnerabilities; https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html,2023-10-20,2023-12-15
2715,North Korean state-sponsored hacking group Diamond Sleet compromised vulnerable TeamCity servers since early October 2023,"The North Korean hackers from Diamond Sleet, allegedly supported by the state, breached vulnerable TeamCity servers since October 2023, Microsoft detailed in report on 18 October 2023.
The group took advantage of a software flaw in TeamCity servers (CVE-2023-42793), in parallel with a second North Korean threat actor, Onyx Sleet. TeamCity is an application designed by the Czech company JetBrains for software development with continuous integration/deployment (CI/CO). Diamond Sleet previously has targeted media, IT services, and organisations in the defense sector in different parts of the world for espionage, data theft, monetary gain, and network destruction. Onyx Sleet has been observed to focus on defense and IT services organizations in South Korea, the United States, and India, prioritising long-term access. Reviewing the victimology for detected intrusions, Microsoft assessed both groups may have been acting opportunistically against exposed servers in this particular campaign.
Following the compromise of a TeamCity server, Diamond Sleet downloaded two additional payloads from hijacked infrastructure under its control, including the ForestTiger backdoor, using PowerShell to dump credentials from memory. A separate attack path also utilized PowerShell to download malicious DLLs from attacker infrastructure to conduct a DLL search-order hijacking that eventually enabled the deployment of a remote access trojan.",2023-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Not available,,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,13870,2023-10-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/attacks-breaches/north-korean-state-actors-attack-critical-bug-in-teamcity-server; https://securityaffairs.com/152697/apt/north-korea-linked-apt-groups-actively-exploit-jetbrains-teamcity-flaw.html; https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html; https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/; https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-critical-teamcity-flaw-to-breach-networks/; https://therecord.media/teamcity-vulnerability-targeted-by-nk-hackers; https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html; https://therecord.media/north-korea-attack-cyberlink-microsoft; https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html; https://www.bleepingcomputer.com/news/security/cisa-russian-hackers-target-teamcity-servers-since-september/; https://therecord.media/jet-brains-advisory-teamcity-vulnerabilities,2023-10-20,2024-02-19
2714,Eastern European defense and energy companies targeted with MATA malware from August 2022 until May 2023,"Over a dozen Eastern European defense and oil and gas companies were targeted in a campaign beginning in mid-August 2022 and ending in May 2023 according to a report by cybersecurity company Kaspersky. The attackers used spear-phishing messages to infect the victims with malware from the MATA cluster. After obtaining initial access, the attackers tried to steadily expand the infection and establish lasting access to the companies' internal systems. The campaign involved three new generations of MATA malware. The MATA family has been associated with the North Korean threat actor Lazarus. Observing elements in the latest MATA iteration that had previously been linked to Five Eye actors, such as Lamberts and the Equation group, Kaspersky refrained from linking the activity to one specific actor, noting only that the developer likely is ""familiar with Korean or uses a Korean work environment"" and had sufficient resources to leverage three expansive attack frameworks in one campaign.",2022-08-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Eastern Europe,,Critical infrastructure; Critical infrastructure,Energy; Defence industry,Not available,Not available,Not available,,1,15402,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/eastern-europe-energy-and-defense-targeted-mata; https://www.bleepingcomputer.com/news/security/mata-malware-framework-exploits-edr-in-attacks-on-defense-firms/; https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/10/18092216/Updated-MATA-attacks-Eastern-Europe_full-report_ENG.pdf; https://thehackernews.com/2023/10/sophisticated-mata-framework-strikes.html,2023-10-19,2023-12-19
2713,North Korean state-integrated hacking group Lazarus gained access to networks of defence and maritime companies,"The North Korean state-integrated hacking group Lazarus gained access to the networks of defence and maritime companies over an undefined period, Russian IT security firm Kaspersky reported in its third-quarter report on 17 October 2023.
Lazarus sent fake job offers to individual employees of the targeted companies via social media, which included malicious applications. They mainly used Trojanised Virtual Networking Clients (VNCs), through which a computer is compromised after the user selected certain servers in the Trojanised VNC. Specifically, this happened to a Hungarian nuclear engineer who received malicious files from a suspicious contact on Telegram and WhatsApp.
The affected defence companies manufactured radar systems, unmanned aerial vehicles (UAVs), military vehicles, ships and armament.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Not available; Hungary, - EUROPE; NATO; EU(MS); EASTEU,Critical infrastructure; Critical infrastructure - Unknown,Defence industry; Critical Manufacturing - ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15403,2023-10-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,Kaspersky,Russia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,2.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securelist.com/apt-trends-report-q3-2023/110752/; https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html; https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/; https://www.cctvnews.co.kr/news/articleView.html?idxno=236830,2023-10-19,2024-02-20
2709,Unknown hacker breached Taiwanese networking equipment manufacturer D-link,"An unknown hacker gained access to data of Taiwanese networking equipment manufacturer D-link. While the threat actor claimed to have stolen consumer information as well source code from the company, D-link reported that only 700 outdated, fragmented and records of low importance from a product registration system were affected. ",2023-09-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse,D-Link,Taiwan,ASIA; SCS,Critical infrastructure,Critical Manufacturing,Not available,Not available,Non-state-group,Criminal(s),1,15410,2023-10-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/d-link-confirms-data-breach-after-employee-phishing-attack/; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10359; https://www.darkreading.com/attacks-breaches/d-link-confirms-breach-rebuts-hackers-claims-scope; https://securityaffairs.com/152631/hacking/d-link-confirmed-data-breach.html; https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html,2023-10-18,2023-12-20
2710,German elderly and health care provider Maternus-Kliniken AG disclosed data breach on 17 October 2023,"In a financial disclosure, Maternus-Kliniken AG, which runs elderly care facilities and rehabilitation centers in Germany, reported that it suffered a data breach on 17 October 2023. At the time of reporting, the extent of the incident and the data affected remained unclear, as well as whether the incident involved ransomware. According to the incident notification, the threat actor did not encrypt company data and operations were largely unaffected.",2023-10-17,2023-10-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Maternus-Kliniken AG,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,15409,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.maternus.de/fileadmin/user_upload/Unternehmen/Maternus/Unternehmen/Investor_Relations/Ad_Hoc/2023-10-17_MATERNUS_Ad_hoc_final.pdf,2023-10-18,2023-12-20
2711,APT 'TetrisPhantom' targeted governments in the APAC region with USB drive compromise,"According to Kaspersky, an APT tracked as 'TetrisPhantom' targeted government entities in the APAC region by compromising a secure USB drive, which provides hardware encryption. These secure USB drives are used by government organisations to securely store and physically transfer data between computer systems. Kaspersky detected those activities in early 2023 and did not further specify the time-frame of the operation besides characterising it as a ""long-running campaign, used to execute commands and collect files and information from compromised machines and pass them on to further machines using the same or other secure USB drives as a carrier"". The compromises were targeted and affected only a small number of victims, according to Kaspersky. The company did not identify links with currently tracked threat actors and believes that a ""highly skilled and resourceful threat actor, who is interested in undertaking espionage activities in sensitive and secured government networks"" was responsible for the operation.",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Asia (region),,State institutions / political system,Government / ministries,TetrisPhantom,Not available,"Non-state actor, state-affiliation suggested",,1,15404,2023-10-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,TetrisPhantom,Not available,"Non-state actor, state-affiliation suggested",https://securelist.com/apt-trends-report-q3-2023/110752/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securelist.com/apt-trends-report-q3-2023/110752/; https://thehackernews.com/2023/10/tetrisphantom-cyber-espionage-via.html; https://www.bleepingcomputer.com/news/security/new-tetrisphantom-hackers-steal-data-from-secure-usb-drives-on-govt-systems/; https://cybersecasia.net/news/tetrisphantom-campaign-exploits-secure-usb-drives-to-spy-on-apac-governments,2023-10-18,2023-12-19
2708,Russian state-sponsored threat actor 'Sandworm' disrupted several Ukrainian telcommunication providers beginning May 2023,"The Ukrainian CERT team reported that the Russian state-sponsored threat actor 'Sandworm', linked to the military intelligence service GRU, disrupted at least 11 telecommunication providers between May and September 2023, causing temporary service disruptions for users and potentially exfiltrating data. ",2023-05-11,2023-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Critical infrastructure,Telecommunications,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15411,2023-10-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://cert.gov.ua/article/6123309,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-10-15 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Exploit Public-Facing Application; External Remote Services,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,11.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; International telecommunication law; International peace; Armed conflict; Sovereignty,Civic / political rights; ; Prohibition of intervention; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may/; https://cert.gov.ua/article/6123309; https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html; https://therecord.media/russia-sandworm-hacking-ukraine-telecom-internet-providers; https://securityaffairs.com/152617/apt/sandworm-ukraine-telecommunication-service.html; https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/russian-hackers-wiped-thousands-of-systems-in-kyivstar-attack/,2023-10-17,2023-12-20
2706,Unknown threat actors defaced websites of several Belgian public institutions on 12 October 2023,"Unknown attackers defaced the websites of several Belgian institutions, notably the Royal Palace, the Prime Minister and the Senate, following a DDoS attack on 12 October 2023. The website's home pages displayed a temporary pro-Russian message alluding to Belgium's possible deployment of F-16 fighter jets to Ukraine in 2025. ",2023-10-12,2023-10-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,Belgian Monarchy - Federal Public Service Chancellery of the Prime Minister (Belgium) - Senate (Belgium),Belgium; Belgium; Belgium,EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Legislative,Not available,Not available,Not available,,1,15413,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.vrt.be/vrtnws/fr/2023/10/16/des-sites-des-services-publics-belges-a-nouveau-touches-par-une/; https://www.lesoir.be/543559/article/2023-10-15/plusieurs-sites-de-services-publics-touches-par-des-cyberattaques,2023-10-17,2023-12-20
2705,Hacker (group) 3musketeerz defaced and possibly breached website of Philippine House of Representatives on 15 october 2023,"The hacker group 3musketeerz defaced and potentially accessed the website of the Philippine House of Representatives on 15 October 2023. The Philippine Department of Information and Communications Technology (DICT) confirmed this in a statement released on the subsequent day.
The DICT announced that they closed down the site to ""prevent further unauthorised access"", suggesting that the threat actor had gained unauthorised access. The statement confirms that CERT-PH is investigating potential breaches of sensitive data.
On 15 October, content on the website of the Philippine House of Representatives was replaced with a ""You’ve been hacked"" meme image, for which 3musketeerz claimed responsibility.",2023-10-15,2023-10-15,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption; Hijacking without Misuse,House of Representatives (Philippines),Philippines,ASIA; SCS; SEA,State institutions / political system,Legislative,3musketeerz,Not available,Unknown - not attributed,,1,15414,2023-10-15 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,3musketeerz,Not available,Not available,3musketeerz,Not available,Unknown - not attributed,https://www.pna.gov.ph/articles/1211881,System / ideology,Unknown,,Unknown,,1,2023-10-16 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Philippines,Philippine Department of Information and Communications Technology (DICT),No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,Day (< 24h),Not available,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.pna.gov.ph/articles/1211881; https://www.sunstar.com.ph/manila/afp-to-take-part-in-fight-vs-cyber-attack-misinformation,2023-10-17,2023-12-20
2704,Anonymous Guatemala disrupted multiple Guatemalan government webpages via DDoS-attacks on 14 October 2023,"Anonymous Guatemala disrupted access to numerous Guatemalan governmental websites on 14 October 2023 through DDoS attacks. The President's General Secretary website, the judicial branch of Guatemala's webpages, and the Agriculture Department's site were amongst the targets. Despite certain websites' swift reinstatement, others remained unavailable. The hacktivists expressed support for the Indigenous organizations' public demonstration urging Guatemala's Attorney General María Consuelo Porras to resign over allegations that she attempted to subvert the popular vote that elected progressive Bernardo Arévalo as the president-elect.",2023-10-14,2023-10-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"Supreme Court of Justice (Guatemala) - General Secretariat of the Presidency (Guatemala) - Ministry of Agriculture, Livestock and Food (Guatemala)",Guatemala; Guatemala; Guatemala,CENTAM - CENTAM - CENTAM,State institutions / political system - State institutions / political system - State institutions / political system,Judiciary - Government / ministries - Government / ministries,Anonymous Guatemala,Not available,Non-state-group,Hacktivist(s),1,15415,2023-10-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Guatemala,Not available,Guatemala,Anonymous Guatemala,Not available,Non-state-group,https://twitter.com/AnonGTReloaded/status/1713193894110695714?s=20; https://twitter.com/AnonGTReloaded/status/1713195664283140255?s=20,System / ideology,System/ideology,Guatemala (opposition),Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://abcnews.go.com/International/wireStory/hackers-attack-guatemalan-government-webpages-support-pro-democracy-103986464; https://twitter.com/AnonGTReloaded/status/1713195664283140255?s=20; https://twitter.com/YourAnonTl3x/status/1713194138236232116?s=20; https://twitter.com/AnonGTReloaded/status/1713193894110695714?s=20; https://twitter.com/AnonGTReloaded/status/1713193119242498373?s=20,2023-10-17,2023-12-20
2703,Unknown threat actor interfered with access to online services of Belgian Finance ministry on 14 October 2023,"On 14 October 2023, the Belgian Ministry of Finance reported connectivity issues with their applications due to external disruptions. Users were advised to access the applications through direct links.",2023-10-14,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Federal Public Service Finance (FPS Finance),Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,15416,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://finances.belgium.be/fr/Actueel/problemes-techniques-attaque-hackeurs; https://www.lesoir.be/543559/article/2023-10-15/plusieurs-sites-de-services-publics-touches-par-des-cyberattaques,2023-10-17,2023-12-20
2702,Unknown hackers disrupted Swiss psychiatric facility Baselland on 14 October 2023,"Unknown hackers targeted the Swiss psychiatric facility Baselland on 14 October 2023, resulting in the encryption of a significant portion of the IT infrastructure, leading to security measures shutting down the IT systems. Internal and external digital communications remained severely restricted until the clinic resumed regular operations twelve days later.",2023-10-14,2023-10-25,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Psychiatrie Baselland,Switzerland,EUROPE; WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,15417,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.pbl.ch/cyberangriff-auf-die-psychiatrie-baselland; https://www.bazonline.ch/it-systeme-heruntergefahren-cyberangriff-auf-psychiatrie-baselland-705576061615; https://www.pbl.ch/psychiatrie-baselland-nimmt-normalbetrieb-wieder-auf; https://www.pbl.ch/klinikbetrieb-laeuft-trotz-cyberangriff-stabil,2023-10-17,2023-12-20
2701,Unknown acotrs targeted Kansas courts via ransomware on 12 October 2023,"Unknown actors targeted courts throughout Kansas in the United States with ransomware on 12 October 2023. As a result of the incident, the Kansas Supreme Court is exclusively using paper records to operate. Moreover, the municipal court, as well as the probation and prosecution divisions of Topeka, remained closed to the public on 16 October. In an update from 21 November, the Supreme Court noted that threat actors obtained Office of Judicial Administration files, district court case records on appeal alongside other data judged to be confidential.",2023-10-12,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Kansas online marriage license application - Kansas Protection Order Portal - Kansas District Court Public Access Portal - Kansas Attorney Registration - Appellate Case Inquiry System - Central Payment Center - Kansas eCourt case management system - Kansas Courts eFiling,United States; United States; United States; United States; United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Judiciary - Judiciary - Judiciary - Judiciary - Judiciary - Judiciary - Judiciary - Judiciary,Not available,Not available,Not available,,1,15418,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-10-16 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/kansas-courts-closed-ransomware-attack; https://www.bleepingcomputer.com/news/security/kansas-courts-it-systems-offline-after-security-incident/; https://www.kscourts.org/Newsroom/News-Releases/Featured/Supreme-Court-issues-order-in-response-to-network; https://www.kscourts.org/KSCourts/media/KsCourts/Orders/2023-CC-073.pdf; https://www.kscourts.org/Newsroom/News-Releases/News/2023-News-Releases/October-2023/Supreme-Court-issues-new-order-about-court-operati; https://www.kscourts.org/KSCourts/media/KsCourts/Orders/2023-CC-074.pdf?ext=.pdf; https://www.kake.com/story/49834282/kansas-courts-to-operate-on-paper-for-at-least-2-weeks-judge-says-ransomware-attack-may-be-to-blame; https://www.bleepingcomputer.com/news/security/kansas-courts-confirm-data-theft-ransom-demand-after-cyberattack/; https://therecord.media/kansas-supreme-court-hackers-stole-records-confidential-files; https://www.kscourts.org/Newsroom/News-Releases/News/2023-News-Releases/November-2023/Kansas-Supreme-Court-releases-statement-on-October; https://therecord.media/cyberattack-recovery-on-horizon-kansas,2023-10-17,2023-12-20
2707,Unknown hackers breached e-learning platform 3rd Millennium Classrooms on 11 October 2023,"Unknown individuals breached the US-based e-learning platform 3rd Millennium Classrooms and accessed student and alumni data on 11 October 2023. Following the data breach, the names and university emails of certain students were revealed. The compromised system held data of approximately 24,000 accounts connected to university email addresses. The precise extent of the breach remained unclear.",2023-10-11,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,3rd Millennium Classrooms - University of Virginia,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Education, - Civil service / administration; Research; ,Not available,Not available,Not available,,1,15412,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.cavalierdaily.com/article/2023/10/student-and-alumni-data-subject-to-information-security-breach,2023-10-17,2023-12-20
2700,"Cybercriminal hacking group Ransomed.VC defaced the Hawaii Department of Health's ""Health by Default""-website on 31 August 2023","Ransomed.VC, a cybercriminal hacking group, defaced the ""Health by Default"" website of Hawaii's Department of Health on 31 August 2023. According to the group's claim on the defaced website on the same day, they also stole data.
Although a department spokesperson confirmed the defacement, they denied any data theft and stated that no information was collected through that specific website.
The ""Health by Default"" website was established as part of a 2020 legislation to encourage healthy drink options for children's meals. Restaurants that offer beverages with meals for children must seek certification through this platform.",2023-08-31,2023-08-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Hawaii State Department of Health,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Ransomed.vc,Not available,Non-state-group,Criminal(s),1,15419,2023-08-31 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,RansomedVC,Not available,Not available,Ransomed.vc,Not available,Non-state-group,https://therecord.media/hawaii-state-department-of-health-website-defacement,Unknown,Not available,,Not available,,1,2023-09-01 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,United States,"Department of Health, State of Hawaii (USA)",No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/colonial-pipeline-attributes-ransomware-claims-to-unrelated-third-party-breach; https://therecord.media/hawaii-state-department-of-health-website-defacement; https://therecord.media/washington-dc-voter-roles-hackers,2023-10-16,2023-12-20
2698,Israeli Billboards defaced to show Pro-Hamas Content in October 2023,"On 12 October 2023, self-proclaimed pro-Hamas hackers took control of two billboards in Tel Aviv, Israel, during the Israel-Hamas war that began days prior. The defacement lasted only a few minutes during which the affected billboards showed pro-Hamas footage - including a Palestinian flag and videos of Gaza, as well as missile attacks. The hackers appeared to have compromised the network of CTV Media Israel, the company that owned the two billboards.
",2023-10-12,2023-10-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,CTV Media Israel,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Not available,Not available,Non-state-group,Hacktivist(s),1,15421,2023-10-12 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Non-state-group,https://www.cnbc.com/2023/10/12/billboards-in-tel-aviv-briefly-hacked-to-display-pro-hamas-messages.html,Resources; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Armed conflict; Due diligence; Sovereignty,Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.cnbc.com/2023/10/12/billboards-in-tel-aviv-briefly-hacked-to-display-pro-hamas-messages.html; https://research.checkpoint.com/2023/16th-october-threat-intelligence-report/,2023-10-13,2023-12-20
2697,Unknown Threat Actors Shut Down City Websites of Multiple German Cities On 12 October 2023,"On the morning of 12 October 2023, the main web portals of a number of German cities were hit by DDoS attacks which resulted in temporary shutdowns of the sites. The city websites of Hannover, Dresden, Nuremberg, Cologne, and Dortmund all found themselves victims of DDoS attacks, causing service disruptions but no data theft.
In Hannover, the city website and its partner portals experienced service interruptions and increased unreliability, restricting access to services for citizens. Nevertheless, the experts from the data centres and the website development team managed to decipher the attack pattern and restore stable operations at around 2 pm local time. Nuremberg, Cologne, and Dortmund also saw the restriction of city services with the shutdown of the cities' websites, and all had access similarly restored within a number of hours thanks to work done by city IT departments.
In Dresden, while Prof. Dr. Michael Breidung, head of the IT department of the city, claimed success in fending off the attack, the attack, like in the other cities, resulted in ""severe restrictions of access"" to the city's homepage for hours, restricting citizens' access to certain services, and the website was ultimately taken offline as a precaution to prevent further damage. The city's website was once again, as in the case of the other cities, accessible after a number of hours.",2023-10-12,2023-10-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,City of Dresden - City of Hanover - City of Nuremberg - City of Cologne - City of Dortmund,Germany; Germany; Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,15422,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hannover.de/Aus-Stadt-Region/Unsere-Website-war-Opfer-eines-Bot-Angriffs; https://www.waz.de/panorama/dortmund-und-koeln-melden-cyber-angriffe-auf-stadt-server-id239789417.html; https://twitter.com/stadtdortmund/status/1712517086604407122; https://www.radio912.de/artikel/homepage-der-stadt-dortmund-down-1792732.html; https://www.dnn.de/lokales/dresden/cyberangriff-dresden-de-am-donnerstag-zeitweise-nicht-erreichbar-3KQUH2KRDVC77D5PINZPAOI3Y4.html; https://www.dresden.de/de/rathaus/aktuelles/pressemitteilungen/2023/10/pm_024.php; https://www.infranken.de/lk/nuernberg/nuernberg-cyberangriff-auf-website-der-stadt-ddos-angriffe-ueberlasten-server-art-5778997; https://www.stadt-koeln.de/politik-und-verwaltung/presse/mitteilungen/26195/index.html,2023-10-13,2024-04-19
2699,"Jordanian hacking group targeted Israeli Ono Academic College, leaking hundreds of thousands of records in October 2023","On 9 October 2023, hackers claiming to operate from Jordan stole roughly 250,000 records containing information of students, staff, alumni, and staff at the Ono Academic College in Israel. They subsequently published these documents and records via Telegram. The college announced that it had taken down its systems to aid with the investigation.",2023-10-09,2023-10-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Ono Academic College,Israel,ASIA; MENA; MEA,Education,,Not available,Jordan,Non-state-group,Hacktivist(s),1,15420,2023-10-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Jordan,Not available,Jordan,Non-state-group,https://www.cnbc.com/2023/10/12/billboards-in-tel-aviv-briefly-hacked-to-display-pro-hamas-messages.html,Resources; Secession,Resources; Secession; Third-party intervention / third-party affection,Israel (Hamas et al.); Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Armed conflict; Due diligence; Sovereignty; Human rights,"Civic / political rights; Conduct of hostilities; ; ; Economic, social and cultural rights",Not available,1,2023-10-09 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Israel,Israel National Cyber Directorate (INCD),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.cnbc.com/2023/10/12/billboards-in-tel-aviv-briefly-hacked-to-display-pro-hamas-messages.html; https://yedion.ono.ac.il/yedion/FireflyWeb.aspx?prgname=login; https://research.checkpoint.com/2023/16th-october-threat-intelligence-report/,2023-10-13,2023-12-20
2692,Unknown hackers gained access to systems of Grasellenbach municipal administration and sent phishing mails in October 2023,"Unknown hackers gained access to the systems of Grasellenbach municipal administration in Germany, as detected on 10 October 2023. The email addresses of the mayor and his secretary were affected. The hackers sent messages in the name of the municipality administration with malicious links and PDFs attached.",2023-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Hijacking with Misuse,Municipality Grasellenbach,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15423,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wnoz.de/nachrichten/odenwald/hackerangriff-auf-die-verwaltung-252132.html; https://www.gemeinde-grasellenbach.de/,2023-10-12,2024-01-16
2691,Unnamed hacker group targeted telecom and government sectors in Asia since 2021 ," Unnamed hacker group was targeting Telecommunications and Government organizations in Kazakhstan, Uzbekistan, Pakistan, and Vietnam since 2021. Security firm Check Point tracked related tools under the campaign 'Staying Alive'. While not sharing any clear overlaps with known actors, the tools showed connections to a set of infrastructure previously tied by Kaspersky to an actor tracked as ToddyCat. Kaspersky identified ToddyCat as China-affiliated with an activity profile that matches the operating region Check Point observed for Staying Alive.",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available,Uzbekistan; Pakistan; Kazakhstan; Vietnam,ASIA; CENTAS; SCO - ASIA; SASIA; SCO - ASIA; CSTO; SCO - ASIA; SCS; SEA,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,Government / ministries; Telecommunications - Government / ministries; Telecommunications - Government / ministries; Telecommunications - Government / ministries; Telecommunications,Not available,Not available,Not available,,1,15424,2023-10-11 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,Check Point ,Israel,Not available,Not available,Not available,https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,4.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/threat-intelligence/chinese-stayin-alive-attacks-basic-loaders-asian-telcos; https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/; https://thehackernews.com/2023/10/researchers-uncover-ongoing.html; https://www.bleepingcomputer.com/news/security/toddycat-hackers-use-disposable-malware-to-target-asian-telecoms/; https://thehackernews.com/2023/10/researchers-unveil-toddycats-new-set-of.html; https://securityaffairs.com/152415/apt/stayin-alive-campaign-toddycat.html; https://securityaffairs.com/152480/breaking-news/security-affairs-newsletter-round-441-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/16th-october-threat-intelligence-report/,2023-10-12,2023-12-20
2684,Hacktivist group AnonGhost hacked Israeli rocket alert app RedAlert on 8 October 2023,"The hacktivist group AnonGhost hacked the RedAlert app on 8 October 2023. The app provides real-time rocket alerts in Israel. The threat actor was able to send spam messages to some users. One of these messages involved the warning of a nuclear attack. Following the compromise, the app was removed from the Google Play Store.",2023-10-08,2023-10-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Hijacking with Misuse,RedAlert,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,AnonGhost,Not available,Non-state-group,Hacktivist(s),1,15429,2023-10-08 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,AnonGh0st,Not available,Not available,AnonGhost,Not available,Non-state-group,https://t.me/AnonGhostOfficialTeam/360,Resources; Secession,Resources; Secession; Third-party intervention / third-party affection,Israel (Hamas et al.); Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Not available,0.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Armed conflict; Due diligence; Disaster management,; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/israel-hamas-war-hacktivism/; https://cybernews.com/cyber-war/israel-redalert-breached-anonghost-hamas/; https://twitter.com/GroupIB_TI/status/1711234869060358562?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1711234869060358562%7Ctwgr%5Efb0d7d087a59f11c02851982a3a0cc95e50670ec%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcybernews.com%2Fcyber-war%2Fisrael-redalert-breached-anonghost-hamas%2F; https://t.me/AnonGhostOfficialTeam/360; https://www.channelnewsasia.com/world/hackers-disrupt-israel-gaza-conflict-hamas-palestinians-cybersecurity-ddos-3836641; https://www.darkreading.com/dr-global/hackers-for-hire-hit-both-sides-in-israel-hamas-conflict; https://www.heise.de/news/Nahostkonflikt-Eskalation-in-den-Cyberraum-9329756.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://securityaffairs.com/152569/malware/redalert-rocket-alerts-spyware.html; https://www.darkreading.com/dr-global/malicious-apps-impersonate-israeli-attack-detectors-conflict-mobile; https://www.darkreading.com/dr-global/pro-iranian-hacktivists-sights-israeli-industrial-control-systems; https://securityaffairs.com/152822/breaking-news/security-affairs-newsletter-round-442-by-pierluigi-paganini-international-edition.html; https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf,2023-10-11,2023-12-20
2683,Pro-India hacktivist group Indian Cyber Force disrupted access to websites of two Canadian public institutions and Ottawa Hospital with DDoS attacks beginning 26 September 2023,"The pro-India hacktivist group Indian Cyber Force disrupted websites of two Canadian public institutions and that of the Ottawa Hospital beginning on 26 September 2023, the hacktivist group claimed on 27 September.
The public institutions were the Canadian Forces website and either that of the Office of the Chief Electoral Officer, also called Elections Canada, or the associated website Elections and Democracy, which runs information and political education on elections. Both websites were disrupted on 27 September, while the Ottawa hospital was disrupted a day earlier on 26 September.
The hacker group linked the disruptions to remarks by Canadian Prime Minister Justin Trudeau to Parliament on 18 September, noting credible allegations of Indian involvement in the murder of Sikh independence activist Hardeep Singh Nijjar, who was wanted by India for years and shot dead outside his temple in June 2023.",2023-09-26,2023-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,Ottawa Hospital - Canadian Armed Forces - Elections and Democracy,Canada; Canada; Canada,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - State institutions / political system - State institutions / political system,Health - Military - Election infrastructure / related systems,Indian Cyber Force,India,Non-state-group,Hacktivist(s),2,15430; 15431,2023-09-27 00:00:00; 2023-09-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,Indian Cyber Force; Indian Cyber Force,Not available; Not available,India; India,Indian Cyber Force; Indian Cyber Force,India; India,Non-state-group; Non-state-group,https://t.me/TeamIndianCyberForce/2982; https://t.me/TeamIndianCyberForce/2985,Other,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-09-28 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Canadian Armed Forces,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://toronto.citynews.ca/2023/09/28/canada-cyberattack-parliament-military-india/; https://www.deccanchronicle.com/nation/current-affairs/280923/indian-cyber-force-claims-responsibility-cyber-attacks-canadian-websit.html; https://t.me/TeamIndianCyberForce/2982; https://t.me/TeamIndianCyberForce/2985,2023-10-11,2023-12-20
2688,"Government-backed group Grayling targeted manufacturing, IT, and biomedical sectors across Taiwan, Vietnam, the US and an unnamed Pacific island for reconnaissance, between February and May 2023","The previously unknown and government-backed hacking group Grayling was reported by Symantec to have conducted reconnaissance operations using publicly available tools as well as custom-made malware. According to the IT security company, the operation did not follow patterns of financial motivation but focused on espionage during its operation in spring 2023.",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available,United States; Asia (region); Vietnam; Taiwan,NATO; NORTHAM -  - ASIA; SCS; SEA - ASIA; SCS,Unknown - State institutions / political system - Unknown - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - Government / ministries -  - Health; ,Grayling,Not available,Unknown - not attributed,,1,15427,2023-10-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,Grayling,Not available,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,4.0,,0.0,euro,None/Negligent,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/nation-state-apt-targeting-taiwan-us; https://thehackernews.com/2023/10/researchers-uncover-grayling-apts.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks,2023-10-11,2023-12-20
2686,Unknown threat actor stole customer information from Spanish airline Air Europa and possibly leaked them in March 2024,"An unknown threat actor stole customer information, including credit card details, from Spanish airline Air Europa through its online payment system, the company reported on 10 October 2023.
On 21 March 2024 Air Europa warned customers that their data may have been leaked. Their email indicated, that the data apparently compromised include first name and surname, identity card or passport, frequent flyer code of the Suma program, postal address, date of birth, telephone, e-mail and nationality. ",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Air Europa,Spain,EUROPE; NATO; EU(MS),Critical infrastructure,Transportation,Not available,Not available,Not available,,1,18467,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Air law; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.reuters.com/business/aerospace-defense/spanish-airline-air-europa-hit-by-credit-card-system-breach-2023-10-10/; https://www.heise.de/news/Kurz-informiert-Cyberangriff-Gazakonflikt-auf-X-FTX-Prozess-Homeoffice-9331307.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Bei-Cyberangriff-auf-spanische-Air-Europa-wurden-Kreditkartendaten-offengelegt-9330659.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Mittwoch-Cyberangreifer-erbeuten-Kreditkartendaten-Rivian-mit-Kostenproblemen-9330665.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/152316/data-breach/airline-air-europa-data-breach.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-13th-2023-increasing-attacks/; https://securityaffairs.com/152480/breaking-news/security-affairs-newsletter-round-441-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/16th-october-threat-intelligence-report/; https://therecord.media/queretaro-international-airport-mexico-cyberattack; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/american-airlines-pilot-union-cyberattack; https://www.larazon.es/andalucia/malaga/enrique-rando-experto-ciberseguridad-estaremos-expuestos-gobiernos-hostiles-que-intenten-alterar-servicios-criticos_2024022965ddd7244129260001dc3b7e.html; https://www.reuters.com/technology/cybersecurity/iag-flags-air-europas-customers-personal-data-leak-wsj-reports-2024-03-21/; https://www.elperiodico.com/es/economia/20240324/aviso-air-europa-clientes-ciberataque-dv-99845009; https://www.abc.es/economia/air-europa-sufre-ciberataque-filtra-datos-numero-20240321204543-nt.html; https://cadenaser.com/nacional/2024/03/22/air-europa-desvela-que-datos-de-sus-clientes-fueron-robados-en-su-ultimo-hackeo-cadena-ser/; https://www.lavozdegalicia.es/noticia/economia/2024/03/22/air-europa-sufre-segundo-ciberataque-filtra-datos-clientes/00031711103452011725948.htm; https://cadenaser.com/nacional/2024/03/22/air-europa-desvela-que-datos-de-sus-clientes-fueron-robados-en-su-ultimo-hackeo-cadena-ser/; https://www.tourinews.es/empresas-turismo/air-europa-otro-ciberataque-roban-datos-personales-clientes_4480881_102.html; https://www.bolsamania.com/noticias/empresas/economiaempresas--air-europa-sufrio-un-segundo-ciberataque-en-el-que-robaron-datos-de-clientes--16482038.html; https://okdiario.com/economia/air-europa-detecta-segundo-ciberataque-que-filtraron-datos-sus-clientes-12570277; https://www.telecinco.es/noticias/sociedad/20240322/air-europa-filtracion-datos-personales-clientes-pasajeros-ciberataque-sistema_18_012045298.html; https://andaluciainformacion.es/conil/1609790/air-europa-sufre-un-segundo-ciberataque-en-el-que-robaron-datos-de-clientes/; https://www.diariodeibiza.es/ibiza/2024/03/23/air-europa-advierte-posible-filtracion-99868804.html; https://www.iprofesional.com/actualidad/402660-aireuropa-alerta-por-datos-de-clientes-filtrados-en-ciberataque; https://www.larazon.es/economia/air-europa-sufrio-segundo-ciberataque-donde-filtraron-datos-personales-clientes_2024032265fd6e4117c56e0001c9a2dd.html; https://www.elperiodico.com/es/economia/20240323/aviso-air-europa-clientes-ciberataque-dv-99845009; https://www.elperiodico.com/es/economia/20240322/air-europa-segundo-ciberataque-datos-clientes-99834952; https://www.lavozdelanzarote.com/ekonomus/economia/air-europa-avisa-posible-filtracion-datos-personales-clientes_225173_102.html; https://www.xataka.com/seguridad/air-europa-avisa-que-estos-datos-personales-sus-clientes-pueden-haberse-filtrado-esto-que-sabemos-incidente; https://www.antena3.com/noticias/economia/ciberataque-air-europa-detectan-nueva-brecha-seguridad-que-habria-filtrado-datos-personales-clientes_2024032165fc9fe717c56e0001c79f35.html,2023-10-11,2024-04-04
2690,French hospital center of western Vosges targeted in October 2023,"Two hospitals in Vittel and Neufchâteau belonging to the hospital center of Western Vosges in France were hit by a cyberattack in October 2023. The hospitals disclosed the incident on 7 October, noting extensive disruptions including the suspension of scheduled consultations and surgical interventions. Public reporting did not immediately disclose whether ransomware was involved in the attack. ",2023-10-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Centre hospitalier de l’ouest des Vosges,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,15425,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.leparisien.fr/faits-divers/deux-hopitaux-des-vosges-victimes-dune-cyberattaque-consultations-et-interventions-suspendues-07-10-2023-T7JBUFS4A5AH7DYIU5NL575QBI.php; https://www.usine-digitale.fr/article/l-hopital-d-armentieres-vise-par-une-attaque-par-ransomware-les-urgences-ferment.N2208158,2023-10-11,2023-12-20
2689,Unknown hackers disrupted website of Israeli rescue organisation United Hatzalah on 9 October 2023,"Unknown hackers disrupted the website of the Israeli rescue organisation United Hatzalah on the night of 9 October 2023, United Hatzalah reported.
The president and founder of United Hatzalah, Eli Beer, said that this disruption caused the organisation to miss out on estimated hundreds of thousands of dollars in donations.",2023-10-09,2023-10-09,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,United Hatzalah,Israel,ASIA; MENA; MEA,Critical infrastructure,Health,Not available,Not available,Not available,,1,15426,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Resources; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Armed conflict; Sovereignty; Aid and development,"Economic, social and cultural rights; Conduct of hostilities; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.jpost.com/israel-news/article-767477,2023-10-11,2023-12-20
2682,Unknown actors skimmed payment details off websites of food and retail companies,"Unknown actors compromised the websites of food and retail companies, Akamai Technologies reported in a technical report published on 9 October 2023. Using novel obfuscation techniques, the threat actors leveraged the Magecart malware framework to intercept potentially sensitive payment details of customers using the targeted e-commerce sites.  ",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Not available; Not available, - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Food,Not available,Not available,Not available,,1,13802,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,4,Moderate - high political importance,4.0,Minor,5.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",Not available,0.0,Not available,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hackers-modify-online-stores-404-pages-to-steal-credit-cards/; https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer; https://www.wired.com/story/us-congress-spyware/; https://tarnkappe.info/artikel/it-sicherheit/magecart-hacker-stehlen-von-kartendaten-ueber-404-fehlerseiten-281306.html,2023-10-10,2023-10-20
2681,Unknown threat actor targeted British manufacturer of critical power and data transmission products Volex,"An unknown threat actor gained access to the IT systems and data at some of the international sites of the British critical power and data transmission products manufacturer Volex, the company communicated in a press release on 9 October 2023. ",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,,Volex,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,13804,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,Not available,none,none,0,Moderate - high political importance,0.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.volex.com/investor-relations/regulatory-news/; https://therecord.media/manufacturing-giant-hit-with-cyberattack; https://therecord.media/manufacturing-giant-dealing-with-disruptive-cyberattack,2023-10-10,2023-10-20
2679,Hacktivist group 'Sylhet Gang' disrupted website of Tel Aviv Sourasky Medical Center,The hacktivist group 'Sylhet Gang' disrupted the website of the Tel Aviv Sourasky Medical Center on 9 October 2023.,2023-10-09,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Disruption,Tel Aviv Sourasky Medical Center,Israel,ASIA; MENA; MEA,Critical infrastructure,Health,Sylhet Gang,Not available,Non-state-group,Hacktivist(s),1,13871,2023-10-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Not available,Not available,Not available,Sylhet Gang,Not available,Non-state-group,https://www.darkreading.com/dr-global/hacktivists-enter-fray-following-hamas-strikes-against-israel,Resources; Secession,Resources; Secession; Third-party intervention / third-party affection,Israel (Hamas et al.); Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/dr-global/hacktivists-enter-fray-following-hamas-strikes-against-israel,2023-10-10,2023-11-07
2678,Hacktivist group 'Anonymous Sudan' disrupted website of Israel's Jerusalem Post beginning on 7 October 2023,"The hacktivist group 'Anonymous Sudan' disrupted the website of Israel's Jerusalem Post beginning on 7 October 2023, the group declared via its Telegram channel on 8 October.
Jerusalem Post editor-in-chief Avi Mayer confirmed the disruption to The Daily Beast on 8 October without elaborating on who was behind it. Mayer described the incident as a result of several successful disruptions.
Anonymous Sudan also proclaimed on 7 October that it was targeting critical Israeli infrastructure and siding with Palestine in the esclation in the conflict between Israel and Hamas, following the latters assault on Israel on October 7.",2023-10-07,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Jerusalem Post,Israel,ASIA; MENA; MEA,Media,,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),1,13872,2023-10-08 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,https://t.me/xAnonymousSudan/113,Resources; Secession,Resources; Secession; Third-party intervention / third-party affection,Israel (Hamas et al.); Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.thedailybeast.com/jerusalem-posts-website-taken-down-by-cyberattacks-day-after-hamas-strikes-israel; https://t.me/xAnonymousSudan/113; https://www.darkreading.com/dr-global/hacktivists-enter-fray-following-hamas-strikes-against-israel; https://therecord.media/hacktivists-take-sides-israel-palestinian; https://www.channelnewsasia.com/world/hackers-disrupt-israel-gaza-conflict-hamas-palestinians-cybersecurity-ddos-3836641; https://www.heise.de/news/Nahostkonflikt-Eskalation-in-den-Cyberraum-9329756.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.darkreading.com/dr-global/gaza-conflict-paves-way-information-operations-campaigns; https://www.darkreading.com/dr-global/israeli-cybersecurity-startups-impact-of-a-growing-conflict-; https://www.c4isrnet.com/cyber/2023/10/31/hacktivists-join-the-front-lines-in-israel-hamas-war/; https://securityaffairs.com/152153/hacking/gaza-linked-hackers-argeting-israel.html; https://www.darkreading.com/dr-global/hackers-for-hire-hit-both-sides-in-israel-hamas-conflict,2023-10-10,2023-11-27
2675,'Rhysida' ransomware gang disrupted administration of City of Gondomar in Portugal in September 2023,"The administration of the city of Gondomar in Portugal was hit by a ransomware attack on 27 September 2023. The attack led to disruptions in the services offered by the municipality. The 'Rhysida' ransomware gang declared responsibility for the attack on 5 October, providing samples of passports and financial documents allegedly stolen from the cities systems to back up this claim. In an analysis dated August 8, checkpoint research suggests a connection between Vice Society and Rhysida. Checkpoint Research points to the close temporal connection between the disappearance of Vice Society and the emergence of Rhysida, to technical similarities between the threat actors and to similarities in the areas in which they are active, namely education and health.",2023-09-27,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Municipal Chamber of Gondomar,Portugal,EUROPE; NATO; EU(MS),State institutions / political system,Civil service / administration,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15584,2023-10-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://twitter.com/AlvieriD/status/1710093810632433695,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/rhysida-ransomware-gang-attacks-on-portugal-dominican-republic-governments; https://www.facebook.com/CamaraMunicipalGondomar/posts/719474046887589; https://www.facebook.com/CamaraMunicipalGondomar/posts/722190233282637; https://twitter.com/AlvieriD/status/1710093810632433695; https://therecord.media/sony-investigating-ransomware-insomniac-games; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/; https://therecord.media/world-council-churches-lutheran-world-federation-cyberattacks; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax,2023-10-09,2023-12-29
2674,Chinese state-sponsored threat actors targeted semiconductor industry in East Asia beginning in August 2023,"A Chinese state-sponsored hacking group has been targeting the semiconductor industry in East Asia beginning in August 2023, EclecticIQ identified on 5 October 2023. The campaign, which shared overlaps with the Chinese threat actors 'RedHotel' and 'APT27', focused on Taiwan, Hong Kong and Singapore. 
The attackers utilized a fake PDF document with references to the Taiwanese semiconductor company TSMC in the campaign to deliver the HyperBro malware loader. HyperBro has been tracked in operations since 2018 and documented in use by the Chinese state-backed group APT27. The particular variant deployed against the semiconductor companies showed similarities with a version that Recorded Future had tied to the Chinese state-sponsored actor RedHotel in August 2023. 
The HyperBro version analysed EclecticIQ communicated with an infected Cobra DocGuard server, an encryption solution provided by the Chinese company EsafeNet, to deliver Cobalt Strike codes and a backdoor backdoor, which EclecticIQ tracks as 'ChargeWeapon', to compromised machines. Use of Cobra DocGuard servers for malware distribution has been observed for several distinct threat actors. Symantec reported on a new threat actor the company named 'Caderbee' leveraging this vector since April 2023. ESET had noted the use of the company's hijacked infrastructure by APT27 going back to September 2021.",2023-08-21,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,Singapore; Hong Kong; Taiwan,ASIA - ASIA - ASIA; SCS,Critical infrastructure - Critical infrastructure - Critical infrastructure,Critical Manufacturing - Critical Manufacturing - Critical Manufacturing,Unknown,China,"Non-state actor, state-affiliation suggested",,1,13876,2023-10-05 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,EclecticIQ,EclecticIQ,Netherlands,Unknown,China,"Non-state actor, state-affiliation suggested",https://blog.eclecticiq.com/chinese-state-sponsored-cyber-espionage-activity-targeting-semiconductor-industry-in-east-asia,Resources; International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html; https://blog.eclecticiq.com/chinese-state-sponsored-cyber-espionage-activity-targeting-semiconductor-industry-in-east-asia; https://www.bleepingcomputer.com/news/security/china-linked-cyberspies-backdoor-semiconductor-firms-with-cobalt-strike/; https://therecord.media/south-korea-semiconductor-industry-espionage-north-korea,2023-10-09,2023-12-21
2676,Criminal group RansomedVC gained access to web server of hosting provider DataNet and stole voter data of District of Columbia Board of Elections (DCBOE),"The criminal group RansomedVC gained access to the web server of hosting provider DataNet and stole voter data of the District of Columbia Board of Elections (DCBOE), RansomedVC claimed on 5 October 2023.
The group alleges the dataset includes over 600,000 lines of US voter data, including individual's name, registration ID, voter ID, partial Social Security number, driver's license number, date of birth, phone number, email contact details. RansomedVC plans to sell the information to a single buyer.
An anonymous source told Bleeping Computer on 3 October that this database had first been offered for sale on BreachForums and Sinister.ly, by a user named 'pwncoder'. These posts have since been deleted. According to the anonymous source, the voter records were obtained from an MSSQL database.
In an update on 20 October, the Board of Elections admitted that DataNet Systems’ breached database server did contain a copy of the DCBOE’s voter roll.",2023-10-05,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,DataNet - District of Columbia Board of Elections (DCBOE),Not available; United States, - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system, - Election infrastructure / related systems,Ransomed.vc,Not available,Non-state-group,Criminal(s),1,13874,2023-10-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Ransomed.vc,Not available,Not available,Ransomed.vc,Not available,Non-state-group,https://www.databreaches.net/d-c-board-of-elections-voter-registration-data-up-for-sale-on-dark-web/,Unknown,Not available,,Not available,,1,2023-10-06 00:00:00,State Actors: Stabilizing measures,Subnational executive official,United States,District of Columbia Board of Elections (USA ,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-10-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Multi-State Information Sharing and Analysis Center (MS-ISAC),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/dc-board-of-elections-confirms-voter-data-stolen-in-site-hack/; https://www.databreaches.net/d-c-board-of-elections-voter-registration-data-up-for-sale-on-dark-web/; https://cyberscoop.com/washington-dc-board-elections-breach/; https://research.checkpoint.com/2023/9th-october-threat-intelligence-report/; https://cyberscoop.com/dc-board-elections-breach/; https://www.dcboe.org/databreach/; https://www.bleepingcomputer.com/news/security/dc-board-of-elections-hackers-may-have-breached-entire-voter-roll/; https://research.checkpoint.com/2023/23rd-october-threat-intelligence-report/; https://therecord.media/washington-dc-voter-roles-hackers; https://www.theregister.com/2023/10/23/washington_elections_agency_breach/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2023-10-09,2024-04-18
2677,'Rhysida' ransomware gang breached Migration Agency of Dominican Republic on 14 September 2023,"The General Directorate of Migration of the Dominican Republic was targeted in a ransomware attack on 14 September 2023. The agency reported the theft of personal data - including names, addresses and dates of birth - and announced that an investigation into the incident was underway. The ransomware group 'Rhysida' publicly claimed the attack on 4 October, demanding a ransom of 700,000 USD in exchange for not releasing stolen data.  
In an analysis dated August 8, checkpoint research suggests a connection between Vice Society and Rhysida. Checkpoint Research points to the close temporal connection between the disappearance of Vice Society and the emergence of Rhysida, to technical similarities between the threat actors and to similarities in the areas in which they are active, namely education and healthcare.
",2023-09-14,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse; Ransomware,Dirección General de Migración ,Dominican Republic,,State institutions / political system,Civil service / administration,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15583,2023-10-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://twitter.com/_bettercyber_/status/1709512827122204946,Unknown,Not available,,Not available,,1,2023-10-04 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Dominican Republic,General Directorate of Migration of the Dominican Republic,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/rhysida-ransomware-gang-attacks-on-portugal-dominican-republic-governments; https://twitter.com/MigracionRDo/status/1709723006023487989; https://twitter.com/_bettercyber_/status/1709512827122204946; https://therecord.media/sony-investigating-ransomware-insomniac-games; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/; https://therecord.media/world-council-churches-lutheran-world-federation-cyberattacks,2023-10-09,2023-12-29
2673,Website of the Australian Department of Home Affairs hit by DDoS attack in October 2023,"The website of the Australian Department of Home Affairs was targeted by a DDoS attack in the night of 5-6 October 2023, leaving the website temporarily inaccessible. Performance issues persistent throughout the following day. The Department of Home Affairs publicly acknowledged the attack and launched an investigation. ",2023-10-05,2023-10-06,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,Department of Home Affairs,Australia,OC,State institutions / political system; State institutions / political system,Government / ministries; Government / ministries,Not available,Not available,Not available; Not available,,1,13877,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-10-06 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Australia,Australian Department of Home Affairs,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.abc.net.au/news/2023-10-06/home-affairs-immigration-hit-ddos-attack/102944606,2023-10-06,2023-10-25
2672,Pro-Ukrainian hacktivist group 'Hdr0' defaced website of Russian Red Cross on 4 October 2023,The pro-Ukrainian hacktivist group 'Hdr0' defaced the website of the Russian Red Cross on 4 October 2023. The hacktivists used the website to display content in protest of the release of ethical guidelines for civilian hackers in armed conflicts by the International Red Cross. The displayed content criticized the conduct of the Russian Red Cross in the course of the Ukraine war and its connections to the Russian federal state. The website was taken down shortly after the defacement. ,2023-10-04,2023-10-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Hijacking with Misuse,Russian Red Cross,Russia,EUROPE; EASTEU; CSTO; SCO,Social groups,Advocacy / activists (e.g. human rights organizations),hdr0,Ukraine,Non-state-group,Hacktivist(s),1,14518,2023-10-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,hdr0,Not available,Not available,hdr0,Ukraine,Non-state-group,http://web.archive.org/web/20231004195529/https://redcross.ru/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Armed conflict; Due diligence; Sovereignty; Aid and development; International organizations,Conduct of hostilities; ; ; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/hacktivists-respond-to-red-cross-rules-with-ridicule; http://web.archive.org/web/20231004195529/https://redcross.ru/; https://t.me/Hdr0_one/210; https://www.wired.com/story/israel-hamas-war-hacktivism/,2023-10-06,2024-03-06
2671,Unspecified China-aligned hacking group gained access to Guyanese government entity's network and stole information in February 2023,"An unspecified China-aligned hacking group gained access to a Guyanese government entity's network and stole information in February 2023, the Slovakian IT security firm ESET attributed with medium confidence in a technical report published on 5 October 2023.
The threat actor initially managed to gain access to a couple of computers of the Guyanese government unit via spearphishing. The malicious link in the spearphishing email also contained the domain extension gov.vn, leading ESET to believe that the corresponding government entity in Vietnam had also been compromised. 
ESET further assessed that the suspected espionage operation was informed by economic interests under China's Belt and Road Initiative. The operation overlapped with the arrest of three persons by Guyana's Special Organised Crime Unit (SOCU) in February 2023 as part of a money laundering investigation also involving Chinese companies.",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Guyana,,State institutions / political system; State institutions / political system,Government / ministries; Government / ministries,Not available,China,Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,; ; ; ; ; ,1,13926,2023-10-05 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,ESET,Slovakia,Not available,China,Unknown - not attributed,https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity/,Resources; International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/threat-intelligence/operation-jacana-dinodasrat-custom-backdoor; https://thehackernews.com/2023/10/guyana-governmental-entity-hit-by.html; https://therecord.media/suspected-china-linked-hackers-target-guyana-government; https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity/; https://securityaffairs.com/152118/breaking-news/security-affairs-newsletter-round-440-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/dinodasrat-malware-targets-linux-servers-in-espionage-campaign/; https://www.govinfosecurity.com/dinodasrat-backdoor-targeting-linux-machines-worldwide-a-24748; https://securityaffairs.com/161255/malware/linux-variant-dinodasrat-backdoor.html,2023-10-06,2024-04-02
2670,Unspecified Chinese state-sponsored hacking group targeted foreign ministry of ASEAN member state and organisations in Mongolia,"On 4 October 2023, the IT security firm Elastic Security Labs disclosed an intrusion set, tracked as REF5961, associated with a China-nexus actor targeting the foreign ministry of an ASEAN member state. 
Elastic observed three malware families, EAGERBEE, RUDEBIRD and DOWNTOWN, being leveraged against two unspecified ASEAN-related victims. The samples investigated in the assessment of REF5961 were discovered in an environment where a second intrusion set, REF2924, was active in parallel. Elastic has not concluded whether both intrusion sets are operated by the same threat actor. As part of the analysis of REF5961 activity, Elastic disovered EAGERBEE samples that were used in a targeted campaign likely aimed at governmental entities or NGOs in Mongolian that exfiltrated data from affected organisations. Elastic linked these targeting efforts to REF2924.
EAGERBEE samples identified by Elastic correlated with previous research on the Chinese state-sponsored hacking group APT27. A review of the implant DOWNTOWN showed overlaps in the victimology and similarities in code with the SManager/PhantomNet malware, previously attributed to the Chinese state-sponsored hacking group TA428.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Mongolia; Southeast Asia (region),ASIA; EASIA; NEA - ,Not available - State institutions / political system, - Government / ministries,Not available,China,"Non-state actor, state-affiliation suggested",,1,13927,2023-10-04 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Elastic Security Labs,Elastic Security Labs,United States,Not available,China,"Non-state actor, state-affiliation suggested",https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set,Autonomy; Subnational predominance; Resources,Autonomy; Subnational predominance; Resources,China (Inner Mongolia); China (Inner Mongolia); China (Inner Mongolia),Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,2.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set,2023-10-06,2023-12-22
2669,Unknown threat actors disrupted services of the international mobile virtual network operator Lyca Mobile,"Unknown threat actors targeted the internationally active mobile virtual network operator Lyca Mobile during the last week of September 2023. The incident disrupted company networks and some national and international telecommunication services. Customers and retailers could not access top-ups through company channels. The attack impacted all served countries except for the US, Australia, Tunisia and Ukraine. ",2023-09-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Lyca Mobile,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,13928,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,International telecommunication law; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/151945/hacking/cyberattack-hit-lyca-mobile.html; https://therecord.media/cyberattack-on-lyca-stops-calls; https://www.lycamobile.co.uk/en/announcement; https://www.bleepingcomputer.com/news/security/lyca-mobile-investigates-customer-data-leak-after-cyberattack/; https://securityaffairs.com/152118/breaking-news/security-affairs-newsletter-round-440-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/9th-october-threat-intelligence-report/,2023-10-05,2023-10-27
2664,Iranian State-Sponsored Hacking Group 'APT34' targeted Saudi-based victims with new Menorah malware in cyber espionage campaign beginning in August 2023,"The suspected Iranian hacking group 'APT34', better known as OilRig and Helix Kitten, has targeted Saudi Arabia-based victims in its latest cyber-espionage campaign, which began in August 2023. The threat actor primarily made use of phishing emails to spread the newly identified malware Menorah. 
Menorah is designed for espionage and enables the exfiltration of selected files, execution of shell commands and the download of additional files onto compromised systems. This malware variant shares similarities with the SideTwist backdoor but is equipped with enhanced functionality and anti-detection precautions. 
According to a Trend Micro threat report, phishing emails used a forged document associated with the Seychelles Licensing Authority and contained pricing information in Saudi riyal, suggesting a Saudi Arabian target. 
APT34 has been active in the Middle East since at least 2014, focusing on government organisations and businesses in several sectors, such as finance, energy, chemicals and telecommunications.",2023-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Saudi Arabia,ASIA; MENA; MEA; GULFC,Not available,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13933,2023-09-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,Trend Micro,Japan,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en_th/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html,System / ideology; International power,System/ideology; International power,Iran – Saudi Arabia; Iran – Saudi Arabia,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/alleged-iran-hackers-target-saudi-arabia-with-new-spy-malware; https://www.trendmicro.com/en_th/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html; https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html,2023-10-04,2023-10-27
2662,"Ransomware group 'LockBit' carried out ransomware attack against Fauquier County public school district in Virginia, USA, in September 2023","Fauquier County Public Schools in the US state of Virginia faced a LockBit ransomware attack on 12 September 2023. Despite the attack, the school district, which educates more than 11,200 students across 20 elementary, middle and high schools, managed to maintain normal operations with minimal impact.
The school district immediately engaged cybersecurity experts and law enforcement and launched an internal investigation. A response team of leading cybersecurity experts was assembled to defend against the attack. The personal information of students and staff is not believed to have been compromised.
LockBit, which claimed responsibility for the attack, has issued a ransom demand and set a deadline for payment by 19 October. No details about the nature of the affected data or the intention to pay the ransom were immediately publicly available.",2023-09-12,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Fauquier County Public Schools,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,LockBit,Russia,Non-state-group,Criminal(s),1,13935,2023-10-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,LockBit,Not available,Russia,LockBit,Russia,Non-state-group,https://x.com/_bettercyber_/status/1708625857504256283?s=20https://x.com/_bettercyber_/status/1708625857504256283?s=20,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/virginia-school-district-open-lockbit; https://x.com/_bettercyber_/status/1708625857504256283?s=20https://x.com/_bettercyber_/status/1708625857504256283?s=20,2023-10-04,2023-11-27
2663,Chinese state-sponsored hacking group 'APT41' distributed surveillance malware via messenger apps ,"The Chinese state-sponsored hacking group 'APT41' distributed surveillance malware via messenger applications, such as WeChat or Telegram, to take advantage of the access permissions granted to the targeted apps. The leveraged malware LightSpy is a modular surveillance toolset that enabled the exfiltration of private information, including granular location data, details of WeChat Pay transactions, and sound recording during VOIP calls.
",2018-12-11,2023-07-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Not available; China, - ASIA; SCS; EASIA; NEA; SCO,End user(s) / specially protected groups - End user(s) / specially protected groups, - ,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13934,2023-10-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Threat Fabric,Threat Fabric,Netherlands,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.threatfabric.com/blogs/lightspy-mapt-mobile-payment-system-attack#attribution,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.govinfosecurity.com/chinese-apt-actors-target-wechat-users-a-23216; https://www.threatfabric.com/blogs/lightspy-mapt-mobile-payment-system-attack#attribution; https://thehackernews.com/2023/10/researchers-link-dragonegg-android.html; https://www.bleepingcomputer.com/news/security/winntis-new-unapimon-tool-hides-malware-from-security-software/,2023-10-04,2023-10-27
2665,Ransomware group 'Cuba' targeted Rock County Public Health Department with ransomware on 29 September 2023,"The 'Cuba' ransomware group targeted the Public Health Department in Rock County, Wisconsin, on 29 September 2023. The incident affected several of the department's computer systems and forced officials to take some systems offline. Cuba claimed to have obtained financial and tax documents, among other information.",2023-09-29,2023-09-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Rock County Public Health Department,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Cuba Ransomware,Not available,Non-state-group,Criminal(s),1,14660,2023-10-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cuba Ransomware,Not available,Not available,Cuba Ransomware,Not available,Non-state-group,https://twitter.com/_bettercyber_/status/1709134636301897739/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1709134636301897739%7Ctwgr%5E0ce914ee24b3bcb44bdd7e4e82001651dceba776%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Fwisconsin-county-dealing-with-ransomware-attack-healthcare,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/wisconsin-county-dealing-with-ransomware-attack-healthcare; https://twitter.com/_bettercyber_/status/1709134636301897739/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1709134636301897739%7Ctwgr%5E0ce914ee24b3bcb44bdd7e4e82001651dceba776%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Fwisconsin-county-dealing-with-ransomware-attack-healthcare; https://research.checkpoint.com/2023/9th-october-threat-intelligence-report/,2023-10-04,2023-11-27
2666,'KillNet' conducted DDoS attack against official website of UK royal family on 1 October 2023,The Russian hacktivist group 'KillNet' claimed responsibility for a DDoS attack on the official website of the UK royal family on 1 October 2023. The attack disrupted access to the website for around 90 minutes. ,2023-10-01,2023-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Official website of the UK royal family,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Government / ministries,Killnet,Russia,Non-state-group,Hacktivist(s),1,14512,2023-10-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Not available,Killnet,Russia,Non-state-group,https://t.me/killnet_reservs/7630,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/cloud/killnet-ddos-attack-royal-family-website; https://t.me/killnet_reservs/7630; https://www.darkreading.com/threat-intelligence/russian-hacktivism-takes-toll-organizations-ukraine-eu-us,2023-10-04,2023-11-27
2667,Unknown threat actor targeted the New Mexico Office of Superintendent of Insurance with ransomware on 28 September 2023,"An unknown threat actor targeted the New Mexico Office of Superintendent of Insurance with ransomware on 28 September 2023 and took offline the agency's website, email and phone system for at least one week. According to local media reports, the attackers asked for a two million dollar ransom to unlock encrypted files.",2023-09-28,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,New Mexico Office of Superintendent of Insurance,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,13930,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-09-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.kob.com/new-mexico/nm-office-of-superintendent-of-insurance-confirms-cyber-incident/; https://ground.news/article/new-mexico-insurance-agency-faces-cyber-attack; https://ladailypost.com/new-mexico-state-office-of-superintendent-of-insurance-has-detected-cyber-incident-on-its-network/,2023-10-04,2023-10-27
2668,European Telecommunications Standards Institute (ETSI) disclosed breach of user database on 27 September 2023,"The European Telecommunications Standards Institute (ETSI) disclosed a data breach of its user database on 27 September 2023. Based in France, ETSI was founded on the initiative of the European Commission in 1988 and accepted as the European norm-setting institution for standards in information- and telecommunication technologies. In a press release on its website, the institute noted that it worked in ""close collaboration with the French National Cybersecurity Agency (ANSSI) to investigate and repair the information systems."" According to this statement, the vulnerability exploited by the threat actor to gain access has been fixed. No additional details on the nature of the vulnerability were disclosed, leaving open the question whether the exploited flaws was a zero-day vulnerability. ETSI operates on the belief that its online user database has been compromised as a result of the incident. The institute noted that it has submitted the appropriate notification to the French data protection authority (CNIL) as required under the General Data Protection Regulation (GDPR). The French authorities have opened a criminal investigation into the incident.",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse, European Telecommunications Standards Institute (ETSI),France,EUROPE; NATO; EU(MS); WESTEU,International / supranational organization,,Not available,Not available,Not available,,1,13929,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty; International organizations,,Not available,1,2023-09-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Agence nationale de la sécurité des systèmes d’information (ANSSI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/151845/data-breach/etsi-data-breach.html; https://therecord.media/etsi-telecommunications-standards-body-hack-database-stolen; https://www.etsi.org/newsroom/news/2267-etsi-faced-a-cyberattack; https://securityaffairs.com/152118/breaking-news/security-affairs-newsletter-round-440-by-pierluigi-paganini-international-edition.html,2023-10-04,2023-10-27
2661,North Korean state-sponsored hacking group 'Lazarus' gained access to network of unspecified Spanish aerospace company beginning in 2022,"The North Korean state-sponsored hacking group 'Lazarus' gained access to the network of an unspecified Spanish aerospace company beginning in 2022, the Slovakian IT security firm ESET assessed with high confidence in a technical report released on 29 September 2023.
The APT group posed as a recruiter for the technology company Meta and tricked an employee of the Spanish aerospace company into opening two malicious files on their corporate computer, which were disguised as programming tasks that the employee wanted to solve as part of the job application. After Lazarus had established access, the group, among other payloads, introduced the previously undocumented backdoor LightlessCan in the networks of the affected company. ESET linked the infiltration to Operation DreamJob, a Lazarus activity cluster identified by ClearSky in August 2020 targeting defense and aerospace companies for espionage. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Spain,EUROPE; NATO; EU(MS),Critical infrastructure,Space,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13936,2023-09-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,ESET,Slovakia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.govinfosecurity.com/hackers-impersonate-meta-recruiter-to-target-aerospace-firm-a-23199; https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/; https://therecord.media/north-korean-govt-hackers-spain; https://securityaffairs.com/151771/apt/lazarus-targets-spanish-aerospace-firm.html; https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace; https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/; https://thehackernews.com/2023/09/lazarus-group-impersonates-recruiter.html; https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-aerospace-firm-with-new-lightlesscan-malware/; https://cyberscoop.com/north-korea-meta-linkedin/; https://securityaffairs.com/152118/breaking-news/security-affairs-newsletter-round-440-by-pierluigi-paganini-international-edition.html; https://www.welivesecurity.com/en/cybersecurity/cyber-swiss-army-knife-tradecraft/; https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/,2023-10-02,2024-02-20
2660,IT Army of Ukraine targeted Russian flight booking system with DDoS attack on 28 September 2023,"The Leonardo flight booking system used by several Russian airlines was hit by a DDoS attack on 28 September 2023. The IT Army of Ukraine claimed responsibility for the attack, which led to disruptions of the system and consequently to delays in scheduled flights. According to Aeroflot, some flights at Moscow's Sheremetyevo International Airport were delayed by up to one hour. ",2023-09-28,2023-09-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s); Attack on critical infrastructure target(s); Attack on critical infrastructure target(s); Attack on critical infrastructure target(s)",; ; ; ; ; ; ; ,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,None - None - None - None,Russia; Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation - Transportation,,Ukraine,Non-state-group,Hacktivist(s),1,13718,2023-09-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,IT Army of Ukraine,Not available,Not available,,Ukraine,Non-state-group,https://t.me/itarmyofukraine2022/1701,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/russia-flight-booking-system-leonardo-ddos; https://t.me/itarmyofukraine2022/1701; https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/; https://therecord.media/russia-seeks-criminal-charges-against-flight-booking-executives-leonardo,2023-09-29,2024-04-09
2659,Ransomware group 'Medusa' suspected of hitting Auckland Transport with DDoS attack beginning on 29 September 2023,"The New Zealand public transportation organization Auckland Transport was hit by a DDoS attack beginning on 29 September 2023. The attack led to intermittent accessibility problems with the organisation's website, mobile and parking apps, public information displays, and journey planner. In a press release, Auckland Transport linked the incident to a ransomware attack earlier in September. The ransomware group 'Medusa' had set a deadline for 26 September to pay a $1 million ransom, which Auckland Transportation refused. ",2023-09-29,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Auckland Transport,New Zealand,OC,Critical infrastructure,Transportation,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,13717,2023-09-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Auckland Transport,Not available,New Zealand,Medusa Ransomware Group,Not available,Non-state-group,https://at.govt.nz/bus-train-ferry/service-announcements/at-hop-technical-outage,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.stuff.co.nz/national/crime/300980243/auckland-transport-experiencing-another-cyberattack-likely-related-to-previous; https://at.govt.nz/bus-train-ferry/service-announcements/at-hop-technical-outage,2023-09-29,2023-10-19
2658,Chinese threat actor 'Budworm' targeted Middle Eastern telecommunications organisation and Asian government in August 2023,The Chinese hacking group 'Budworm' compromised a telecommunications company in the Middle East and an unnamed government entity in Asia during August 2023. The cybersecurity company Symantec observed the use of custom malware only associated with Budworm in the operations. The attacks seem to have been stopped at an early stage as evidence of infection of internal systems only related to credential harvesting. ,2023-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Middle East (region); Asia (region), - ,Critical infrastructure - State institutions / political system,Telecommunications - Government / ministries,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027/Budworm,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13716,2023-09-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027/Budworm,China,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-tool-update-telecoms-govt,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,2.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-tool-update-telecoms-govt; https://thehackernews.com/2023/09/china-linked-budworm-targeting-middle.html; https://www.bleepingcomputer.com/news/security/budworm-hackers-target-telcos-and-govt-orgs-with-custom-malware/; https://therecord.media/suspected-chinese-hackers-target-telecom-asia-government; https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/,2023-09-29,2023-10-19
2657,Ransomware group 'Dark Angel' encrypted computers and servers belonging to US building technologies manufacturer Johnson Controls and stole corporate data during 23-24 September 2023,"The ransomware group 'Dark Angel' encrypted computers and VMware ESxi servers of US building technologies manufacturer Johnson Controls and stole corporate data over the weekend of 23 and 24 September 2023, Bleeping Computer reported based on an anonymous source on 27 September. 
The unnamed source claimed that the initial compromise affecting Johnson Controls occured at its Asian offices. Ahead of the publication of the Bleeping Computer article, Nextron Systems threat researcher Gameel Ali observed a ransom note showing that Dark Angel's VMWare ESxi encrypter had been used against Johnson Controls. In the ransom demand, the Dark Angel ransomware group claimed to have stolen over 27TB of corporate data and demanded $51 million to delete the stolen data and decrypt the encrypted computer systems. In an 8-K form filed with the United States Securities and Exchange Commission (SEC), Johnson Controls indirectly acknowledged the data theft by writing that it had yet to determine what data was affected. In a quaterly report on January 30, Johnson Controls confirmed that the cyberattack, was, a ransomware attack that resulted in the theft of data. Furthermore,they stated that the attack cost the company 27 Million Dollar in expenses.",2023-09-23,2023-09-24,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Johnson Controls,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,Dark Angel Ransomware Group,Not available,Non-state-group,Criminal(s),1,16694,2023-09-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Dark Angel Ransomware Group,Not available,Not available,Dark Angel Ransomware Group,Not available,Non-state-group,https://twitter.com/MalGamy12/status/1706989619818954837,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/building-automation-giant-johnson-controls-hit-by-ransomware-attack/; https://twitter.com/MalGamy12/status/1706989619818954837; https://www.sec.gov/ix?doc=/Archives/edgar/data/833444/000083344423000036/jci-20230927.htm; https://securityaffairs.com/151636/cyber-crime/dark-angels-team-ransomware-group-hit-johnson-controls.html; https://www.darkreading.com/ics-ot/johnson-controls-international-hit-with-massive-ransomware-attack; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-29th-2023-dark-angels/; https://therecord.media/johnson-controls-cyberattack-DHS; https://www.darkreading.com/ics-ot/dhs-physical-security-concern-johnson-controls-cyberattack; https://therecord.media/manufacturing-giant-dealing-with-disruptive-cyberattack; https://www.channelnewsasia.com/business/johnson-controls-warns-earnings-report-delay-due-cyberattack-3918331; https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomwares-dark-web-extortion-sites-seized-by-police/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/; https://thehackernews.com/2024/01/there-is-ransomware-armageddon-coming.html; https://www.bleepingcomputer.com/news/security/johnson-controls-says-ransomware-attack-cost-27-million-data-stolen/; https://therecord.media/clorox-johnson-controls-report-losses-sec; https://new.qq.com/rain/a/20240201A06Y9X00; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-2nd-2024-no-honor-among-thieves/; https://www.bleepingcomputer.com/news/security/chipmaker-nexperia-confirms-breach-after-ransomware-gang-leaks-data/,2023-09-28,2024-02-05
2656,Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies ,"The Chinese cyber espionage group 'BlackTech' has been conducting operations against international subsidiaries of US and Japanese companies. The NSA, FBI, CISA, the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have released a joint statement warning of the campaign. According to the statement, BlackTech has obtained access to the internal systems of subsidiaries of US and Japanese firms in unnamed countries. BlackTech has been observed successfully exploiting this initial access to burrow into the networks of company headquarters. To expand and secure their foothold, BlackTech has been modifying the firmware of routers in company systems. The extent and timeframe of the reported activity has not been publicly detailed.",,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available - Not available,Japan; United States,ASIA; SCS; NEA - NATO; NORTHAM,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; Telecommunications; ;  - Government / ministries; Telecommunications; ; ,Blacktech,China,Unknown - not attributed,,1,13714; 13714; 13714; 13714; 13714; 13714; 13714; 13714; 13714; 13714,2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00; 2023-09-26 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,National Security Agency (NSA); National Security Agency (NSA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Japan National Policy Agency (NPA); Japan National Policy Agency (NPA); National Center of Incident Readiness and Strategy for Cybersecurity (NISC); National Center of Incident Readiness and Strategy for Cybersecurity (NISC),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; Japan; United States; Japan; United States; Japan; United States; Japan; United States; Japan,Blacktech; Blacktech; Blacktech; Blacktech; Blacktech; Blacktech; Blacktech; Blacktech; Blacktech; Blacktech,China; China; China; China; China; China; China; China; China; China,Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,https://www.ic3.gov/Media/News/2023/230927.pdf,Unknown,Unknown,,Unknown,,1,2023-09-27 00:00:00,State Actors: Preventive measures,Awareness raising,United States,National Security Agency (NSA),No,,Trusted Relationship,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,2.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/us-and-japan-warn-of-chinese-hackers-backdooring-cisco-routers/; https://www.govinfosecurity.com/chinese-hackers-target-routers-in-ip-theft-campaign-a-23179; https://therecord.media/us-japan-say-chinese-hackers-routers; http://www.defenseone.com/defense-systems/2023/09/us-japan-warn-china-backed-hackers-lurking-networking-gear/390713/; https://www.darkreading.com/threat-intelligence/china-apt-cracks-cisco-firmware-attacks-against-us-japan; https://securityaffairs.com/151587/apt/blacktech-backdoor-cisco-router-firmware.html; https://www.ic3.gov/Media/News/2023/230927.pdf; https://thehackernews.com/2023/09/chinas-blacktech-hacking-group.html; https://www.darkreading.com/vulnerabilities-threats/new-cisco-ios-zero-day-delivers-a-double-punch; https://securityaffairs.com/151647/hacking/cisco-cve-2023-20109-actively-exploited.html; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/china-blacktech-router-hack/; https://therecord.media/cisco-hackers-targeting-zero-day; https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/; https://www.nikkei.com/article/DGXZQOUF057KM0V00C24A2000000/,2023-09-28,2023-10-23
2655,Unknown actors conducted DDoS attack against website of Canada's House of Commons on 25 September 2023,"Unknown threat actors disrupted access to the website of the Canadian House of Commons, the country's lower house of parliament, on 25 September 2023, the French-language daily Le Soleil reported on 26 September 2023. The incident follows a visit to Canada by Ukraine's President Volodymyr Zelenskyy and an address to a joint session of parliament on 22 September.",2023-09-25,2023-09-25,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption,House of Commons (Canada),Canada,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,13577,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lesoleil.com/actualites/politique/2023/09/26/la-chambre-des-communes-visee-par-une-cyberattaque-EACBLH64WRDANJDWZOB6U2CPOM/; https://toronto.citynews.ca/2023/09/28/canada-cyberattack-parliament-military-india/,2023-09-27,2023-10-11
2654,'Rhysida' ransomware group attacked Kuwait Ministry of Finance on 18 September 2023,"The Kuwaiti Ministry of Finance faced a ransomware attack on 18 September 2023, for which the notorious ransomware gang Rhysida claimed responsibility and demanded a ransom. No major disruptions were reported as a result of the incident. The Kuwaiti Ministry of Finance assured that important data, including employees' salaries and financial transactions, remained secure. In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-09-18,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Kuwait Ministry of Finance,Kuwait,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,16230,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,,Unknown,Not available,,Not available,,1,2023-09-18 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Kuwait,Ministry of Finance (Kuwait),No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/151501/cyber-crime/rhysida-ransomware-kuwait-ministry-of-finance.html; https://twitter.com/MOFKW/status/1703725377099632827?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1703725377099632827%7Ctwgr%5E90160db434b340dcc23513cfe08da3f545223cc5%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F151501%2Fcyber-crime%2Frhysida-ransomware-kuwait-ministry-of-finance.html; https://therecord.media/kuwait-isolates-systems-after-ransomware-attack; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/; https://therecord.media/sony-investigating-ransomware-insomniac-games; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/; https://therecord.media/world-council-churches-lutheran-world-federation-cyberattacks; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax,2023-09-27,2024-01-15
2653,Chinese threat actor 'TAG-74' conducted cyber espionage campaigns targeting South Korean academic institutions,"The Chinese state-sponsored APT 'TAG-74' has been conducting a cyber espionage campaign against South Korean academic institutions spanning multiple years. This activity aligns with China's broader espionage efforts aimed at intellectual property theft and expanding its influence within higher education worldwide. Recorded Future, which documented the campaign, has not publicly disclosed to what extent the threat actor was successful in exfiltrating data from targeted organisations.
The TTPs of TAG-74 include the use of .chm files that trigger a DLL search order hijacking execution chain to load a customized version of the VBScript backdoor ReVBShell.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,"Korea, Republic of; Korea, Republic of; Korea, Republic of",ASIA; SCS; NEA - ASIA; SCS; NEA - ASIA; SCS; NEA,Unknown - State institutions / political system - Critical infrastructure; Education, - Government / ministries - Research; ,"TAG-74 (People's Liberation Army, Strategic Support Force)",China,"Non-state actor, state-affiliation suggested",,1,13578,2023-09-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,Recorded Future,United States,"TAG-74 (People's Liberation Army, Strategic Support Force)",China,"Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2023-0919.pdf,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/09/chinese-hackers-tag-74-targets-south.html; https://go.recordedfuture.com/hubfs/reports/cta-2023-0919.pdf,2023-09-27,2023-10-11
2652,North-Korean state-sponsored hacking group Lazarus compromised hot wallet of Chinese crypto exchange HTX Global and stole USD 7.9 million worth of cryptocurrency on 24 September 2023 ,"North-Korean state-sponsored hacking group Lazarus compromised a hot wallet of Chinese crypto exchange HTX Global and stole USD 7.9 million worth of cryptocurrency on 24 September 2023, the Cyvers Alerts platform disclosed on 25 September. 
Shortly after, HTX Global's corporate advisor Justin Sun announced that the company offered the hackers a five percent reward of the total amount stolen if the hacker returned the stolen money.
In March 2024 Blockchain cybersecurity firm Elliptic attributed the incident to the Lazarus-group and reported that more than $23 million from this attack was laundered by the group through mixer platform tornado cash.",2023-09-24,2023-09-24,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,HTX Global,China,ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18045,2024-03-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Elliptic,Elliptic,United Kingdom,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,7900000.0,dollar,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/CyversAlerts/status/1706301345223897506?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1706301345223897506%7Ctwgr%5E604098efcc9fb8fdeee1b48e3efcafaffeed1d41%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcointelegraph.com%2Fnews%2Fhuobi-global-crypto-exchange-hacked-report; https://twitter.com/justinsuntron/status/1706311251024822748; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://securityaffairs.com/160525/breaking-news/lazarus-apt-returned-tornado-cash.html; https://www.elliptic.co/blog/north-korean-hackers-return-to-tornado-cash-despite-sanctions; https://therecord.media/lazarus-group-north-korea-tornado-cash-money-laundering; https://securityaffairs.com/160586/breaking-news/security-affairs-newsletter-round-463-by-pierluigi-paganini-international-edition.html; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts,2023-09-27,2024-03-18
2651,Unknown hackers disrupted both phone and internet connections at Maries County Courthouse in September 2023,"Unknown hackers disrupted both phone and internet connections at the Maries County Courthouse in Missouri during several days at the end of September 2023, Maries County Emergency Management reported in a Facebook post on 26 September.
Initially, there were periodic disruptions to the phone service as well as internet connectivity until issues arose for the connections of admin phones, the 911 lines, radio communications and the MULES (Missouri Law Enforcement System) connectivity. MULES is a statewide computerized communications system.",2023-09-01,2023-09-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Maries County Courthouse,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Civil service / administration; Judiciary,Not available,Not available,Not available,,1,13594,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.facebook.com/Mariescountyemergencymanagement/posts/pfbid0EBb4yiW9CexPqJix6nDQn6yGqGeNzAx1znu5967587XUfumLjVU8pTdtj4xTRonsl; https://krcgtv.com/news/local/maries-county-courthouse-under-cyber-attack-for-past-few-days; https://therecord.media/kansas-supreme-court-hackers-stole-records-confidential-files,2023-09-27,2023-11-24
2647,Unknown actors disrupted access to website of Slovakian 'progressive slovakia' party with DDoS-attack on 23 September 2023,"Unknown actors disrupted the website of the Slovakian ""Progressive Slovakia"" party with a DDoS-attack on 23 September 2023. ",2023-09-23,2023-09-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,Progressive Slovakia,Slovakia,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Political parties,Not available,Not available,Not available,,1,13940,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.topky.sk/cl/10/2598725/Progresivne-Slovensko-tercom-hackerov--Prve-slova-Simecku--Utok-bol-masivny--prezradil-detaily-; https://www.facebook.com/miso.simecka/posts/845373733619597?ref=embed_post; https://vosveteit.zoznam.sk/aktualne-hackeri-zautocili-na-web-politickej-strany-ktora-bojuje-o-prvenstvo-v-parlamentnych-volbach/,2023-09-26,2023-10-27
2645,Hong Kong-based crypto business Mixin hit by $200 million theft,"Mixin Network, a Hong Kong-based cryptocurrency exchange, was the victim of a $200 million theft from unknown actors on 23 September 2023, making it the largest crypto theft of 2023 at the time of reporting and the 10th largest of all time, according to Reuters. The attack was leveraged through an unnamed cloud service provider for Mixin Network, which allowed the hackers to access the funds. As a result of the breach, Mixin temporarily suspended deposit and withdrawal services while it patched the vulnerabilities that led to the attack.",2023-09-23,2023-09-23,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Mixin - Not available,Hong Kong; Not available,ASIA - ,Critical infrastructure - Critical infrastructure,Finance - Telecommunications,Not available,Not available,Not available,,1,13942,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,8.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 100 Mio - 1 bn,200000000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.bleepingcomputer.com/news/security/mixin-network-suspends-operations-following-200-million-hack/; https://therecord.media/mixin-cryptocurrency-business-hack-hong-kong; https://www.coindesk.com/tech/2023/09/25/mixin-network-losses-nearly-200m-in-hack/; https://twitter.com/MixinKernel/status/1706139175018529139; https://www.reuters.com/technology/hong-kong-crypto-firm-hit-by-200-million-hack-2023-09-25/#:~:text=Mixin%20will%20announce%20a%20solution,to%20blockchain%20research%20firm%20Elliptic.; https://securityaffairs.com/151433/hacking/mixin-network-200m-cyber-heist.html; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023",2023-09-26,2023-10-27
2646,Unknown hackers disrupted access to electronic services of Finnish Transport and Communications Authority Traficom on 23 September 2023,"Unknown hackers disrupted access to the electronic services of the Finnish Transport and Communications Authority Traficom through a DDoS attack on 23 September 2023, Traficom reported via Twitter on the same day.",2023-09-23,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Finnish Transport and Communications Authority (Traficom),Finland,EUROPE; EU(MS); NORTHEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,13941,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,International telecommunication law; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/TraficomFinland/status/1705485647824245084; https://www.iltalehti.fi/kotimaa/a/c9a2056b-7e09-49a1-b96c-72e51da48d2d,2023-09-26,2023-10-27
2648,Unknown actors disrupted website of 'Thomas More-hogeschool' in Belgium with DDoS-attack,"Unknown actors disrupted the website of the 'Thomas More-Hogeschool'in Antwerp, Belgium, with a DDoS-attack.",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Thomas More Hogeschool,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,13939,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.vrt.be/vrtnws/nl/2023/09/21/thomas-more-hogeschool-slachtoffer-van-cyberaanval-maar-geen-ge/,2023-09-26,2023-10-27
2650,Suspected pro-Russia hacking group attacked Estonian railroad company Elron and its provider Ridango with DDoS attack on 20 September 2023,"A suspected pro-Russia hacking group attacked the Estonian railroad company Elron and its provider Ridango with a DDoS attack on 20 September 2023.
Blocking access to the ticketing systems, managed by Ridango, the disruption stopped payments from being processed throughout the morning challening ticket sales online and on trains.
",2023-09-20,2023-09-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Ridango - Elron,Estonia; Estonia,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Transportation,Not available,Russia,Non-state-group,Hacktivist(s),1,13937,2023-09-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Estonian Information System Authority (RIA),Not available,Estonia,Not available,Russia,Non-state-group,https://news.err.ee/1609108433/ria-on-elron-cyberattack-it-is-likely-that-it-will-happen-again,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://news.err.ee/1609108433/ria-on-elron-cyberattack-it-is-likely-that-it-will-happen-again,2023-09-26,2023-12-18
2649,Unknown actors attacked systems of French commune of Morlaix on 21 September 2023,Unknown actors attacked the systems of the French commune of Morlaix on 21 September 2023. Initial indications point to ransomware but are subject to further investigation.,2023-09-21,2023-09-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,"Commune of Morlaix, Brittany",France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,13938,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.facebook.com/villedemorlaix/posts/pfbid03831jScwFrNQoww1dmBbu5YRSKtbqR9mub3X2EHCvjoBVix2QwFndGYMqsLbRhx2ql; https://www.numerama.com/cyberguerre/1509246-la-ville-de-morlaix-finistere-touchee-par-une-cyberattaque-par-ransomware.html,2023-09-26,2023-10-27
2644,Hacker group 'GELSEMIUM' gained access to networks of unspecified Southeast Asian government and collected intelligence from Microsoft IIS servers beginning in the third quarter of 2022,"The hacker group 'GELSEMIUM' gained access to networks of an unspecified Southeast Asian government and collected intelligence from Microsoft IIS servers during the third and fourth quarters of 2022, Palo Alto Networks judged with moderate confidence.
Palo Alto's Unit 42, which had been investigating the activity since late 2022, had first suspected a single threat actor - 'Stately Taurus' aka 'Mustang Panda' - to be responsible for the compromises. Further investigation revealed that the infiltrations - which targeted different governmental entities in the same country, including critical infrastructure, public healthcare institutions, public financial administrators and ministries - were conducted by three separate threat actors: 'Alloy Taurus', GELSEMIUM, and 'Stately Taurus'. While techniques and tools differed among the three activity clusters, the different threat actors overlapped in their targeting of the same organisations and in some cases were present on the same machines at the same time.
Activity associated with the APT group GELSEMIUM, which has not been attributed to any particular state, focused primarily on reconnaissance and maintaining access.",2022-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Southeast Asia (region),,State institutions / political system,Government / ministries, Gelsemium,Not available,Unknown - not attributed,,1,13595,2023-09-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,United States, Gelsemium,Not available,Unknown - not attributed,https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://unit42.paloaltonetworks.com/analysis-of-three-attack-clusters-in-se-asia/; https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/; https://securityaffairs.com/151381/apt/gelsemium-apt-attack-southeast-asian-govt.html; https://thehackernews.com/2023/09/new-report-uncovers-three-distinct.html; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html,2023-09-25,2023-10-11
2643,Chinese state-sponsored hacking group 'Alloy Taurus' gained access to networks of unspecified Southeast Asian government beginning in January 2022,"The Chinese state-sponsored hacking group 'Alloy Taurus' (also known as 'GALLIUM') gained access to networks of an unspecified Southeast Asian government during January 2022 and spring 2023, Palo Alto Networks assessed with moderate confidence. 
Palo Alto's Unit 42, which had been investigating the activity since late 2022, had first suspected a single threat actor - 'Stately Taurus' aka 'Mustang Panda' - to be responsible for the compromises. Further investigation revealed that the infiltrations - which targeted different governmental entities in the same country, including critical infrastructure, public healthcare institutions, public financial administrators and ministries - were conducted by three separate threat actors: Alloy Taurus, 'GELSEMIUM', and Stately Taurus. While techniques and tools differed among the three activity clusters, the different threat actors overlapped in their targeting of the same organisations and in some cases were present on the same machines at the same time. Activities associated with Alloy Taurus focused on developing long-term persistence and obtaining credentials. The group was observed deploying two previously unknown backdoors, Zapoa and ReShell, in conjunction with known tools, including GhostCringe RAT, Quasar RAT and Cobalt Strike.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Southeast Asia (region),,State institutions / political system,Government / ministries,UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE,China,"Non-state actor, state-affiliation suggested",,1,13598,2023-09-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,United States,UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE,China,"Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,,0.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://unit42.paloaltonetworks.com/analysis-of-three-attack-clusters-in-se-asia/; https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/; https://thehackernews.com/2023/09/new-report-uncovers-three-distinct.html,2023-09-25,2023-10-11
2642,Chinese state-sponsored hacking group 'Stately Taurus' gained access to networks of unspecified Southeast Asian government and stole sensitive documents beginning in second quarter of 2021,"The Chinese state-sponsored hacking group 'Stately Taurus' (also known as 'Mustang Panda') gained access to networks of an unspecified Southeast Asian government and stole sensitive documents. The group was present in the networks tracing back to at least the second quarter of 2021 and remaind active into the third quarter of 2023, Palo Alto Networks concluded with moderate to high confidence. 
Palo Alto's Unit 42, which had been investigating the activity since late 2022, had first suspected a single threat actor - Mustang Panda - to be responsible for the compromises. Further investigation revealed that the infiltrations - which targeted different governmental entities in the same country, including critical infrastructure, public healthcare institutions, public financial administrators and ministries - were conducted by three separate threat actors: 'GALLIUM', 'GELSEMIUM', and Mustang panda. While techniques and tools differed among the three activity clusters, the different threat actors overlapped in their targeting of the same organisations and in some cases were present on the same machines at the same time.
Activities associated with Mustang Panda focused on intelligence gathering, exfiltration of sensitive data and maintaining persistence. The attackers used multiple backdoors, including an undocumented variant of the ToneShell backdoor and the ShadowPad backdoor, which is used exclusively by Chinese APT groups.",2021-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Southeast Asia (region),,State institutions / political system,Government / ministries,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13599,2023-09-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,United States,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/; https://unit42.paloaltonetworks.com/analysis-of-three-attack-clusters-in-se-asia/; https://thehackernews.com/2023/09/new-report-uncovers-three-distinct.html,2023-09-25,2023-10-11
2641,Unattributed actors disrupted Bermudian government IT systems beginning 20 September 2023,"Unattributed actors disrupted government IT systems of the British Overseas Territory Bermuda beginning 20 September 2023, Bermuda's Home Affairs Minister Walter Roban confirmed in a press conference. Government email and the main switchboard remained non-functioning on 25 September. Government agencies, like the Health Insurance Department, were unable to accept online or process new registrations.
In a press conference on 21 September, Bermuda Premier Edward David Burt declared that the incident also affected another Caribbean country. According to Burt, initial findings indicated the attack originated from Russia.",2023-09-20,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Not available,Bermuda,NORTHAM,State institutions / political system,Government / ministries,Not available,Russia,Not available,,1,13627,2023-09-21 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,David Burt (Premier of Bermuda),Not available,Bermuda,Not available,Russia,Not available,,Unknown,Unknown,,Unknown,,3,2023-09-21 00:00:00; 2023-09-22 00:00:00; 2023-09-28 00:00:00,State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official); Statement by other ministers (or spokespersons)/members of parliament; Statement by head of state/head of government (or executive official),Bermuda; Bermuda; Bermuda,David Burt (Premier of Bermuda); Walter Roban (Deputy Premier and Minister of Home Affairs); David Burt (Premier of Bermuda),No,,Not available,Not available,Not available,False,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/bermuda-government-cyberattack-premier-attributes-russia; https://www.bleepingcomputer.com/news/security/government-of-bermuda-links-cyberattack-to-russian-hackers/; https://securityaffairs.com/151273/hacking/government-of-bermuda-cyberattack.html; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://www.youtube.com/watch?v=rPU9Nzj6tf4&t=1175s; https://twitter.com/BdaGovernment/status/1705058705568358892; https://twitter.com/explore?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1704842911215399232%7Ctwgr%5E0441d6716affe4e8f0b1a9def9632bc111c9e80c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F151273%2Fhacking%2Fgovernment-of-bermuda-cyberattack.html; https://twitter.com/BdaGovernment/status/1706044548928131336/photo/1; https://twitter.com/BdaGovernment/status/1705971663202873537/photo/1; https://therecord.media/kuwait-isolates-systems-after-ransomware-attack; https://therecord.media/trinidad-and-tobago-government-agency-hit-with-post-christmas-cyberattack; https://radiojamaicanewsonline.com/regional/bermuda-government-planning-new-legislation-to-fight-cyber-attacks; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax,2023-09-25,2024-04-02
2639,Ransomware group 'Monti' targeted Auckland University of Technology in 2023,"The Auckland University of Technology announced a breach of its computer systems by an unknown third party. The university serving 29,000 students reported the incident to the National Cyber Security Centre and the Office of the Privacy Commissionerand and initiated an investigation. The university's online services for students and staff remained operational. The ransomware gang 'Monti' claimed responsibility for the attack and declared it had stolen more than 60GB of data. ",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Auckland University of Technology ,New Zealand,OC,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Monti ransomware group,Not available,Non-state-group,Criminal(s),1,13628,2023-09-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Monti Ransomware Group,Not available,Not available,Monti ransomware group,Not available,Non-state-group,https://therecord.media/auckland-university-operating-cyberattack,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/auckland-university-operating-cyberattack; https://research.checkpoint.com/2023/25th-september-threat-intelligence-report/,2023-09-25,2023-10-12
2638,Emirati state-sponsored hacking group 'Stealth Falcon' compromised unspecified government entity in the Middle East using Deadglyph backdoor,"The Emirati state-sponsored hacking group 'Stealth Falcon' compromised an unspecified government entity in the Middle East as part of an espionage operation using the Deadglyph backdoor and stole an Outlook data file, the Slovakian IT security firm ESET detailed in a technical report published on 22 September 2023. Reuters reporting in 2019 revealed that the group also known as 'Project Raven' had employed former NSA operatives in the past.
",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Middle East (region),,State institutions / political system,Government / ministries,Stealth Falcon/Fruity Armor,United Arab Emirates,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13629,2023-09-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,Stealth Falcon/Fruity Armor,United Arab Emirates,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-skies-deadglyph/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/151298/malware/deadglyph-backdoor-middle-east.html; https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-skies-deadglyph/; https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://www.govinfosecurity.com/deadglyph-backdoor-targeting-middle-eastern-government-a-23161; https://www.darkreading.com/dr-global/stealth-falcon-apt-microsoft-homoglyph-attack; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html,2023-09-25,2023-10-12
2634,Unknown actors disrupted IT systems of Furtwangen University in Germany during 17-18 September 2023,"Unknown actors disrupted the IT systems of Furtwangen University in Germany during the night of 17 to 18 September 2023, the university announced on 20 September.
The incident affected email communication and dsirupted acces to platforms requiring the university login, including the central learning platform FELIX and the libraries.",2023-09-17,2023-09-18,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; State institutions / political system; Critical infrastructure; Education; Education,Civil service / administration; Research; Civil service / administration; Research; ; ,Not available,Not available,Not available; Not available,,1,13636,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.schwarzwaelder-bote.de/inhalt.cyberangriff-hochschule-furtwangen-hacker-legen-it-systeme-der-hfu-lahm.8da71f9e-27fb-4da6-92b3-1bac9a5103bf.html; https://www.facebook.com/HochschuleFurtwangen/posts/pfbid0NybbVzv9VKBJjDAxv9mjmkf1GJHfSswo3qhzaHat2KieF1bUZrLyYgb2xfktMZMHl?__cft__[0]=AZVSpPuQne0ThCY_an6zeCKWtcoczBpNTsuXMbbvt3soEcrDTVFFFESRXbxvl2RZ4nrEnglWE1AR578yiUc34WeBQKthHeLU0WOyzPdVRpADcOl3otEq7YbynAx22BzvUZ4q7Tl58U9HuuOSLklefDg-L9ZGKHBiJctEQIhFwpr5n4puOhRvzF0iwQIScMSs0Ks&__tn__=%2CO%2CP-R,2023-09-22,2023-10-12
2635,"Air Canada experienced data breach, disclosed on 20 September 2023","The Canadian airline Air Canada experienced a data breach, the company shared on 20 September 2023. Unnamed attackers gained access to personal information of employees and other not specified records. Air Canada did not disclose, when the attack took place. No group claimed has claimed responsibility in the immediate aftermath of the incident,.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Air Canada,Canada,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Transportation; Transportation,BianLian Ransomware Group,Not available,Non-state-group,Criminal(s),1,13635,NaT,Not available,Not available,Not available,Not available,Not available,BianLian Ransomware Group,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/air-canada-limited-employee-info-accessed; https://mraircanada.mediaroom.com/Air-Canada-Cyber-Statement; https://securityaffairs.com/151202/data-breach/air-canada-data-breach-2.html; https://www.bleepingcomputer.com/news/security/air-canada-discloses-data-breach-of-employee-and-certain-records/; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/25th-september-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/bianlian-extortion-group-claims-recent-air-canada-breach/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-13th-2023-increasing-attacks/; https://www.bleepingcomputer.com/news/security/toronto-public-library-services-down-following-weekend-cyberattack/; https://therecord.media/queretaro-international-airport-mexico-cyberattack; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/american-airlines-pilot-union-cyberattack,2023-09-22,2023-11-13
2636,"'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023","The APT group 'Sandman' carried out a campaign against telecommunication providers in Europe, South Asia and the Middle East in August 2023. The cybersecurity companies SentinelOne and QGroup have monitored the previously undocumented activity under the Sandman label. The outfit may be operated by a private contractor or mercenary group, as no ties to nation states have been observed. The targeting pattern of telecommunication providers suggest espionage collection priorities. In the reported campaign, Sandman used a sophisticated malware called LuaDream. Indications of malware development trace back back to 2022. Several intrusions into the systems of the telecommunication providers have been detected and successfully stopped.
In a joint report with PwC and Microsoft Threat Intelligence, SentinelOne disclosed on 11 December 2023, that they can link the Sandman APT to ""China-based threat clusters known to use the KEYPLUG backdoor, in particular a cluster jointly presented by PwC and Microsoft at Labscon 2023 – STORM-0866/Red Dev 40"".",2023-08-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,South Asia (region); Middle East (region); Western Europe, -  - ,Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications,Sandman/STORM-0866/Red Dev 40,China,Unknown - not attributed,,2,15243; 15243; 15243; 15243; 15243; 15243; 15242; 15242; 15242; 15242; 15242; 15242; 15242; 15242,2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-12-11 00:00:00; 2023-09-21 00:00:00; 2023-09-21 00:00:00; 2023-09-21 00:00:00; 2023-09-21 00:00:00; 2023-09-21 00:00:00; 2023-09-21 00:00:00; 2023-09-21 00:00:00; 2023-09-21 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,SentinelOne; SentinelOne; Microsoft; Microsoft; PwC; PwC; SentinelOne; SentinelOne; SentinelOne; SentinelOne; QGroup; QGroup; QGroup; QGroup,; ; ; ; ; ; SentinelOne Labs; QGroup; SentinelOne Labs; QGroup; SentinelOne Labs; QGroup; SentinelOne Labs; QGroup,United States; Germany; United States; Germany; United States; Germany; United States; United States; Germany; Germany; United States; United States; Germany; Germany,Sandman/STORM-0866/Red Dev 40; Sandman/STORM-0866/Red Dev 40; Sandman/STORM-0866/Red Dev 40; Sandman/STORM-0866/Red Dev 40; Sandman/STORM-0866/Red Dev 40; Sandman/STORM-0866/Red Dev 40; Sandman; Sandman; Sandman; Sandman; Sandman; Sandman; Sandman; Sandman,China; China; China; China; China; China; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/; https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,3.0,,0.0,euro,None/Negligent,International telecommunication law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/09/mysterious-sandman-threat-actor-targets.html; https://www.bleepingcomputer.com/news/security/sandman-hackers-backdoor-telcos-with-new-luadream-malware/; https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/; https://securityaffairs.com/151191/apt/sandman-apt-targets-telco.html; https://www.darkreading.com/attacks-breaches/mysterious-sandman-apt-targets-telecom-sector-with-novel-backdoor; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/,2023-09-22,2023-12-13
2633,Unknown actors gained access to systems of Canadian cryptocurrency brokerage Netcoins on 17 September 2023,"Unknown actors gained access to the systems of the Canadian cryptocurrency brokerage Netcoins, owned by BIGG Digital Assets Inc., on 17 September 2023. The intruders were able to initiate withdrawals from Netcoins' operational float in the amount of €238,400. No customer funds or crypto assets were affected.",2023-09-17,2023-09-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Netcoins,Canada,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,13637,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,250000.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.globenewswire.com/news-release/2023/09/19/2745264/0/en/BIGG-Digital-Assets-Inc-News-Release.html,2023-09-21,2024-01-23
2632,Pro-Russia hacking group 'NoName057(16)' suspected of targeting Canada Border Services Agency (CBSA) with DDoS attack on 17 September 2023,"The Canada Border Services Agency (CBSA) experienced a DDoS attack on 17 September 2023, disrupting the connectivity of check-in kiosks and electronic gates at airports nationwide. 
The pro-Russia hacking group 'NoName057(16)' claimed responsibility for targeting the CBSA. The agency did not report details on the suspected origin of the disruption or how a DDoS attack was able to interfere with the kiosks and gates, which are connected through isolated networks, ",2023-09-17,2023-09-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Montréal-Pierre Elliott Trudeau International Airport (YUL) - Canada Border Services Agency (CBSA) - Not available,Canada; Canada; Canada,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - State institutions / political system - Critical infrastructure,Transportation - Civil service / administration - Transportation,NoName057(16),Not available,Non-state-group,Hacktivist(s),1,13943,2023-09-17 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Not available,NoName057(16),Not available,Non-state-group,https://check-host.net/check-report/11c20795k804,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,1,2023-09-20 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Canada Border Service Agency (CBSA),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/canada-border-checkpoint-outages-ddos-attack-russia; https://www.lapresse.ca/actualites/national/2023-09-19/agence-des-services-frontaliers/la-panne-dans-les-aeroports-provenait-bien-d-une-attaque-informatique.php; https://check-host.net/check-report/11c20795k804; https://securityaffairs.com/151149/hacking/noname-ddos-attack-canadian-airports.html; https://www.heise.de/news/Nach-DDoS-Attacke-Grenzterminals-an-kanadischen-Flughaefen-ausgefallen-9312866.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/air-canada-limited-employee-info-accessed; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://www.darkreading.com/threat-intelligence/russian-hacktivism-takes-toll-organizations-ukraine-eu-us; https://www.infobae.com/america/agencias/2024/01/17/suiza-sufre-un-ciberataque-ruso-durante-la-participacion-de-zelenski-en-el-foro-de-davos/; https://www.infobae.com/america/agencias/2024/01/17/suiza-sufre-un-ciberataque-ruso-durante-la-participacion-de-zelenski-en-el-foro-de-davos/,2023-09-21,2023-11-06
2631,Ransomware group 'ALPHV/BlackCat' gained access to confined part of the computer system of the Australian commercial law firm HWL Ebsworth and stole information of 65 government entities in April 2023,"The 'ALPHV/BlackCat' ransomware group gained access to a confined part of the computer system of the Australian commercial law firm HWL Ebsworth and stole information of 65 government entities in April 2023, the hacker group claimed in a post on its leak site on 28 April 2023.
In June, the law firm confirmed the cyber incident and said the compromised information included driver's licenses, passports and birth certificate details. ALPHV/BlackCat  leaked some of the stolen information on 9 June 2023.
On 15 June, the Office of the Australian Information Commissioner (OAIC) reported that HWL Ebsworth told them that documents relating to a limited number of OAIC files were also affected. Then on 18 September 2023, the National Cyber Security Coordinator, Darren Goldie, confirmed in a statement that 65 government entities and a large number of private clients were affected by this cyber incident. Among the government entities affected were the Australian Federal Police and the Department of Home Affairs. ",2023-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing; Hijacking with Misuse; Ransomware,Department of Home Affairs (Australia) - Office of the Australian Information Commissioner (OAIC) - HWL Ebsworth - Australian Federal Police (AFP) - Not available - Not available,Australia; Australia; Australia; Australia; Australia; Not available,OC - OC - OC - OC - OC - ,State institutions / political system - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - Not available,Government / ministries - Civil service / administration -  - Police - Government / ministries - ,BlackCat/ALPHV,Russia,Non-state-group,Criminal(s),1,13979,2023-04-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat/ALPHV,Not available,Russia,BlackCat/ALPHV,Russia,Non-state-group,https://www.theguardian.com/technology/2023/may/02/australian-law-firm-hwl-ebsworth-hit-by-russian-linked-ransomware-attack,Unknown,Not available,,Not available,,1,2023-09-18 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Australia,Darren Goldie (National Cyber Security Coordinator; Australia),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-05-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Australia,Australian Federal Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govinfosecurity.com/australian-law-firm-hack-affected-65-government-agencies-a-23110; https://www.theguardian.com/australia-news/2023/sep/18/hwl-ebsworth-hack-65-australian-government-agencies-affected-by-cyber-attack; https://www.oaic.gov.au/newsroom/statement-on-hwl-ebsworth-data-breach; https://www.homeaffairs.gov.au/news-media/archive/article?itemId=1122#; https://hwlebsworth.com.au/cyber-incident/; https://www.theguardian.com/technology/2023/may/02/australian-law-firm-hwl-ebsworth-hit-by-russian-linked-ransomware-attack; https://www.theguardian.com/technology/2023/oct/19/some-people-whose-personal-data-stolen-in-hwl-ebsworth-hack-not-told-for-six-months; https://www.techrepublic.com/article/data-recovery-data-breaches-rubrik/; https://thewest.com.au/politics/labor/labor-hit-by-major-government-data-breach-millions-of-files-stolen-from-key-departments-c-13219900; https://www.larazon.es/emergente/10-ciberataques-rusos-mas-potentes-ultimos-tiempos_2024021765cb12e94129260001b2e1c4.html; https://www.bleepingcomputer.com/news/security/eagers-automotive-halts-trading-in-response-to-cyberattack/,2023-09-20,2024-03-25
2630,Unknown actors disrupted online portal of Germany's capital Berlin through DDoS attack on 19 September 2023,"Unknown actors disrupted access to the online portal of Germany's capital, 'berlin.de', with a DDoS attack on 19 September 2023.",2023-09-19,2023-09-19,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,berlin.de,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,13980,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.berlin.de/rbmskzl/aktuelles/pressemitteilungen/2023/pressemitteilung.1367431.php,2023-09-20,2023-10-30
2628,Unknown actors gained access to IT services of the city of Pittsburg on 16 September 2023,"Unknown actors gained access to the IT services of Pittsburg, a city of 20,000 in the US state of Kansas, on 16 September 2023. The incident resulted in a temporary IT outage impacting city emails, phones, and online payments. ",2023-09-16,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,"City of Pittsburg, KS (US)",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,13982,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/pittsburg-kansas-government-cyberattack; https://www.pittks.org/news/city-of-pittsburg-experiences-cybersecurity-incident/; https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline,2023-09-20,2023-10-30
2629,China-linked hacker group 'UNC53' gained access to systems of 29 organizations worldwide since the beginning of 2022,"The China-linked hacker group 'UNC53' gained access to the systems of 29 organizations worldwide since the beginning of 2022. The group sought to infiltrate targets through infected thumb drive containing the malware Sogu and PlugX. In many cases affecting multinational organisations, infections appeared to have originated in systems and networks hosted in Africa. Mandiant researchers who detected the activity did not yet conclusively assess whether this was a reflection of the group's targeting pattern or whether this regional prevalence was linked to the malware's indiscriminate proliferation. The malware was also detected on air-gapped systems. ",2022-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Kenya; Asia (region); Egypt; Zimbabwe; Europe (region); Madagascar; Tanzania; United States; Ghana,AFRICA; SSA -  - MENA; MEA; AFRICA; NAF - AFRICA; SSA -  - AFRICA; SSA - AFRICA; SSA - NATO; NORTHAM - AFRICA; SSA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance - Government / ministries; Health; ; Finance,UNC53,China,Unknown - not attributed,,1,13981,2023-09-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Mandiant,Mandiant,United States,UNC53,China,Unknown - not attributed,https://www.wired.com/story/china-usb-sogu-malware/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,29.0,1-10,9.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.wired.com/story/china-usb-sogu-malware/; https://www.wired.com/story/kia-hyundai-car-thefts-us-security-roundup/,2023-09-20,2023-10-30
2626,Chinese-speaking threat actor gained access to websites of e-commerce sites and point-of-sale providers in Asia and North and Latin America since October 2022,A Chinese-speaking threat actor has gained access to the websites of e-commerce sites and point-of-sale providers in Asia as well as North and Latin America since October 2022. Blackberry tracks the campaign of the financially motivated actor as 'Silent Skimmer'.,2022-10-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Asia (region); Central America (region); Asia (region); Central America (region); United States; South America; South America; Canada; Canada; United States, -  -  -  - NATO; NORTHAM -  -  - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Critical Manufacturing -  -  - Critical Manufacturing - Critical Manufacturing - Critical Manufacturing -  - Critical Manufacturing -  - ,Not available,Asia (region),Not available,,1,13983,2023-09-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,BlackBerry Research and Intelligence Team,BlackBerry Research and Intelligence Team,United States,Not available,Asia (region),Not available,https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/attacks-breaches/payment-card-skimming-campaign-now-targeting-websites-in-north-america; https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala,2023-09-19,2023-10-30
2622,Unknown actors compromised sensitive information of crypo exchange Remitano and initiated unauthorised transfers of cryptocurrencies worth $2.7 million on 14 September 2023,"Unknown actors compromised sensitive information of crypo exchange Remitano and initiated unauthorised transfers of cryptocurrencies worth $2.7 million on 14 September 2023, Cyvers Alerts disclosed on the same day. Remitano confirmed the reports on the following day. 
",2023-09-14,2023-09-14,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,Remitano,Seychelles,AFRICA; SSA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14018,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,2700000.0,dollar,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/PeckShieldAlert/status/1702507801669775712/photo/1; https://remitano.com/forum/ng/134684-latest-updates-on-recent-security-incident-on-remitano; https://twitter.com/CyversAlerts/status/1702348063145165016,2023-09-18,2023-11-13
2624,Financially-motivated hacking group 'UNC3944' stole data and deployed ransomware against a variety of targets in mid-2023,"The financially-motivated hacking group 'UNC3944' stole data and deployed ransomware against a variety of targets in mid-2023, the US IT security firm Mandiant reported on 14 September 2023.
Targets included telecommunications companies and business process outsourcers (BPOs), in addition to hospitality, retail, media, entertainment and financial service organisations.
In an unspecified cyber incident, the hacker group downloaded malicious files from a victim environment in Amazon Web Service (AWS) S3 and executed an ALPHV ransomware payload.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse; Ransomware,Not available - Not available - Not available,Not available; Not available; Not available, -  - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Media - Critical infrastructure; Critical infrastructure, -  - Telecommunications; Finance,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,Criminal(s),1,13985,2023-09-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,Mandiant,United States,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware; https://therecord.media/scattered-spider-ransomware-attacks-hospitality-retail,2023-09-18,2023-10-30
2623,Financially-motivated hacking group 'UNC3944' stole data from unspecified telecoms companies and business process outsourcers (BPOs) beginning in 2022,"The financially-motivated hacking group 'UNC3944' stole data from unspecified telecoms companies and business process outsourcers (BPOs) from 2022 to early 2023, the US-based IT security firm Mandiant reported on 14 September 2023.
The threat actor accessed credentials and systems to conduct SIM swapping.
 ",2022-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Not available; Not available, - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Telecommunications,Not available,Not available,Non-state-group,Criminal(s),1,14017,2023-09-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,Mandiant,United States,Not available,Not available,Non-state-group,https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware; https://therecord.media/scattered-spider-ransomware-attacks-hospitality-retail,2023-09-18,2023-11-02
2625,Unknown hackers gained access to internal systems of US software developer Retool and accounts of 27 cloud customers from the crypto industry on 27 August 2023,"Unknown hackers gained access to the internal systems of US software developer Retool and to accounts of 27 cloud customers from the crypto industry on 27 August 2023, Retool announced on 13 September 2023. Follow-on compromises at least in one case resulted in the theft of $15 million from cryptocurrency custodian Fortress Trust.
The hackers managed to gain access to an Okta account of a Retool employee via SMS spearphishing impersonating Retool's IT team, tricking the employee to log into a fake website hosting a multi-authentication (MFA) form. The hackers deepfaked the voice of an actual member of Retool's IT team to call the targeted employee and get them to share an MFA code, which allowed the hacker group to connect a device they controlled to the compromised employee's Okta account.
According to Retool, the incident developed a broader scope because of a feature in Google Authenticator that allows the syncing of all MFA codes to the cloud. In this way, the hacker group gained access to MFA codes. Through these intercepted MFA codes, the group gained access to Retool's internal system, virtual private network and administrator system. ",2023-08-27,2023-08-27,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Retool - Not available,United States; Not available,NATO; NORTHAM - ,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Telecommunications - ,Not available,Not available,Not available,,1,13984,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing; Trusted Relationship; Valid Accounts,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,15000000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/; https://www.hackread.com/google-account-sync-vulnerability-steal-crypto/; https://retool.com/blog/mfa-isnt-mfa/; https://securityaffairs.com/150981/hacking/retool-smishing-attack.html; https://www.coindesk.com/business/2023/09/13/phishing-attack-on-cloud-provider-with-fortune-500-clients-led-to-15m-crypto-theft-from-fortress-trust/; https://twitter.com/Fortress_io/status/1699793873395191813; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://research.checkpoint.com/2023/25th-september-threat-intelligence-report/,2023-09-18,2023-11-30
2621,"Threat actor identifiying as USDoD gained access to account of Turkish Airline employee to steal personal information on 3,200 sensitive Airbus vendors in August 2023","A threat actor operating under the alias 'USDoD' gained access to the account of a Turkish Airline employee to steal personal information on 3,200 sensitive Airbus vendors in August 2023, Israeli IT security firm Hudson Rock reported on 12 September 2023. On the same day, USDoD announced their affiliation with the cybercrime group 'Ransomed'.
According to the report, the Turkish Airline employee's computer was infected with the RedLine Infostealer malware when the employee likely attempted to download a pirated version of the Microsoft .NET framework. The hacker exploited the resulting access to the Turkish Airlines employee's account to steal personal information from 3,200 Airbus vendors. This includes names, addresses, phone numbers and email addresses. In September 2023, USDoD then leaked the stolen information on BreachForums. Airbus' Computer Emergency Response Team (CERT) confirmed Hudson Rock's findings.",2023-08-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Not available - Airbus,Turkey; Netherlands,ASIA; NATO; MEA - EUROPE; NATO; EU(MS); WESTEU,Unknown - Critical infrastructure, - Transportation,USDoD,Not available,Unknown - not attributed,,1,14019,2023-09-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,USDoD,Not available,Not available,USDoD,Not available,Unknown - not attributed,https://www.hudsonrock.com/blog/an-avoidable-breach-fbi-hacker-leaks-sensitive-airbus-data,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,2.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/150794/data-breach/airbus-investigates-data-leak.html; https://www.hudsonrock.com/blog/an-avoidable-breach-fbi-hacker-leaks-sensitive-airbus-data; https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/; https://research.checkpoint.com/2023/18th-september-threat-intelligence-report/; https://therecord.media/queretaro-international-airport-mexico-cyberattack; https://therecord.media/american-airlines-pilot-union-cyberattack,2023-09-15,2023-12-07
2620,"Cybercrime group RansomHouse suspected of targeting telecommunications provider IFX Networks, causing paralysis of over 30 government websites in Colombia and numerous other Latin American countries on 12 September 2023","On 12 September 2023, Colombia experienced a large-scale cyber attack that led to widespread outages of more than 30 government websites. The primary target of the attack was IFX Networks, the main telecommunications service provider for the Colombian government, which provides data storage services to several institutions. 
A total of 34 Colombian government entities were affected by the cyberattack, including vital ministries such as the Ministry of Health and the Ministry of Justice. As a result, two million court proceedings were suspended. The cyber criminals responsible for this attack allegedly demanded a ransom after seizing sensitive data from the Ministry of Health and the Ministry of Justice.
In a prompt response to the crisis, the Colombian government set up a unified cyber security command post called PMU Ciber on the same day.
This cyberattack had likely affected a total of 762 companies across Latin America, as IFX Networks provides data services in 17 countries in the region. The impact also reportedly extended to Argentina, Panama and Chile.
Saúl Kattan, a digital advisor to the Colombian government, described the incident as the most significant cyberattack on Colombian infrastructure in recent years. The affected entities have accordingly drawn their own consequences: one of the most affected, the Superior Council of the Judiciary, reported that it suspended judicial terms throughout the national territory from 14 to 20 September 2023.
",2023-09-12,2023-09-25,"Attack on (inter alia) political target(s), politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,Public Procurement Portal (Chile) - IFX Networks - Superior Council of the Judiciary (Colombia)  - Ministry of Health (Colombia)  - National Superintendence of Health (Colombia) - Superintendence of Industry and Commerce (Colombia)  - Ministry of Justice (Colombia),Chile; United States; Colombia; Colombia; Colombia; Colombia; Colombia,SOUTHAM - NATO; NORTHAM - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM,State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system; State institutions / political system,Civil service / administration - Telecommunications - Judiciary - Government / ministries; Government / ministries - Civil service / administration - Civil service / administration - Government / ministries; Government / ministries,RansomHouse,Not available,Non-state-group,Criminal(s),1,14020,2023-09-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"Saul Kattan (High Presidential Adviser for Digital Transformation, Colombia)",Not available,Colombia,RansomHouse,Not available,Non-state-group,https://www.colcert.gov.co/800/articles-280675_Documento_1.pdf,Unknown,Not available,,Not available,,1,2023-09-13 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Colombia,Government of Colombia,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,4.0,,0.0,euro,None/Negligent,Human rights; International peace; Sovereignty; International peace,Civic / political rights; Prohibition of intervention; ; Use of force,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://elpais.com/america-colombia/2023-09-14/hackeo-masivo-en-colombia-la-informacion-de-millones-de-personas-esta-en-manos-de-delincuentes-en-este-momento.html; https://www.brusselstimes.com/693227/massive-cyber-attack-cripples-colombian-government-sites; https://www.trendtic.cl/2023/09/aumenta-preocupacion-tanto-en-chile-como-en-colombia-por-ciberataque-a-ifx-networks/; https://x.com/Lukziano/status/1702395427851571437?s=20; https://elpais.com/https:/elpais.com/america-colombia/2023-09-14/hackeo-masivo-en-colombia-la-informacion-de-millones-de-personas-esta-en-manos-de-delincuentes-en-este-momento.html; https://therecord.media/colombia-government-ministries-cyberattack; https://elpais.com/https:/elpais.com/america-colombia/2023-09-21/los-hackeos-en-colombia-no-van-a-parar-y-hay-que-prepararse-para-lo-peor.html; https://therecord.media/kuwait-isolates-systems-after-ransomware-attack; https://www.colcert.gov.co/800/articles-280675_Documento_1.pdf; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax; https://www.tecnogus.com.co/expertos-senalan-que-las-infraestructuras-criticas-tambien-pueden-ser-objetivo-de-ciberataques/,2023-09-15,2024-04-23
2619,Iranian state-sponsored hacking group Peach Sandstorm aka HOLMIUM gained access to various organisations globally beginning in February 2023,"The Iranian state-sponsored hacking group Peach Sandstorm aka HOLMIUM gained access to various organisations globally beginning in February 2023, Microsoft reported on14 September 2023.
The hacking group allegedly targeted thousands of organisations around the world, primarily in the satellite and defence sectors, but less so in the pharmaceutical sector, with password spraying. In certain cases they succeeded and in a few cases the hackers also exfiltrated unspecified data. This cyber incident is likely meant to gather intelligence in support of Iranian state interests.
The threat actor pursued two attack vectors. In the first, they tried to get into accounts via password spraying during the period of February to July 2023, then they conducted internal reconaissance on compromised machines with AzureHound or Roadtools and used multiple mechanisms to secure their foothold. For the second path, the hacker group used vulnerabilities in internet-facing applications, such as CVE-2022-47966 or CVE-2022-26134 to gain access into computer systems.",2023-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Global (region),,Critical infrastructure; Critical infrastructure; Critical infrastructure,Health; Defence industry; Space,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,14034,2023-09-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft,United States,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Valid Accounts,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/iranian-hackers-target-satellite-defense-orgs; https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/; https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-defense-orgs-in-password-spray-attacks/; https://cyberscoop.com/iran-peach-sandstorm-apt33/; https://securityaffairs.com/150868/intelligence/iranian-peach-sandstorm-password-spray.html; https://www.darkreading.com/application-security/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs; https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html; https://www.govinfosecurity.com/iranian-hackers-gain-sophistication-microsoft-warns-a-23097; https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/; https://securityaffairs.com/156366/apt/apt33-falsefont-targets-defense-sector.html; https://thehackernews.com/2023/12/microsoft-warns-of-new-falsefont.html; https://www.hackread.com/iran-peach-sandstorm-falsefont-backdoor-defense/,2023-09-15,2024-03-22
2618,Unknown government infected mobile phone of Russian journalist Galina Timchenko with Pegasus spyware on 10 February 2023,"An unknown government infected the mobile phone of Russian journalist Galina Timchenko on 10 February 2023 with the Pegasus spyware, the non-profit organisation Access Now and the University of Toronto's Citizen Lab reported on 13 September 2023.
According to the report, Russian journalist Galina Timchenko received a notification from Apple on 22 June 2023, alerting her that state-sponsored hackers may have been targeting her iPHone. When she contacted Access Now, they, in cooperation with Citizen Lab, found out that her mobile phone had been infected on 10 February 2023 and that this probably lasted for several days or weeks. At the time, she was in Berlin at a private Redkollegia meeting with other Russian journalists in exile to discuss the legal risks of the ""undesirable"" and ""foreign agent"" designations. The infection took place not only after the Russian government declared the independent news website Meduza, run by Timchenko, undesirable two weeks earlier, but also amid discussion by European politicians to monitor Russian exiles.
The report by Access Now and Citizen Lab assumes with a high degree of probability that the attacker must be a government, as the Pegasus spy software is only sold to governments but have not conclusively identified the government responsible. The technical report discussed several possibilities, noting that there's currently no publicly evidence of the Russian government using Pegasus.",2023-02-10,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,"Galina Timchenko (Executive Editor and Owner of Meduza, Russia)",Latvia,EUROPE; NATO; EU(MS); NORTHEU,Media,,Unknown,Not available,State,,1,14035; 14035; 14035; 14035,2023-09-13 00:00:00; 2023-09-13 00:00:00; 2023-09-13 00:00:00; 2023-09-13 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,CitizenLab; CitizenLab; Access Now; Access Now,Not available; Not available; Not available; Not available,Global (region); Canada; Global (region); Canada,Unknown; Unknown; Unknown; Unknown,Not available; Not available; Not available; Not available,State; State; State; State,https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,One,Drive-By Compromise,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Armed conflict; Armed conflict,Civic / political rights; Conduct of hostilities; Certain persons,Not available,0,,Not available,,Not available,Not available,Human rights; Armed conflict,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.theguardian.com/technology/2023/sep/13/exiled-russian-journalist-galina-timchenko-reportedly-hacked-using-nso-group-spyware; https://twitter.com/SophieintVeld/status/1701953607111778607; https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/; https://therecord.media/meduza-ceo-hacked-pegasus-spyware-russian-journalist; https://netzpolitik.org/2023/meduza-russische-exil-journalistin-mit-pegasus-gehackt/; https://securityaffairs.com/150816/intelligence/russian-journalists-iphone-pegasus-spyware.html; https://www.heise.de/news/Pegasus-iPhone-russischer-Journalisten-in-Deutschland-mit-Spyware-infiziert-9304862.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://therecord.media/more-russians-investigating-spyware; https://www.darkreading.com/mobile/nation-state-actor-used-0-click-exploit-to-drop-pegasus-spyware-on-russian-journalist-s-iphone; https://www.haaretz.com/israel-news/2023-09-14/ty-article/.premium/report-phones-of-russian-journalists-including-israeli-citizen-hacked-with-spyware/0000018a-94f8-d05a-abfe-fcfca92e0000; https://www.politico.eu/article/eu-should-ban-spyware-russian-exiled-journalist-says/; https://www.theguardian.com/technology/2023/nov/28/critics-of-serbias-government-targeted-with-military-grade-spyware; https://securityaffairs.com/157667/malware/ishutdown-spyware-infections-iphones.html; https://therecord.media/nso-group-spyware-company-ordered-code-whatsapp; https://netzpolitik.org/2024/klage-gegen-nso-group-staatstrojaner-firma-soll-quellcode-von-pegasus-uebergeben/; https://securityaffairs.com/159847/security/nso-group-vs-meta-pegasus-hand-over.html; https://therecord.media/apple-spyware-notifications-92-countries,2023-09-15,2024-02-02
2616,'NoName057(16)' took down websites of Québec government in DDoS attack on 12-13 September 2023,"The websites of eight government websites in Québec, Canada, were taken down by a DDoS attack in the night between 12 and 13 September 2023, which Québec's cybersecurity minister, Éric Caire, and IT security expert Steve Waterhouse, linked to the pro-Russian hacktivist group 'NoName057(16)'.
According to Waterhouse, the attempts at disruption targeted the websites of the Treasury Board Secretariat; the financial regulator Autorité des Marchés Financiers (AMF); the Canadian Securities Administrators, La Société de financement des infrastructures locales du Québec; the provincially-owned investment company Investissement Québec; the Ministry of the Economy, Innovation, and Energy;  Canada's Premiers (the heads of government of a province or territory) and the Senate of Canada.",2023-09-12,2023-09-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,"Investissement Québec - Not available - Ministère de l’Économie, de l'Innovation et de l'Énergie - Canadian Securities Administrators - La Société de financement des infrastructures locales du Québec - Autorité des marchés financiers - Treasury Board Secretariat",Canada; Canada; Canada; Canada; Canada; Canada; Canada,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Finance - Government / ministries - Government / ministries - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration,NoName057(16),Russia,Unknown - not attributed,,3,13098; 13097; 13099,2023-09-13 00:00:00; 2023-09-13 00:00:00; 2023-09-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms; Attribution by receiver government / state entity,"Eric Caire (Member of the National Assembly of Quebec and Minister for Cybersecurity and Digital Economy, Canada); NoName057(16); Government Cyber Defence Centre (CGCD) of Quebec",Not available; Not available; Not available,Canada; Russia; Canada,NoName057(16); NoName057(16); Not available,Russia; Russia; Russia,Unknown - not attributed; Non-state-group; Unknown - not attributed,https://t.me/noname05716eng/2378; https://ici.radio-canada.ca/nouvelle/2010065/cyberattaque-sites-gouvernement-quebec,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-09-13 00:00:00,State Actors: Stabilizing measures,Subnational executive official,Canada,"Éric Caire (Minister of Cybersecurity and Digital Technology; Québec, Canada))",No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,7.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://montreal.ctvnews.ca/quebec-government-says-data-not-compromised-after-websites-hit-by-cyberattack-1.6560005; https://www.quebec.ca/nouvelles/actualites/details/indisponibilite-de-certains-sites-gouvernementaux-50518; https://twitter.com/Water_Steve/status/1702006733105779197?s=20; https://ici.radio-canada.ca/nouvelle/2010065/cyberattaque-sites-gouvernement-quebec; https://t.me/noname05716eng/2378,2023-09-14,2023-09-18
2613,Unknown actors gained access to Auckland Transport HOP ticketing system in New Zealand,"Unknown actors gained access to the Auckland Transport HOP ticketing system in New Zealand, the authorities of AT discovered on 13 September 2023. The incident temporarily affected the availability of a number of services, such as online top-ups and cashless payments, though no data is believed to have been compromised.",2023-09-13,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Auckland Transport,New Zealand,OC,Critical infrastructure,Transportation,Not available,Not available,Non-state-group,Criminal(s),1,13096,2023-09-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,"Dean Kimpton (Chief Executive of Auckland Transport, Australia)",Not available,Australia,Not available,Not available,Non-state-group,https://www.rnz.co.nz/news/national/498003/suspected-cyberattack-crashes-auckland-transport-card-network,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://at.govt.nz/bus-train-ferry/service-announcements/at-hop-technical-outage; https://www.rnz.co.nz/news/national/498003/suspected-cyberattack-crashes-auckland-transport-card-network; https://www.bleepingcomputer.com/news/security/auckland-transport-authority-hit-by-suspected-ransomware-attack/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-15th-2023-russian-roulette/,2023-09-14,2023-09-18
2610,North Korean state-sponsored hacking group 'Lazarus' suspected of stealing millions of dollar from cryptocurrency platform CoinEx on 12 September 2023,"The cryptocurrency platform CoinEx was the victim of a multi-million dollar theft on 12 September 2023, which forced CoinEx to suspend its withdrawal services in response. The exact amount stolen in the attack is unclear, with security firms putting out various estimates. PeckShield estimated losses at around $31-42 million, while a more recent estimate from CertiK Alert places the losses around $55.5 million. At least one wallet to which stolen funds have been transfered has previously been associated with North Korean state-sponsored hacking group 'Lazarus'.
",2023-09-12,2023-09-12,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,CoinEx,Hong Kong,ASIA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,13095,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,0.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen; https://www.bleepingcomputer.com/news/security/hackers-steal-53-million-worth-of-cryptocurrency-from-coinex/; https://docs.google.com/spreadsheets/d/1vysrDd16d85TlEwk6cJMn_Je0cztS1bE3IRgm8xcOj0/edit#gid=0; strapi.eurepoc.eu/admin/content-manager/collectionType/api::basic-page.basic-page?page=1&pageSize=10&sort=title:ASC&plugins[i18n][locale]=en; strapi.eurepoc.eu/admin/content-manager/collectionType/api::basic-page.basic-page?page=1&pageSize=10&sort=title:ASC&plugins[i18n][locale]=en; https://twitter.com/coinexcom/status/1701788254700507362?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet; https://twitter.com/coinexcom/status/1701888744872354128?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet; https://decrypt.co/156173/crypto-exchange-coinex-shuts-down-withdrawals-following-suspected-hack-of-27m; https://therecord.media/coinex-cryptocurrency-heist-north-korea; https://securityaffairs.com/150957/apt/lazarus-stole-240m-crypto-assets.html; https://securityaffairs.com/151433/hacking/mixin-network-200m-cyber-heist.html; https://securityaffairs.com/152106/apt/north-korea-laundered-900-million.html; https://therecord.media/us-treasury-sanctions-sinbad-crypto-mixer; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023,2023-09-14,2023-12-13
2606,Chinese APT group 'Redfly' compromised organisation responsible for national grid in Asian country beginning on 28 February 2023,"The Chinese APT group 'Redfly' compromised an organisation responsible for the national grid in an unnamed Asian country during the period of 28 February to 3 August 2023, US IT security firm Symantec disclosed in a technical report on 12 September 2023.
The threat actor managed to steal credentials and infect several computers with the ShadowPad trojan also used by other APT actors. Symantec observed Redfly deploying tools and infrastructure previously associated with APT41, a cluster of malicious activity that the firm monitors under two separate identifiers, Blackfly and Grayfly. Noting the group's singular focus on critical national infrastructure, Symantec decided to track Redfly separately. Researchers at Mandiant pointed to overlaps of APT41's earlier targeting of electricity infrastructure in India, leading John Hultquist, the head of Mandiant's threat intelligence analysis team, to theorise that India may have once again been the target.",2023-02-28,2023-08-03,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Asia (region),,Critical infrastructure,Energy,Redfly,Not available,Unknown - not attributed,,1,15178,2023-09-12 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,Redfly,Not available,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/ics-ot/chinas-winnti-apt-compromises-national-grid-in-asia-for-6-months; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks; https://www.bleepingcomputer.com/news/security/redfly-hackers-infiltrated-power-suppliers-network-for-6-months/; https://www.wired.com/story/china-redfly-power-grid-cyberattack-asia/; https://securityaffairs.com/150775/hacking/redfly-attack-asian-national-grid.html; https://www.govinfosecurity.com/chinese-apt41-implicated-in-asian-national-power-grid-hack-a-23074,2023-09-13,2023-12-12
2608,US aeronautical organisation infiltrated by nation-state threat actors tracing back to January 2023,"A US organisation from the aeronautical sector infiltrated by several nation-state threat actors, possibly operating for different countries, as early as January 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) disclosed in a Joint Cybersecurity Advisory published together with the FBI and the National Mission Force of US Cyber Command on 7 September 2023. Some of the groups exploited a vulnerability in public-facing application (CVE-2022-47966) to gain access to the organisation’s web server. Separate APT actors leveraged a vulnerability in a Fortinet network operating system (CVE-2022-42475) to establish a presence on firewall devices deployed by the organisation. At the request of the affected organisation, CISA undertook an incident response review from February to April 2023. The threat actors' use of disabled administrative accounts and deletion of logs thwarted attempts to uncover follow-on exploitation to determine whether data had been altered or exfiltrated. A US Cyber Command press release announcing the advisory placed the activity within the context of ""Iranian exploitation efforts"" without providing additional detail.",2023-01-18,2023-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Hijacking without Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Transportation,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,15180; 15180; 15180,2023-09-07 00:00:00; 2023-09-07 00:00:00; 2023-09-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI); Cyber National Mission Force (CNMF),Not available; Not available; Not available,United States; United States; United States,; ; ,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,International power,International power,,Unknown,,1,2023-09-08 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-us-aviation-org-via-zoho-fortinet-bugs/; https://cyberscoop.com/cisa-state-hackers-aviation/; https://www.cisa.gov/sites/default/files/2023-09/aa23-250a-apt-actors-exploit-cve-2022-47966-and-cve-2022-42475_0.pdf; https://securityaffairs.com/150508/hacking/fortinet-fortios-zoho-attacks.html; https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html; https://www.darkreading.com/edge/why-identity-management-key-stopping-apt-cyberattacks; https://www.darkreading.com/application-security/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs; https://www.govinfosecurity.com/feds-warn-health-sector-lazarus-group-attacks-a-23122,2023-09-13,2023-12-12
2607,Automotive supplier Alps Alpine hit by ransomware attack on 10 September 2023,"The Japanese company Alps Alpine was hit by a ransomware attack on 10 September 2023. The unauthorised access to corporate systems led to disruption in work processes. Among other business activities, the company produces electrical components and is an automotive supplier.",2023-12-10,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Alps Alpine Group,Japan,ASIA; SCS; NEA,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,15179,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.alpsalpine.com/cms.media/September_12th_Cyber_Attack_ver1_11_31306d3123.pdf,2023-09-13,2023-12-12
2600,Unknown ransomware group caused data loss in across Sri Lankan government offices beginning on 17 May 2023,"An unknown ransomware group caused a data loss in across Sri Lankan government offices using the gov.lk email domain from 17 May to 26 August 2023, the country's Information and Communication Technology Agency (ICTA) reported.
According, to government estimates, about 5,000 email addresses were accessed as part of the ransomware attack. As no backups are available for the period, some of the concerned communications may not be recoverable.",2023-05-17,2023-08-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Office of the Cabinet of Ministers (Sri Lanka) - Not available,Sri Lanka; Sri Lanka,ASIA; SASIA - ASIA; SASIA,State institutions / political system - State institutions / political system; State institutions / political system,Civil service / administration - Government / ministries; Civil service / administration,Not available,Not available,Not available,,1,15175,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.adaderana.lk/news/93278/icta-confirms-data-loss-of-govlk-email-domains; https://research.checkpoint.com/2023/18th-september-threat-intelligence-report/,2023-09-12,2023-12-12
2601,Iranian APT 'Charming Kitten' gained access to exchange servers of 34 primarily israeli organizations beginning in March 2021 ,"The Iranian APT 'Charming Kitten' gained access to the exchange servers of 32 Israeli organizations beginning in March 2021, according to a blog-post by ESET from 11 September 2023. The campaign dubbed 'Sponsoring Access' used the so-called 'Sponsoring' backdoor to infiltrate Microsoft Exchange servers. In most instances, the threat actors obtained access by scanning and exploiting known vulnerabilities in Microsoft Exchange servers. In just under half of the 34 affected organizations, malicious actors other than Charming Kitten appeared to be active in the same systems, likely having taken advantage of the same unpatched software flaws.
Two additional victim organizations are based in the United Arab Emirates and Brazil.",2021-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,Brazil; United Arab Emirates; Israel,SOUTHAM - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Not available - Unknown; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure, -  - ; Health; ; Telecommunications; Food,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15176,2023-09-11 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,34.0,1-10,3.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/dr-global/irans-charming-kitten-israeli-exchange-servers; https://www.haaretz.com/israel-news/2023-09-11/ty-article/.premium/researchers-identify-iranian-cyberattack-on-32-israeli-firms/0000018a-853f-de68-a9ff-cdff7e230000; https://www.bleepingcomputer.com/news/security/iranian-hackers-backdoor-34-orgs-with-new-sponsor-malware/; https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor/; https://securityaffairs.com/150667/apt/charming-kitten-new-sponsor-backdoor.html; https://therecord.media/iranian-hackers-target-satellite-defense-orgs,2023-09-12,2023-12-12
2603,Unknown hackers disrupted touristic and cultural websites of the city of Rome on 11 September 2023,"Unknown hackers disrupted various websites of the city of Rome on 11 September 2023, event planner and website operator Zetema reported. 
Affected websites included those of organisations that had contracted Zetema for web management, as well as the online portals of museums in the municipality of Rome, the supervisory authority of the Ministry of Cultural Assets and Activities in Rome, the museum pass MIC and other several other touristic services and cultural offerings, such as the La Casina di Raffaello children's leisure centre and the Arte Bellezza Cultura (ABC) cultural project. Many of the affected websites remained unavailable on the following day.",2023-09-11,2023-09-11,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,Zetema - MIC Card Rome - Roma Pass - Call Center 060608 Rome - La Casina di Raffaello - Informagiovani Roma - Musei In Comune - Project Arte Bellezza Cultura (ABC) - Turismo Roma - Sovrintendenza Capitolina - Culture Roma - TechnoTown Roma - Roma Cura Roma,Italy; Italy; Italy; Italy; Not available; Italy; Italy; Italy; Italy; Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) -  - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - Education - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system, - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration -  - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,15177,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.romatoday.it/cronaca/attacco-hacker-ai-siti-del-comune-gestiti-da-zetema.html,2023-09-12,2024-01-08
2596,North Korean state-sponsored hacking group APT38 stole $41 million worth of cryptocurrencies from online casino and betting platform Stake.com on or about 4 September 2023,"The North Korean state-sponsored hacking group APT38 stole $41 million worth of cryptocurrencies from online casino and betting platform Stake.com on or about 4 September 2023, the FBI disclosed on 6 September 2023. ",2023-09-04,2023-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,Stake.com,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Blue Noroff/APT38/Stardust Chollima/G0082/Sapphire Sleet fka COPERNICUM/Genie Spider < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15174,2023-09-06 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,Federal Bureau of Investigation (FBI),Not available,United States,"Blue Noroff/APT38/Stardust Chollima/G0082/Sapphire Sleet fka COPERNICUM/Genie Spider < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom,Unknown,Not available,,Not available,,1,2023-09-06 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,> 10 Mio - 100 Mio,41000000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,1,2023-09-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html; https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom; https://twitter.com/zachxbt/status/1698698642951971056; https://twitter.com/zachxbt/status/1698698642951971056; https://twitter.com/Stake/status/1698746766076588057; https://research.checkpoint.com/2023/11th-september-threat-intelligence-report/; https://securityaffairs.com/150957/apt/lazarus-stole-240m-crypto-assets.html; https://securityaffairs.com/151433/hacking/mixin-network-200m-cyber-heist.html; https://securityaffairs.com/152106/apt/north-korea-laundered-900-million.html; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts; https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html,2023-09-11,2024-03-25
2592,Pakistani hacktivists 'Team Insane PK' disrupted websites of Delhi and Mumbai Police on 8 September 2023,"Pakistani hacktivists 'Team Insane PK' disrupted the websites of the police departments of Delhi and Mumbai as well as other Indian organizations on 8 September 2023, the group announced on its Telegram channel on the same day. The DDoS attacks were launched on the eve of the G20 summit hosted under the Indian presidency in New Delhi during 9-10 September. Efforts by the group to take down the website of the Delhi Police continued until 9 September, resulting in a brief disruption of access for around half an hour. ",2023-09-08,2023-09-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Not available - Delhi Police - Mumbai Police,Not available; India; India, - ASIA; SASIA; SCO - ASIA; SASIA; SCO,Unknown - State institutions / political system - State institutions / political system, - Police - Police,Team Insane PK,Pakistan,Non-state-group,Hacktivist(s),2,15171; 15172,2023-09-08 00:00:00; 2023-09-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,Team Insane PK; Team Insane PK,Not available; Not available,Pakistan; Pakistan,Team Insane PK; Team Insane PK,Pakistan; Pakistan,Non-state-group; Non-state-group,https://twitter.com/FalconFeedsio/status/1700083153614860617?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1700083153614860617%7Ctwgr%5Ed901ba1178f6ef64381cdc06be84a92b242c5898%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.businesstoday.in%2Ftechnology%2Fnews%2Fstory%2Fdelhi-police-website-down-amid-fears-of-cyberattacks-during-g20-summit-2023-397508-2023-09-08; https://www.businesstoday.in/technology/news/story/delhi-police-website-down-amid-fears-of-cyberattacks-during-g20-summit-2023-397508-2023-09-08; https://www.techlusive.in/news/g20-summit-delhi-police-website-hacked-again-by-pakistani-group-how-to-protect-yourself-from-such-attacks-1407474/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.techlusive.in/news/g20-summit-delhi-police-website-hacked-again-by-pakistani-group-how-to-protect-yourself-from-such-attacks-1407474/; https://twitter.com/FalconFeedsio/status/1700083153614860617?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1700083153614860617%7Ctwgr%5Ed901ba1178f6ef64381cdc06be84a92b242c5898%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.businesstoday.in%2Ftechnology%2Fnews%2Fstory%2Fdelhi-police-website-down-amid-fears-of-cyberattacks-during-g20-summit-2023-397508-2023-09-08; https://www.businesstoday.in/technology/news/story/delhi-police-website-down-amid-fears-of-cyberattacks-during-g20-summit-2023-397508-2023-09-08,2023-09-11,2023-12-12
2595,Unknown threat actors gained access to internal systems of US Hinds County on 7 September 2023,"Unknown threat actors gained access to internal servers of Hinds County, Mississippi. The compromise led to a county-wide shutdown of administrative systems. A Hinds County tax collector confirmed that the intrusion temporarily denied access to computer systems, causing employees to be sent home early. An investigation by the Department of Homeland Security and the FBI is underway to determine the source of the breach and the extent of the disruption.
The incident impacted county residents who rely on services, such as the purchase of vehicle number plates, which are currently unavailable. Hinds County Sheriff Tyree Jones assured the community through social media posts that emergency services, including the 911 centre and police offices, remain fully operational and unaffected by the incident. Counting a population of around 227,000, Hinds is the largest county of Mississippi.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,"Hinds County, MS",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15173,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-09-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.supertalk.fm/computer-breach-leaves-hinds-county-residents-without-services/; https://twitter.com/TyreeSheriff/status/1699831336813621555?s=20; https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline,2023-09-11,2024-02-06
2591,North Korean state-sponsored APT group 'Diamond Sleet' compromised defence companies in several countries in January 2023,"The North Korean state-sponsored hacking group 'Diamond Sleet' (fka. 'Zinc') compromised defence companies in several countries in January 2023, Microsoft disclosed in a technical report on Chinese and North Korean cyber activity released on 1 September 2023. Affected countries include Brazil, the Czech Republic, Finland, Italy, Norway, and Poland.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available,Norway; Finland; Italy; Brazil; Poland; Czech Republic,EUROPE; NATO; NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; NATO; EU(MS) - SOUTHAM - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Defence industry - Defence industry - Defence industry - Defence industry - Defence industry - Defence industry,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,15170,2023-09-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html,2023-09-08,2023-12-12
2590,North Korean state-sponsored APT groups 'Ruby Sleet' and 'Diamond Sleet' compromised two arms manufacturers in Germany and Israel beginning in November 2022,"The North Korean state-sponsored APT groups 'Ruby Sleet' (fka. 'Cerium') and 'Diamond Sleet' (fka. 'Zinc') compromised two arms manufacturers in Germany and Israel during the period of November 2022 to January 2023, Microsoft detailed in a technical report on Chinese and North Korean cyber activity published on 1 September 2023.
The report further assesses that the North Korean government assigned multiple threat actors to meet high priority collection requirements for its own military capabilities. ",2022-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Israel; Germany,ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure,Defence industry - Defence industry,"Ruby Sleet fka CERIUM; Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,15169; 15169,2023-09-01 00:00:00; 2023-09-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft,,United States; United States,"Ruby Sleet fka CERIUM; Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html,2023-09-08,2023-12-12
2589,Chinese APT group 'Twill Typhoon' compromised government machines in Africa and Europe in addition to humanitarian organisations worldwide in April 2023,"Chinese hacker group 'Twill Typhoon' (fka. 'TANTALUM') compromised government machines in Africa and Europe in addition to humanitarian organisations worldwide in April 2023, Microsoft announced in a technical report on Chinese and North Korean cyber activity issued on 1 September 2023. Based on these assessments, the Chinese threat actor likely engaged in economic espionage or intelligence collection.  ",2023-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,Africa; Europe (region); Global (region), -  - ,State institutions / political system - State institutions / political system - Social groups,Government / ministries - Government / ministries - Advocacy / activists (e.g. human rights organizations),Twill Typhoon/ TANTALUM,China,Unknown - not attributed,,1,15168,2023-09-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,Twill Typhoon/ TANTALUM,China,Unknown - not attributed,https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,3.0,,0.0,euro,None/Negligent,Cyber espionage; Human rights; Due diligence; Sovereignty,Non-state actors; Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW,2023-09-08,2023-12-12
2588,Unknown actors stole personal information from users of US online giveaway network Freecycle,"Unknown actors stole personal information from users of the US online giveaway network Freecycle, the non-profit organisation reported on its website on 3 September 2023.
According to the statement, the stolen personal information included usernames, User IDs, email addresses and passwords. The data breach affected more than 7 million users.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Freecycle,United States,NATO; NORTHAM,Critical infrastructure,Digital Provider,Not available,Not available,Not available,,1,15167,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/150392/security/the-freecycle-network-data-breach.html; https://freecycle.helpscoutdocs.com/article/319-data-breach-august-2023,2023-09-08,2023-12-12
2587,Criminal group encrypted internal data of St. Augustine Academy (UK) on 6 September 2023,"Cybercriminals infiltrated the computer network of St. Augustine Academy, a secondary school in Maidstone in the British county of Kent, on 6 September 2023. The threat actors encrypted internal data, including student and parent information, and disrupted phone lines. The payment system that the school utilizes were unaffected by the attack, according to Principal Jason Feldwick. ",2023-09-06,2023-09-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,St Augustine Academy,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Non-state-group,Criminal(s),1,15166,2023-09-06 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Receiver attributes attacker,"Jason Feldwick (Principal of St Augustine Academy, United Kingdom)",Not available,United Kingdom,Not available,Not available,Non-state-group,https://www.saa.woodard.co.uk/963/announcements/announcement/98/important-message-for-parents-carers-and-students,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,False,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.saa.woodard.co.uk/963/announcements/announcement/98/important-message-for-parents-carers-and-students; https://www.bbc.com/news/uk-england-kent-66744412,2023-09-08,2023-12-12
2586,Facebook page of Senegalese government organisation Prodac hacked in September 2023,"The Facebook page of Prodac, Senegal's national program of community agricultural estates, has been hacked at the beginning of September 2023. The government organisation lost access to their account and pornographic content was uploaded to the site. Prodac announced an investigation into the incident and filed charges against the unknown actors. ",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Programme national des domaines agricoles communautaires (Prodac),Senegal,AFRICA; SSA,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15165,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal; Defacement,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-09-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Senegal,Senegal Divison spéciale de cybersécurité (Dsc),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.seneplus.com/societe/le-prodac-victime-dune-cyberattaque,2023-09-08,2023-12-12
2585,North Korean APT group 'Onyx Sleet' targeted Russian University in March 2023,The North Korean APT group 'Onyx Sleet' (fka. 'Plutonium') targeted a Russian University in March 2023. The activity was observed as part of what appears to be a larger North Korean effort to gather defense-related intelligence in Russia. At least one device linked to the University was successfully compromised in the attack.,2023-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure; Education,Research; ,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,12998,2023-09-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft,United States,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,"Non-state actors; Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-target-russian-govt-defense-orgs/; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html; https://www.govinfosecurity.com/north-korean-hackers-exploiting-critical-flaw-in-devops-tool-a-23350,2023-09-08,2023-10-26
2584,North-Korean APT group 'Ruby Sleet' targeted Russian aerospace research institute in March 2023,"The North-Korean APT group 'Ruby Sleet' (fka. 'Cerium') broke into the networks of a Russian aerospace research institute in March 2023, according to a Microsoft report from September 2023. The incident is suspected to form part of a larger campaign by North-Korean threat actors focused on collecting defence-related intelligence in Russia. ",2023-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Research,Ruby Sleet fka CERIUM,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,15164,2023-09-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,Ruby Sleet fka CERIUM,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,"Non-state actors; Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-target-russian-govt-defense-orgs/; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html,2023-09-08,2023-12-12
2582,Patient service of Johnson & Johnson Health Care Systems experienced data breach,"Janssen CarePath, a patient service of Johnson & Johnson Health Care Systems, Inc. (""Janssen"") sustained a data breach resulting in the possible theft of sensitive patient data. Unauthorized actors developed access to personal information stored within a third-party database supporting Janssen CarePath, IBM - which manages the database of the third-party provider - detected on 2 August 2023. The data breach affected contact details, dates of birth, health insurance and medical information of enrolled patients going back to 2 July 2023, indicating that the infiltration occurred around this time or targeted a back-up containing this information.",2023-07-02,2023-08-02,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"Johnson & Johnson Health Care Systems (""Janssen"")",United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15163,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/ibm-notifies-janssen-carepath-data-breach/; https://www.bleepingcomputer.com/news/security/johnson-and-johnson-discloses-ibm-data-breach-impacting-patients/; https://www.prnewswire.com/news-releases/ibm-addresses-data-incident-for-janssen-carepath-database-301919467.html; https://www.janssencarepath.com/notice-of-data-incident; https://www.hipaajournal.com/ibm-notifies-janssen-carepath-patients-about-unauthorized-database-access/,2023-09-08,2023-12-12
2581,Russia-linked ransomware group 'Lockbit' stole 10 GB worth of information from UK security fence manufacturer Zaun beginning on 5 August 2023,"The Russia-linked ransomware group 'Lockbit' stole 10 GB worth of information from UK security fence manufacturer Zaun during 5-6 August 2023, the manufacturer reported in a statement on 1 September.
According to this communication, security measures prevented the encryption of files, though the ransomware group managed to steal 10 GB of data via an unnamed vulnerability on a computer running Windows 7. Zaun said the stolen information included archived emails, folders, drawings and project files. Zaun did not believe that classified documents were stored on the compromised computer, noting that its products are available for unrestricted purchase and product information are published on the company's website.
On 2 September, the British Daily Mirror claimed that stolen documents that Lockbit had subsequently leaked may still reveal potentially security-relevant information about British military and intelligence facilities. Disclosed information are said to have included details on certain equipment purchased to protect the chemical and biological weapons research center at Porton Down in Wiltshire; a sales order report for equipment for the GCHQ military base at Bude in Cornwall; information on safety equipment for the Royal Air Force military airfield at Waddington in Loncolnshire; information on British Cawdor Barracks at Brawdy in Pembrokeshire; and information on the navy base in Clyde (HMNB Clyde).
In the same article, British Labour MP Kevan Jones expressed concern about the incident and called on the government to explain why the company's computer systems were so vulnerable. Tory MP Tobias Ellwood insisted on better protections from Russia-associated interferences, which he linked to the UK's support for Ukraine.",2023-08-05,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Zaun,United Kingdom,EUROPE; NATO; NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,LockBit,Russia,Non-state-group,Criminal(s),1,15162,2023-08-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Russia,Non-state-group,https://socradar.io/threat-actors-accessed-uk-military-data-from-weakest-link/,Unknown,Not available,,Not available,,2,2023-09-03 00:00:00; 2023-09-03 00:00:00,State Actors: Legislative reactions; State Actors: Legislative reactions,Dissenting statement by member of parliament; Stabilizing statement by member of parliament,United Kingdom; United Kingdom,"Kevan Jones (Member of the British Parliament, Labor Party); Tobias Ellwood (Member of the British Parliament, Conservative Party)",No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-09-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,UK West Midlands Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/attacks-breaches/lockbit-leaks-documents-filched-from-uk-defence-contractor; https://www.zaun.co.uk/zaun-data-breach-update/; https://www.mirror.co.uk/news/uk-news/russia-linked-hackers-hit-uk-30850139; https://socradar.io/threat-actors-accessed-uk-military-data-from-weakest-link/; https://www.heise.de/news/Lockbit-veroeffentlicht-Daten-von-britischem-Hochsicherheits-Zaunbauer-9296464.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.darkreading.com/endpoint/boeing-breached-ransomware-lockbit-gang-claims; https://www.techrepublic.com/article/cyber-security-trends-uk/,2023-09-07,2024-04-03
2580,Ransomware group 'Lockbit' disrupted Seville City Council's computer systems beginning on 5 September 2023,"The criminal group 'Lockbit' targeted the Seville City Council in a ransomware attack that brought its digital operations to a standstill. The group claims to be of Dutch origin, however, experts assume that is maintains connections to Russia. Local police and firefighters were forced to switch communications to analogue means.
Local authorities, in collaboration with specialists from Telefónica, have set up a special task force to assess the extent of the attack and the damage it caused. The incident has been reported to the National Center for Cryptology (CCN-CERT) for further analysis and guidance. Based on a preliminary review, a city official noted no indications that data had been exfiltrated. After issuing an initial ransomware demand of €5 million, Lockbit dropped these figures first to €1.5 million and eventually €1 million. ",2023-09-05,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Seville City Council,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Civil service / administration,LockBit; LockBit,Russia; Russia,Non-state-group; Non-state-group,Criminal(s); Criminal(s),2,15159; 15159; 15159; 15159,2023-09-06 00:00:00; 2023-09-06 00:00:00; 2023-09-06 00:00:00; 2023-09-06 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Not available; Juan Bueno (Councillor for Finance and Digital Transformation of Seville, Spain); Not available; Juan Bueno (Councillor for Finance and Digital Transformation of Seville, Spain)",Not available; Not available; Not available; Not available,Spain; Spain; Spain; Spain,LockBit; LockBit; LockBit; LockBit,Russia; Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.diariodesevilla.es/sevilla/hackers-rescate-millon-medio-euros-Ayuntamiento-Sevilla_0_1827417442.html; https://www.elmundo.es/andalucia/2023/09/06/64f8537f21efa0bb688b45b4.html?intcmp=masnoticiasportada,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-09-06 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Spain,Cuerpo Nacional de Policía,Not available; Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.diariodesevilla.es/sevilla/hackers-rescate-millon-medio-euros-Ayuntamiento-Sevilla_0_1827417442.html; https://twitter.com/Ayto_Sevilla/status/1699060708493959677; https://www.elmundo.es/andalucia/2023/09/06/64f8537f21efa0bb688b45b4.html?intcmp=masnoticiasportada; https://www.kleinezeitung.at/international/6320647/Cyberangriff_Verwaltung-von-Sevilla-durch-Cyberangriff-weitgehend; https://elpais.com/https:/elpais.com/tecnologia/2023-09-06/el-ayuntamiento-de-sevilla-suspende-todos-los-servicios-telematicos-por-un-secuestro-informatico-no-se-negociara.html; https://research.checkpoint.com/2023/11th-september-threat-intelligence-report/; https://www.noticiasde.es/andalucia/sevilla/la-pequena-demora-en-las-juntas-de-distrito-se-debe-al-ciberataque/; https://elcorreoweb.es/sevilla/detenidos-dos-hackers-relacionados-con-el-ciberataque-a-la-web-del-ayuntamiento-de-sevilla-JG9181083; https://www.sevillaactualidad.com/sevilla/545087-duro-golpe-a-lockbit-los-hackers-que-atacaron-el-ayuntamiento-de-sevilla/; https://www.europapress.es/andalucia/sevilla-00357/noticia-operacion-policial-internacional-jaquea-servicios-grupo-ciberataque-ayuntamiento-sevilla-20240221102244.html; https://cadenaser.com/baleares/2024/02/21/una-operacion-policial-internacional-jaquea-los-servicios-del-grupo-responsable-del-ciberataque-a-sant-antoni-radio-ibiza/; https://www.cope.es/emisoras/andalucia/sevilla-provincia/sevilla/noticias/asi-caido-grupo-piratas-informaticos-lockbitt-responsables-del-ciberataque-ayuntamiento-20240221_3156980; https://www.telecinco.es/noticias/ciencia-y-tecnologia/20240221/desmantelado-lockbit-hackers-ciberataque-ayuntamiento-sevilla_18_011764528.html; https://www.cronicabalear.es/2024/cae-el-grupo-de-hackers-que-ataco-al-ayuntamiento-de-calvia-y-de-sant-antoni/; https://www.telecinco.es/noticias/ciencia-y-tecnologia/20240221/desmantelado-lockbit-hackers-ciberataque-ayuntamiento-sevilla_18_011764528.html; https://www.diariodesevilla.es/sevilla/Cae-piratas-informaticos-hackeo-Ayuntamiento-Sevilla_0_1877812744.html; https://www.diariodemallorca.es/part-forana/2024/02/21/cae-grupo-hackers-ataco-ayuntamiento-98452468.html; https://www.diariodemallorca.es/part-forana/2024/02/21/cae-grupo-hackers-ataco-ayuntamiento-98452468.html; https://www.diariodeibiza.es/ibiza/2024/02/21/hackers-sant-antoni-cercados-operacion-98464175.html; https://www.noticiasdealava.eus/ejes-de-nuestra-economia/2024/02/25/mayor-inversion-ciberseguridad-frente-ataques-7919670.html; https://www.lavozdegalicia.es/noticia/santiago/2024/02/19/ciberataques-bloquear-concellos-pedir-rescates-disparan/0003_202402S19C5994.htm; https://www.larazon.es/andalucia/malaga/enrique-rando-experto-ciberseguridad-estaremos-expuestos-gobiernos-hostiles-que-intenten-alterar-servicios-criticos_2024022965ddd7244129260001dc3b7e.html; https://www.telecinco.es/noticias/madrid/20240312/sanidad-refuerza-sistemas-informaticos-ciberataques-2023_18_011945759.html; https://www.laverdad.es/murcia/torrepacheco/hackers-mantienen-secuestrado-ayuntamiento-torre-pacheco-actuaron-20240403012833-nt.html; https://www.laverdad.es/murcia/torrepacheco/hackers-mantienen-secuestrado-ayuntamiento-torre-pacheco-actuaron-20240403012833-nt.html,2023-09-07,2024-02-12
2579,Tools of cybercriminal group 'W3LL' leveraged to compromise corporate Microsoft 365 accounts in phishing operation beginning In October 2022,"Group-IB researchers have linked together a string of phishing campaigns against corporate Microsoft 365 accounts going back to 2017 to tools of a largely undocumented threat actor that the company tracks under the name of 'W3LL'.
One of the instruments, the W3LL Panel phishing kit, designed to bypass multi-factor authentication (MFA) by obtaining an authenticated session cookie that provides access to Microsoft 365 accounts, played a crucial role in this extensive operation, which mainly targeted victims in the US, UK, Australia, and Germany. The kit, alongside several other tools for business email compromise, was offered to a vetted group of at least 500 threat actors through an underground marketplace called W3LL Store, set up specifically for this purpose in 2018. The tools were deployed against at least Microsoft 365 accounts and succeeded in breaking into an estimated 8,000.
Group-IB tied around 850 different phishing websites to W3LL Panel, meticulously customized to different industries and geographic regions. The affected industries, in order of frequency, are: manufacturing & engineering, information technology, consulting, finance and healthcare.",2022-10-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Not available; Italy; Germany; Australia; Canada; United States; Netherlands; France; United Kingdom; Switzerland, - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU - OC - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; NORTHEU - EUROPE; WESTEU,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education,Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance;  - Government / ministries; Energy; ; Health; Food; Finance; ,W3LL Group,Not available,Non-state-group,Criminal(s),1,15157,2023-08-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Group-IB,,Singapore,W3LL Group,Not available,Non-state-group,https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Account Access Removal; Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,10.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",501-10000,8000.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/endpoint/w3ll-gang-compromises-thousands-of-microsoft-365-accounts; https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report/; https://www.bleepingcomputer.com/news/security/w3ll-phishing-kit-hijacks-thousands-of-microsoft-365-accounts-bypasses-mfa/; https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html; https://therecord.media/w3ll-phishing-toolkit-bec-microsoft-365-accounts; https://cyberscoop.com/phishing-w3ll-microsoft-365-fraud/; https://thehackernews.com/2023/11/how-hackers-phish-for-your-users.html,2023-09-07,2023-12-12
2575,Unknown hackers caused an Internet outage at the local administration of Jordan's Greater Amman Municipality (GAM) on 31 August 2023,"Unknown hackers caused an Internet outage at a central administrative office of the Greater Amman Municipality (GAM), Jordan's capital region, on 31 August 2023. The e-services of the municipality have not been interrupted and were available as usual for citizens to use. ",2023-08-31,2023-08-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,Greater Amman Municipality ,Jordan,ASIA; MENA; MEA,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15132,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://en.ammonnews.net/article/67806,2023-09-06,2023-12-11
2578,"Hacktivist 'HommedeLombre' compromised French energy company Engie and leaked personal data of 110,000 customers on 23 August 2023","A hacktivist referring to themselves as 'HommedeLombre' broke into the French energy company Engie on 23 August 2023. The hacker subsequently leaked personal data of 110,000 customers, including names, email addresses, city of residence, and telephone numbers. The hacker, however, refrained from disclosing exact home addresses, deeming this unethical. The leak also did not include customers' bank details and passwords. In a message phrased in support for the French working class, the hacktivist linked his or her actions to protest against the rise in gas prices in France. Confirming the incident, Engie announced that the leak concerned data from a customer portal managed by a third-party provider, who was the immediate target of the breach.",2023-08-23,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Engie,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Energy,HommedeLombre,Not available,Non-state-group,Hacktivist(s),1,12999,2023-08-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,HommedeLombre,Not available,Not available,HommedeLombre,Not available,Non-state-group,https://www.economiematin.fr/engie-les-donnees-de-110-000-clients-ont-fuite-a-cause-dune-cyberattaque,Other,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.economiematin.fr/engie-les-donnees-de-110-000-clients-ont-fuite-a-cause-dune-cyberattaque,2023-09-06,2023-09-12
2577,Unknown actors broke into email account of Helmholtz Gymnasium in Zweibrücken on 1 September 2023,"On 1 September 2023 unknown actors broke into an email account of the Helmholtz Gymnasium in Zweibrücken, Germany. The intruders leveraged the account to send out fabricated emails impersonating a school administrator asking for emergency assistance to trick recipients into sending money to the attackers. The school set up an alternative email account and published warnings in the news section of its website. ",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking with Misuse,Helmholtz Gymnasium Zweibrücken,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15155,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,"https://www.rheinpfalz.de/lokal/zweibruecken_artikel,-hacker-greifen-helmholtz-gymnasium-an-_arid,5549073.html",Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,"https://www.rheinpfalz.de/lokal/zweibruecken_artikel,-hacker-greifen-helmholtz-gymnasium-an-_arid,5549073.html",2023-09-06,2023-12-12
2576,Hacktivist group Anonymous Sudan disrupted user access to social media platform X on 29 August 2023,"The hacktivist group Anonymous Sudan disrupted access to the social media platform X on 29 August 2023 for around two hours, the hacktivists announced via their Telegram channel as early as 1:31 am that night.
This DDoS attack affected users from more than a dozen countries, including the United Kingdom and the United States, combining thousands of users.
The group linked its activity to the attempt to pressure the owner of X, Elon Musk, to make his satellite network Starlink available in Sudan to ensure stable Internet access. A professed member of the hacktivist group identifying as Hofa said that the group wanted to raise general awareness about the civil war situation in Sudan.
Hofa and a second individual, who calls himself Crush and acts as the group's spokesperson, shared pictures of their Sudanese passports and screenshots suggesting that they were based in Sudan with BBC correspondent Joe Tidy. During an interview with Tidy, the two members also shared their live location via Telegram, which appeared to show them in Sudan. Former activities of the group have been attributed as false-flag operations by Russian hacktivist group Killnet. Starlink is widely used by the Ukrainian military since the start of the Russian aggression in February 2022. ",2023-08-29,2023-08-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,X,United States,NATO; NORTHAM,Critical infrastructure,Digital Provider,Anonymous Sudan (Storm-1359) < Killnet,Sudan,Non-state-group,Hacktivist(s),1,15154; 15154,2023-08-29 00:00:00; 2023-08-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Contested attribution,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Not available; Not available,Sudan; Sudan,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Sudan; Sudan,Non-state-group; Non-state-group,https://t.me/AnonymousSudan/1912,Cyber-specific,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bbc.co.uk/news/technology-66668053?at_medium=RSS&at_campaign=KARANGA; https://t.me/AnonymousSudan/1912; https://socradar.io/telegram-hit-by-a-ddos-attack-what-is-the-cause-behind-it/; https://www.hackread.com/chatgpt-down-openai-ddos-attacks-outages/,2023-09-06,2024-01-15
2574,Unknown hackers targeted Maiden Erlegh Trust Schools in UK with ransomware,"Unknown hackers targeted the Berkshire schools group Maiden Erlegt Trust in a ransomware attack, temporarily locking administrators out of the Trust's network. Upon disclosing the breach on 4 September 2023, the Trust noted that, while investigations into whether personal data had been accessed remained ongoing, the incident had been reported to the Thames Valley Police Cyber Unit, the Department for Education, and the UK's Information
Commissioners Office.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Maiden Erlegh Trust Schools,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15131,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://www.maidenerleghschool.co.uk/attachments/download.asp?file=3460&type=pdf,2023-09-06,2023-12-11
2573,North Korean state-sponsored hacking group Labyrinth Chollima gained access to network of unnamed Latin American banking company using QRLOG malware beginning in January 2023,"The North Korean state-sponsored hacking group Labyrinth Chollima gained access to the network of an unnamed Latin American banking company using the previously undocumented QRLOG malware during January to February 2023, the Argentinian newspaper Clarin reported on 28 July 2023.
According to the report, the affected banking company discovered unusual behaviour in its network in February 2023 and isolated the infected machine.
Mauro Eldritch, a threat analyst at Birmingham Cyber Arms, identified the deployed malware as a remote access Trojan (RAT) that poses as QR code generator for the authentication of online payments to steal money from victims. 
Following the identification of the malware, Eldritch contacted a colleague at the US IT security company Crowdstrike to determine the authorship of the malware. Crowdstrike analysts concluded with a high degree of confidence that Labyrinth Chollima infected the Latin American banking company. In addition, Crowdstrike determined the North Korean hackers had operated undetected within the bank's network for a month.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,South America; Central America (region), - ,Critical infrastructure - Critical infrastructure,Finance - Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,15130,2023-07-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,CrowdStrike,,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.clarin.com/tecnologia/hecho-corea-norte-descubren-nuevo-virus-funciona-molotov-digital%5F0%5FfR36LRX5mj.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html; https://www.clarin.com/tecnologia/hecho-corea-norte-descubren-nuevo-virus-funciona-molotov-digital%5F0%5FfR36LRX5mj.html; https://github.com/birminghamcyberarms/QRLog,2023-09-06,2024-01-08
2572,Unknown actor hit German financial regulator's website with DDoS attack on 1 September 2023,"An unknown actor targeted the website of Germany's financial regulator (BaFin) via a DDoS attack and disrupted the access to the website on Friday, 1 September 2023. Effects of the attack persisted over the weekend. The targeted web page offers access to a database containing information on registered companies and public tenders, job postings, and a whistleblower reporting channel to submit anonymous tips about a breach of regulatory requirements.",2023-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Federal Financial Supervisory Authority (BaFin),Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15128,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/germany-bafin-regulator-ddos-incident; https://securityaffairs.com/150359/hacking/ddos-attack-on-bafin.html; https://twitter.com/BaFin%5FBund/status/1698594562724290767; https://www.bleepingcomputer.com/news/security/german-financial-agency-site-disrupted-by-ddos-attack-since-friday/; https://www.govinfosecurity.com/breach-roundup-swedish-insurer-fined-3m-for-gdpr-breach-a-23031; https://www.bleepingcomputer.com/news/security/how-ddos-attacks-are-taking-down-even-the-largest-tech-companies/,2023-09-06,2023-12-11
2571,Medusa Ransomware Group encrypted servers of French commune of Betton starting on 30 August 2023,"The French commune Betton, in the deparment of Ille-et-Vilaine, fell victim to a ransomware attack on the night of 30 to 31 August 2023. The Medusa gang, which a few days earlier had attacked the French municipality of Sartrouville in the suburbs of Paris, claimed responsibility for the attack and added the commune to its list of targets.
The perpetrators have set a deadline for 14 September for the payment of $100,000 in exchange for the destruction of the data exfiltrated by the group.
According to an official press release, the commune successfully ""contained"" and ""neutralised"" the malicious activity in its networks. These mitigation measures data backups enabled the municipality of 12,000, to restore its IT infrastructure and retrieve critical data.
Nevertheless, certain municipal services experienced interruptions, including the processing of ID cards and passports, as well as registration requests for school meals and leisure activities, which coincided with the start of the new school year.
In response to this incident, Betton filed a formal complaint with local law enforcement authorities and reported the incident to the French cyber security agency ANSSI.",2023-08-30,2023-08-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Commune de Betton,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,15127,2023-09-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://france3-regions.francetvinfo.fr/bretagne/ille-et-vilaine/rennes/cyberattaque-contre-des-mairies-un-phenomene-lourd-de-consequences-pour-les-collectivites-2834288.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-09-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Agence nationale de la sécurité des systèmes d’information (ANSSI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://france3-regions.francetvinfo.fr/bretagne/ille-et-vilaine/rennes/cyberattaque-contre-des-mairies-un-phenomene-lourd-de-consequences-pour-les-collectivites-2834288.html; https://www.betton.fr/accueil/actualites/1467-7900/la-ville-victime-dune-cyberattaque,2023-09-06,2023-12-11
2570,US Hospital Sisters Health System and Prevea Health experienced statewide systems outage,"Unknown actors targeted the networks of the US healthcare institution Hospital Sisters Health System (HSHS) and its partner organization Prevea Health on 27 August 2023. The incident resulted in a ""statewide, systemwide outage of nearly all operating systems at HSHS and Prevea facilities,"" including communications systems and billing services. For several area and local hospitals managed by HSHS, the outage temporarily disrupted the possibility of patients to contact the facilities.",2023-08-27,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Hospital Sisters Health System - Prevea Health,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Health - Health,Not available,Not available,Not available,,1,15126,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.nprillinois.org/health-harvest/2023-09-02/hshs-says-system-outage-caused-by-cyberattack; https://www.prevea.com/updates; https://www.hshsupdates.org/; https://www.wqow.com/eye_on_eau_claire/hshs-confirms-cybersecurity-incident/article_e040c3e2-4927-11ee-81fc-1bebfe319f6c.html; https://www.hipaajournal.com/ibm-notifies-janssen-carepath-patients-about-unauthorized-database-access/; https://www.govtech.com/education/higher-ed/richland-community-college-struggling-after-cyber-attack,2023-09-05,2024-03-04
2567,Pro-Russia Net-Worker Alliance targets website of Groningen Airport Eelde with DDoS attack,"The website of Groningen Airport Eelde was brought down for a number of hours on 27 August 2023, as a result of a DDoS attack from the pro-Russia hacker collective Net-Worker Alliance. The Net-Worker Alliance itself claimed Groningen Airport Eelde as its victim on a Telegram post, alongside Schiphol Airport and Maastricht Aachen Airport, both of which it allegedly attacked as part of the same campaign. However, only the web presence of Groningen Airport Eelde recorded disruptions.
The director of Groningen Airport Eelde, Meiltje de Groot, emphasized that no other services outside the public-facing website were impacted by the DDoS attack, and services were available again several hours after the attack.",2023-08-27,2023-08-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Groningen Airport Eelde,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,Net-Worker Alliance,Not available,Non-state-group,Hacktivist(s),1,15125,2023-08-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Net-Worker Alliance,Not available,Not available,Net-Worker Alliance,Not available,Non-state-group,https://t.me/net_worker_alliance/93,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.rtvdrenthe.nl/nieuws/15832175/site-vliegveld-eelde-werkt-weer-na-mogelijke-ddos-aanval; https://www.oogtv.nl/2023/08/website-groningen-airport-eelde-onbereikbaar-door-cyberaanval/; https://t.me/net_worker_alliance/93,2023-09-05,2023-12-11
2565,Lockbit ransomware group gained access to Cisco VPN accounts of unnamed companies across different sectors beginning on 30 March 2023,"The Lockbit ransomware group gained access to the Cisco VPN accounts of unnamed companies across different sectors during the period of 30 March to 24 August 2023, US-based IT security firm Rapid7 announced in a technical report on 29 August. 
According to the report, the ransomware group infiltrated physical as well as virtual Cisco ASA SSL VPN appliances of accounts used in healthcare, professional services, manufacturing, oil and gas as well as other unspecified sectors. Lockbit pursued targets through credential stuffing and targeted brute force attacks enabled by missing or unenforced multifactor authentication (MFA). ",2023-03-30,2023-08-24,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse; Ransomware,Not available,Not available,,Unknown; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,; Energy; ; Health,LockBit,Russia,Non-state-group,Criminal(s),1,15121,2023-08-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Rapid7,,United States,LockBit,Russia,Non-state-group,https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,Not available,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/150157/cyber-crime/cisco-asa-ransomware-attacks.html; https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/; https://socradar.io/cisco-zero-day-vulnerability-exploited-by-lockbit-and-akira-cve-2023-20269/; https://www.malwarebytes.com/blog/threat-intelligence/2023/10/ransomware-review-october-2023,2023-09-05,2024-04-18
2564,Akira ransomware group gained access to Cisco VPN accounts of unnamed companies across different sectors beginning on 30 March 2023,"The Akira ransomware group gained access to the Cisco VPN accounts of unnamed companies across different sectors beginning from 30 March to 24 August 2023, US-based IT security firm Rapid7 disclosed in a technical report on 29 August. Overlapping Akira activity was observed by Cisco.
According to the report, the ransomware group developed access to the physical as well as virtual Cisco ASA SSL VPN appliances of accounts used in the healthcare, professional services, manufacturing, oil and gas as well as other unspecified sectors. Akira compromised accounts through credential stuffing or and targeted brute force attacks enabled by missing or unenforced multifactor authentication (MFA). ",2023-03-30,2023-08-24,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse; Ransomware,Not available,Not available,,Unknown; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,; Energy; ; Health,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),1,15120,2023-08-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Rapid7,,United States,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,Not available,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/150157/cyber-crime/cisco-asa-ransomware-attacks.html; https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/; https://blogs.cisco.com/security/akira-ransomware-targeting-vpns-without-multi-factor-authentication; https://socradar.io/cisco-zero-day-vulnerability-exploited-by-lockbit-and-akira-cve-2023-20269/; https://www.malwarebytes.com/blog/threat-intelligence/2023/10/ransomware-review-october-2023; https://www.darkreading.com/attacks-breaches/bhi-energy-releases-details-of-akira-ransomware-attack,2023-09-05,2024-03-13
2563,Unnamed threat actor gained access to internal systems of Dutch industrial company Kendrion in August 2023,"Kendrion, a Dutch industrial technology company specialising in the design and manufacture of electromagnetic components and systems, recently identified a cybersecurity incident in which an unauthorised third party gained access to their corporate network at an as yet unknown time in August 2023. In response, the company immediately took all of its systems offline as a mitigation measure.
A preliminary investigation did not conclusively rule out that the unknown threat actor accessed company data.
The effects of the intrusion also extended to the German subsidiary of Kendrion in Malente, where development and sales activities have been temporarily halted. However, production continued unaffected. Most of the 300 employees at the Malente site were reportedly sent home in light of the incident.",2023-08-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Kendrion,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,15117,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.kendrion.com/en/about-kendrion/investor-relations/press-releases/press-releases-detail-page/kendrion-experiences-cyber-security-incident; https://www.kendrion.com/en/about-kendrion/investor-relations/press-releases/press-releases-detail-page/kendrion-experiences-cyber-security-incident; https://www.schwarzwaelder-bote.de/inhalt.cyberangriff-hochschule-furtwangen-hacker-legen-it-systeme-der-hfu-lahm.8da71f9e-27fb-4da6-92b3-1bac9a5103bf.html,2023-09-05,2023-12-11
2562,Unknown ransomware group disrupted network of Chambersburg Area School District in August 2023,"An unknown ransomware group disrupted the network of Chambersburg Area School District in August 2023, the school district reported on both its website and its Facebook page.
Network disruptions forced all schools in the district to stay closed during 28-30 August, 2023.",2023-08-29,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Chambersburg Area School District (CASD),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15114,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack; https://www.casdonline.org//site/default.aspx?PageType=3&DomainID=8&ModuleInstanceID=16569&ViewID=6446EE88-D30C-497E-9316-3F8874B3E108&RenderLoc=0&FlexDataID=46786&PageID=9; https://www.facebook.com/CASDNews/posts/1034740197978322; https://www.facebook.com/CASDNews/posts/1035376601248015; https://fcfreepresspa.com/chambersburg-area-school-district-affected-by-ransomware-attack/; https://therecord.media/ransomware-tracker-the-latest-figures; https://local21news.com/news/local/local-school-messiah-university-trains-new-generation-of-cybersecurity-experts-in-central-pa,2023-09-05,2024-02-12
2566,Unknown threat actors targeted British Highgate Wood School in London in August 2023,"Highgate Wood School, a British secondary school, experienced an intrusion, which prevented school staff from accessing the school's systems and prompted the school's management to postpone the start of the school year from 5 to 11 September. 
In an email to parents, Headmaster Patrick Cozier assured that investigations had shown employee and pupil data remained unaffected in the breach. The school is actively working with Haringey Council, London Grid for Learning and external cybersecurity experts to restore its systems and functions promptly. Public reporting did not detail whether the incident was the result of a ransomware attack.",2023-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Highgate Wood School,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15122,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hamhigh.co.uk/news/23761230.highgate-wood-school-delays-term-6-days-cyber-attack/; https://www.gbnews.com/news/school-news-cyber-attack-london-pupils-return-week,2023-09-05,2023-12-11
2561,Unknown actors stole personal data from leasing company Deutsche Leasing in 2023,"Unknown actors stole personal data from the leasing company Deutsche Leasing, the firm reported in a press release on its website in September 2023.
Deutsche Leasing AG first reported this cyberattack in June without providing further details. The new press release discloses that Deutsche Leasing servers and data had been accessed and stolen personal data has surfaced on the darknet platforms.
The leaked personal data related to former employees, former external employees or former board members; applicants; employees or former employees of refinancing partners, customers, manufacturers, dealers, service providers or beneficial owners; employees of interested parties or former interested parties, suppliers or buyers of an object and guarantors from whom Deutsche Leasing has personal data.",2023-06-03,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Deutsche Leasing AG,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Finance,Not available,Not available,Not available,,1,17832,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Cyberangriff-Datenleck-bei-Deutsche-Leasing-9293021.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.deutsche-leasing.com/de/unternehmen/cyberattacke-aktuelle-information; https://www.security-incidents.de/assets/img/incidents/2374-Deutsche_Leasing.png; https://www.heise.de/news/Cyber-Angriff-IT-der-Deutsche-Leasing-seit-Samstag-offline-9164777.html,2023-09-04,2024-03-11
2559,Chinese hacking group APT15 targeted German federal agency in 2021,"The Chinese hacking APT15 infiltrated the German ""Bundesamt für Kartographie und Geodäsie (BKG)"". The agency, which is tasked with the production of detailed maps and assessments of satellite images, operates under the authority of the German interior ministry and confirmed the previously unreported cyber incident following journalistic inquiries. The Federal Office for Information Security (BSI) alerted the agency after detecting the intrusion in 2021. The compromised parts of BKG digital infrastructure have since been rebuilt.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Hijacking without Misuse,Bundesamt für Kartographie und Geodäsie ,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,"Non-state actor, state-affiliation suggested",,1,15110; 15110; 15110,2023-08-31 00:00:00; 2023-08-31 00:00:00; 2023-08-31 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution; Media-based attribution,ZDF; Der Spiegel; Der Standard,Not available; Not available; Not available,Germany; Germany; Germany,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea; Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea; Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.zdf.de/nachrichten/politik/china-spionage-hacker-deutschland-100.html,International power,Unknown,,Unknown,,1,2023-08-31 00:00:00,EU member states: Preventive measures,Awareness raising,Germany, German Bundesamt für Verfassungsschutz (BfV),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.heise.de/news/Freitag-Chinesische-Gruppe-hackt-Bundesbehoerde-Fragen-rund-ums-Copyright-9291408.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.zdf.de/nachrichten/politik/china-spionage-hacker-deutschland-100.html; https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2023-02-bfv-cyber-brief.pdf?__blob=publicationFile&v=3; https://www.heise.de/news/Cyberspionage-Chinesische-Gruppe-hat-deutsche-Kartographiebehoerde-gehackt-9291268.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag,2023-09-04,2023-12-11
2558,Unknown actors stole personal information from Sydney University students and applicants via third-party service provider,"Unknown actors stole personal information from Sydney University students and applicants via a third-party service provider.
The stolen personal information concerned recently enrolled international students and applicants. ",,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,Not available - University of Sydney (USYD),Not available; Australia, - OC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Education, - Civil service / administration; Research; ,Not available,Not available,Not available,,1,15109,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/university-of-sydney-data-breach-impacts-recent-applicants/; https://securityaffairs.com/150310/hacking/university-of-sydney-security-breach.html; https://www.bleepingcomputer.com/news/security/eagers-automotive-halts-trading-in-response-to-cyberattack/,2023-09-04,2024-03-22
2555,Chinese state-sponsored hacking group GREF spied on unspecified Android users using malicious Signal plus Messenger app beginning in June 2022,"The Chinese state-sponsored hacking group GREF spied on unspecified Android users using Signal Plus Messenger, a trojanized double of the legitimate Signal app, the Slovakian IT security firm ESET concluded in a technical report on 30 August 2023. 
The activity traces back to 7 July 2022, when the threat actor uploaded the app imitating the Signal messenger, which was laced with malicious code related to the BadBazaar malware family, to the Google Play Store, Samsung Galaxy Store, and individual websites. The operation marks the first publicly reported instance in which threat actors accessed Signal communications by auto-linking the compromised device with a second device controlled by the attackers.",2022-07-07,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Spain; Yemen; Netherlands; Ukraine; Singapore; Australia; Brazil; United States; Portugal; Germany; Lithuania; Hong Kong; Denmark; Hungary; Poland; Congo, the Democratic Republic of the",EUROPE; NATO; EU(MS) - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU - EUROPE; EASTEU - ASIA - OC - SOUTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); NORTHEU - ASIA - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - AFRICA; SSA,End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups, -  -  -  -  -  -  -  -  -  -  -  -  -  -  - ,Grayfly/GREF/Wicked Panda,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15098,2023-08-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,Grayfly/GREF/Wicked Panda,China,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise; Trusted Relationship,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/attacks-breaches/china-group-spreads-android-spyware-via-trojan-signal-telegram-apps; https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/; https://therecord.media/china-linked-hackers-spy-on-android-users-through-fake-messenger-apps; https://securityaffairs.com/150097/hacking/trojanized-signal-telegram-apps-google-play.html; https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegram-apps-on-google-play-delivered-spyware/; https://thehackernews.com/2023/08/china-linked-badbazaar-android-spyware.html; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/poland-train-radio-attack-security-roundup/; https://www.hackread.com/chinese-apt-fake-signal-telegram-app-stores/; https://www.heise.de/news/Android-Malware-Badbazaar-wurde-im-Google-Play-Store-und-Samsung-Store-verteilt-9290217.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.govinfosecurity.com/chinese-apt-uses-fake-messenger-apps-to-spy-on-android-users-a-22986; https://arstechnica.com/security/2023/08/google-removes-fake-signal-and-telegram-apps-hosted-on-play/; https://www.bleepingcomputer.com/news/security/evil-telegram-android-apps-on-google-play-infected-60k-with-spyware/; https://www.darkreading.com/attacks-breaches/evil-telegram-spyware-campaign-infects-60k-mobile-users; https://www.schneier.com/blog/archives/2023/09/fake-signal-and-telegram-apps-in-the-google-play-store.html,2023-09-01,2023-12-11
2557,Lockbit ransomware group stole data from Canada's electricity grid operator Commission des services electriques de Montreal (CSEM) on 3 August 2023,"The Lockbit ransomware group stole data from Canada's electricity grid operator Commission des services electriques de Montreal (CSEM) on 3 August 2023, CSEM reported in a statement via Facebook on 28 August 2023.
On the same day, according to the CSEM announcement, the Lockbit ransomware group also leaked some of the exfiltrated data, adding CSEM to its victim list on 30 August. CSEM noted that this data relates to projects conducted under public procurement processes, with associated documents being openly available.  ",2023-08-03,2023-08-03,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Commission des services électriques de Montréal (CSEM),Canada,NATO; NORTHAM,Critical infrastructure,Energy,LockBit,Russia,Non-state-group,Criminal(s),1,15108,2023-08-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Russia,Non-state-group,https://twitter.com/FalconFeedsio/status/1696858137213665685,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-08-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Sûreté du Québec,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/montreal-electricity-organization-lockbit-victim; https://www.facebook.com/photo/?fbid=603754208595461&set=a.236539865316899; https://twitter.com/FalconFeedsio/status/1696858137213665685; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/150247/cyber-crime/lockbit-ransomware-csem.html; https://therecord.media/dutch-football-association-paid-ransom-lockbit,2023-09-01,2023-12-11
2556,Cybercriminal hacking group Earth Estries compromised networks of governments and technology companies in several countries beginning as early as 2023,"The cybercriminal hacking group Earth Estries compromised networks of governments and technology companies in several countries beginning at the latest in early 2023, Japanese IT security firm Trend Micro assessed in a technical report on 30 August 2023. 
The investigation uncovered the compromise of existing accounts with administrative privileges. At an unnamed organization, these breaches were traced to an internal server. Installing the remote control tool Cobalt Strike on this system enabled the threat actors to load additional malware for lateral movement. Trend Micro highlights the use of the Zingdoor backdoor, the TrillClient information stealer and the HemiGate backdoor. Tools and TTPs deployed by Earth Estries, a group active since at least 2020, showed overlaps with the FamousSparrow hacker group.
Confirmed victims were located in the Philippines, Taiwan, Malaysia, South Africa, Germany and the United States.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available,Philippines; Germany; Malaysia; United States; South Africa; Taiwan,ASIA; SCS; SEA - EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; SEA - NATO; NORTHAM - AFRICA; SSA - ASIA; SCS,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,Earth Estries,Not available,Non-state-group,Criminal(s),1,15105,2023-08-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,Trend Micro,Japan,Earth Estries,Not available,Non-state-group,https://www.trendmicro.com/en%5Fus/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/attacks-breaches/-apt-attacks-from-earth-estries-hit-govt-tech-with-custom-malware; https://www.trendmicro.com/en%5Fus/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html; https://thehackernews.com/2023/08/earth-estries-espionage-campaign.html,2023-09-01,2023-12-11
2554,Chinese state-sponsored hacking group GREF accessed backup data of unspecified Android users and exfiltrated unspecified data through malicious FlyGram app beginning in June 2020,"The Chinese state-sponsored hacking group GREF accessed backup data of unspecified Android users and exfiltrated unspecified data, findings by the Slovakian IT security firm ESET revealed on 30 August 2023. 
The activity began on 4 June 2020, when the GREF uploaded the trojanized FlyGram app, branded as an alternative to Telegram, to the Google Play Store, the Samsung Galaxy Store, other app stores, and individual websites. ESET linked malicious code introduced into the app to the BadBazaar malware family. At least 13,953 users activated a feature to restore actual Telegram backups giving the threat actor access to stored files. The malicious application was advertised on a Uyghur Telegram group, whether this was directed by the hacker group or done inadvertently by an unsuspected user remained unclear.",2020-06-04,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Poland; Hong Kong; Brazil; Yemen; Netherlands; Spain; Lithuania; Singapore; Ukraine; Denmark; Hungary; United States; Portugal; Australia; Congo, the Democratic Republic of the; Germany",EUROPE; NATO; EU(MS); EASTEU - ASIA - SOUTHAM - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); NORTHEU - ASIA - EUROPE; EASTEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); EASTEU - NATO; NORTHAM - EUROPE; NATO; EU(MS) - OC - AFRICA; SSA - EUROPE; NATO; EU(MS); WESTEU,End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups, -  -  -  -  -  -  -  -  -  -  -  -  -  -  - ,Grayfly/GREF/Wicked Panda,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15094,2023-08-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,Grayfly/GREF/Wicked Panda,China,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise; Trusted Relationship,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Medium,11.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",501-10000,0.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/attacks-breaches/china-group-spreads-android-spyware-via-trojan-signal-telegram-apps; https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/; https://therecord.media/china-linked-hackers-spy-on-android-users-through-fake-messenger-apps; https://securityaffairs.com/150097/hacking/trojanized-signal-telegram-apps-google-play.html; https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegram-apps-on-google-play-delivered-spyware/; https://thehackernews.com/2023/08/china-linked-badbazaar-android-spyware.html; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/poland-train-radio-attack-security-roundup/; https://www.hackread.com/chinese-apt-fake-signal-telegram-app-stores/; https://www.heise.de/news/Android-Malware-Badbazaar-wurde-im-Google-Play-Store-und-Samsung-Store-verteilt-9290217.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.govinfosecurity.com/chinese-apt-uses-fake-messenger-apps-to-spy-on-android-users-a-22986; https://arstechnica.com/security/2023/08/google-removes-fake-signal-and-telegram-apps-hosted-on-play/; https://www.bleepingcomputer.com/news/security/evil-telegram-android-apps-on-google-play-infected-60k-with-spyware/; https://www.darkreading.com/attacks-breaches/evil-telegram-spyware-campaign-infects-60k-mobile-users; https://www.schneier.com/blog/archives/2023/09/fake-signal-and-telegram-apps-in-the-google-play-store.html,2023-09-01,2023-12-11
2548,Website of Czech banks and Prague Stock Exchange hit by DDoS attack from Russia-linked NoName057(16),"The National Cyber and Information Security Agency of Czechia (NUKIB) reported that the pro-Russian hacktivist group NoName057(16) launched a DDoS attack against the websites and online banking systems of five Czech banks (Komercni Banka, CSOB, Air Bank, Fio Banka and Ceska sporitelna) and the Prague Stock Exchange on Wednesday, 30 August 2023, disrupting services and temporarily restricting the monetary withdrawals of clients. The network outages did not affect banks' internal systems or client accounts. Card payments and cash withdrawals remained uninterrupted. The temporary inaccessibility of the stock exchange's website did not interfere with trading. Though when the website became available again in the evening, displayed data on developments in the stock exchange's price index, PX, was trailing by several hours.
According to NUKIB, NoName057(16) linked its actions to demands for banks and other Czech institutions to stop their support of Ukraine against Russia's invasion. ",2023-08-30,2023-08-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Air Bank - Fio Banka - CSOB - Komercni Banka - Ceska sporitelna - Prague Stock Exchange,Czech Republic; Czech Republic; Czech Republic; Czech Republic; Czech Republic; Czech Republic,EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Finance - Finance - Finance - Finance - Finance - Finance,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14942,2023-08-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/2334,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,Not available,0.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.tellerreport.com/news/2023-08-30-ctc--hackers-who-attacked-czech-banks-demanded-to-stop-supporting-ukraine.HJU8dbTp3.html; https://sputnikglobe.com/20230830/hackers-attacking-czech-banks-demanded-to-stop-ukraines-financial-support---reports-1112999095.html; https://deutsch.radio.cz/banken-tschechien-von-cyberangriffen-betroffen-8792830; https://www.ceskenoviny.cz/zpravy/na-tuzemske-banky-zautocili-hackeri-chteji-konec-podpory-ukrajiny/2407112; https://t.me/noname05716eng/2334; https://therecord.media/noname-hacking-group-targets-ukraine-and-allies,2023-08-31,2024-02-26
2547,Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) hit by likely China-based hackers,"The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) of Japan was hit by a month's long espionage campaign by unnamed actors, though unnamed private sector and government employees stated to the Financial Times that the most likely culprit was China. One official stated regarding the culprits that ""we can say with almost complete certainty that this originated with a state actor, and that the actor was most probably China."" The Japanese government has refrained from publicly attributing the attack.
The campaign began in October 2022 but was only discovered in June 2023, with sources familiar to the situation stating that it is likely that the actors retained access throughout this period. While they originally stated that the impact was only a ""possible"" theft of data, a subsequent investigation found that a few email communications were stolen from NISC through the use of an agency employee's email account, though officials warned of a possible concurrent campaign in which malicious actors would portray themselves as NISC employees in order to steal credentials or personal information from unsuspecting victims. A NISC advisory from 4 August traced the breach to a vulnerability in a device related to an e-mail system. ",2022-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,National Center of Incident Readiness and Strategy for Cybersecurity (Japan),Japan,ASIA; SCS; NEA,State institutions / political system,Civil service / administration,Not available,China,"Non-state actor, state-affiliation suggested",,1,14941,2023-08-30 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Not available,Not available,Not available,Not available,China,"Non-state actor, state-affiliation suggested",https://www.ft.com/content/de0042f8-a7ce-4db5-bf7b-aed8ad3a4cfd,Territory; Resources; International power,Territory; Resources; International power,China - Japan (East China Sea); China - Japan (East China Sea); China - Japan (East China Sea),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/150041/intelligence/japan-nisc-infiltrated.html; https://www.heise.de/news/Japan-Hacker-auch-monatelang-in-Systemen-der-Cyberabwehrbehoerde-9288899.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.bitdefender.com/blog/hotforsecurity/japans-cybersecurity-agency-admits-it-was-hacked-for-months/; https://www.thestack.technology/national-cybersecurity-japan-usa-china/; https://therecord.media/japan-cybersecurity-agency-breached-report; https://www.ft.com/content/de0042f8-a7ce-4db5-bf7b-aed8ad3a4cfd; https://www.nisc.go.jp/news/20230808.html; https://www.nisc.go.jp/news/20230804.html; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://therecord.media/japan-aviation-electronics-says-servers-accessed-during-cyberattack; https://www.sankei.com/article/20240423-EIJL52CXT5LQXGJSEAZVRHB3K4/,2023-08-31,2024-04-24
2546,FBI disrupted Qakbot control infrastructure and removed Qakbot malware from infected computers,"In an operation named 'Duck Hunt', the FBI disrupted control infrastructure of the Qakbot botnet, to isolate more than 700,000 infected computers in the US and elsewhere from further malicious communications from Qakbot operators and other criminal actors to which the group was selling access, the FBI and the US Department of Justice announced on 29 August 2023. 
Executing a seize warrant, the FBI replaced a communication module on Qakbot-controlled servers to block the group's access to the control infrastructure and all connected infected computers. Redirecting the traffic from these command servers to a server managed by the FBI, law enforcement distributed an uninstaller to infected computers that removed the Qakbot malware and prevented the installation of additional malware. The FBI in collaboration with law enforcement partners in France, Germany, Latvia, the Netherlands, Romania, and the UK seized 52 servers used by Qakbot to permanently debilitate the group's operations. ",2023-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Qakbot,Not available,,Social groups,Criminal,Federal Bureau of Investigation (FBI),United States,State,,1,16278; 16278,2023-08-29 00:00:00; 2023-08-29 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attacker confirms; Attacker confirms,Federal Bureau of Investigation (FBI); US Department of Justice (DoJ),Not available; Not available,United States; United States,Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI),United States; United States,State; State,https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown; https://www.justice.gov/opa/pr/qakbot-malware-disrupted-international-cyber-takedown,Cyber-specific,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Medium,11.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,51-200,0.0,1-10,7.0,=< 10 Mio,8600000.0,dollar,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,1,2023-08-29 00:00:00; ; ; ; ;,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests)",; ; ; ; ; ,France; Latvia; Netherlands; Romania; United Kingdom; United States,Agence nationale de la sécurité des systèmes d’information (ANSSI); Agence nationale de la sécurité des systèmes d’information (ANSSI); Agence nationale de la sécurité des systèmes d’information (ANSSI); Latvijas Valsts policija; Latvijas Valsts policija; Nationale Politie,Not available,,No response justified (missing state attribution & breach of international law),,https://www.darkreading.com/threat-intelligence/sprawling-qakbot-malware-takedown-spans-700-000-infected-machines; https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown; https://www.eurojust.europa.eu/news/malware-network-infected-more-700000-victims-and-caused-hundreds-millions-dollars-damage; https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2023/Presse2023/230830_PM_SchadsoftwareNetzwerk_Qakbot.html; https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources; https://www.justice.gov/usao-cdca/pr/qakbot-malware-disrupted-international-cyber-takedown; https://www.justice.gov/opa/pr/qakbot-malware-disrupted-international-cyber-takedown; https://www.heise.de/news/Kurz-informiert-Internetbetrug-Qakbot-Botnet-E-Rezepte-Forschung-9289458.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/150068/cyber-crime/fbi-dismantled-qakbot-botnet.html; https://www.heise.de/news/Botnet-Internationale-Strafverfolger-deinstallieren-700-000-Qakbot-Drohnen-9289070.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://thehackernews.com/2023/08/fbi-dismantles-qakbot-malware-frees.html; https://www.hackread.com/qakbot-botnet-disrupted-infected-computers/; https://tarnkappe.info/artikel/cyberangriff/qakbot-behoerden-nahmen-700-000-bots-vom-netz-280164.html; https://www.bleepingcomputer.com/news/security/how-the-fbi-nuked-qakbot-malware-from-infected-windows-pcs/; https://therecord.media/qakbot-cybercrime-botnet-takedown-fbi; https://krebsonsecurity.com/2023/08/u-s-hacks-qakbot-quietly-removes-botnet-infections/; https://cyberscoop.com/fbi-doj-major-botnet-and-malware-takedown-qakbot/; https://www.bleepingcomputer.com/news/security/qakbot-botnet-dismantled-after-infecting-over-700-000-computers/; https://www.jpost.com/breaking-news/article-756753; https://www.nrc.nl/nieuws/2023/08/29/wereldwijd-botnet-opgerold-ook-in-nederland-servers-in-beslag-genomen-a4173055; https://www.govinfosecurity.com/operation-duck-hunt-dismantles-qakbot-a-22959; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/qakbot-takedown-disruption; https://www.faz.net/aktuell/wirtschaft/digitec/cyberkriminalitaet-bka-zerschlaegt-das-grosse-hacker-netzwerk-qakbot-19137991.html; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/poland-train-radio-attack-security-roundup/; https://research.checkpoint.com/2023/4th-september-threat-intelligence-report/; https://www.malwarebytes.com/blog/news/2023/09/a-week-in-security-august-28-september-3; https://socradar.io/qakbot-one-of-the-most-observed-malware/; https://www.techrepublic.com/article/fbi-led-takes-down-qakbot/; https://elpais.com/https:/elpais.com/tecnologia/2023-09-06/el-ayuntamiento-de-sevilla-suspende-todos-los-servicios-telematicos-por-un-secuestro-informatico-no-se-negociara.html; https://www.darkreading.com/vulnerabilities-threats/how-to-mitigate-cybersecurity-risks-from-misguided-trust; https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html; https://www.darkreading.com/attacks-breaches/qakbot-infections-continue-even-after-high-profile-raid; https://www.heise.de/news/Kurz-informiert-MGM-Hacker-Klage-gegen-Musk-Qakbot-Epic-Games-vs-Apple-9326900.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/152118/breaking-news/security-affairs-newsletter-round-440-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/152087/cyber-crime/qakbot-threat-actors-still-operational.html; https://www.heise.de/news/Botnet-Trotz-Qakbot-Schlag-verteilt-Cybergang-weiter-Malware-9326478.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/ragnar-locker-ransomware-site-taken-down-fbi-europol; https://therecord.media/cactus-ransomware-actors-using-malvertising-microsoft; https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html; https://www.techrepublic.com/article/cisco-talos-year-end-report/; https://therecord.media/fbi-takes-down-ipstorm-malware-botnet; https://www.bleepingcomputer.com/news/security/darkgate-and-pikabot-malware-emerge-as-qakbots-successors/; https://therecord.media/doj-to-increase-cybercrime-efforts; https://therecord.media/ransomware-tracker-the-latest-figures; https://therecord.media/ransomware-tracker-the-latest-figures; https://www.bleepingcomputer.com/news/security/new-qbot-malware-variant-uses-fake-adobe-installer-popup-for-evasion/; https://www.bleepingcomputer.com/news/security/qbot-malware-returns-in-campaign-targeting-hospitality-industry/; https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html; https://securityaffairs.com/156047/cyber-crime/qakbot-targets-hospitality-industry.html; https://therecord.media/ransomware-tracker-the-latest-figures,2023-08-30,2024-04-16
2544,Lockbit hit French regional agency Île-de-France Nature with ransomware attack and leaked data in August 2023 ,"Île-de-France Nature, a regional agency responsible for the protection and maintenance of natural spaces in the Paris region, was struck by a ransomware attack in August 2023 conducted by the hacking group Lockbit. 
This attack resulted in the encryption and theft of data. Lockbit, a known cybercriminal collective, claimed responsibility for the attack and released a sample of stolen administrative files on 27 August. While key disrupted services have been restored, the data recovery process is ongoing. The agency immediately filed a complaint with the French national data protection authority, CNIL after the intrusion was detected.",2023-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Ransomware,Île-de-France Nature,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,LockBit,Russia,Non-state-group,Criminal(s),1,14939,2023-08-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,LockBit,Not available,Russia,LockBit,Russia,Non-state-group,https://www.numerama.com/cyberguerre/1484314-une-cyberattaque-touche-lagence-ile-de-france-nature-des-donnees-sont-en-ligne.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.numerama.com/cyberguerre/1484314-une-cyberattaque-touche-lagence-ile-de-france-nature-des-donnees-sont-en-ligne.html; https://therecord.media/montreal-electricity-organization-lockbit-victim,2023-08-29,2023-12-07
2543,US food provider and delivery service PurFoods hit by ransomware attack,"US-based pre-prepared meal delivery service PurFoods was hit by a ransomware attack by unknown actors between 16 January and 22 February 2023. PurFoods operates as the parent organization of Mom's Meals, which provides meal options adjusted to customer health conditions. The incident resulted in the encryption of files within PurFoods' network as well as the theft of personal information affecting 1.2 million clients and employees. The latter included Medicare/Medicaid information, driver’s license and state identification numbers, financial account information, payment card information, treatment/health information, health insurance information, ordered meal categories, and in a few cases social security numbers.",2023-01-16,2023-02-22,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,PurFoods,United States,NATO; NORTHAM,Critical infrastructure,Food,Not available,Not available,Unknown - not attributed,,1,14938,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Not available,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,9.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/purfoods-delivery-service-reports-data-breach; https://www.bleepingcomputer.com/news/security/moms-meals-discloses-data-breach-impacting-12-million-people/; https://www.purfoods.com/notice-of-data-event/; https://apps.web.maine.gov/online/aeviewer/ME/40/c7ad1c53-6e20-41d8-8fb6-f1ccd0e3e0cc/31ac426d-cf02-44ad-82dc-7d5b3f694dc5/document.html; https://www.myinjuryattorney.com/purfoods-llc-data-breach-investigation/; https://www.darkreading.com/attacks-breaches/purfoods-mom-s-meals-reports-data-breach-exposing-social-security-numbers-of-over-1-2-million-consumers; https://nakedsecurity.sophos.com/2023/08/29/moms-meals-issues-notice-of-data-event-what-to-know-and-what-to-do/; https://www.malwarebytes.com/blog/news/2023/09/a-week-in-security-august-28-september-3,2023-08-29,2023-12-07
2542,Personnel data from the London Metropolitan Police and Manchester Greater Police has been stolen after the systems of the third-party supplier Digital ID were compromised in August 2023,"In a recent cybersecurity incident that first affected the Greater London Metropolitan Police, and has now also affected Greater Manchester Police (GMP), it has been revealed that a third party provider, Digital ID, has fallen victim to a ransomware attack. Digital ID, a firm in Stockport which makes ID cards, holds information on various UK organisations.
The security breach involved the theft of sensitive data from 47,000 Greater London Metropolitan Police officers. This included important data such as names, ranks, photographs, vetting levels, salary numbers and various other forms of intra-agency identification. Among the officers affected were members of counter-terrorism units responsible for protecting the Royal Family, as well as undercover officers who were subsequently withdrawn from their assignments. The seriousness of this security breach prompted the Deputy Chairman of the Metropolitan Police Federation to warn of the possible misuse of the stolen data, which could cause ""incalculable damage"".
In addition to the Greater London Metropolitan Police, it was revealed on 14 September that the Greater Manchester Police was also affected by the security breach, in which personal data of over 12,500 officers and staff was stolen. The security breach exposed data on officers' warrant cards, raising concerns about the potential impact on officer safety and ongoing investigations.
Both law enforcement agencies immediately reported the incidents to the National Crime Agency and the UK Information Commissioner's Office, highlighting the importance of robust cybersecurity measures to protect sensitive law enforcement data. These incidents underscore the vulnerability of third-party providers entrusted with law enforcement data and highlight the need for comprehensive security strategies in the face of evolving cyber threats.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse; Ransomware,Digital ID - Greater Manchester Police - Greater London Metropolitan Police,United Kingdom; United Kingdom; United Kingdom,EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system, - Police - Police,Not available,Not available,Not available,,1,14937,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Unknown,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.darkreading.com/attacks-breaches/london-police-warned-to-stay-vigilant-amid-major-data-breach; https://therecord.media/metropolitan-police-data-leak-hackers-uk; https://www.theguardian.com/uk-news/2023/aug/26/met-police-on-high-alert-after-it-system-holding-officers-details-hacked; https://www.bankinfosecurity.com/met-police-officers-at-risk-after-serious-data-breach-a-22947; https://www.bbc.com/news/uk-england-london-66631386; https://www.thesun.co.uk/news/23668982/metropolitan-police-hacked-security-breach/; https://news.met.police.uk/news/statement-re-unauthorised-access-to-it-system-of-a-met-supplier-471333; https://metfed.org.uk/news/metropolitan-police-officer-it-system-breach-mpf-statement; https://news.sky.com/story/greater-manchester-police-officers-details-targeted-in-ransomware-attack-12960852; https://www.gmp.police.uk/news/greater-manchester/news/news/2023/september/greater-manchester-police-statement-on-data-breach/; https://securityaffairs.com/150828/data-breach/greater-manchester-police-gmp-data-breach.html; https://www.bbc.co.uk/news/uk-england-manchester-66810756?at_medium=RSS&at_campaign=KARANGA; https://www.bleepingcomputer.com/news/security/manchester-police-officers-data-exposed-in-ransomware-attack/; https://www.hackread.com/contractor-data-breach-greater-manchester-police/; https://www.darkreading.com/endpoint/greater-manchester-police-hack-third-party-supplier-fumble; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-15th-2023-russian-roulette/; https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html; https://www.theguardian.com/technology/2023/sep/14/who-is-behind-latest-wave-of-ransomware-attacks; https://research.checkpoint.com/2023/25th-september-threat-intelligence-report/; https://www.hackread.com/contractor-data-breach-irish-national-police-vehicle-seizure/; https://www.techrepublic.com/article/cyber-security-trends-uk/,2023-08-29,2024-04-03
2541,Unknown ransomware group disrupted computer systems of Dutch food wholesaler Heuschen & Schrouff,"An unknown ransomware group disrupted the computer systems of Dutch food wholesaler Heuschen & Schrouff, the Dutch digital news platform 1Limburg reported based on information from undisclosed sources on 24 August. According to the reports, the incident resulted in the shutdown of company systems. Unnamed hackers issued a ransom demand to restore access.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,Heuschen & Schrouff,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Food,Not available,Not available,Not available,,1,14936,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://zo-nws.nl/cyberaanval-op-heuschen-schrouff; https://www.1limburg.nl/nieuws/2260297/heuschen-en-schrouff-platgelegd-door-cyberaanval,2023-08-28,2023-12-07
2540,Chinese nation-state hacking group 'Flax Typhoon' gained access to networks of Taiwanese organisation across all industries,"The Chinese nation-state hacking group 'Flax Typhoon' gained access to the networks of Taiwanese organisation across all industries, Microsoft reported on 24 August 2023. 
According to the report, the hacking group managed to gain long-term access to unspecified Taiwanese organisations, largely using legitimate software already present on targeted systems, such as Remote Desktop Protocol (RDP) solutions. Flax Typhoon only turned to malware when the infiltrated computer did not have local administrator privileges the group could directly leverage. While Microsoft assessed the group to have focused on espionage and establishing persistence in compromised networks, the company had not observed Flax Typhoon engage in data collection and exfiltration efforts as part of this campaign.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Taiwan,ASIA; SCS,Unknown,,Flax Typhoon fka Storm-0919/Ethereal Panda,China,"Non-state actor, state-affiliation suggested",,1,14935,2023-08-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,Flax Typhoon fka Storm-0919/Ethereal Panda,China,"Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/,System / ideology; Secession,System/ideology; Secession,China (Taiwan); China (Taiwan),Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://cyberscoop.com/microsoft-china-taiwan-flax-typhoon/; https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/; https://therecord.media/chinese-hackers-target-taiwanese-organizations-cyber-espionage; https://www.govinfosecurity.com/chinese-state-hackers-flax-typhoon-targeting-taiwan-a-22942; https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html; https://securityaffairs.com/149862/apt/chinese-apt-flax-typhoon-targets-taiwan.html; https://www.bleepingcomputer.com/news/security/microsoft-stealthy-flax-typhoon-hackers-use-lolbins-to-evade-detection/; https://www.darkreading.com/threat-intelligence/china-unleashes-flax-typhoon-apt-live-off-land-microsoft-warns; https://research.checkpoint.com/2023/28th-august-threat-intelligence-report/; https://www.hackread.com/microsoft-china-apt-flax-typhoon-cyber-espionage/; https://cyberscoop.com/microsoft-ai-election-taiwan/,2023-08-25,2024-04-08
2539,North Korean hacking group 'Lazarus' targeted internet infrastructure and healthcare entities in Europe and the US since early 2023,"The North Korean state-sponsored hacking group 'Lazarus' started a campaign against Internet infrastructure providers and healthcare entities in Europe and the United States in early 2023. According to Cisco Talos, Lazarus has been exploiting the ManageEngine ServiceDesk vulnerability CVE-2022-47966 shortly after it was publicly disclosed in January 2023. The attackers used this vulnerability to deploy malware, including QuietRAT and CollectionRAT. ",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available,United States; Europe (region); United States; Europe (region),NATO; NORTHAM -  - NATO; NORTHAM - ,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Health - Health - Telecommunications,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,14934,2023-08-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/lazarus-quiterat/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/149829/apt/lazarus-apt-exploits-zoho-manageengine-flaw.html; https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html; https://www.bleepingcomputer.com/news/security/hackers-use-public-manageengine-exploit-to-breach-internet-org/; https://blog.talosintelligence.com/lazarus-quiterat/; https://www.govinfosecurity.com/lazarus-group-debuts-tiny-trojan-for-espionage-attacks-a-22944; https://therecord.media/lazarus-new-malware-manageengine-open-source; https://www.techrepublic.com/article/cisco-talos-lazarus-group-new-malware/; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-august-2023/; https://www.govinfosecurity.com/feds-warn-health-sector-lazarus-group-attacks-a-23122,2023-08-25,2023-12-07
2535,Hacker group 'CosmicBeetle' gained access to networks of various targets in different countries and deployed Scarab ransomware beginning in May 2020,"The hacker group 'CosmicBeetle' gained access to the networks of various targets in different countries and deployed the Scarab ransomware during the period of May 2020 to May 2023, the Slovakian IT security firm ESET disclosed in a technical report on 22 August 2023.
The hackers very likely gained initial access by exploiting the ZeroLogon vulnerability (CVE-2020-1472) on web servers or via brute forcing remote desktop protocol (RDP) credentials. CosmicBeetle used the Spacecolon malware, which contained the three Delphi components ScHackTool, ScInstaller and ScService. The presence of Turkish strings suggested a Turkish-speaking developer may have authored the malware.
The targets were located in East and Southeast Asia, Europe, Turkey and Israel, Morocco and Botswana, North and South America. Specifically named were a hospital and a tourist resort in Thailand, an insurance company in Israel, a local government institution in Poland, an entertainment provider in Brazil, an environmental company in Turkey and a school in Mexico. ",2020-05-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Taiwan; Poland; Korea, Republic of; Japan; French Guiana; Brazil; Spain; Turkey; China; Paraguay; Hungary; France; Morocco; Israel; Mexico; Canada; Italy; Venezuela; Belgium; Greece; Botswana; Thailand",ASIA; SCS - EUROPE; NATO; EU(MS); EASTEU - ASIA; SCS; NEA - ASIA; SCS; NEA -  - SOUTHAM - EUROPE; NATO; EU(MS) - ASIA; NATO; MEA - ASIA; SCS; EASIA; NEA; SCO - SOUTHAM - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); WESTEU - AFRICA; NAF; MENA - ASIA; MENA; MEA -  - NATO; NORTHAM - EUROPE; NATO; EU(MS) - SOUTHAM - EUROPE; EU(MS); NATO; WESTEU - EUROPE; NATO; EU(MS); BALKANS - AFRICA; SSA - ASIA; SEA,Unknown - State institutions / political system - Unknown - Unknown - Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Unknown - Unknown - Unknown - Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Education - Unknown - Unknown - Unknown - Unknown - Unknown - Unknown - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - Civil service / administration -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  - Health; ,CosmicBeetle,Not available,Unknown - not attributed,,1,14933,2023-08-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,CosmicBeetle,Not available,Unknown - not attributed,https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Destruction; Data Encrypted for Impact; Disk Wipe; System Shutdown/Reboot,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,11.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,24.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/08/spacecolon-toolset-fuels-global-surge.html; https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/,2023-08-25,2023-12-07
2534,Unknown ransomware group disrupted entire IT system of two Danish cloud computing service providers CloudNordic and AzeroCloud on 18 August 2023,"An unknown ransomware group disrupted the entire IT system of two Danish cloud computing service providers CloudNordic and AzeroCloud, both owned by Certiqa Holding, in the early morning of 18 August 2023, both service providers reported in notifications. Ten days after the incident was detected, Azero announced that it was winding down its activities.
According to the notifications, the ransomware group managed to gain access to the critical administrative system, all data storage silos and all backup systems. They encrypted all server disks and data. The ransomware group demanded six Bitcoins in ransom, which is the equivalent of about €146,000.
Consequently, a majority of both CloudNordic and AzeroCloud customers lost their data stored in the respective clouds. Danish Radio4 reported that hundreds of Danish companies could no longer access their data. Among them was the retail company 5610eu, whose director Per Jakobsen said that business was no longer possible because customers could no longer reach him via the internet.  ",2023-08-18,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,5610eu - CloudNordic - Not available - AzeroCloud,Denmark; Denmark; Denmark; Denmark,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Telecommunications -  - Telecommunications,Not available,Not available,Not available,,1,14932,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Hardware Additions,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hosting-firm-says-it-lost-all-customer-data-after-ransomware-attack/; https://www.radio4.dk/nyheder/mange-danske-virksomheder-er-ramt-af-hackerangreb-der-er-ingen-virksomhed-tilbage/; https://www.cloudnordic.com/; https://azero.cloud/; https://www.onlinehaendler-news.de/digital-tech/cyberkriminalitaet/139940-unternehmen-pleite-wegen-hackerangriff; https://www.it-daily.net/shortnews/nach-ransomware-attacke-cloudnordic-ist-pleite,2023-08-24,2024-04-25
2532,Unknown actors stole unidentified amount of cryptocurrency from decentralised crypto finance platform Harbor Protocol beginning on 19 August 2023,"Unknown actors stole yet unidentified amount of cryptocurrency from decentralised crypto finance platform Harbor Protocol beginning on 19 August 2023, Harbor Protocol announced on the same day via Twitter.",2023-08-19,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Harbor Protocol,United States,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14912,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,0.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/millions-stolen-exactly-harbor-protocol-defi-cryptocurrency; https://twitter.com/Harbor_Protocol/status/1692836252498723154; https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023,2023-08-23,2024-01-25
2527,Rhysida ransomware group launched targeted cyberattack on US hospital network Singing River Health System in August 2023,"Singing River Health System (SRHS), a large US hospital network in Mississippi, which operates Pascagoula Hospital, Ocean Springs Hospital and Gulfport Hospital, serving over 100,000 patients, fell victim to a cyberattack last week. On Monday, 21 August 2023, the hospital detected unusual activity within its network that caused several internal SRHS systems to be taken offline.
The incident is being investigated in collaboration with law enforcement. The hospital has not yet confirmed whether ransomware was involved. 
While operations have not been disrupted, delays in processing lab results and radiology exams are expected. In addition, patients were currently unable to access their electronic medical records platform MySingingRiver.
On 10 September, the Rhysida ransomware group claimed to have hacked the Singing River Health System.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-08-19,2023-08-20,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Singing River Health System,United States,NATO; NORTHAM,Critical infrastructure,Health,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15586,2023-09-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://twitter.com/AlvieriD/status/1700773686200930692?ref%5Fsrc=twsrc%5Etfw,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-08-20 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/mississippi-hospital-system-takes-services-offline-after-cyberattack; https://singingriverhealthsystem.com/questions/; https://singingriverhealthsystem.com/2023/08/singing-river-operations-announcement/; https://www.wlox.com/2023/08/20/potential-cyberattack-throughout-singing-river-health-system/; https://www.wlox.com/2023/08/21/singing-river-health-system-cyberattack-currently-under-investigation/; https://www.govinfosecurity.com/midwest-hospital-group-experiencing-systemwide-outage-a-22961; https://securityaffairs.com/150585/cyber-crime/rhysida-ransomware-us-hospitals.html; https://www.darkreading.com/attacks-breaches/recent-rhysida-attacks-show-focus-on-healthcare-sector-by-ransomware-actors; https://twitter.com/AlvieriD/status/1700773686200930692?ref%5Fsrc=twsrc%5Etfw; https://securityaffairs.com/150835/cyber-crime/lockbit-ransomware-carthage-area-hospital.html; https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html; https://therecord.media/safford-arizona-hospital-st-louis-call-a-ride-cyberattacks; https://securityaffairs.com/152486/cyber-crime/alphv-ransomware-morrison-community-hospital.html; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-08-23,2023-12-29
2529,Unknown actors stole millions from cryptocurrency platform Exactly Protocol,"Unknown actors stole millions of dollars in cryptocurrency from crypto decentralised finance platform Exactly Protocol. While initial estimates placed the losses for Exactly Protocol at $12 million, a later statement stated the value at $7.3 million in cryptocurrency lost in the course of the attack, which forced the financial platform to halt most services, only allowing customers to withdraw assets while an investigation proceeded.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Exactly Protocol,Not available,,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14911,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,Not available,0.0,=< 10 Mio,7300000.0,dollar,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/millions-stolen-exactly-harbor-protocol-defi-cryptocurrency; https://twitter.com/ExactlyProtocol/status/1692950170705518879; https://finance.yahoo.com/news/defi-protocols-exactly-harbor-attacked-045136057.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAALNFn-hhaYhk867NnTmr963pD4v_dfNNKmhp9cgMSF2_DyzUOpYZXysLm2Pw-3Mex1zK4MtOKXs51K0T2D_zKfVsTGB4-az5Sz9nZqbWzJLeWwvhXC-DSTUyBp_zzos1u_3o2q48hBAJfqD2lPVOLE7c4f1jM0mdzKpGlz0PIenf; https://cointelegraph.com/news/defi-protocols-exactly-harbor-hacked-separate-attacks; https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023,2023-08-23,2024-01-25
2528,Unknown ransomware group disrupted computer system of the Public Centre for Social Welfare (OCMW/CPAS) in the Belgian municipality of Charleroi,"An unknown ransomware group disrupted the computer system of the Public Centre for Social Welfare (OCMW/CPAS) in the Belgian municipality of Charleroi on 21 August 2023.
The Belgian newspaper Sudinfo was the first to report the cyber incident, announcing that it was a ransomware attack. CPAS suspended most services for at least one day at its local branches to allow for recovery, switching to manual operations in the meantime.

",2023-08-21,2023-08-21,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,Public Centre for Social Welfare (OCMW/CPAS) of Charleroi,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,14910,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,http://www.cpascharleroi.be/fr/actualites/cyberattaque; https://www.dhnet.be/regions/charleroi/2023/08/21/le-systeme-informatique-du-cpas-de-charleroi-paralyse-par-une-cyberattaque-TCG74F7H2ZC6VPLFGQSKFWNTZM/; https://therecord.media/charleroi-belgium-cpas-cyberattack; https://www.lavenir.net/regions/charleroi/charleroi/2024/01/12/charleroi-le-cpas-a-presente-ses-voeux-pour-lannee-2024-CQFZXVP2DNE7PCU5SESJUAZNJI/,2023-08-23,2024-01-15
2523,Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of Spanish state institutions and transport companies on 23 July 2023,"The pro-Russian hacktivist group 'NoName057(16)' disrupted access to the websites of Spanish state institutions and transport companies on 23 July 2023, the group claimed on the same day via Telegram.
On the same day, Spain held its snap parliamentary elections. The disruptive attacks appear to be linked to the Spanish government's support for the Ukrainian government in its self-defense against Russia. ",2023-07-23,2023-07-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Government of Spain and the Council of Ministers (La Moncloa) - Central Electoral Commission - Ministry of the Interior (Spain) - Socibus - Renfe - Spanish Statistical Office (INE),Spain; Spain; Spain; Spain; Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - State institutions / political system,Government / ministries - Election infrastructure / related systems - Government / ministries -  - Transportation - Civil service / administration,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14908,2023-07-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/2069; https://t.me/noname05716eng/2068; https://t.me/noname05716eng/2064; https://t.me/noname05716eng/2061; https://t.me/noname05716eng/2058,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://elpais.com/https:/elpais.com/tecnologia/2023-07-25/varios-periodicos-espanoles-sufren-problemas-por-ataques-informaticos.html; https://t.me/noname05716eng/2069; https://t.me/noname05716eng/2068; https://t.me/noname05716eng/2064; https://t.me/noname05716eng/2061; https://t.me/noname05716eng/2058,2023-08-22,2023-12-06
2522,Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of various Spanish media outlets on 25 July 2023,"The pro-Russian hacktivist group 'NoName057(16)' disrupted access to the websites of various Spanish media outlets on 25 July 2023, the hacktivists claimed on Telegram on the same day. 
The websites for which availability issues have been confirmed include those of the business newspaper Expansion, the dailies ABC and El Mundo and the online newspaper El Espanol. The DDoS attack took place shortly before 9:00 a.m. and caused difficulties for users to access the websites' contents. 
This DDoS attack allegedly also targeted the Royal House, the Constitutional Court, the Ministry of Justice and other media outlets such as La Razon.",2023-07-25,2023-07-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,El Espanol - El Mundo - ABC - Expansion,Spain; Spain; Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Media - Media - Media - Media, -  -  - ,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14907,2023-07-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/2085; https://t.me/noname05716eng/2091,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.elmundo.es/espana/2023/07/25/64bfbecce9cf4a39278b45b4.html; https://t.me/noname05716eng/2085; https://elpais.com/https:/elpais.com/tecnologia/2023-07-25/varios-periodicos-espanoles-sufren-problemas-por-ataques-informaticos.html; https://t.me/noname05716eng/2091,2023-08-22,2023-12-06
2521,Ransomware group 'Medusa' encrypted work and backup servers of French municipality of Sartrouville beginning on 17 August 2023,"The ransomware group 'Medusa' encrypted work and backup servers of the French municipality of Sartrouville during 17-18 August 2023, the municipality announced on its website on 18 August. The threat actors may have gained access to medical records of the municipal health centre, data of the social action centre, nurseries, nursery and elementary schools stored on affected systems. Preliminary estimates put the damage caused by the incident at least €200,000.",2023-08-17,2023-08-18,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,City of Sartrouville,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,14906,2023-08-20 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://twitter.com/AlvieriD/status/1693020468607852775?s=20,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,False,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,=< 10 Mio,200000.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-08-18 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Police nationale,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/french-town-hit-by-cyberattack; https://www.leparisien.fr/yvelines-78/cyberattaques-la-mairie-de-sartrouville-paralysee-par-des-hackers-18-08-2023-OXH2PLRX5JACPMODLW5LR55FFQ.php; https://www.sartrouville.fr/ressource-documentaire/les-services-informatiques-de-la-mairie-de-sartrouville-sont-en-cours-de-retablissement-suite-a-une-attaque-en-date-du-17-aout-2023/; https://twitter.com/AlvieriD/status/1693020468607852775?s=20; https://socradar.io/dark-web-profile-medusa-ransomware-medusalocker/; https://therecord.media/philippines-state-health-insurer-struggles-with-ransomware; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/tarrant-county-texas-ransomware-attack-medusa,2023-08-22,2024-04-10
2520,"Unknown hackers gained access to a limited number of computer systems at Bunker Hill Community College (BHCC) in Boston, Massachusetts, in May 2023","Unknown hackers gained access to a limited number of computer systems at Bunker Hill Community College (BHCC) in Boston, Massachusetts, in May 2023, the school reported via PR Newswire on 18 August 2023.
According to the statement, the school discovered unusual activity on its computer system on 23 May that was consistent with a ransomware attack. Affected systems stored names, addresses, dates of birth, social security numbers, education records, and other personal information of personnel, applicants, and students. Whether any data has been stolen remains subject to investigation. ",2023-05-23,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,"Bunker Hill Community College (Boston, USA)",United States,NATO; NORTHAM,State institutions / political system; State institutions / political system; Education; Education,Civil service / administration; Civil service / administration; ; ,Not available,Not available,Not available,,1,14905,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bunker-hill-community-college-discloses-may-ransomware-attack/; https://www.prnewswire.com/news-releases/may-2023-data-security-incident-public-notice-301904902.html,2023-08-21,2023-12-06
2519,Iranian state-sponsored hacking group 'Charming Kitten' gained access to emails of Iranian expat Dr. Mansour Sohrabi beginning in October 2022,"The Iranian state-sponsored hacking group 'Charming Kitten' gained access to the emails of Iranian expat Dr. Mansour Sohrabi during the period of October 2022 to 6 November 2022, the German Media outlets Tagesschau and Westdeutscher Rundfunk (WDR) reported on 19 August 2023, based on a warning issued by the Federal Office for the Protection of the Constitution (BfV) on 10 August 2023.
According to the report, Dr. Mansour Sohrabi, who received political asylum in Germany in 2015, received a job offer on Instagram from an online persona purporting to be a Kurdish researcher working for the US think tank Atlantic Council. After sharing his phone number with the contact, Sohrabi was approached via WhatsApp and then Telegram by a user claiming to be Hagar Chemali on 6 November 2022. Hagar Chemali is a well-known political satirist in the United States. The user impersonating Hagar Chemali then invited him for a job interview on the same day, to which Sohrabi agreed. He was provided a link to participate in a video call. Upon attempting to join, Sohrabi was redirected to a website controlled by the attackers and requested to enter authentication codes, supposedly to unlock his camera, which likely opened his associated accounts to compromise.
The article by Taggesschau and WDR quoted unspecified experts who assume that the responsible hacker group was Charming Kitten, a state-sponsored group from Iran. Sohrabi speculated he may have been targeted because of his work on environmental crises in Iran.  ",2022-10-01,2022-11-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Hijacking without Misuse,Mansour Sohrabi,Germany,EUROPE; NATO; EU(MS); WESTEU,Social groups,Political opposition / dissidents / expats,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14903,2023-08-19 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Not available,Not available,Not available,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.tagesschau.de/ausland/asien/iran-cyberfalle-verfassungsschutz-100.html,System / ideology; Other,System/ideology,Iran (opposition),Yes / HIIK intensity,HIIK 4,1,2023-08-10 00:00:00,EU member states: Preventive measures,Awareness raising,Germany, German Bundesamt für Verfassungsschutz (BfV),No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://tarnkappe.info/artikel/cyberangriff/spionage-im-internet-verfassungsschutz-warnt-vor-charming-kitten-279835.html; https://www.tagesschau.de/ausland/asien/iran-cyberfalle-verfassungsschutz-100.html; https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2023-01-bfv-cyber-brief-deutsch.pdf?__blob=publicationFile&v=5; https://www.heise.de/news/Verfassungsschutz-Iranische-Hacker-wollen-Regimekritiker-hierzulande-ausspaehen-9240674.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.faz.net/aktuell/politik/verfassungsschutz-warnt-vor-cyberspionage-gegen-exil-iraner-19093151.html; https://www.spiegel.de/politik/deutschland/warnung-des-verfassungsschutzes-iranische-hacker-nehmen-regimegegner-in-deutschland-ins-visier-a-26b77439-4917-4abf-9574-fd3c274ef276,2023-08-21,2023-12-06
2518,Ransomware group 'Royal' exfiltrated and leaked patient data from Illinois-based Morris Hospital beginning in April 2023,"The Morris Hospital & Healthcare Centers (Morris Hospital), an Illinois-based healthcare facility (USA), fell victim to a serious cyberattack that compromised the personal information of former and current patients, employees and that of their families. The attack, identified by Morris Hospital on 4 April 2023 and most likely initiated by the 'Royal' ransomware gang, resulted in the exposure of sensitive data such as medical record numbers, diagnosis codes and other confidential information. The attackers managed to penetrate Morris Hospital's systems and exfiltrate data, which was subsequently published on the Royal Ransomware's dark web blog in May.
Morris Hospital has begun notifying affected individuals and clarifying the extent of the intrusion. A letter sent by the hospital to the Maine Attorney General's Office shows that a total of 248,943 people were affected by the attack. The information disclosed includes names, addresses, national insurance numbers, medical record numbers, codes for diagnoses and treatments, and dates of birth of employees and their dependents who were patients of the hospital.",2023-04-04,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Morris Hospital & Healthcare Centers,United States,NATO; NORTHAM,Critical infrastructure,Health,Royal Ransomware Group,Not available,Non-state-group,Criminal(s),1,14902,2023-05-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Royal Ransomware Group,Not available,Not available,Royal Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/morris-hospital-investigating-attack-by-royal-ransomware-group/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/il-morris-hospital-discloses-breach-that-royal-claimed-responsibility-for-in-may-notifies-248943/; https://therecord.media/illinois-hospital-notifies-patients-employees-of-cyber-incident; https://www.morrishospital.org/notice-of-privacy-incident/; https://apps.web.maine.gov/online/aeviewer/ME/40/160ceb23-3a5e-42d2-b466-d14a9581bc48.shtml; https://www.databreaches.net/morris-hospital-investigating-attack-by-royal-ransomware-group/; https://www.wusf.org/health-news-florida/2024-02-17/hospital-cyberattacks-are-likely-to-increase-and-put-lives-at-risk-experts-warn,2023-08-21,2024-02-19
2513,'Play' ransomware group comromised Managed Service Providers to gain access to targets from various sectors since June 2022,"The ransomware group 'Play' has compromised Managed Service Providers (MSPs) since June 2022 to gain access to targets from various sectors, such as mid-sized businesses in the finance, legal, software, shipping, law enforcement, and logistics sectors in the US, Australia, UK, Italy, and other countries. According to threat research company Adlumin, the group gained access to privileged management systems and remote monitoring management (RMM) tools and also employed phishing, targeting employees at MSPs. Additional vectors included two known vulnerabilities in Fortinet firewalls (CVE-2018-13379 and CVE-2020-12812). After the group established a foothold in the MSP customer networks, it exploited multiple vulnerabilities, mainly to move laterally through victim networks. In the past, the group leveraged Microsoft Exchange Server vulnerabilities such as CVE-2022-41040 and CVE-2022-41082 for these purposes. Play uses a double-extortion scheme in its ransomware operations.  ",2022-06-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse; Ransomware,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,United States; Italy; United Kingdom; Australia; Italy; Italy; United States; United Kingdom; Italy; United Kingdom; Not available; United States; United Kingdom; Australia; Australia; United States; Australia,NATO; NORTHAM - EUROPE; NATO; EU(MS) - EUROPE; NATO; NORTHEU - OC - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - NATO; NORTHAM - EUROPE; NATO; NORTHEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; NORTHEU -  - NATO; NORTHAM - EUROPE; NATO; NORTHEU - OC - OC - NATO; NORTHAM - OC,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - Critical infrastructure,Transportation - Transportation - Transportation - Transportation -  - Finance - Finance -  - Police - Finance - Digital Provider -  - Police -  - Police - Police - Finance,PLAY,Not available,Non-state-group,Criminal(s),1,14898,2023-08-17 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Adlumin,,United States,PLAY,Not available,Non-state-group,https://adlumin.com/post/playcrypt-ransomware/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; External Remote Services,Data Exfiltration; Data Encrypted for Impact,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/cloud/-play-ransomware-group-targeting-msps-worldwide-in-new-campaign; https://adlumin.com/post/playcrypt-ransomware/; https://therecord.media/play-ransomware-targets-hundreds,2023-08-18,2024-02-29
2514,Unknown actors targeted Zimbra-using organizations worldwide with phishing campaign since April 2023,"Unknown actors have targeted Zimbra-using organizations in a worldwide phishing campaign since April 2023, according to a report by ESET from 17 August 2023. The reported targets were small and medium-sized businesses and government entities, mainly from Poland, Ecuador, and Italy. ESET stated that the targets were connected by their use of Zimbra. Additionally, affected countries included Russia, Kazakhstan, Ukraine, France, Mexico, Brazil, Argentina, Chile, and Peru. According to ESET, it seems likely that the attackers were able to compromise the victims' administrator accounts, allowing them to create new email accounts that were then used to send phishing emails to other targets. ESET noted the campaign relied solely on social engineering and user interaction. ",2023-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Ecuador; Peru; Italy; Mexico; Brazil; Italy; Kazakhstan; Poland; Kazakhstan; Ukraine; Russia; Poland; Chile; Mexico; Argentina; Ukraine; Argentina; Ecuador; Chile; Russia; Peru; Brazil; France; France, - SOUTHAM - EUROPE; NATO; EU(MS) -  - SOUTHAM - EUROPE; NATO; EU(MS) - ASIA; CSTO; SCO - EUROPE; NATO; EU(MS); EASTEU - ASIA; CSTO; SCO - EUROPE; EASTEU - EUROPE; EASTEU; CSTO; SCO - EUROPE; NATO; EU(MS); EASTEU - SOUTHAM -  - SOUTHAM - EUROPE; EASTEU - SOUTHAM -  - SOUTHAM - EUROPE; EASTEU; CSTO; SCO - SOUTHAM - SOUTHAM - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system, - Government / ministries - Government / ministries -  - Government / ministries -  - Government / ministries -  -  - Government / ministries - Government / ministries - Government / ministries -  - Government / ministries -  -  - Government / ministries - Government / ministries - Government / ministries -  -  -  -  - Government / ministries,Not available,Not available,Not available,,1,14899,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.welivesecurity.com/en/eset-research/mass-spreading-campaign-targeting-zimbra-users/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,18.0,,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/phishing-campaign-steals-accounts-for-zimbra-email-servers-worlwide/; https://www.welivesecurity.com/en/eset-research/mass-spreading-campaign-targeting-zimbra-users/; https://www.govinfosecurity.com/mass-phishing-campaign-targets-zimbra-users-worldwide-a-22875; https://thehackernews.com/2023/08/new-wave-of-attack-campaign-targeting.html; https://therecord.media/hackers-compromise-zimbra-accounts; https://securityaffairs.com/149649/cyber-crime/zimbra-collaboration-phishing-campaign.html; https://securityaffairs.com/149686/breaking-news/security-affairs-newsletter-round-433-by-pierluigi-paganini-international-edition.html; https://www.darkreading.com/attacks-breaches/phishing-attack-targets-hundreds-zimbra-customers-four-continents; https://research.checkpoint.com/2023/21st-august-threat-intelligence-report/,2023-08-18,2023-12-06
2515,'Scattered Spider' gained access to telecommunication and other business process outsorcing organizations networks in December 2022,"The financially-motivated group 'Scattered Spider' gained access to telecommunication and other business process outsourcing organizations networks in December 2022, through SIM swapping. According to a report by Trellix from 17 August 2023, the threat actors obtained initial access through social engineering techniques directing victims to a credential harvesting site or by directing them to run commercial Remote Monitoring and Management tools giving access to attackers. Scattered Spider used POORTRY and STONESTOP tools to terminate security software and evade detection. ",2022-12-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Not available; Not available, - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Telecommunications,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,Criminal(s),1,14900,2023-08-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trellix,,United States,Scattered Spider/Octo Tempest fka Storm-0875/UNC3944/Scatter Swine/Muddled Libra/Roasted 0ktapus,Not available,Non-state-group,https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/scattered-spider-the-modus-operandi.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; External Remote Services; Phishing; Supply Chain Compromise,Resource Hijacking,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,Not available,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/scattered-spider-the-modus-operandi.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://arstechnica.com/security/2023/09/a-phone-call-to-helpdesk-was-likely-all-it-took-to-hack-mgm/; https://cyberscoop.com/las-vegas-mgm-caesars-cyber-attack/; https://therecord.media/mgm-cyberattack-response; https://www.channelnewsasia.com/business/fbi-warns-scattered-spider-hackers-urges-victims-come-forward-3926931; https://www.darkreading.com/threat-intelligence/scattered-spider-casino-hackers-evade-arrest-plain-sight,2023-08-18,2024-03-06
2511,US-based critical infrastructure organization and Latin American IT integrator targeted by Cuba ransomware in June 2023,"A US-based critical infrastructure organization and a Latin American IT integrator were targeted by Cuba ransomware in June 2023, according to reporting by the BlackBerry Threat Research and Intelligence Team from 17 August 2023. BlackBerry further corroborated the existing attribution findings linking Cuba to Russian, based on Russian-language artifacts and an automated stop of operations if Russian-language settings were detected in target networks. The company further uncovered a set of TTPs used by Cuba, including ""BUGHATCH, a custom downloader, BURNTCIGAR, an antimalware killer, Metasploit, and Cobalt Strike frameworks, along with numerous Living-off-the-Land Binaries (LOLBINS)."" The group used two vulnerabilities in the attacks, namely CVE-2020-1472 in Microsoft's NetLogon protocol and CVE-2023-27532 affecting the Veeam Backup & Replication software. BlackBerry reiterated Cuba's general modus operandi of double extortion in its reporting.",2023-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse; Ransomware,Not available - Not available,United States; South America,NATO; NORTHAM - ,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,Cuba Ransomware,Russia,Non-state-group,Criminal(s),1,15093,2023-08-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,BlackBerry Research and Intelligence Team,,United States,Cuba Ransomware,Russia,Non-state-group,https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,External Remote Services; Valid Accounts,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,2.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-u-s-and-it-integrator-in-latin-america/; https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america; https://www.bleepingcomputer.com/news/security/cuba-ransomware-uses-veeam-exploit-against-critical-us-organizations/; https://www.darkreading.com/edge/cuba-ransomware-group-uses-every-trick-in-the-book,2023-08-18,2023-12-11
2516,'NoEscape' launched ransomware attack against Swiss educational institution Fondation de Verdeil in August 2023,"The largest special education institution in the canton of Vaud, the Fondation de Verdeil, fell victim to a ransomware attack on 8 August 2023. The general director of the institution, Corinne Noth, confirmed the incident and named the cybercriminal group known as 'NoEscape' as responsible. The attackers, who have claimed responsibility for over 39 attacks since their first appearance in June 2023, declared in a post on the darkweb that they stole 40GB of data from the Fondation de Verdeil, including highly sensitive personal information such as medical records, insurance documents, medical certificates, numerous photos of children and other related documents.
NoEscape has issued an ultimatum for the release of the data. According to the school's cyber incident notice, however, neither school operations nor the work of the foundation has been disrupted. On 6 September, the Fondation announced that NoEscape had started to leak stolen information as the institution refused to submit to the extortion attempt.",2023-08-08,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,Fondation de Verdeil,Switzerland,EUROPE; WESTEU,State institutions / political system; Education,Civil service / administration; ,NoEscape,Not available,Non-state-group,Criminal(s),1,14901,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoEscape Ransomware Group,Not available,Not available,NoEscape,Not available,Non-state-group,https://www.inside-it.ch/cyberangriff-auf-die-groesste-sonderpaedagogische-einrichtung-im-kanton-waadt-20230817,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-08-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Switzerland,Cantonal police of Vaud,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.verdeil.ch/cyberattaque-contre-la-fondation-de-verdeil/; https://www.inside-it.ch/cyberangriff-auf-die-groesste-sonderpaedagogische-einrichtung-im-kanton-waadt-20230817,2023-08-18,2023-12-06
2508,Rhysida Ransomware Group targeted Prince George's County Public Schools in August 2023,"Prince George's County Public Schools (PGCPS) (Maryland, USA) announced on 14 August 2023 that its network experienced a cyberattack that was detected at the same day in the morning. PGCCPS is one of the largest school districts in the US, catering to 130,000 students. Yet there is no further information if the attack was a ransomware or not or which threat actors are responsible. However, PGCPS further stated that ""4,500 user accounts out of 180,000 were impacted, primarily staff accounts."" The main business and student information systems were reportedly not impacted by the incident. Moreover, critical network systems are said to have been restored, all PGCPS users were asked to reset their passwords on Tuesday, 15 August.
In November 2023, the Rhysida ransomware group claimed responsibility for the attack and put the data up for sale on their website.",2023-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,"Prince George`s County Public Schools (Maryland, USA)",United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,17876,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-09-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/prince-georges-county-public-schools-responding-to-cyberattack/; https://therecord.media/prince-georges-county-schools-maryland-cyberattack; https://therecord.media/tennessee-school-hit-with-ransomware-as-hackers-ramp-up-attacks; https://therecord.media/university-of-michigan-severs-ties-to-internet-after-cyber-incident; https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack; https://therecord.media/ransomware-tracker-the-latest-figures; https://research.checkpoint.com/2024/26th-february-threat-intelligence-report/,2023-08-16,2024-03-15
2510,Cleveland City Schools hit by ransomware attack on 15 August 2023,"The Cleveland City Schools (USA) were hit by a ransomware attack on 15 August 2023, according to a spokesperson who further said that less than 5% of faculty and staff devices were affected. Printers were also not functional. Based on preliminary investigations, no data had been compromised.",2023-08-15,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware, Cleveland City Schools (USA),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,14897,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-08-16 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,United States Department of Homeland Security (DHS),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://newschannel9.com/news/local/cleveland-city-schools-hit-by-ransomware-attack-tuesday-personal-data-not-affected; https://www.databreaches.net/tn-cleveland-city-schools-face-ransomware-attack/; https://therecord.media/university-of-michigan-severs-ties-to-internet-after-cyber-incident,2023-08-16,2023-12-06
2509,Unknown actor compromised networks of Flordia-based Coastal Orthopedics in June 2023,"An unknown actor compromised the networks of Coastal Orthopedics in Florida during June 2023. According to public reporting by the Bradenton Herald, ""sensitive information — including Social Security numbers, birthdays and addresses — for current and former patients"" may have been compromised. Coastal Orthopedics became aware of the incident around 11 June. Investigations were still ongoing at the time of reporting. The company's incident notices cautions that stolen data may have included ""names, Social Security numbers, patient identification numbers, medical record numbers, diagnosis information, other medical information, addresses, driver’s license number, health insurance information, financial account information, and dates of birth."" Public reporting did not indicate whether the incident involved the deployment of ransomware.",2023-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"Coastal Orthopedics (Florida, USA)",United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14896,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/hackers-may-have-stolen-ssns-other-info-from-coastal-orthopedics/; https://coastalorthopedics.com/notice-of-privacy-event/,2023-08-16,2023-12-06
2506,Ransomware group 'Medusa' targeted UAE-based manufacturing company Levare International Ltd. with ransomware and DDoS attacks since 25 July 2023 ,"The UAE-based manufacturing company Levare International Ltd. has been targeted by 'Medusa' with ransomware and DDoS attacks since 25 July 2023, according to the website SuspectFile who claims to be in contact with the threat actors. Medusa demanded $500,000 to cease its disruptions and shut down the company's website for several days in order to increase the pressure on the victim after negotiations between the two parties failed, the report stated. The DDoS attacks stopped on 14 August 2023, based on information Medusa shared with Suspect File. The report further stated that Medusa had shared a video with SuspectFile purportedly showing exfiltrated company data as a proof of their operation. Levare International Ltd. produces artificial lifts and submersible pumps used by the oil and gas industry. ",2023-07-25,2023-08-14,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Levare International Ltd.,United Arab Emirates,ASIA; MENA; MEA; GULFC,Critical infrastructure; Critical infrastructure,Energy; Critical Manufacturing,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,13268,2023-07-25 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/everything-old-is-new-again-medusa-attempts-to-up-the-pressure-on-a-victim-with-a-ddos-attacks/; https://www.suspectfile.com/exclusive-medusa-ransomware-group-ddos-attacks-against-levare-international-ltd/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Network Denial of Service,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),,none,none,3,Moderate - high political importance,3.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/everything-old-is-new-again-medusa-attempts-to-up-the-pressure-on-a-victim-with-a-ddos-attacks/; https://www.suspectfile.com/exclusive-medusa-ransomware-group-ddos-attacks-against-levare-international-ltd/,2023-08-15,2023-09-22
2503,Financially-politically motivated threat actor breached Discord.io custom invite service in August 2023,"Discord.io custom invite service, which allows server owners to create custom invites to their Discord channels, was hacked by financially-politically motivated hacker. As a result, information of 760,000 members was exposed. On 13 August, an individual identifying as ""Akhirah"" started offering the Discord.io database for sale on the new Breached hacking forums and provided four user records as proof of compromise. The most sensitive exposed information was described in public reporting as members' username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID. As a response to the breach, Discord.io shut down its services. In a conversation with BleepingComputer, Akhirah claimed the hack was not exclusively financially motivated, because of how Discord.io allegedly links to harmful and illegal content that should be blacklisted. ",2023-08-13,2023-08-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Discord.io,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Akhira,Not available,Individual hacker(s),,1,14893,2023-08-13 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Akhira,Not available,Not available,Akhira,Not available,Individual hacker(s),https://www.bleepingcomputer.com/news/security/discordio-confirms-breach-after-hacker-steals-data-of-760k-users/,Cyber-specific,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/discordio-confirms-breach-after-hacker-steals-data-of-760k-users/; https://tarnkappe.info/artikel/cyberangriff/discord-io-geschlossen-daten-von-760-000-usern-verkauft-279728.html; https://www.darkreading.com/cloud/discord-io-shuts-down-temporarily-databreach-investigation-underway; https://www.databreaches.net/discord-io-confirms-breach-after-hacker-steals-data-of-760k-users/; https://www.hackread.com/discord-io-data-breach-users-data-sold/; https://research.checkpoint.com/2023/21st-august-threat-intelligence-report/; https://www.malwarebytes.com/blog/news/2023/08/a-week-in-security-august-14-august-20,2023-08-15,2023-12-06
2504,Thousands of public and private US websites compromised to host scammy offers and promotions to children since approximately 2018 ,"Thousands of public and private US websites have been compromised to host scammy offers and promotions to children since approximately 2018, according to security researcher Zach Edwards from HUMAN Security, who presented his findings on the still ongoing activity at Black Hat 2023. Among the hijacked websites are those of US government agencies, leading universities, and professional organizations. The purpose of the scam appears to be to trick children into downloading apps, malware, or submitting personal details. According to Edwards, the described activities can be traced back to one advertising company, named CPABuild, who did not respond to inquiries from technology news outlet Wired. In 2020, Italy’s Computer Security Incident Response Team (CSIRT) published an alert about compromised domains, including a reference to Zach Edwards. ",2018-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking with Misuse,Not available - Not available - Not available - Not available,United States; Italy; United States; United States,NATO; NORTHAM - EUROPE; NATO; EU(MS) - NATO; NORTHAM - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Critical infrastructure - State institutions / political system, -  - Research - Government / ministries,Not available,Not available,Not available,,1,14894,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.wired.com/story/poison-pdf-scam-fortnite-roblox/,Unknown,Not available,,Not available,,1,2020-07-12 00:00:00,EU member states: Preventive measures,Awareness raising,Italy,Italy’s Computer Security Incident Response Team (CIRST),No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,9.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,501-10000,0.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Other human rights instruments; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/poison-pdf-scam-fortnite-roblox/; https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html; https://www.wired.com/story/qr-codes-phishing-attack/,2023-08-15,2023-12-06
2498,Ransomware gang 'Akira' gained access to 85GB of data from US-based Belt Railway Company of Chicago in August 2023,"The Belt Railway Company of Chicago (BRC), the largest shunting and terminal company based in Illinois, US, is currently investigating a data breach perpetrated by the ransomware group 'Akira'. 
Akira claimed to have obtained 85 GB of data from the railroad company in a post on its leak site on 10 August 2023. BRC, which is owned by several American and Canadian railway companies, is considered essential for operations in the industry. 
The intrusion did not affect railroad operations. 

",2023-08-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Belt Railway Company of Chicago (USA),United States,NATO; NORTHAM,Critical infrastructure,Transportation,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),1,14891,2023-08-10 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker,Akira Ransomware Group,Not available,Not available,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,https://therecord.media/belt-railway-chicago-ransomware-data-theft-akira,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/belt-railway-chicago-ransomware-data-theft-akira; https://www.darkreading.com/edge-articles/rail-cybersecurity-is-a-complex-environment; https://therecord.media/akira-ransomware-attacked-hundreds-millions,2023-08-14,2024-04-19
2500,Chinese APT Mustang Panda exfiltrated camera footage from African Union HQ in January 2020,"Suspected Chinese hacking group Mustang Panda/Bronze President infiltrated the African Union's headquarters in Addis Ababa, Ethiopia in a cyber espionage incident that was first discovered on 17 January 2020 by Japanese cybersecurity researchers. The hackers gained access to internal servers to extract surveillance camera footage from various key locations across the AU HQ, including offices, parking areas, corridors, and meeting rooms. In an internal memo circulated within the African Union, it is stated that ‘a huge volume of traffic’ was exfiltrated, though the full scope of the stolen data remains uncertain.",2020-01-17,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,African Union,Africa,,International / supranational organization,,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,17716,2020-01-17 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,Japan`s Computer Emergency Response Team (CERT),Not available,Japan,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-ethiopia-african-union-cyber-exclusiv-idUSKBN28Q1DB,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://cyberlaw.ccdcoe.org/wiki/African_Union_headquarters_hack_(2020); https://www.reuters.com/article/us-ethiopia-african-union-cyber-exclusiv-idUSKBN28Q1DB,2023-08-14,2024-03-04
2499,Unknown hackers targeted Freeport McMoRan Inc. in August 2023 ,"Freeport McMoRan Inc, a major copper producer in North America, announced on 11 August 2023 that its information systems had been affected by a cyberattack.
According to an employee, the attack began on the night of 10 August 2023 and caused the company's computer systems to shut down. Although the incident has had only limited impact on copper production so far, there are concerns that prolonged disruptions could affect future operations. Freeport owns significant copper-producing operations, including the Morenci Operations in Greenlee County and the Safford Operations north of Safford, Arizona. Headquartered in Phoenix, the international company also operates the world's largest gold mine in Papua, Indonesia, and is the world's largest molybdenum producer. It is not known whether the indications of a ransom sum have been confirmed. To address the situation, the company initiated a cooperative effort with law enforcement and other agencies.
",2023-08-10,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Freeport McMoRan Inc,United States,NATO; NORTHAM,Critical infrastructure,Chemicals,Not available,Not available,Not available,,1,14892,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-08-11 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://gilaherald.com/freeport-hit-with-cyberattack-ransom-demanded/; https://investors.fcx.com/investors/news-releases/news-release-details/2023/Freeport-McMoRan-Investigating-Cybersecurity-Incident/default.aspx,2023-08-14,2023-12-06
2496,Unknown threat actor deployed DroxiDat backdoor alongside Cobalt Strike Beacons in a south African nation's critical infrastructure in March 2023,"An unknown threat actor deployed the SystemBC malware called DroxiData alongside Cobalt Strike Beacons in a South African nation's critical infrastructure in March 2023, according to a blog post by Kaspersky from 10 August 2023. The post further stated that the incident was detected during an early stage and probably prepared a ransomware operation. Kaspersky did not definitively attribute the activity while noting that ""in a healthcare related incident involving DroxiDat around the same timeframe, Nokoyawa ransomware was delivered"". Kaspersky researcher Kurt Baumgartner surmised with low confidence that those activities could be linked to a Russian-speaking ransomware-as-a-service group known as FIN12/Pistachio Tempest, previously targeting the healthcare industry in 2022 with SystemBC and Cobalt Strike in order to deploy ransomware.",2023-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,South Africa,AFRICA; SSA,Critical infrastructure,,FIN12/Pistachio Tempest fka DEV-0237,Not available,Non-state-group,Criminal(s),1,14889,2023-08-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,FIN12/Pistachio Tempest fka DEV-0237,Not available,Non-state-group,https://securelist.com/focus-on-droxidat-systembc/110302/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/08/new-systembc-malware-variant-targets.html; https://therecord.media/southern-africa-utility-targeted-cyberattack; https://securityaffairs.com/149432/malware/power-generator-droxidat.html; https://securelist.com/focus-on-droxidat-systembc/110302/; https://www.hackread.com/south-african-power-supplier-droxidat-malware/,2023-08-14,2023-12-06
2495,New Haven Board of Education suffered theft of $6 million in early 2023,"The New Haven Board of Education (USA) suffered an initial theft of $6 million in early 2023, according to a statement by the city of New Haven from 10 August. The statement further detailed that half of the money had since been recovered by law enforcement. The attack was described as a ""business email compromise"", in which the attackers got access to the CEO's email account in late May and inserted themselves into existing conversations to manipulate contacts in six successful instances into the transfer of money during June. ",2023-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking with Misuse,New Haven Board of Education (USA),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,14888,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.databreaches.net/ct-new-haven-board-of-education-victim-of-6-million-cyber-theft/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Trusted Relationship; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-08-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/ct-new-haven-board-of-education-victim-of-6-million-cyber-theft/; https://www.govtech.com/education/k-12/new-haven-schools-put-2-it-staff-on-leave-after-cyber-attack,2023-08-14,2024-02-12
2497,Hacking group 'Thesnake02' stole and exposed sensitive data from Brazilian plastic surgery clinic on 26 July 2023,"A group of hackers calling themselves 'Thesnake02' targeted the Roberto Polizzi Plastic Surgery Clinic in Belo Horizonte, Brazil, and stole approximately 1.25GB of private patient data and leaked it on 26 July 2023. 
The breach revealed a wide array of compromised data, encompassing confidential patient information, surgery-related nude images, personally identifiable information (PII), WhatsApp messages, audio recordings, receipts, CVs, invoices, internal clinic documents, contact details, as well as national insurance numbers and driving licences.",2023-07-26,2023-07-26,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Roberto Polizzi Plastic Surgery Clinic in Belo Horizonte (Brazil),Brazil,SOUTHAM,Critical infrastructure,Health,Thesnake02,Not available,Non-state-group,Criminal(s),1,14890,2023-07-26 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Thesnake02,Not available,Not available,Thesnake02,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/hackers-leak-data-plastic-surgery-patients-photos/; https://www.databreaches.net/two-more-attacks-involving-sensitive-data-a-plastic-surgery-center-in-brazil-and-a-psychiatric-hospital-in-lithuania/; https://www.darkreading.com/threat-intelligence/fbi-hackers-extorting-plastic-surgery-providers-patients,2023-08-14,2023-12-06
2493,North Korean state-sponsored hacking group Lazarus suspected of stealing nearly $60m from payment processing platform Alphapo on 23 July 2023,"A North Korean state-sponsored hacking group is suspected of stealing nearly $60 million from payment processing platform Alphapo on 23 July 2023, the blockchain investigator ZachXBT reported via Twitter on the same day.
Upon further analysis, ZachXBT suspected the Lazarus group to be behind the attack, on 25 July 2023. Noting parallels to past exploits, the COO of the blockchain security company Halborn supported this assessment. 
In a review of the incident, Halborn CEO Rob Behnke explained that the hack was enabled by the leak of private keys. Access to these private keys allowed the hackers to create transactions to transferred funds to their own wallets.
On 22 August 2023, the FBI warned cryptocurrency companies of a possible USD 40 million transfer of cryptocurrencies by North Korean-affiliated actors, also known as Lazarus, which are linked to cyberattacks on cryptocurrency companies. In the same warning, the FBI also attributed the cyber incident on cryptocurrency companies Alphapo, CoinsPaid and AtomicWallet to the Lazarus hacking group.",2023-07-23,2023-07-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,Alphapo,St. Vincent and the Grenadines,,Critical infrastructure,Digital Provider,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14887,2023-08-22 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,Federal Bureau of Investigation (FBI),Not available,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk,Unknown,Not available,,Not available,,1,2023-08-22 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,60000000.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/; https://www.halborn.com/blog/post/explained-the-alphapo-hack-july-2023; https://twitter.com/zachxbt/status/1682941291825627137; https://twitter.com/zachxbt/status/1683747073227624448; https://securityaffairs.com/149798/hacking/north-korea-cash-out-stolen-crypto-assets.html; https://therecord.media/north-korea-lazarus-behind-crypto-heists; https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk; https://www.bleepingcomputer.com/news/security/crypto-casino-stakecom-loses-41-million-to-hot-wallet-hackers/; https://www.hackread.com/cryptocurrency-casino-stake-hacked-41-million/; https://securityaffairs.com/150957/apt/lazarus-stole-240m-crypto-assets.html; https://securityaffairs.com/151433/hacking/mixin-network-200m-cyber-heist.html; https://securityaffairs.com/152106/apt/north-korea-laundered-900-million.html; https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen; https://www.techrepublic.com/article/sekoia-financial-sector-evolutions-threats/; https://www.bleepingcomputer.com/news/security/north-koreas-state-hackers-stole-3-billion-in-crypto-since-2017/; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://www.bleepingcomputer.com/news/security/north-korean-hackers-now-launder-stolen-crypto-via-yomix-tumbler/; https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts,2023-08-11,2024-01-25
2492,Cyberespionage group MoustachedBouncer compromised diplomats from various foreign embassies in Belarus using custom malware strains since 2017 and adversary-in-the-middle attacks since 2020,"The cybersecurity company ESET exposed a new cyber espionage group named MustachedBouncer. ESET assesses with medium confidence that the group's operations are designed to support Belarus's interests. The group's custom malware strain ""Nightclub"" was first discovered in 2014 while the first confirmed attack on the member of a foreign embassy was observed in 2017. The group also uses a second custom malware named ""Disco"". Both are equipped with capabilities such to capture screenshots and audio recordings and to exfiltrate files. According to ESET's analysis, the group focuses on infiltrating foreign embassies located in Belarus and has targeted diplomatic staff from at least two European countries, one from South Asia, and one from Northeast Africa. The first victim observed by ESET was the embassy of a South Asian country, which was compromised on 9 June 2017. 
In 2020 MustachedBouncer adopted an adversary-in-the-middle attack strategy via local internet service providers (ISPs) starting in January 2020. This method involves using ""lawful interception"" systems to compromise targets. Using this method, the embassy staff of a Northeast African country were compromised on 8 January 2020. The following attacks were targeted at the embassy of an unspecified European country on 10 November 2020, the embassy of an Eastern European country on 28 February 2022 and a second compromise of a diplomat already compromised in a previous attack in 2020 on 6 July 2022.
Based on a low-confidence judgment, ESET researchers suspect that MustachedBouncer is closely collaborating with another cyberespionage effort, Winter Vivern, which targets European governments and entities. Shared network infrastructure suggests a connection between the two groups. ",2017-06-09,2022-07-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available,Europe (region); Eastern Europe; North Africa (region); South Asia (region), -  -  - ,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,"Other (e.g., embassies) - Other (e.g., embassies) - Other (e.g., embassies) - Other (e.g., embassies)",MoustachedBouncer,Belarus,Unknown - not attributed,,1,14886,2023-08-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,MoustachedBouncer,Belarus,Unknown - not attributed,https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise,Data Manipulation,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,1-10,4.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty; Law of treaties (pacta sunt servanda),Non-state actors; ; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://cyberscoop.com/belarus-hackers-russia-embassies/; https://www.bleepingcomputer.com/news/security/moustachedbouncer-hackers-use-aitm-attacks-to-spy-on-diplomats/; https://www.darkreading.com/attacks-breaches/moustached-bouncer-apt-spied-embassies-belarus; https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/; https://www.hackread.com/moustachedbouncer-hackers-spying-on-embassies/; https://thehackernews.com/2023/08/researchers-uncover-decade-long-cyber.html; https://www.darkreading.com/endpoint/winter-vivern-blasts-webmail-0day-one-click-exploit; https://www.techrepublic.com/article/winter-vivern-exploits-zero-day-roundcube-webmail/,2023-08-11,2023-12-06
2491,Ukrainian hacktivists gained access to the Moscow Register of Deeds (MosgorBTI) website and defaced it overnight beginning on 6 August 2023,"Ukrainian hacktivists gained access to the Moscow Register of Deeds (MosgorBTI) website and defaced it overnight from 6 to 7 August 2023, a Telegram channel announced the next morning, reposting the same message as displayed on the defaced website.
Shortly afterwards, the affected Moscow Register of Deeds also posted a message on Telegram, admitting that the hackers had gained access to publication material on the website. The agency denied a data breach, noting that the affected website only served to process document requests. Information on real estate projects were hosted in a separate database.
In their message, the hacktivists had claimed to have destroyed the database with information about places of residence and property of the inhabitants of the capital. The group also declared to have forwarded information contained in the database regarding civil servants, politicians, military and special services to the Defense Forces of Ukraine. On 7 August, the group started to post files allegedly obtained from the database on Telegram. 
The independent Russian website iStories reported that the hacks of Rutube in May 2022 and the Skolkovo Foundation in May 2023 had also been announced via the same telegram channel, sudo rm -RF.",2023-08-06,2023-08-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,MosgorBTI,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Civil service / administration,Not available,Ukraine,Non-state-group,Hacktivist(s),2,14885; 14884,2023-08-07 00:00:00; 2023-08-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,Not available; Not available,Not available; Not available,Ukraine; Ukraine,Not available; Not available,Ukraine; Ukraine,Non-state-group; Non-state-group,https://t.me/sudo_RM_RF_6/37,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/ukraine-cyber-intelligence-war-russia; https://meduza.io/en/news/2023/08/07/beware-just-retribution-pro-ukrainian-hackers-claim-access-to-moscow-s-municipal-register-of-deeds; https://t.me/gbumosgorbti/435; https://t.me/sudo_RM_RF_6/37,2023-08-11,2023-12-06
2487,"Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of three Dutch ports in Rotterdam, Amsterdam and Den Helder on 6 June 2023","The pro-Russian hacktivist group 'NoName057(16)' disrupted the websites of the three Dutch ports in Rotterdam, Amsterdam and Den Helder on 6 June 2023, the hacktivist group announced on the same day via its Telegram channel.
The disruption lasted several hours and was a response to the Dutch government's intention to buy Swiss tanks to bring them to Ukraine. ",2023-06-06,2023-06-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Port of Rotterdam - Port of Amsterdam - Port of Den Helder,Netherlands; Netherlands; Netherlands,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14877,2023-06-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/1614; https://t.me/noname05716eng/1615; https://t.me/noname05716eng/1616,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,,0.0,euro,None/Negligent,Law of the sea; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/prorussian-hackers-claim-attacks; https://www.rtlnieuws.nl/economie/artikel/5390268/pro-russische-cybercriminelen-ddos-aanval-havenbedrijf-rotterdam-amsterdam; https://t.me/noname05716eng/1614; https://t.me/noname05716eng/1615; https://t.me/noname05716eng/1616; https://www.kyivpost.com/post/28885,2023-08-10,2024-03-04
2488,Alleged Russian false-flag operation 'Anonymous Sudan' targeted OnlyFans with DDoS on 19 July 2023 ,"The alleged Russian false-flag operation 'Anonymous Sudan' targeted the web service OnlyFans with DDoS on 19 July 2023, causing a one-hour disruption of the website, according to the statements by the group itself. ",2023-07-19,2023-07-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,OnlyFans,United Kingdom,EUROPE; NATO; NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),1,17298,2023-07-19 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/; https://www.bbc.co.uk/news/technology-66668053?at_medium=RSS&at_campaign=KARANGA,2023-08-10,2024-03-06
2490,Hacktivist group 'SiegedSec' claimed theft of leaked NATO data on 24 July 2023,"The hacktivist group 'SiegedSec' claimed to have stolen NATO data that the group leaked via its Telegram channel on 24 July 2023. The information contained full names, email addresses, phone numbers, office addresses, and ranks of at least 70 NATO officials. In contrast to public speculations, the group claimed that the hack was not related to Russia's war against Ukraine and instead motivated because of alleged human rights abuses by NATO. SiegedSec emerged in April 2022 and so far focused their operations on US state entities, e.g. because of legislative attacks on gender-affirming care by those states. A report by CloudSEK described the affected systems as ""unclassified documents for NATO’s [Community of Interest (COI)] Cooperation Portal, which is NATO's unclassified information-sharing and collaboration environment."" Moreover, they estimated that the leak consists of 845 MB of compressed data. According to a published NATO statement, the alliance intended to investigate the matter. ",2023-07-24,2023-07-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,North Atlantic Treaty Organization (NATO),NATO (institutions),,International / supranational organization,,SiegedSec,Not available,Non-state-group,Hacktivist(s),1,14883,2023-07-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,SiegedSec,Not available,Not available,SiegedSec,Not available,Non-state-group,https://www.darkreading.com/attacks-breaches/hack-crew-responsible-for-stolen-data-nato-investigates-claims,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-07-26 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,NATO (region),Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/attacks-breaches/hack-crew-responsible-for-stolen-data-nato-investigates-claims; https://www.bleepingcomputer.com/news/security/nato-investigates-alleged-data-theft-by-siegedsec-hackers/; https://cyberscoop.com/nato-breach-of-unclassified-information-siegedsec/; https://www.cloudsek.com/threatintelligence/siegedsec-allegedly-breached-natos-coi-portal-affecting-31-nations-leaked-sensitive-data; https://www.hackread.com/siegedsec-hacktivist-hack-nato-data-leak/; https://cyberscoop.com/kittensec-hacktivism-corruption/; https://www.cybersecasia.net/news/recently-patched-vulnerabilities-indicate-the-rise-of-exploitation-chaining; https://socradar.io/threat-actor-profile-siegedsec/; https://cyberscoop.com/idaho-national-laboratory-siegedsec/; https://www.hackread.com/hackers-leak-idaho-national-lab-employee-pii-data/,2023-08-10,2023-12-06
2489,Pro-Russian hacktivist group 'NoName057(16)' disrupted website of Dutch port of Groningen on 10 June 2023,"The pro-Russian hacktivist group 'NoName057(16)' disrupted the website of the Dutch port of Groningen on 10 June 2023, the hacktivist group announced on the same day via its Telegram channel.
The disruption lasted until the following day, Sunday 11 June 2023, and was a response to the Dutch government's intention to buy Swiss tanks to bring them to Ukraine. ",2023-06-10,2023-06-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Groningen Seaports,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14882,2023-06-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/1658,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Law of the sea; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/prorussian-hackers-claim-attacks; https://t.me/noname05716eng/1658; https://www.rtlnieuws.nl/economie/artikel/5390268/pro-russische-cybercriminelen-ddos-aanval-havenbedrijf-rotterdam-amsterdam; https://www.kyivpost.com/post/28885,2023-08-10,2024-03-04
2484,Chinese state-sponsored hacking group 'RedHotel' compromised a variety of targets across 17 countries beginning in 2021,"The Chinese state-sponsored hacking group 'RedHotel' compromised a variety of targets across 17 countries during the years of 2021 to 2023, US-based IT security firm Recorded Future disclosed in a technical report on 8 August 2023.
The affected targets belonged to academia as well as the aerospace, government, media, telecommunications, and research and development sectors. With a regional concentration of activity in Southeast Asia, the majority of the targets were government organisations, including the offices of heads of government, finance ministries, legislative bodies, and interior ministries.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Taiwan; India; Czech Republic; Vietnam; Thailand; Malaysia; Philippines; Bhutan; United States; Cambodia; Laos; Bangladesh; Afghanistan; Palestine; Nepal; Pakistan; Hong Kong,ASIA; SCS - ASIA; SASIA; SCO - EUROPE; NATO; EU(MS); EASTEU - ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SASIA - NATO; NORTHAM - ASIA; SEA - ASIA; SEA - ASIA; SASIA - ASIA; SASIA - ASIA; MENA; MEA - ASIA; SASIA - ASIA; SASIA; SCO - ASIA,State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Education,Government / ministries; Telecommunications; ; Legislative; Defence industry; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research;  - Government / ministries; Telecommunications; ; Legislative; Space; Research; ,RedHotel/Aquatic Panda/BRONZE UNIVERSITY/Charcoal Typhoon fka CHROMIUM/Earth Lusca/Red Scylla/ControlX/Fishmonger/DeepCliff/POISON CARP (I-Soon),China,"Non-state actor, state-affiliation suggested",,1,14874,2023-08-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,,United States,RedHotel/Aquatic Panda/BRONZE UNIVERSITY/Charcoal Typhoon fka CHROMIUM/Earth Lusca/Red Scylla/ControlX/Fishmonger/DeepCliff/POISON CARP (I-Soon),China,"Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Phishing,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,11-20,17.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf; https://therecord.media/chinese-military-hackers-redhotel-target-countries-across-asia-north-america-europe; https://thehackernews.com/2023/08/china-linked-hackers-strike-worldwide.html; https://www.darkreading.com/threat-intelligence/redhotel-dominant-china-backed-cyber-spy-group,2023-08-10,2024-02-23
2481,Chinese state-affiliated actors gained access to UK Electoral Commission and personal election data between 2021 and 2022,"Unknown hackers gained access to the electoral registers of the UK Electoral Commission between 2021 and 2022. Detected in October 2022, the threat actors also accessed the Commissions control system and emails hosted on the same servers. 
The potentially accessed registers include the name and address of anyone in the UK registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. The Commission declared that electoral register data had not been altered or amended as a result of the incident, and that most of the accessed data had previously already been in the public domain. The Commission further emphasized that the unauthorized activities are assessed to have no impact on the electoral process, the rights or access to the democratic process of any individuals. The incident did not affect any changes to the electoral registration status of any individuals listed in affected registers. Voter information used to send out polling cards and to check voters at polling stations are managed separately by individual electoral registration officers for each local authority area and remain unaffected by this intrusion.
On 25 March 2024 the UK government released a press statement attributing the attack to Chinese state-affiliated actors, as assessed by the National Cyber Security Centre. Accordingly the compromise happened between 2021 and 2022. NCSC also states, it is almost certain that the China state-affiliated APT31 also targeted parliamentarians' emails in 2021, though without successful compromise.
As a response the Chinese Ambassador was summoned by Foreign, Commonwealth and Development Office, which - in conjunction with the U.S. Department of the Treasury - also sanctioned a Chinese company Wuhan Xiaoruizhi Science & Technology and two individuals with memberships to APT31. Wuhan Xiaoruizhi Science & Technology is according to US prosecutors is a front for the Chinese Ministry of State Security and part of APT31. 
The Chinese Ministry of State Security condemned the sanctions by the UK and the US: ""This action is a clear attempt to defame and politicize the issue of cybersecurity, causing serious damage to China’s legitimate interests"". China also accused the two nations of conducting frequent military operations in cyberspace and promoting strategies such as “preemptive strikes” and “cyber deterrence.”",2021-08-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,UK Electoral Commission,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Election infrastructure / related systems,Not available,China,"Non-state actor, state-affiliation suggested",,1,18466,2024-03-25 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,United Kingdom’s National Cyber Security Centre (NCSC),Not available,United Kingdom,Not available,China,"Non-state actor, state-affiliation suggested",https://www.ncsc.gov.uk/news/china-state-affiliated-actors-target-uk-democratic-institutions-parliamentarians,Unknown,Unknown,,Unknown,,1,2023-08-08 00:00:00,State Actors: Legislative reactions,Dissenting statement by member of parliament,United Kingdom,"Angela Rayner (MP, Labour's Deputy Leader and the Shadow Chancellor of the Duchy of Lancaster)",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Not available,UK Information Commissioner's Office,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.bbc.co.uk/news/uk-politics-66441010?at_medium=RSS&at_campaign=KARANGA; https://cyberscoop.com/u-k-election-admin-agency-servers-breach-exposed-voter-information-of-tens-of-millions/; https://securityaffairs.com/149288/data-breach/uk-electoral-commission-data-breach.html; https://www.bleepingcomputer.com/news/security/uk-electoral-commission-data-breach-exposes-8-years-of-voter-data/; https://www.theguardian.com/technology/2023/aug/08/uk-electoral-commission-registers-targeted-by-hostile-hackers; https://www.hackread.com/uk-electoral-commission-major-data-breach/; https://www.electoralcommission.org.uk/privacy-policy/public-notification-cyber-attack-electoral-commission-systems; https://www.electoralcommission.org.uk/media-centre/electoral-commission-subject-cyber-attack; https://www.electoralcommission.org.uk/privacy-policy/public-notification-cyber-attack-electoral-commission-systems/information-about-cyber-attack; https://thehackernews.com/2023/08/uk-electoral-commission-breach-exposes.html; https://www.databreaches.net/russia-prime-suspect-in-cyber-attack-which-saw-names-and-addresses-of-40m-uk-voters-exposed-reports/; https://www.bbc.co.uk/news/blogs-the-papers-66446143?at_medium=RSS&at_campaign=KARANGA; https://news.sky.com/story/elections-watchdog-targered-by-cyber-attack-which-left-voters-ddetails-exposed-12936034; https://www.databreaches.net/uk-electoral-commission-had-an-unpatched-microsoft-exchange-server-vulnerability/; https://www.wired.com/story/keystroke-attack-security-roundup/; https://www.theguardian.com/technology/2023/aug/11/psni-voter-breaches-data-risks-taken-more-seriously; https://arstechnica.com/security/2023/08/how-an-unpatched-microsoft-exchange-0-day-likely-caused-one-of-the-uks-biggest-hacks-ever/; https://arstechnica.com/security/2023/08/cybersecurity-experts-say-the-west-has-failed-to-learn-lessons-from-ukraine/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://www.bbc.co.uk/news/uk-politics-68654533; https://www.eeas.europa.eu/eeas/uk-statement-spokesperson-recent-malicious-cyber-activities_en#:~:text=The%20European%20Union%20expresses%20its,take%20further%20action%20when%20necessary.; https://www.gov.uk/government/news/uk-holds-china-state-affiliated-organisations-and-individuals-responsible-for-malicious-cyber-activity; https://www.aljazeera.com/news/2024/3/25/us-uk-sanction-alleged-china-based-hackers-for-targeting-voters-critics?traffic_source=rss; https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-targeting-uk-democratic-institutions; https://www.theguardian.com/technology/2024/mar/25/chinese-hackers-targeted-electoral-commission-and-politicians-say-security-services; https://www.wired.com/story/china-apt31-us-uk-hacking-espionage-charges-sanctions/; https://www.bbc.co.uk/news/world-us-canada-68659095; https://www.joongang.co.kr/article/25237935; https://www3.nhk.or.jp/news/html/20240326/k10014402431000.html; https://www3.nhk.or.jp/nhkworld/es/news/20240326_08/; https://www3.nhk.or.jp/nhkworld/zh/news/k10014402431000/; https://www.ilfoglio.it/esteri/2024/03/26/news/la-cina-spia-i-parlamentari-dei-paesi-occidentali-londra-adesso-reagisce-6371346/; https://www.rts.ch/info/monde/2024/article/le-royaume-uni-accuse-la-chine-de-cyberattaques-contre-ses-elus-et-institutions-28449724.html; https://www.ilsussidiario.net/news/usa-accuse-a-cina-per-cyberattacco-a-congresso-e-casa-bianca-hacker-avrebbero-agito-per-ben-15-anni/2681960/; https://www.heise.de/news/Cyberangriff-auf-Wahlkommission-Grossbritannien-und-USA-sanktioneren-Chinesen-9666239.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.sudouest.fr/sciences-et-technologie/cyberattaques-washington-londres-et-wellington-accusent-pekin-de-viser-leurs-institutions-19101579.php; https://www.mundiario.com/articulo/internacional/reino-unido-ee-uu-imponen-sanciones-china-ciberataques-sufridos/20240326165747302866.html; https://ici.radio-canada.ca/rci/zh-hans/%E6%96%B0%E9%97%BB/2060279/%E8%8B%B1%E5%9B%BD%E6%8C%87%E8%B4%A3%E4%B8%AD%E5%9B%BD%E7%BD%91%E7%BB%9C%E6%94%BB%E5%87%BB%E8%AE%AE%E5%91%98; https://www.haberler.com/politika/ingiltere-cinli-bilgisayar-korsanlarini-sucladi-16982270-haberi/; https://www.malatyaguncel.com/ingiltere-cin-maslahatguzarini-disisleri-bakanligina-cagirdi-2497196h.htm; https://www.elnacional.cat/es/internacional/eeuu-reino-unido-acusan-china-estar-detras-varios-ciberataques-han-sufrido_1185174_102.html; https://securityaffairs.com/161081/apt/uk-new-zealand-china-cyber-operations.html; https://www.haber7.com/dunya/haber/3409946-cinden-ingiltere-ve-yeni-zelandaya-siber-saldiri; https://fr.news.yahoo.com/p%C3%A9kin-nie-%C3%AAtre-derri%C3%A8re-cyberattaques-091626330.html; https://news.sbs.co.kr/news/endPage.do?news_id=N1007587761; https://www.theguardian.com/technology/2024/mar/26/china-cyber-attacks-are-increasing-western-analysts-warn; https://www.swissinfo.ch/spa/china-tilda-de-%22infundadas%22-acusaciones-de-ciberataques-a-nueva-zelanda-y-reino-unido/74339770; https://www.ilfattoquotidiano.it/2024/03/26/usa-gran-bretagna-e-nuova-zelanda-accusano-la-cina-di-gravi-attacchi-informatici-pechin-calunnie-dannose/7491763/; https://www.haber365.com.tr/cin-bu-sefer-sert-duvara-carpti-ingiltere-maruz-kaldigi-siber-saldiriyi-affetmedi-h318650; https://www.lapresse.ca/international/asie-et-oceanie/2024-03-26/washington-londres-et-wellington/pekin-nie-etre-derriere-les-cyberattaques.php; https://www.01net.com/actualites/vague-cyberattaques-royaume-uni-etats-unis-epinglent-hackers-chinois.html; https://www.ncsc.gov.uk/news/china-state-affiliated-actors-target-uk-democratic-institutions-parliamentarians; https://www.infobae.com/economist/2024/03/27/que-hacer-con-la-masiva-campana-de-ciberespionaje-de-china/; https://www.clarin.com/mundo/ataques-ciberneticos-londres-acusa-china-hackear-datos-40-millones-britanicos-califican-amenaza-seguridad-nacional_0_5QOCbYsQ34.html; https://www.jiji.com/jc/article?k=20240327045743a&g=afp; https://securityaffairs.com/161269/breaking-news/security-affairs-newsletter-round-465-by-pierluigi-paganini-international-edition.html; https://news.ifeng.com/c/8YF28UyDzEV; https://medyabar.com/haber/19709159/ingiltere-cin-maslahatguzarini-disisleri-bakanligina-cagirdi; https://www.lanacion.com.ar/agencias/eeuu-y-reino-unido-anuncian-sanciones-por-hackeos-contra-comision-electoral-vinculados-a-china-nid25032024/; https://www.agenzianova.com/a/6601bbd06962d9.52572265/5125537/2024-03-25/regno-unito-il-governo-emette-sanzioni-dopo-attacchi-informatici-riconducibili-alla-cina; https://english.elpais.com/international/2024-03-25/us-and-uk-announce-sanctions-over-china-linked-hacks-on-officials-lawmakers-and-election-watchdog.html; https://www.swissinfo.ch/spa/la-ue-se-solidariza-con-londres-y-actuar%C3%A1-si-detecta-actividades-cibern%C3%A9ticas-maliciosas/74298926; https://cyberscoop.com/china-indictments-apt31-surveillance/; https://www.euronews.com/next/2024/03/25/china-linked-to-cyber-attack-on-uk-election-watchdog-as-us-and-uk-retaliate-with-sanctions; https://www.bleepingcomputer.com/news/security/us-sanctions-apt31-hackers-behind-critical-infrastructure-attacks/; https://www.dw.com/zh/%E8%8B%B1%E6%94%BF%E5%BA%9C%E6%89%B9%E8%AF%84%E4%B8%AD%E5%9B%BD%E9%BB%91%E5%AE%A2%E6%94%BB%E5%87%BB/a-68663366; https://www.politico.eu/article/uk-accuses-china-of-cyberattacks-on-british-democracy/; https://www.sudouest.fr/international/europe/royaume-uni/cybersecurite-le-royaume-uni-accuse-l-etat-chinois-de-cyberattaques-malveillantes-19096716.php; https://dushi.singtao.ca/toronto/%E6%96%B0%E9%97%BB/%E5%8D%B3%E6%97%B6%E5%9B%BD%E9%99%85/%E8%8B%B1%E5%89%AF%E9%A6%96%E7%9B%B8%E5%B0%86%E5%90%91%E5%9B%BD%E4%BC%9A%E8%AE%AE%E5%91%98%E5%8F%91%E8%A8%80-%E6%8C%87%E6%8E%A7%E4%B8%AD%E5%9B%BD%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E5%A8%81%E8%83%81/; https://www.bt.dk/udland/storbritannien-anklager-kinesiske-hackere-for-angreb-paa-valgkommission; https://yle.fi/a/74-20080850; https://news.ifeng.com/c/8YFLkA4ah0x; https://www.govinfosecurity.com/uk-discloses-chinese-espionage-activities-a-24702; https://www.kyoto-np.co.jp/articles/-/1225257; https://www.tokyo-np.co.jp/article/317292; https://view.inews.qq.com/a/20240402A00ON200; http://www.periodico26.cu/index.php/en/worlds-news-2/17423-china-denounces-us-and-uk-plot-in-cyber-attacks; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/",2023-08-09,2024-04-04
2482,Chinese state-sponsored hacking group RedHotel compromised Vietnam's Institute on State Organizational Sciences to use government infrastructure for malware command and control,"The Chinese state-sponsored hacking group RedHotel leveraged Vietnamese government infrastructure for malware command and control, the US IT security firm Recorded Future assessed in a report published on 8 August 2023. The company based its analysis on an executable submitted to a public malware database in November 2022. According to Recorded Future's report, RedHotel used a stolen code signing certificate from Taiwanese gaming company Wanin International to sign a dynamic link-library (DLL) and load the offensive security tool (OST) Brute Ratel C4. The Brute Ratel C4 payload then sought to contact the hijacked infrastructure of Vietnam's Institute of State Organizational Sciences.",2022-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Institute on State Organizational Sciences,Vietnam,ASIA; SCS; SEA,State institutions / political system,Civil service / administration,RedHotel/Aquatic Panda/BRONZE UNIVERSITY/Charcoal Typhoon fka CHROMIUM/Earth Lusca/Red Scylla/ControlX/Fishmonger/DeepCliff/POISON CARP (I-Soon),China,"Non-state actor, state-affiliation suggested",,1,14868,2023-08-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,Recorded Future,United States,RedHotel/Aquatic Panda/BRONZE UNIVERSITY/Charcoal Typhoon fka CHROMIUM/Earth Lusca/Red Scylla/ControlX/Fishmonger/DeepCliff/POISON CARP (I-Soon),China,"Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/chinese-military-hackers-redhotel-target-countries-across-asia-north-america-europe; https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf; https://www.darkreading.com/threat-intelligence/redhotel-dominant-china-backed-cyber-spy-group,2023-08-09,2024-02-23
2483,Hackers from China's People's Liberation Army gained access to classified Japanese defense networks beginning in fall 2020,"Hackers from China's People's Liberation Army gained access to classified Japanese defense networks from autumn 2020 to at least early November 2021, the Washington Post reported on 7 August 2023, based on anonymized statements from former and current US and Japanese officials.
According to the report, the US National Security Agency (NSA) discovered in autumn 2020 that hackers from China's People's Liberation Army had compromised Japan's classified defence networks. The hackers looked to access plans, capabilities and assessments of military shortcomings, three US officials said. The discovery was so disturbing that NSA and United States Cyber Command chief Paul Nakasone and then-deputy national security adviser Matthew Pottinger travelled to Tokyo to personally brief the Japanese minister of defense and subsequently the prime minister. Upon discovery that the Chinese hackers continued to dwell in senitive Japanese networks in spring 2021, US Cyber Command offered to dispatch a team of ""hunt forward"" experts to aid with identifying and closing vulnerabilities. To address Japanese concerns about granting foreign military access to government networks, the two sides arranged that Japanese IT security firms would look for vulnerabilities and a joint team of NSA and US Cyber Command would review findings and provide guidance.
In the autumn of 2021, US intelligence service gain found about the persistence of Chinese threat actors in Japanese defense systems. To emphasize the urgency to shut out the intruders, the deputy national security adviser for cyber, Anne Neuberger, traveled to Tokyo with a handful of US officials in November 2021, and met with Japanese military, diplomatic and intelligence officials. US Defense Secretary Lloyd Austin indicated that advanced intelligence sharing may be affected if the security of Japanese networks did not improve. On the day following the publication of the Washington Post report, Japan's Chief Cabinet Secretary Hirokazu Matsuno told a regular press briefing that the government had not ""confirmed the fact that security information has been leaked due to cyberattacks"".",2020-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state; Incident disclosed by authorities of victim state",Data theft; Hijacking with Misuse,Not available,Japan,ASIA; SCS; NEA,State institutions / political system,Military,People's Liberation Army (PLA),China,State,,1,14869,2023-08-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,National Security Agency (NSA),Not available,United States,People's Liberation Army (PLA),China,State,https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/,Territory; Resources; International power,Territory; Resources; International power,China - Japan (East China Sea); China - Japan (East China Sea); China - Japan (East China Sea),Yes / HIIK intensity,HIIK 2,2,2020-01-01 00:00:00; 2021-01-01 00:00:00,State Actors: Preventive measures; State Actors: Preventive measures,Awareness raising; Capacity building in third countries,United States; United States,Paul Nakasone (Head of US CYCOM and NSA); Anne Neuberger (Deputy National Security Adviser for Cyber; USA),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/chinese-military-hackers-redhotel-target-countries-across-asia-north-america-europe; https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/; https://www.reuters.com/technology/japan-says-cannot-confirm-leakage-after-report-says-china-hacked-defence-2023-08-08/; https://therecord.media/chinese-cyber-spies-improve-but-have-not-eclipsed-nsa; https://www.japantimes.co.jp/japan/2023/08/09/japan-intel-sharing-us-confident/; https://www.schneier.com/blog/archives/2023/08/china-hacked-japans-military-networks.html; https://www.thestack.technology/national-cybersecurity-japan-usa-china/,2023-08-09,2023-12-06
2478,North Korean threat actors compromised computer networks of Russian missile engeneering firm NPO Mashinostroyeniya in May 2022,"The cybersecurity firm SentinelOne assessed with high confidence that North Korean threat actors compromised NPO Mashinostroyeniya's sensitive internal IT infrastructure, using several different methods, in May 2022. Part of Russia's defense industry, NPO is a company designing and developing rockets based in Reutov.
ScarCruft, a cyberespionage team associated with North Korea, breached NPO's Linux email server. Intruders also deployed the OpenCarrot backdoor, previously linked to the North Korean APT Lazarus, to further develop their access across the compromised network. 
SentinelOne's investigation was set off by internal communications an NPO employee mistakenly uploaded to a cybersecurity forum while investigating the breach. Further analysis led to the discovery of the OpenCarrot backdoor. This backdoor enables various functionalities, including proxying communication and the manipulation of filesystems and processes.",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,NPO Mashinostroyeniya,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Defence industry,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,14864,2023-08-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,SentinelOne,,United States,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.jpost.com/international/article-753938; https://therecord.media/north-korean-hackers-breach-Russia; https://securityaffairs.com/149263/apt/north-korea-hacked-russian-npo-mashinostroyeniya.html; https://thehackernews.com/2023/08/north-korean-hackers-targets-russian.html; https://www.bleepingcomputer.com/news/security/north-korean-hackers-scarcruft-breached-russian-missile-maker/; https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/; https://www.darkreading.com/attacks-breaches/russian-rocket-bureau-faces-cyber-espionage-breach-north-korea-responsible; https://www.hackread.com/north-korean-hackers-breach-russia-missile-dev/; https://www.wired.com/story/keystroke-attack-security-roundup/; https://www.jpost.com/international/article-755294; https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html; https://www.wired.com/story/google-chrome-youtube-ad-blocker-crackdown/; https://thehackernews.com/2024/01/north-korean-hackers-weaponize-fake.html,2023-08-08,2024-01-23
2480,"Ragnar Locker ransomware gang disrupted computer systems of Mayanei Hayeshua Medical Center in Bnei Brak, Israel, beginning on 7 August 2023","The Ragnar Locker ransomware gang disrupted the administrative computer systems of the Mayanei Hayeshua Medical Center in the Israeli city of Bnei Brak on the night of 7 to 8 August 2023, the Israeli Ministry of Health and the Israel National Cyber Directorate (INCD) reported on 8 August 2023. The operations of medical equipment remained unaffected. Contending with disrupted access to its electronic record system, the hospital stopped accepting new patients for outpatient treatments and for its imaging centres. Patients requiring emergency attention were redirected to nearby hospitals. The cybercriminals, about whom little is known, have leaked 400GB, allegedly part of a cache of 1TB that the group claims to have stolen from Mayanei HaYeshua. Information includes patients' medical details.",2023-08-07,2023-08-08,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption; Hijacking with Misuse,Mayanei Hayeshua Medical Center,Israel,ASIA; MENA; MEA,Critical infrastructure,Health,Ragnar Locker ,Not available,Non-state-group,Criminal(s),1,14866,2023-09-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Ragnar Locker,Not available,Not available,Ragnar Locker ,Not available,Non-state-group,https://securityaffairs.com/150540/hacking/mayanei-hayeshua-hospital.html; https://www.bleepingcomputer.com/news/security/ragnar-locker-claims-attack-on-israels-mayanei-hayeshua-hospital/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-08-08 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Israel,Israel National Cyber Directorate (INCD),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.jpost.com/breaking-news/article-754032; https://www.databreaches.net/il-cyberattack-shuts-down-bnei-brak-hospitals-computers/; https://therecord.media/israeli-hospital-ransomware-attack-disruptions; https://www.databreaches.net/hackers-threaten-publishing-sensitive-medical-data-on-politicians-haredi-leaders/; https://www.heise.de/news/Cyberkriminelle-erpressen-israelisches-Krankenhaus-mit-Daten-von-Politikern-9258156.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://therecord.media/israel-hospital-data-leaked-ragnar-locker-ransomware; https://securityaffairs.com/150540/hacking/mayanei-hayeshua-hospital.html; https://www.bleepingcomputer.com/news/security/ragnar-locker-claims-attack-on-israels-mayanei-hayeshua-hospital/; https://research.checkpoint.com/2023/11th-september-threat-intelligence-report/; https://www.darkreading.com/dr-global/israeli-hospital-hit-by-attackers-1tb-data-stolen; https://www.darkreading.com/dr-global/hackers-for-hire-hit-both-sides-in-israel-hamas-conflict; https://www.hackread.com/ragnar-locker-ransomware-gang-dismantled-site-seized/; https://www.heise.de/news/Nach-Schlag-gegen-Ragnar-Locker-Landeskriminalamt-Sachsen-nennt-weitere-Details-9342223.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/ragnar-locker-ransomware-site-taken-down-fbi-europol; https://securityaffairs.com/152727/cyber-crime/law-enforcement-ragnar-locker-group.html; https://www.heise.de/news/Ermittlern-gelingt-Schlag-gegen-Ransomware-Gang-Ragnar-Locker-9340480.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://therecord.media/ransomware-tracker-the-latest-figures,2023-08-08,2024-01-16
2479,Unknown Threat Actor Disrupted operations of Health Service in Madeira in August 2023,"The Regional Health Service of the Autonomous Region of Madeira (SESARAM) fell victim to a cyberattack aimed at disrupting its operations. The attack led to the suspension of all non-urgent clinical activities scheduled for 7 August 2023, affecting consultations, surgeries, clinical analyses and complementary means used for diagnosis. SESARAM has reported the incident to the relevant authorities, including the National Cyber Security Centre and the National Data Protection Commission. As of 8 August, there was no evidence that clinical records had been compromised. SESARAM has refrained from linking the incident to ransomware and noted that no ransom had been demanded, while not providing any further details about the potential origin of the attack.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Regional Health Service of the Autonomous Region of Madeira (SESARAM),Portugal,EUROPE; NATO; EU(MS),Critical infrastructure,Health,Not available,Not available,Not available,,1,14865,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/pt-sesaram-confirms-cyberattack-on-regions-health-service-suspends-non-urgent-activity-monday/; https://www.jm-madeira.pt/regiao/ver/214738/SESARAM_confirma_ciberataque_e_suspende_atividade_nao_urgente_desta_segunda-feira; https://www.jm-madeira.pt/regiao/ver/214774/Ciberataque_ao_SESARAM_foi_dos_maiores_registados_na_Regiao_e_ja_foi_reivindicado,2023-08-08,2023-12-06
2477,Rhysida Ransomware Group executes ransomware attack on Prospect Medical Holdings Inc. causing disruption to computer systems at several US healthcare facilities on 3 August 2023,"The Rhysida ransomware group conducted a ransomware attack against Prospect Medical Holdings Inc., a health care service provider in the United States that manages 16 hospitals across four states in addition to 166 outpatient centres, on 3 August 2023. Following the attack, several of the hospitals reported problems and disruptions. 
At multiple facilities, the computer systems were knocked offline, limiting access to Internet, email and electronic health records and forcing Prospect to suspend certain inpatient services, elective surgeries, outpatient blood draw, physical therapy and to reschedule some appointments. Several facilities had to revert to paper records. At clinics in Connecticut, the emergency departments at Manchester Memorial and Rockville General hospital had to be closed for most of the day of the attack and patients were diverted to other nearby medical centres.
On 9 August 2023, Bleeping Computer reported that unspecified sources had told it that the Rhysida ransomware group was behind this cyber incident.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-08-03,2023-08-03,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Manchester Memorial Hospital - Waterbury Hospital - Taylor Hospital - Delaware County Memorial Hospital - Prospect Medical Holdings - Rockville General Hospital - Springfield Hospital - Crozer-Chester Medical Center,United States; United States; United States; United States; United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health - Health - Health - Health - Health - Health,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15587,2023-08-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Not available,Not available,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,8.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,1,2023-08-04 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/crozer-healths-computer-systems-were-knocked-offline-thursday-by-a-ransomware-attack/; https://therecord.media/hospital-network-facing-cyberattack; https://securityaffairs.com/149181/hacking/cyberattack-impacted-multiple-us-hospitals.html; https://www.elmundo.es/internacional/2023/08/05/64cd8119e4d4d8e5618b456e.html; https://www.govinfosecurity.com/california-hospital-chain-facing-ransom-service-disruption-a-22741; https://securityaffairs.com/149224/breaking-news/security-affairs-newsletter-round-431-by-pierluigi-paganini-international-edition.html; https://www.echn.org/patients-and-visitors/closings/?utm_source=social&utm_medium=facebook&utm_term=&utm_content=&utm_campaign=a2199c10-9ef9-483f-8b54-9d78e0a1fe8d; https://apnews.com/article/cyberattack-hospital-emergency-outage-4c808c1dad8686458ecbeababd08fecf; https://www.facebook.com/WaterburyHospital/posts/681645007320104?ref=embed_post; https://www.inquirer.com/health/crozer-health-computer-systems-down-20230803.html; https://research.checkpoint.com/2023/7th-august-threat-intelligence-report/; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/; https://therecord.media/prospect-hospitals-still-recovering; https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit; https://www.darkreading.com/vulnerabilities-threats/rhysida-ransomware-trains-its-sights-on-healthcare-operations; https://www.databreaches.net/ransomware-attack-continues-to-disrupt-two-connecticut-hospital-systems/; https://www.malwarebytes.com/blog/news/2023/08/several-hospitals-still-counting-the-cost-of-widespread-ransomware-attack; https://www.wired.com/story/hospital-ransomware-hhs-digiheals/; https://arstechnica.com/information-technology/2023/08/our-health-care-system-may-soon-receive-a-much-needed-cybersecurity-boost/; https://www.bleepingcomputer.com/news/security/rhysida-claims-ransomware-attack-on-prospect-medical-threatens-to-sell-data/; https://securityaffairs.com/149979/cyber-crime/prospect-medical-holdings-rhysida-ransomware.html; https://www.govinfosecurity.com/midwest-hospital-group-experiencing-systemwide-outage-a-22961; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://therecord.media/cyber-incident-reporting-regulation-cisa; https://www.darkreading.com/attacks-breaches/recent-rhysida-attacks-show-focus-on-healthcare-sector-by-ransomware-actors; https://securityaffairs.com/150835/cyber-crime/lockbit-ransomware-carthage-area-hospital.html; https://therecord.media/kuwait-isolates-systems-after-ransomware-attack; https://therecord.media/safford-arizona-hospital-st-louis-call-a-ride-cyberattacks; https://securityaffairs.com/152486/cyber-crime/alphv-ransomware-morrison-community-hospital.html; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/hhs-proposes-cyber-requirements-for-hospitals; https://therecord.media/sony-investigating-ransomware-insomniac-games; https://www.techrepublic.com/article/top-cybersecurity-threats/; https://therecord.media/nearly-three-mil-affected-ransomware-medtech; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/; https://therecord.media/long-beach-facing-cyber-incident; https://therecord.media/world-council-churches-lutheran-world-federation-cyberattacks; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax,2023-08-07,2023-12-29
2476,Unknown ransomware group gained access to network of Colorado Department of Higher Education (CDHE) and stole student and teacher data beginning on 11 June 2023,"An unknown ransomware group gained access to the network of the Colorado Department of Higher Education (CDHE) and stole student and teacher related data during the period of 11 to 19 June 2023, the CDHE reported in an incident notice on 4 August 2023.
The stolen data included names, social security numbers, student identification numbers as well as other education records. The scope of the data theft remains subject to review, but may potentially be extensive, reaching back to those attending a public institution of higher education in Colorado between 2007-2020 or attending a Colorado public high school between 2004-2020. ",2023-06-11,2023-06-19,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse; Ransomware,Colorado Department of Higher Education (CDHE),United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,14856,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/149228/data-breach/colorado-department-of-higher-education-data-breach.html; https://cdhe.colorado.gov/notice-of-data-incident; https://www.bleepingcomputer.com/news/security/colorado-department-of-higher-education-warns-of-massive-data-breach/; https://research.checkpoint.com/2023/7th-august-threat-intelligence-report/; https://www.darkreading.com/attacks-breaches/colorado-dept-higher-education-data-breach,2023-08-07,2023-12-06
2475,Medusa ransomware group gained access to network of St. Landry Parish School Board on 25 July 2023,"Unauthorized actors gained access to the network of the St. Landry Parish School Board on 25 July 2023, according to superintendent Milton Batiste III. The exact impact of the incident remains under investigation. On 30 July, the Medusa ransomware group claimed responsibility for the attack on its leak site, posting samples of what the group alleges is a wider trove of data it had obtained from the school centre. Documents released included a small-denomination check, a training certificate, an education disability claim form, communications with an insurance department, as well as information on teacher salaries which is also publicly available. The group set a one-week deadline to pay a $1 million ransom.",2023-07-25,2023-07-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse; Ransomware,St. Landry Parish Public Schools,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,14855,2023-07-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.theadvocate.com/acadiana/news/slpsb-victimized-in-ransomware-attack/article_98507368-2fe4-11ee-a4bc-4f95f3f4cba9.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights,"Economic, social and cultural rights",Not available,1,2023-08-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Louisiana State Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.theadvocate.com/acadiana/news/slpsb-victimized-in-ransomware-attack/article_98507368-2fe4-11ee-a4bc-4f95f3f4cba9.html,2023-08-04,2023-12-06
2474,Rhysida Ransomware Group targeted University of the West of Scotland  In July 2023,"The University of the West of Scotland (UWS) fell victim to a ransomware attack in early July 2023, according to British media reports. The attack, carried out by the emerging ransomware group Rhysida, forced down the website and locked staff work stations and half of the university's IT systems for several days. The attackers demanded a payment of 20 bitcoins (approximately £450,000) for the deletion of stolen confidential data. The incident was reported to police on 6 July. Data advertised on the group's leak site includes staff personal information such as bank details and national insurance numbers, as well as internal university documents. The BBC confirmed the group's listing but has been unable to verify the authenticity of the data. 
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-06-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s); Attack on critical infrastructure target(s)",; ; ; ,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,University of the West of Scotland (UWS),United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Critical infrastructure; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Education; Education; Education,Civil service / administration; Research; Civil service / administration; Civil service / administration; Research; Research; ; ; ,Rhysida Ransomware Group,Not available,Non-state-group; Non-state-group,Criminal(s); Criminal(s),1,15588,2023-07-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://www.bbc.com/news/uk-scotland-glasgow-west-66327336,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://socradar.io/threat-profile-rhysida-ransomware/; https://www.bbc.com/news/uk-scotland-glasgow-west-66126073; https://www.bbc.com/news/uk-scotland-glasgow-west-66327336; https://www.govinfosecurity.com/authorities-warn-health-sector-attacks-by-rhysida-group-a-22753; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-08-04,2023-12-29
2473,Unknown hackers targeted US-based boat manufacturer Brunswick Corporation,"Unknown hackers targeted the US-based Brunswick Corporation, in particular resulting in disruptions within marine propulsion and engine parts and accessories division, the company announced on 13 June 2023. 
In a second quarter earnings conference call on 27 July 2023, Brunswick Corporation CEO Dave Foulkes declared that the incident caused financial results to fall below initial expectations. While all primary global manufacturing and distribution facilities resumed operations within nine days, the company estimates the financial impact to be $80 million to $85 million of revenue in the quarter. For the full year, Brunswick expects to be able to lower this amount to between $60 million to $70 million, as the company recovers some of the lost production in the coming quarters.
The company assessed a non-recoverable loss of $0.35 in earnings per share as a result of the incident, primarily related to the downtime of high horsepower outboard engine production and reduced sales during the retail season.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Brunswick Corporation,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,14853,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,0.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/marine-industry-giant-brunswick-lost-millions; https://www.insidermonkey.com/blog/brunswick-corporation-nysebc-q2-2023-earnings-call-transcript-1172914/; https://www.brunswick.com/news/press-releases/detail/787/brunswick-corporation-experiences-it-security-incident; https://therecord.media/clorox-production-issues-after-august-cyberattack; https://therecord.media/manufacturing-giant-hit-with-cyberattack; https://therecord.media/mgm-resorts-cyberattack-cost-millions; https://therecord.media/cybercrime-organization-stole-customer-data-sec-marinemax,2023-08-03,2024-04-02
2472,"Unknown hackers gained access to email inboxes of Heinrich Heine University (HHU) in Düsseldorf, Germany","Unknown hackers gained access to email inboxes of the Heinrich Heine University (HHU) in Düsseldorf, Germany, the regional newspaper Rheinische Post reported on 1 August 2023. 
The hackers presumably infected an IT workstation system with malware and thereby gained access to the email inbox of the university's registrar, among others. ",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Hijacking without Misuse,Heinrich Heine University (HHU) Düsseldorf,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,14670,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.csoonline.com/de/a/hacker-greifen-auf-e-mail-konten-der-uni-duesseldorf-zu,3681029; https://www.heise.de/news/Erneuter-Cyberangriff-auf-Uni-in-Duesseldorf-und-mehr-9691398.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag",2023-08-03,2024-04-22
2471,Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of several Italian transport companies on 31 July 2023,"The pro-Russian hacktivist group 'NoName057(16)' disrupted access to the websites of several Italian transport companies on 31 July 2023, the group announced via Telegram on the same day. 
On the following day, the Italian Computer Security Incident Response Team (CSIRT) confirmed the targeting, noting that it caused only limited disruption. ",2023-07-31,2023-07-31,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Disruption,Azienda Napoletana Mobilita - Trentino Trasporti - Azienda Regionale Sarda Trasporti - Siena Mobilita - AMAT Palermo - Cagliari Trasporti Mobilita - Azienda Consorzio Trasporti Veneziano - SAD Alto Adige,Italy; Italy; Italy; Italy; Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation - Transportation - Transportation - Transportation - Transportation - Transportation,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14666,2023-07-31 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Not available,NoName057(16),Russia,Non-state-group,https://t.me/noname05716/4385; https://t.me/noname05716/4358; https://t.me/noname05716/4361; https://t.me/noname05716/4362; https://t.me/noname05716/4379; https://t.me/noname05716/4382; https://t.me/noname05716/4383; https://t.me/noname05716/4384,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,8.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.ilsole24ore.com/art/attacchi-filorussi-siti-banche-italiane-e-aziende-trasporti-disservizi-limitati-AFcXccQ; https://t.me/noname05716/4385; https://t.me/noname05716/4358; https://t.me/noname05716/4361; https://t.me/noname05716/4362; https://t.me/noname05716/4379; https://t.me/noname05716/4382; https://t.me/noname05716/4383; https://t.me/noname05716/4384; https://www.targatocn.it/2024/01/22/leggi-notizia/argomenti/cronaca-1/articolo/revenge-porn-molestie-social-cyberterrorismo-anche-in-piemonte-casi-in-aumento-in-un-2023-ricco.html,2023-08-02,2024-01-23
2469,Pro-Russian hacking group 'NoName057(16)' targeted several Italian banks with DDoS attacks on 1 August 2023,The pro-Russian hacktivist group 'NoName057(16)' claims to have targeted the websites of six Italian banks via DDoS attacks. Short-term interruptions briefly interfered with the accessibility of e-banking portals.,2023-08-01,2023-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Intesa Sanpaolo - Banca Monte dei Paschi di Siena - Banca Popolare di Sondrio - FinecoBank - CheBanca! - BPER Banca,Italy; Italy; Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Finance - Finance - Finance - Finance - Finance - Finance,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14663,2023-08-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Not available,NoName057(16),Russia,Non-state-group,https://t.me/noname05716/4407; https://t.me/noname05716/4397; https://t.me/noname05716/4396; https://t.me/noname05716/4395; https://t.me/noname05716/4393; https://t.me/noname05716/4390,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.ilsole24ore.com/art/attacchi-filorussi-siti-banche-italiane-e-aziende-trasporti-disservizi-limitati-AFcXccQ; https://t.me/noname05716/4407; https://t.me/noname05716/4397; https://t.me/noname05716/4396; https://t.me/noname05716/4395; https://t.me/noname05716/4393; https://t.me/noname05716/4390; https://www.reuters.com/world/europe/russian-hackers-crash-italian-bank-websites-cyber-agency-2023-08-01/; https://securityaffairs.com/149224/breaking-news/security-affairs-newsletter-round-431-by-pierluigi-paganini-international-edition.html; https://therecord.media/prorussian-hackers-claim-attacks; https://www.torinoggi.it/2024/01/15/leggi-notizia/argomenti/cronaca-11/articolo/revenge-porn-molestie-social-lotta-al-cyberterrorismo-casi-in-aumento-in-un-2023-ricco-di-interve.html,2023-08-02,2024-01-16
2468,Chinese state-sponsored hacking group 'APT31' stole unspecified data from industrial organisation in Eastern Europe in 2022,"The Chinese state-sponsored hacking group APT31 infiltrated industrial organisations in Eastern Europe in 2022 to steal unspecified data, the Russian IT security firm Kaspersky attributed with medium to high confidence in two technical reports dated 20 and 31 July 2023.
The hacking group abused cloud-based data storages such as Yandex and Dropbox as well as file-sharing services for data exfiltration. It also built a command-and-control (C2) infrastructure on virtual private servers (VPS) and used infected removable drives for data exfiltration from air-gapped networks. To this end, the threat actor used FourteenHi malware, MeatBall backdoor and other unnamed implants. The hacking group appeared to assign particular importance to establishing a permanent channel for data exfiltration.  ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Eastern Europe,,Unknown,,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14661,2023-07-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,Kaspersky,Russia,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Common-TTPs-of-attacks-against-industrial-organizations-implants-for-remote-access-En.pdf,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing; Replication Through Removable Media,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/ics-ot/air-gapped-ics-systems-targeted-sophisticated-malware; https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Common-TTPs-of-attacks-against-industrial-organizations-implants-for-gathering-data-En.pdf; https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Common-TTPs-of-attacks-against-industrial-organizations-implants-for-remote-access-En.pdf; https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html; https://www.bleepingcomputer.com/news/security/hackers-use-new-malware-to-breach-air-gapped-devices-in-eastern-europe/; https://www.govinfosecurity.com/malware-campaign-targets-eastern-european-air-gapped-systems-a-22718,2023-08-02,2024-04-29
2470,Engineer at Tennessee Arnold Air Force Base (AAFB) gained unauthorised access to Air Education and Training Command (AETC) radio communications technology and stole unspecified information,"A 48-year-old engineer at Tennessee Arnold Air Force Base (AAFB) gained unauthorised access to Air Education and Training Command (AETC) radio communications by stealing communication equipment and access keys, Forbes business magazine reported, based on a US Department of Justice search warrant.
State authorities were tipped off by a base contractor that the suspected engineer was taking radio technology equipment home. During a raid of the engineer's home, investigators discovered that the suspect had unauthorised administrator access to Air Education and Training Command (AETC) radio communications of 17 affiliated Air Force facilities. 
The suspect used Motorola radio programming software configured to access the entire communications system of AAFB air base, he had worked at. In addition, investigators found a USB flash drive containing administrator passwords and electronic system keys for the AETC radio network and radio programming data for local law enforcement. The warrant noted the discovery of evidence pointing to the suspect's possible access to communications of the FBI and several Tennessee state agencies.",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Air Education and Training Command (AETC),United States,NATO; NORTHAM,State institutions / political system,Military,Unknown,United States,Individual hacker(s),,1,14665,2023-07-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,US Department of Justice (DoJ),Not available,United States,Unknown,United States,Individual hacker(s),https://www.forbes.com/sites/thomasbrewster/2023/07/29/exclusive-pentagon-suffers-critical-compromise-of-air-force-communications/?sh=c0000f3198cc,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Trusted Relationship; Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Sovereignty,Non-state actors; ,Not available,1,2023-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,US Attorney for the Eastern District of Tennessee,Not available,,No response justified (missing state attribution & breach of international law),,https://www.darkreading.com/vulnerabilities-threats/china-s-volt-typhoon-apt-burrows-us-critical-infrastructure; https://www.forbes.com/sites/thomasbrewster/2023/07/29/exclusive-pentagon-suffers-critical-compromise-of-air-force-communications/?sh=c0000f3198cc,2023-08-02,2023-11-27
2463,Unknown threat actors exploited vulnerabilities within smart contract language Vyper and stole crypto-assets from multiple crypto-platforms in July 2023,"Unknown threat actors exploited unknown vulnerabilities within the smart contract language Vyper and stole crypto-assets from multiple crypto-platforms in July 2023. The programming team behind Vyper revealed on 30 July that the latest versions of its compiler did fail to correctly implement safeguards against so-called ""reentrancy attacks"". As a result, at least five cryptocurrency platforms lost more than $25 million worth of crypto-assets so far. Among the victims are the following entities: AlchemixFi ($13 million), JPEG'd ($11 million), MetronomeDAO ($1.6 million), Ellipsis Finance ($68,600), Curve Finance ($ 61 million) and Debridge Finance ($24,600). ",2023-07-01,Not available,Attack on critical infrastructure target(s),,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking with Misuse,Curve Finance - Debridge Finance - AlchemixFi - Ellipsis Finance - JPEG'd - MetronomeDAO,Not available; Not available; Not available; Not available; Not available; Not available, -  -  -  -  - ,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Finance - Finance - Finance - Finance - Finance - Finance,Not available,Not available,Not available,,1,16464,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,Not available,0.0,> 10 Mio - 100 Mio,0.0,euro,Not available,Human rights,"Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thedefiant.io/over-usd70m-stolen-from-multiple-defi-protocols-due-to-vyper-code-bug; https://web3isgoinggreat.com/single/vyper-vulnerability; https://therecord.media/millions-stolen-in-vyper-crypto-hack; https://therecord.media/millions-stolen-exactly-harbor-protocol-defi-cryptocurrency; https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen; https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023,2023-08-01,2024-01-25
2462,Anonymous Sudan claims responsibility for DDoS-attacks against Kenya's eCitizen portal since 23 July 2023 ,"The alleged Russian false-flag group Anonymous Sudan claimed responsibility for DDoS-attacks against Kenya's eCitizen portal that started on 23 July 2023 and caused disruptions to access of the government portals until 27 July 2023, according to a statement by the country's Ministry of Interior and National Administration from the same day.
The attack happened just weeks after the government expanded the portal to over 5,000 government services that are available online. 
News reports described widespread implications, noting that Kenyans had been unable to access services such as buying electricity tokens or making payments via the M-Pesa mobile transaction system. Moreover, visa applications and business registrations were rendered inaccessible; the rail network was also hit, causing problems with the ticketing process. 
However, in contrast to allegations by Anonymous Sudan, Eliud Owalo, Kenya's information and communication minister, stated that no biometrics or other data had been accessed, stolen or lost. 
In Telegram posts, Anonymous Sudan links its actions to recent tensions between Sudan and Kenya following a proposal by Kenya's President William Ruto to send peacekeepers of the East Africa Standby Force, established by the African Union, to protect civilians during the ongoing conflict between rivalling factions of Sudan's military government. In contrast to the group's other recent operations, the present activity corresponds more closely to possible Sudanese interests, in line with Anonymous Sudan's purported origins. This attempt at alignment may be part of an effort to distract from assessments by several cybersecurity firms, including Mandiant and Trustwave, that suspected the group to operate as a front for or affiliate of Russian hacktivist group KillNet. In an interview with BBC journalist Joe Tidy and cyber researcher IntelCocktail, a representative of Anonymous Sudan disputed that the group had any connection to Russia a week before the attack against eCitizen. Reporting by Risky Biz from 31 July links the incident to recent criticism by Kenyan officials of Vladimir Putin for ending a crucial deal that would have enabled Ukrainian grain to flow to African countries. ",2023-07-23,2023-07-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,Kenya’s eCitizen portal,Kenya,AFRICA; SSA,State institutions / political system,Civil service / administration,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),1,14648,2023-07-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,https://technext24.com/2023/07/27/anonymous-sudan-kenya-ddos-attack/,System / ideology,Unknown,,Unknown,,1,2023-07-27 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Kenya,"Eliud O. Owalo (Cabinet Secretary, Ministry of Information, Communication and the Digital Economy in Kenya)",No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bbc.com/news/world-africa-66337573; https://www.biometricupdate.com/202307/cyberattack-on-kenyas-digital-infrastructure-continues; https://www.citizen.digital/news/govt-says-e-citizen-services-back-online-after-cyber-attack-scare-n324390; https://technext24.com/2023/07/27/anonymous-sudan-kenya-ddos-attack/; https://intelcocktail.com/anonymous-sudan-interview/; https://research.checkpoint.com/2023/7th-august-threat-intelligence-report/; https://www.bbc.co.uk/news/technology-66668053?at_medium=RSS&at_campaign=KARANGA,2023-08-01,2023-11-27
2461,'NoEscape' conducted ransomware attack against Hawaii Community College on 13 June 2023,"The 'NoEscape' hacking group conducted a ransomware attack against the Hawaii Community College (HCC) on 13 June 2023. The group illicitly obtained 65 GB of data containing personal information of approximately 28,000 individuals.  HCC is part of the University of Hawaii, which serves 50,000 students. Noting NoEscape's past practice of leaking stolen information, when the group's ransom demands went unanswered, the University of Hawaii announced that it had negotiated with the group and reached an agreement that it would destroy all stolen information. ",2023-06-13,2023-06-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Hawaiʻi Community College,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,NoEscape,Not available,Non-state-group,Criminal(s),1,14647,2023-06-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoEscape Ransomware Group,Not available,Not available,NoEscape,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/hawaii-community-college-pays-ransomware-gang-to-prevent-data-leak/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hawaii-community-college-pays-ransomware-gang-to-prevent-data-leak/; https://www.databreaches.net/hawai%ca%bbi-community-college-pays-ransom-to-attackers/; https://www.hawaii.edu/news/2023/07/26/hawaii-cc-cyber-attack-resolved/; https://www.hawaii.edu/news/2023/06/20/uh-investigating-ransomware-incident/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-28th-2023-new-extortion-tactics/; https://research.checkpoint.com/2023/31st-july-threat-intelligence-report/; https://therecord.media/australia-domain-name-admin-denies-data-breach; https://therecord.media/us-canada-water-commission-investigating-cyberattack,2023-07-31,2023-11-27
2460,Iranian hacktivist group 'Cyber Av3ngers' allegedly disrupted website of Israeli oil processing and petrochemical company BAZAN Group during 28-30 July 2023,"The Iranian hacktivist group 'Cyber Avengers', also spelled 'Cyber Av3ngers', allegedly disrupted the website of Israel's largest oil processing and petrochemical company BAZAN Group during the weekend of 28-30 July 2023.
The hacktivist group claimed to have gained access by exploiting a vulnerability in a firewall operated by Israeli IT security firm Check Point and posted what appeared to be a screenshot of BAZAN's SCADA system. 
A spokesperson for BAZAN confirmed the DDoS attack and the associated disruption to the company's website, while denying that the incident caused any ""damage"" to company networks. According to the spokesperson, images purportedly showing BAZAN systems were a fabrication and had no connection to the firm's assets. A representative of Check Point noted that the company is not aware of any vulnerability that would have enabled an attack as described by the threat actor.",2023-07-28,2023-07-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,BAZAN Group,Israel,ASIA; MENA; MEA,Critical infrastructure; Critical infrastructure,Energy; Chemicals,Cyber Avengers/Cyber Av3ngers < Storm-0784/Shahid Kaveh Group (IRGC-CEC),"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),1,15908,2023-07-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cyber Avengers / Cyber Av3ngers,Not available,"Iran, Islamic Republic of",Cyber Avengers/Cyber Av3ngers < Storm-0784/Shahid Kaveh Group (IRGC-CEC),"Iran, Islamic Republic of",Non-state-group,https://www.bleepingcomputer.com/news/security/israels-largest-oil-refinery-website-offline-after-ddos-attack/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/israels-largest-oil-refinery-website-offline-after-ddos-attack/; https://www.darkreading.com/dr-global/israeli-oil-refinery-taken-offline-pro-iranian-attackers; https://www.hackread.com/israeli-oil-refinery-giant-bazan-cyber-attacks/; https://socradar.io/major-cyberattacks-in-review-july-2023/; https://www.hackread.com/cyberattack-deface-israel-equipment-us-water-agency/; https://www.c4isrnet.com/federal-oversight/doj-fbi/2023/12/10/white-house-aide-says-iranian-hack-of-us-waterworks-is-call-to-action/; https://socradar.io/cisa-issues-ics-advisories-for-vulnerabilities-affecting-rockwell-automation-mitsubishi-electric-and-unitronics/,2023-07-31,2024-01-08
2459,North Korean hacking group 'Lazarus' targeted cryptocurrency payments platform CoinsPaid on 22 July 2023,"The North Korean state-backed hacking group 'Lazarus' is suspected of having targeted cryptocurrency payments platform CoinsPaid on 22 July 2023, the company disclosed on 26 July. 
The incident led the platform, which runs a payment system to support businesses in the use of cryptocurrencies, to shut down for four days. Lazarus is assessed to have siphoned off $37.3 million in company assets during the theft, which reportedly did not affect client funds. Incident analysis shared by CoinsPaid identified the intrusion as a hybrid attack combining social engineering, bribery of critical personnel, and intrusion attempts against numerous internet-accessible applications.
On 22 August 2023, the FBI warned cryptocurrency companies of a possible USD 40 million transfer of cryptocurrencies by North Korean TraderTraitor-affiliated actors, also known as Lazarus, which are linked to cyberattacks on cryptocurrency companies. In the same warning, the FBI also attributed the cyber incident on cryptocurrency companies Alphapo, CoinsPaid and AtomicWallet to the Lazarus hacking group.",2023-07-22,2023-07-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption; Hijacking with Misuse,CoinsPaid,Estonia,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14645,2023-08-22 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,Federal Bureau of Investigation (FBI),Not available,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk,Unknown,Unknown,,Unknown,,1,2023-08-22 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,Exploit Public-Facing Application; Trusted Relationship,Data Manipulation,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),6,Moderate - high political importance,6.0,Low,9.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,37300000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-07-25 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Estonia,Estonian Police and Border Guard Board/Politsei- ja Piirivalveamet,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.hackread.com/north-korea-lazarus-group-coinspaid-crypto-heist/; https://securityaffairs.com/148955/breaking-news/security-affairs-newsletter-round-430-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/148895/cyber-crime/coinspaid-cyber-heist.html; https://coinspaid.com/tpost/0zx28tmj51-coinspaid-is-back-to-processing-after-be; https://coinspaid.com/tpost/7t4xtbgyl1-hack-details-revealed-immediate-reaction; https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html; https://research.checkpoint.com/2023/31st-july-threat-intelligence-report/; https://socradar.io/major-cyberattacks-in-review-july-2023/; https://securityaffairs.com/149798/hacking/north-korea-cash-out-stolen-crypto-assets.html; https://therecord.media/north-korea-lazarus-behind-crypto-heists; https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk; https://www.bleepingcomputer.com/news/security/crypto-casino-stakecom-loses-41-million-to-hot-wallet-hackers/; https://securityaffairs.com/150957/apt/lazarus-stole-240m-crypto-assets.html; https://securityaffairs.com/151433/hacking/mixin-network-200m-cyber-heist.html; https://securityaffairs.com/152106/apt/north-korea-laundered-900-million.html; https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen; https://www.techrepublic.com/article/sekoia-financial-sector-evolutions-threats/; https://www.bleepingcomputer.com/news/security/us-seizes-sinbad-crypto-mixer-used-by-north-korean-lazarus-hackers/; https://www.bleepingcomputer.com/news/security/north-koreas-state-hackers-stole-3-billion-in-crypto-since-2017/; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts,2023-07-31,2024-03-01
2458,Unknown hackers disrupted the services of the French commune of Chevilly-Larue in the south of Paris,"Unknown hackers disrupted the services of the French commune of Chevilly-Larue in the south of Paris, the municipality announced on its website on 21 July 2023. ",2023-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Municipality of Chevilly-Larue,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system,Civil service / administration; Civil service / administration,Not available,Not available,Not available; Not available; Not available,; ; ,1,14644,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-07-28 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Agence nationale de la sécurité des systèmes d’information (ANSSI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,http://www.ville-chevilly-larue.fr/fonctionnalites/actualites-109/piratage-informatique-services-inaccessibles-4706.html?cHash=50b13ab059543031bbb17d915b30d4b5,2023-07-28,2023-11-27
2457,Unknown hackers disrupted the database and computer systems of the Brazilian city of Jacarezinho in state of Paraná on 24 July 2023,"Unknown hackers disrupted the database and computer systems of the Brazilian city of Jacarezinho in the north of the state Paraná on 24 July 2023, the city government announced on its website. The incident disrupted the city services, including the issuance of electronic invoices and payroll processing, tax payment guides, and the Transparency Portal.",2023-07-24,2023-07-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Municipality of Jacarezinho,Brazil,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,14643,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.jacarezinho.pr.gov.br/; https://www.baguete.com.br/noticias/26/07/2023/jacarezinho-sofre-ataque-cibernetico,2023-07-28,2023-11-27
2454,Unknown actors gained access to IT services of the city of Angoulême and the Greater Angoulême agglomeration on 24 July 2023,Unknown actors gained access to the IT services of the city of Angoulême and the Greater Angoulême agglomeration on 24 July 2023. Disruptions to the services caused cut off the municipal administrations' Internet and telephone connections as well as the access to their websites. ,2023-07-24,2023-07-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,City of Angoulême - Greater Angoulême Agglomeration,France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,14632,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://actu.fr/nouvelle-aquitaine/angouleme_16015/angouleme-une-cyberattaque-paralyse-les-services-de-la-ville_59893300.html; https://m.facebook.com/villeangouleme?lst=100014200723265%3A100064764126369%3A1690379246&eav=AfYXNiqdkQKyd7QPTsREnrbBH-tohVPY-8CxRjaVdwSq-o82Pn6BWJ_7_xypnNtOSIc&paipv=0; https://www.charentelibre.fr/charente/angouleme/angouleme-les-chantiers-qui-vont-marquer-l-annee-debattus-en-conseil-18856568.php,2023-07-26,2024-03-08
2455,State-sponsored hacker groups targeted Wuhan Earthquake Monitoring Center in China,"The Wuhan Earthquake Monitoring Center has suffered a cyberattack, according to a report by the Chinese state media outlet Global Times from 26 July 2023. An unspecified trojan had been found on network equipment employed for seismic observations. The Chinese Computer Virus Emergency Response Center and Chinese cybersecurity company 360 Security Technology monitored the attack and started an investigation. The Global Times report claims that initial findings suggest the intrusion was carried out by threat actors with a governmental background and that the malicious activity had reached the Center from the US. In response to a request for comment by the Global Times, Mao Ning, a spokesperson for the Chinese foreign ministry did not address the question of possible US involvement. Mao condemned what she called an ""irresponsible attack"" and emphasized that ""China will do what is necessary to safeguard [its] cybersecurity"". The US American cybersecurity firm sentinelone mentions that these claims of US american espionage are based on a report from CVERC and Qihoo360, which as of February 2024 has not been published yet. According to sentinelone Chinas attributions to US security authorities lack crucial technical analysis to validate their claims, until 2023 reports recycled old, leaked US intelligence documents.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Hijacking without Misuse,Wuhan Earthquake Monitoring Center,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system,Civil service / administration,Not available,Not available,"Non-state actor, state-affiliation suggested",,1,17234; 17234; 17234; 17234; 17234; 17234,2023-07-26 00:00:00; 2023-07-26 00:00:00; 2023-07-26 00:00:00; 2023-07-26 00:00:00; 2023-07-26 00:00:00; 2023-07-26 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Wuhan Municipal Emergency Management Bureau; National Computer Virus Emergency Response Center (CVERC); Qihoo 360; Wuhan Municipal Emergency Management Bureau; National Computer Virus Emergency Response Center (CVERC); Qihoo 360,Qihoo 360; Qihoo 360; Qihoo 360; Qihoo 360; Qihoo 360; Qihoo 360,China; China; China; China; China; China,Not available; Not available; Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available; Not available; Not available,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.globaltimes.cn/page/202307/1295064.shtml,Unknown,Unknown,,Unknown,,1,2023-07-26 00:00:00,State Actors: Stabilizing measures,Statement by minister of foreign affairs (or spokesperson),China,Mao Ning (China`s Foreign Ministry Spokesperson),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.globaltimes.cn/page/202307/1295064.shtml; https://www.fmprc.gov.cn/eng/xwfw_665399/s2510_665401/2511_665403/202307/t20230726_11118191.html; https://www.reuters.com/world/china/china-says-wuhan-earthquake-centre-attacked-by-overseas-hackers-2023-07-26/; https://www.zdnet.com/article/china-accuses-us-intelligence-agencies-as-source-behind-wuhan-cybersecurity-attack/; https://therecord.media/cyber-norms-serving-their-purpose-liesyl-franz; https://new.qq.com/rain/a/20240402A014L500; https://new.qq.com/rain/a/20240402A00R3900; https://view.inews.qq.com/a/20240402A00ON200,2023-07-26,2024-04-04
2456,Unknown actors stole $2.76 million from cryptocurrency platfom Era Lend on 25 July 2023,"Unknown actors stole $2.76 million in a ""reentrancy"" attack against the decentralized cryptocurrency lending platform Era Lend on 25 July 2023, the blockchain security firm Certik reported. Era Lend confirmed the breach. In a letter to the attackers published on Twitter, Era Lenda noted that the attackers limited the amounts withdrawn and did not drain all liquidity available at the time of the breach. In the statement, the company called on the exploiters to return 90% of the stolen funds. In exchange, Era Lend offered to cease its investigations into the identity of the perpetrators and its efforts to retrieve the remaining funds.",2023-07-25,2023-07-25,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,Era Lend,United States,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14634,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,2760000.0,dollar,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.certik.com/resources/blog/4NPEuNEiaUUcm6S3gdKKLP-eralend-incident-analysis; https://twitter.com/Era_Lend/status/1683826465446715397; https://twitter.com/SaulCapital/status/1683817699262992386; https://twitter.com/Era_Lend/status/1684203337388883969; https://twitter.com/Era_Lend/status/1683897328938389505,2023-07-26,2023-11-27
2453,Unknown threat actor exploited zero-day vulnerability in Ivanti Endpoint Manager Mobile to compromise ICT platform used by Norwegian ministries in July 2023,"On 24 July, the Norwegian government revealed a cyberattack affecting against an ICT platform maintained by the Norwegian Government Security and Service Organisation (DSS). The platform is used by all ministries, except the Office of the Prime Minister, the Ministry of Defence, the Ministry of Justice and Public Security and the Ministry of Foreign Affairs.
In an update one day after an initial press briefing from 24 July 2023, the Norwegian National Security Authority (NSM) and the Norwegian Government Security and Service Organisation (DSS) disclosed that the threat actor developed access through a zero-day vulnerability in the Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2023-35078). On 24 July, the US vendor Ivanti reported that this zero-day vulnerability allowed the bypass of authentication to access personally identifiable information (PII), including users' names, phone numbers, and other mobile device details, and limited changes to a vulnerable server. Erik Hope, Director of the Norwegian ministries’ security and service organisation, announced the vulnerability had been discovered on 12 July following the investigation of ""unusual"" traffic on the vendor's platform. 
The vulnerability has since been fixed. The identity of the attacker and extent of the breach remain subject to investigation. The notification of the Norwegian Data Protection Authority suggests the intrusions may have led to the unauthorized access or exfiltration of data. Whether this involved sensitive files remains unclear. Norwegian authorities have launched an enquiry into the incident and are working with law enforcement to assess the scope and impact of the attack.
On 28 July 2023, the US software company Ivanti published a second 0-day vulnerability (CVE-2023-35081), which was also exploited in the cyber incident against the Norwegian ministries. This vulnerability allows malicious files to be written to the Ivanti Endpoint Manager Mobile (EPMM) application and enables bypassing the administration authentication in conjunction with the first zero-day vulnerability.
On 1 August, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) published a joint advisory on the active exploitation of CVE-2023-35078 and CVE-2023-35081. The advisory stated that an APT had been exploiting the 0-day vulnerability CVE-2023-35078 since at least April 2023 until July 2023 to gather information from various Norwegian organisations and compromise a network of an unspecified Norwegian government agency. 
As a response, Ivanti CEO Jeff Abbott published an open letter and 6-minute video to customers on 3 April 2024 pledging to overhaul how the technology-management company builds its products and the way it undertakes communication with customers about vulnerabilities.",2023-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available - Not available,Norway; Norway,EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU,Unknown - State institutions / political system; State institutions / political system, - Government / ministries; Government / ministries,Not available,Not available,Not available; Not available,,1,18455,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,2,2023-07-24 00:00:00; 2023-08-01 00:00:00,State Actors: Stabilizing measures; State Actors: Preventive measures,Statement by other ministers (or spokespersons)/members of parliament; Awareness raising,Norway; Norway, Sigbjørn Gjelsvik (Minister of Local Government and Regional Development of Norway); Norwegian National Cyber Security Centre (NCSC-NO),Yes,One,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,12.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-07-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Norway,Norwegian Police Service,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/norwegian-government-it-systems-hacked-using-zero-day-flaw/; https://www.databreaches.net/norwegian-ministries-hit-by-cyberattack/; https://www.jpost.com/breaking-news/article-752214; https://www.hackread.com/norway-probes-govt-ministries-cyberattack/; https://www.regjeringen.no/en/aktuelt/ministries-hit-by-cyber-attacks/id2990098/; https://www.hackread.com/norway-probes-govt-ministries-cyberattack/; https://securityaffairs.com/148778/hacking/norwegian-ministries-cyber-attack.html; https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/; https://www.bleepingcomputer.com/news/security/cisa-warns-govt-agencies-to-patch-ivanti-bug-exploited-in-attacks/; https://www.darkreading.com/dr-global/ivanti-zero-day-exploit-disrupts-norway-government-services; https://www.databreaches.net/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/; https://www.linkedin.com/posts/nasjonal-sikkerhetsmyndighet%5Foppdatering-om-nulldagss%C3%A5rbarhet-p%C3%A5-pressem%C3%B8tet-activity-7089367926155165696-0amW?utm%5Fsource=share&utm%5Fmedium=member%5Fdesktop; https://nsm.no/aktuelt/nulldagssarbarhet-i-ivanti-endpoint-manager-mobileiron-core; https://www.malwarebytes.com/blog/news/2023/07/patch-now-ivanti-endpoint-manager-mobile-authentication-vulnerability-used-in-the-wild; https://www.bleepingcomputer.com/news/security/zimbra-patches-zero-day-vulnerability-exploited-in-xss-attacks/; https://therecord.media/ivanti-warns-of-second-vulnerability-norway-government-attack; https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://securityaffairs.com/148957/hacking/ivanti-epmm-flaw.html; https://securityaffairs.com/148955/breaking-news/security-affairs-newsletter-round-430-by-pierluigi-paganini-international-edition.html; https://thehackernews.com/2023/07/ivanti-warns-of-another-endpoint.html; https://unit42.paloaltonetworks.com/threat-brief-cve-2023-35078/; https://www.bleepingcomputer.com/news/security/ivanti-patches-new-zero-day-exploited-in-norwegian-govt-attacks/; https://therecord.media/ivanti-hack-began-in-april; https://www.bleepingcomputer.com/news/security/cisa-issues-new-warning-on-actively-exploited-ivanti-mobileiron-bugs/; https://research.checkpoint.com/2023/31st-july-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/ivanti-discloses-new-critical-auth-bypass-bug-in-mobileiron-core/; https://securityaffairs.com/149071/security/cisa-adds-second-ivanti-epmm-flaw-to-its-known-exploited-vulnerabilities-catalog.html; https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html; https://www.govinfosecurity.com/ivanti-norway-hacks-began-in-april-says-us-cisa-a-22723; https://www.malwarebytes.com/blog/news/2023/08/ivanti-patches-second-zero-day-vulnerability-actively-used-in-attacks; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a; https://securityaffairs.com/149116/security/ivanti-epmm-bypass-cve-2023-35082.html; https://securityaffairs.com/149224/breaking-news/security-affairs-newsletter-round-431-by-pierluigi-paganini-international-edition.html; https://therecord.media/all-ivanti-versions-affected-by-vulnerability-tied-to-norway-attacks; https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/; https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US; https://socradar.io/critical-zero-day-in-ivanti-epmm-formerly-mobileiron-core-is-actively-exploited-cve-2023-35078/; https://securityaffairs.com/149739/hacking/ivanti-sentry-api-flaw.html; https://www.darkreading.com/attacks-breaches/ivanti-issues-fix-for-critical-vuln-in-its-sentry-gateway-technology; https://www.bleepingcomputer.com/news/security/ivanti-releases-patches-for-13-critical-avalanche-rce-flaws/; https://www.bleepingcomputer.com/news/security/ivanti-warns-critical-epm-bug-lets-hackers-hijack-enrolled-devices/; https://therecord.media/ivanti-customers-patch-chinese-hackers; https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html; https://www.bleepingcomputer.com/news/security/cisa-critical-ivanti-auth-bypass-bug-now-actively-exploited/; https://research.checkpoint.com/2024/4th-march-threat-intelligence-report/; https://therecord.media/ivanti-security-overhaul-ceo-jeff-abbott; https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/,2023-07-25,2024-04-17
2451,Pro-Russian hacker group 'NoName057(16)' disrupted website of the Parliament of New Zealand in July 2023,"The website of the parliament of New Zealand was hit by DDoS attack, leaving the website intermittently unavailable during 17-19 July 2023. The pro-Russian hacktivist group 'NoName057(16)' claimed responsibility for the disruption on Telegram, stating that the attack was prompted by New Zealand's support for Ukraine. ",2023-07-16,2023-07-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Parliament of New Zealand,New Zealand,OC,State institutions / political system,Legislative,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,14451,2023-07-17 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/1998,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.stuff.co.nz/business/132571137/russian-hackers-may-be-behind-ddos-attack-on-nz-parliament-website; https://thecyberexpress.com/parliament-of-new-zealand-cyber-attack/; https://t.me/noname05716eng/1998,2023-07-25,2023-11-21
2450,State-sponsored North Korean hacker group 'Lazarus' leveraged Windows IIS web servers to distribute malware exploiting INISAFE Crossweb EX V6 software,"The state-sponsored North Korean hacker group 'Lazarus' gained leveraged compromised Windows IIS web servers to distribute malware via South Korean websites, the AhnLab Security Emergency response Center (ASEC) reported on 24 July 2023. Lazarus used hijacked servers to infect systems running a vulnerable version of the INISAFE Crossweb EX V6 software as part of a watering-hole attack. INISAFE Crossweb EX is a web application firewall used by public and private entities in South Korea to protect e-commerce sites, online banking portals, and government websites.

",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,"United States; Korea, Republic of",NATO; NORTHAM - ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown; Unknown,;  - ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,14450,2023-07-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,Japan,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/en/55369/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/; https://asec.ahnlab.com/en/55369/; https://www.govinfosecurity.com/lazarus-group-targets-microsoft-iis-servers-a-22688; https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html,2023-07-25,2024-03-01
2449,Unknown threat actor gained access to non-production environment of unnamed critical infrastructure organisation using a zero-day vulnerability in the NetScaler Application Delivery Controller and stole data in June 2023,"An unknown threat actor gained access to the non-production environment of an unnamed critical infrastructure organisation using a zero-day vulnerability (CVE-2023-3519) in the NetScaler Application Delivery Controller (ADC) and NetScaler Gateway and stole data in June 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) reported in an advisory on 20 July 2023 after the affected organisation had disclosed the incident to the agency earlier that month.
The unknown threat actor attempted further lateral movement, including in the domain controller, which was blocked by network segmentation controls.
On 2 August, the Shadowserver Foundation reported via Twitter that hundreds of Citrix ADCs and gateways had been compromised with webshells. However, they did not disclose more detailed information about the affected organisations. ",2023-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,United States,NATO; NORTHAM,Critical infrastructure,,Not available,Not available,Not available,,1,14449,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,One,Exploit Public-Facing Application,Account Access Removal; Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/netscaler-adc-bug-exploited-to-breach-us-critical-infrastructure-org/; https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf; https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html; https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/; https://securityaffairs.com/149094/hacking/citrix-servers-webshells-cve-2023-3519-attacks.html; https://www.bleepingcomputer.com/news/security/over-640-citrix-servers-backdoored-with-web-shells-in-ongoing-attacks/; https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html; https://twitter.com/Shadowserver/status/1686778896962797576?ref%5Fsrc=twsrc%5Etfw,2023-07-24,2023-11-21
2448,Unknown Threat Actor Exfiltrated Patient Data From Florida-based Tampa General Hospital in May 2023,"Tampa General Hospital (TGH), a well-known non-profit private hospital in Tampa, FL (US), recently announced a data theft that affected 1.2 million patients. Unknown threat actors attempted to encrypt the hospital's systems with ransomware over a period of nearly three weeks in May.
Although the attack was repelled, the hospital confirmed that unauthorised third parties gained access to its network between 12 and 30 May. Although the hackers were prevented from encrypting the hospital's data, certain files containing sensitive patient data such as names, addresses, phone numbers, dates of birth, national insurance numbers, health insurance information, medical record numbers, patient account numbers, dates of services and certain dates of treatment as well as limited treatment information were compromised.
Tampa General Hospital has since hired an outside forensic firm to investigate the incident and has continually updated and improved the security of its systems. A spokesperson for the hospital called media reports suggesting leaks of TGH data by the ransomware group Snatch Team inaccurate.",2023-05-12,2023-05-30,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Tampa General Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14448,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.tgh.org/cybersecurity-notice,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-05-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Not available,,https://www.govinfosecurity.com/florida-hospital-says-data-theft-attack-affects-12-million-a-22616; https://www.tgh.org/cybersecurity-notice; https://www.tgh.org/cybersecurity-notice; https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-july-24-july-30; https://socradar.io/major-cyberattacks-in-review-july-2023/; https://www.govinfosecurity.com/lawsuits-mounting-against-florida-hospital-in-wake-breach-a-22771; https://www.wusf.org/health-news-florida/2024-02-17/hospital-cyberattacks-are-likely-to-increase-and-put-lives-at-risk-experts-warn,2023-07-24,2024-02-19
2446,Swedish e-health provider Ortivus affected by cyber attack since 18 July 2023,"The Swedish e-health provider Ortivus was targeted by a cyberattack on18 July 2023, according to a company press release from 19 July 2023. The incident affected UK customer systems ""within the hosted datacenter environment"". As a result, the electronic patient records have been unavailable at the time of the press release publication, but no patients ""have been directly affected"" and ""no other systems have been attacked"". If ransom has been demanded was not further clarified.
On 26 July, The Register reported that among the UK customer systems affected were at least two emergency services, namely the South Western Ambulance Service Foundation Trust (SWASFT) and the South Central Ambulance Service Trust (SCAS). The two emergency services were unable to access the MobiMed electronic patient record (ePR) provided by Ortivus.  ",2023-07-18,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Ortivus,Sweden,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,14447,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-07-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,National Health Service (NHS),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.marketscreener.com/quote/stock/ORTIVUS-AB-PUBL-30049549/news/Ortivus-electronic-patient-record-system-are-down-for-some-United-Kingdom-based-customers-due-to-a-44365777/; https://www.govinfosecurity.com/software-vendor-attack-slows-down-2-uk-ambulance-services-a-22659; https://securityaffairs.com/148847/cyber-crime/ambulance-services-cyberattack.html; https://www.databreaches.net/uk-ambulance-patient-records-system-hauled-offline-for-cyber-attack-probe/; https://www.ortivus.com/mfn%5Fnews/ortivus-electronic-patient-record-system-are-down-for-some-united-kingdom-based-customers-due-to-a-cyber-attack/; https://www.ortivus.com/mfn%5Fnews/mobimed-epr-is-getting-ready-to-be-re-initiated-after-previous-cyber-attack/; https://securityaffairs.com/148955/breaking-news/security-affairs-newsletter-round-430-by-pierluigi-paganini-international-edition.html; https://www.malwarebytes.com/blog/news/2023/07/supply-chain-attacks-disrupts-emergency-services-communications; https://www.bbc.co.uk/news/uk-england-hampshire-66315690?at_medium=RSS&at_campaign=KARANGA,2023-07-21,2023-11-21
2445,Chinese cyber-crime group 'Space Pirates' targeted Russian and Serbian public and private entities from June 2022 until July 2023,"The Chinese cyber-crime group 'Space Pirates' targeted Russian and Serbian public and private entities during the period of June 2022 to July 2023, according to a report from Russian IT security provider Positive Technologies (the company has been sanctioned by the US - joined by the EU on 23 June 2023 - over support it allegedly provided to Russian intelligence agencies). Space Pirates reportedly targeted at least 16 affected organizations, including government and educational institutions, private security companies, aerospace manufacturers, agricultural producers, as well as defense, energy, and infosec companies. The group's activities focus on the theft of confidential data. Reported targeting of state institutions may point to occasional political tasking in addition to the group's financial motivation.  ",2022-06-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Serbia; Russia; Serbia; Russia; Serbia; Serbia; Russia; Russia; Serbia; Russia,EUROPE; BALKANS; WBALKANS - EUROPE; EASTEU; CSTO; SCO - EUROPE; BALKANS; WBALKANS - EUROPE; EASTEU; CSTO; SCO - EUROPE; BALKANS; WBALKANS - EUROPE; BALKANS; WBALKANS - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; BALKANS; WBALKANS - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Education - Critical infrastructure - Critical infrastructure - State institutions / political system - Education - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - State institutions / political system, -  - Defence industry - Energy - Government / ministries -  - Defence industry -  - Energy - Government / ministries,Space Pirates,China,Non-state-group,Criminal(s),1,12288,2023-07-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Positive Technologies,,Russia,Space Pirates,China,Non-state-group,https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-a-look-into-the-group-s-unconventional-techniques-new-attack-vectors-and-tools/?utm_source=substack&utm_medium=email,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,16.0,1-10,2.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-a-look-into-the-group-s-unconventional-techniques-new-attack-vectors-and-tools/?utm_source=substack&utm_medium=email; https://www.darkreading.com/threat-intelligence/space-pirates-train-cyber-sabers-on-russian-serbian-organizations; https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html,2023-07-21,2023-09-08
2441,Russian state-sponsored hacker group Turla aka Secret Blizzard gained access to Ukrainian and Eastern European defence sectors using the CAPIBAR malware and the KAZUAR backdoor,"The Russian state-sponsored hacker group Turla aka Secret Blizzard gained access to Ukrainian and Eastern European defence sectors using the CAPIBAR malware and the KAZUAR backdoor, the Ukrainian CERT disclosed on 18 July 2023 with additional reporting by Microsoft on 19 July.
Turla managed to exfiltrate data from the infected computers, specifically targeting conversations in the desktop app of the messenger Signal. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Not available,Ukraine; Eastern Europe,EUROPE; EASTEU - ,Critical infrastructure - Critical infrastructure,Defence industry - Defence industry,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,2,14445; 14446,2023-07-18 00:00:00; 2023-07-19 00:00:00,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,CERT-UA; Microsoft,Not available; Microsoft,Ukraine; United States,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://cert.gov.ua/article/5213167; https://twitter.com/msftsecintel/status/1681695399084539908?s=12&t=tDVP3ULf1Ou5szxCQAKqjA,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-07-18 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Sovereignty,Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/microsoft-hackers-turn-exchange-servers-into-malware-control-centers/; https://cert.gov.ua/article/5213167; https://twitter.com/msftsecintel/status/1681695399084539908?s=12&t=tDVP3ULf1Ou5szxCQAKqjA; https://therecord.media/turla-hackers-targeting-ukraine-defense; https://www.govinfosecurity.com/russian-hackers-probe-ukrainian-defense-sector-backdoor-a-22591; https://thehackernews.com/2023/07/turlas-new-deliverycheck-backdoor.html; https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/; https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/; https://thehackernews.com/2023/11/turla-updates-kazuar-backdoor-with.html; https://www.darkreading.com/endpoint/upgraded-kazuar-backdoor-offers-stealthy-power,2023-07-20,2024-02-16
2440,"Unidentified actor gained access to a Pakistani government entity, a public sector bank and a telecommunications provider using the ShadowPad backdoor beginning in mid-February 2022","An unidentified actor gained access to a Pakistani government entity, a public sector bank, and a telecommunications provider using the ShadowPad backdoor beginning in mid-February 2022, the Japanese IT security firm Trend Micro reported in a technical report on 14 July 2023.
Trend Micro assessed the unattributed actors had tempered with the ""E-Office"" application by planting the ShadowPad backdoor in a compromised installer. E-Office is a custom application in use by Pakistani government entities only and designed to help deliver administrative services in a paperless and efficient manner. On 17 July 2023, the Pakistani government agency responsible for E-Office denied that its build environment had been compromised. As the installer was not publicly available at the time of the incident, Trend Micro assumes the three victims detected through its telemetry may have been infected with the trojanized installer through social engineering. 
The ShadowPad backdoor has been shared among Chinese threat actors, in particular Earth Akhlut and Earth Lusca, complicating attribution to a specific group. Considering additional malware components featured in the attack, Trend Micro raises the possible involvement of the Chinese state-sponsored hacking group Calypso or the DriftingCloud threat actor.",2022-02-01,2022-09-30,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available,Pakistan; Pakistan; Pakistan,ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO,State institutions / political system - Critical infrastructure - Critical infrastructure,Government / ministries - Finance - Telecommunications,Not available,Not available,Not available,,1,14444,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,3.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/07/pakistani-entities-targeted-in.html; https://www.trendmicro.com/en%5Fus/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html,2023-07-20,2023-11-21
2438,Unknown actor stole patient information from Dr Gary Motykie's plastic surgery practice (USA)on 13 April 2023,"An unknown actor stole information of 3,461 patients from Dr Gary Motykie's plastic surgery practice (USA) on 13 April 2023, as legal counsel of the practice reported to Maine's Attorney General on 23 June 2023. 
The data breach notification from the plastic surgery practice stated that the stolen information may include patient names; social security numbers (if provided); addresses; Driving licence or identification card numbers; financial account or payment card details; intake forms, which may include medical information and history; images taken in connection with the services rendered at the practice; as well as health insurance information (if provided). 
On 5 June 2023, the hackers began leaking samples of the stolen information and demanded $2.5 million from Dr Gary Motykie for the deletion. The leaked information included pictures of the patients, including their faces and/or their exposed chests, together with their personal information. In addition to pictures of patients, the leak site also hosts photos and videos that appear to show Dr Motykie as well as his brother engaging in intimate acts. Whether these files had been obtained from the same server as the patient files was not immediately clear. Over the course of leaking stolen information, the hackers contacted affected patients directly to demand money from them to delete their leaked information, several of whom seemed to have followed these demands.",2023-04-13,2023-04-13,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Dr. Motykie Plastic Surgery,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14443,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,1,2023-07-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/two-california-plastic-surgery-practices-suffer-cyberattacks-and-embarrassing-patient-data-leaks/; https://www.nbclosangeles.com/news/local/major-data-breach-at-beverly-hills-plastic-surgeons-office-exposes-patients-sensitive-information/3185086/; https://apps.web.maine.gov/online/aeviewer/ME/40/f40bec23-2017-4793-a0bb-2126fffe215f.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/f40bec23-2017-4793-a0bb-2126fffe215f/edefe045-0a22-47d5-a84d-eb14d09832ee/document.html; https://www.databreaches.net/more-plastic-surgery-patients-have-their-nude-photos-and-information-leaked/; https://www.darkreading.com/threat-intelligence/fbi-hackers-extorting-plastic-surgery-providers-patients,2023-07-20,2023-11-21
2437,Unknown actor gained access to Zimbra and Roundcube email servers of private and public institutions targeting government entities of different countries beginning in January 2023,"An unknown actor gained access to Zimbra and Roundcube email servers of private and public institutions targeting government entities of different countries beginning in January 2023, the Dutch IT security company EclecticIQ reported on 17 July 2023.
The targeting of government institutions in particular focused on Ukraine, Spain, Indonesia, Brazil, France, and Mexico. Whether the unidentified threat actor managed to break into the email servers of these government organizations was unclear.
EclecticIQ assesses the threat actor exploited vulnerabilities in the Roundcube email servers (CVE-2020-35730; CVE-2020-12641) to distribute phishing messages. Based on a low-confidence judgment, the hackers may also have taken advantage of a zero-day vulnerability in the Zimbra Collaboration Suite version 8.8.15 (CVE-2023-34192) disclosed on 13 July 2023 to circulate phishing lures.
At least one of the phishing messages contained a reply-to email address associated with a Russian hacker forum and likely directly controlled by the attackers. 
This may have been a precaution to prevent any responses to the message to be delivered to hijacked email accounts. The technical report also left open the possibility that the threat actor only had partial access to the email server, allowing them to send emails but not to access associated inboxes.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Social Insurance Fund - Lviv Danylo Halytskyi International Airport (LWO) - State Production and Consumer Service - State Audit Service of Ukraine (SAS) - Secretariat of Economic and Port Development - State Border Guard Service of Ukraine - Ministry of Industry (Indonesia) - National Police of Ukraine (NPU) - National Human Rights Commission - City Council of Santa Pau - State University of Intellectual Technologies and Communications - University of Tours,Ukraine; Ukraine; Ukraine; Ukraine; Brazil; Ukraine; Indonesia; Ukraine; Mexico; Spain; Ukraine; France,EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - SOUTHAM - EUROPE; EASTEU - ASIA; SCS; SEA - EUROPE; EASTEU -  - EUROPE; NATO; EU(MS) - EUROPE; EASTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system; Education - State institutions / political system; Critical infrastructure; Education,Civil service / administration - Transportation - Civil service / administration - Civil service / administration - Civil service / administration - Military - Government / ministries - Police - Civil service / administration - Civil service / administration - Civil service / administration;  - Civil service / administration; Research; ,Not available,Not available,Not available,,1,14442,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,One,Exploit Public-Facing Application,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,12.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://blog.eclecticiq.com/spearphishing-campaign-targets-zimbra-webmail-portals-of-government-organizations?utm_source=substack&utm_medium=email; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2023-07-19,2024-02-19
2436,"Administration of George County, MS (US), hit by a ransomware attack on 16 July 2023","The computer systems of the administration of George County in Mississippi (US) were hit by a ransomware attack on 15 July 2023. The infection was initiated by an employee who opened a link in a phishing mail. In the following days, the unknown attackers gained control of the system and encrypted most of its data. The attackers left a ransom note demanding payment in bitcoin. The county's communications director declared that the county expects to rebuild its systems from back-ups.",2023-07-15,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,"George County , MS",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,14441,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-07-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wkrg.com/state-regional/mississippi-news/official-george-county-miss-computer-systems-hacked-for-ransom/; https://therecord.media/coastal-mississippi-county-recovering-from-ransomware-attack-digital-hurricane; https://www.databreaches.net/it-feels-like-a-digital-hurricane-coastal-mississippi-county-recovering-from-ransomware-attack/; https://therecord.media/dhs-grants-millions-to-local-governments,2023-07-19,2023-11-21
2435,Unauthorized actor gained access to IT systems of Phoenician Medical Center in Arizona on 31 March 2023,"An unauthorized party gained access to the IT systems of the Phoenician Medical Center in Arizona on 31 March 2023. The Center notified 162,000 patients about the disruption of their systems and the theft of personal data, including the patient names, contact and demographic information, state ID, date of birth, diagnosis, treatment and prescription information, medical record numbers, name of healthcare provider, and date(s) of service.",2023-03-31,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Phoenician Medical Center ,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14440,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/phoenician-medical-center-notifying-162500-patients-of-attack-that-disrupted-it-systems/; https://phoenicianmedical.care/Notice_of_Data_Incident.pdf,2023-07-19,2023-11-21
2433,Russian-language cybercriminal group RedCurl gained access to shared network drive of major Russian bank beginning in November 2022,"The Russian-language cybercriminal group RedCurl gained access to a shared network drive of a major Russian bank beginning in November 2022, Russian IT security firm F.A.C.C.T. reported on 17 July 2023. 
According to this technical report, RedCurl initially tried to target the unnamed Russian bank directly with phishing emails in November 2022, but without success. In May 2023, RedCurl managed to gain access to a computer belonging to an employee of an unspecified contractor of that large Russian bank, from where it infected a shared network drive used by both the unspecified contractor and the bank. This shared network drive stored data from the financial institution. 
The cybercriminal group presumably sought to obtain data containing commercial secrets and personal information. Observations of the group suggest RedCurl does not typically encrypt victim data or issue ransom demands.",2023-05-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Australia; Russia,OC - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Finance,RedCurl,Not available,Non-state-group,Criminal(s),1,14434,2023-07-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,F.A.C.C.T.,,Russia,RedCurl,Not available,Non-state-group,https://www.facct.ru/blog/redcurl-2023/?utm%5Fsource=twitter&utm%5Fcampaign=redcurl-23&utm%5Fmedium=social,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing; Supply Chain Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,2.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/redcurl-hackers-russian-bank-australian-company; https://www.facct.ru/blog/redcurl-2023/?utm%5Fsource=twitter&utm%5Fcampaign=redcurl-23&utm%5Fmedium=social; https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html,2023-07-18,2023-11-21
2434,North Korean state-sponsored hacking group Labyrinth Chollima gained access to command framework of US cloud directory provider JumpCloud beginning on 22 June 2023,"A state-sponsored threat actor gained access to the command framework of US cloud directory provider JumpCloud beginning on 22 June 2023, the company reported in a notice on its website on 12 July 2023.
On 27 June, JumpCloud discovered unusual activity in a specific area of its IT infrastructure that the company traced back to a spear-phishing approach five days earlier. On 5 July, JumpCloud became aware that suspicious activity had permeated to the command frameworks of a few customers.
On 20 July, the senior threat researcher at SentinelOne, Tom Hegel, attributed this cyber incident to a state-sponsored hacking group from North Korea. 
A day later, on 21 July, Reuters published a media report based on findings from the previous day. Initially, Mandiant also attributed this cyber incident to a state-sponsored hacking group from North Korea working for the Reconnaissance General Bureau (RGB), North Korea's military intelligence agency. CrowdStrike went a step further and attributed this cyber incident to the state-sponsored hacking group Labyrinth Chollima, or better known as Lazarus. In addition, anonymous sources said that the previously unknown customers of JumpCloud who had been targeted were cryptocurrency companies.
On 24 July, Mandiant published a technical report on the investigation of one of the affected victims. In this technical report, Mandiant attributed this cyber incident to the North Korean state-sponsored hacking group UNC4889, which is affiliated with the Reconnaissance General Bureau (RGB). UNC4889 focuses on cryptocurrency companies and overlaps with the North Korean cybercriminal hacking group APT43, which also works for the North Korean government.  ",2023-06-22,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking without Misuse,JumpCloud - Not available,United States; Not available,NATO; NORTHAM - ,Critical infrastructure - Critical infrastructure,Telecommunications - Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,5,14437; 14435; 14436; 14439; 14438,2023-07-20 00:00:00; 2023-07-12 00:00:00; 2023-07-20 00:00:00; 2023-07-20 00:00:00; 2023-07-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Receiver attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,CrowdStrike; JumpCloud; SentinelOne; Mandiant; Mandiant,; Not available; ; ; ,United States; United States; United States; United States; United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Not available; Not available; Not available; Jade Sleet fka Storm-0954/TraderTraitor/UNC4899 (Reconaissance General Bureau)","Korea, Democratic People's Republic of; Not available; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://jumpcloud.com/blog/security-update-incident-details; https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/; https://www.reuters.com/technology/n-korea-hackers-breached-us-it-company-bid-steal-crypto-sources-2023-07-20/; https://www.mandiant.com/resources/blog/north-korea-supply-chain,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/; https://jumpcloud.com/blog/security-update-incident-details; https://thehackernews.com/2023/07/jumpcloud-blames-sophisticated-nation.html; https://securityaffairs.com/148547/apt/jumpcloud-nation-state-actor-attack.html; https://www.darkreading.com/attacks-breaches/north-korean-attackers-targeted-crypto-companies-in-jumpcloud-breach; https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/; https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/; https://www.reuters.com/technology/n-korea-hackers-breached-us-it-company-bid-steal-crypto-sources-2023-07-20/; https://therecord.media/github-cyberattack-attributed-to-new-north-korean-jade-sleet-group-microsoft; https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html; https://www.bleepingcomputer.com/news/security/jumpcloud-breach-traced-back-to-north-korean-state-hackers/; https://securityaffairs.com/148745/breaking-news/security-affairs-newsletter-round-429-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/148680/apt/north-korea-jumpcloud-attack.html; https://www.govinfosecurity.com/jumpcloud-hackers-likely-targeting-github-accounts-too-a-22621; https://www.mandiant.com/resources/blog/north-korea-supply-chain; https://www.bleepingcomputer.com/news/security/jumpcloud-hack-linked-to-north-korea-after-opsec-mistake/; https://cyberscoop.com/north-korean-hack-cryptocurrency-jumpcloud/; https://thehackernews.com/2023/07/north-korean-nation-state-actors.html; https://www.databreaches.net/north-korean-hackers-targeting-jumpcloud-mistakenly-exposed-their-ip-addresses-researchers-say/; https://therecord.media/north-korea-hackers-us-military-mnrs-south-korean-ecommerce; https://thehackernews.com/2023/08/north-korean-hackers-targets-russian.html; https://www.mandiant.com/resources/blog/traditional-advice-modern-threats; https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html,2023-07-18,2023-12-08
2430,Unknown actors disrupted IT infrastructure of the US city of West Jordan in Utah on 14 June 2023,"Unknown actors disrupted the IT infrastructure of the US city of West Jordan in Utah, USA, on 14 June 2023, the city itself announced on its website on 20 June 2023.",2023-06-14,2023-06-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,"City of West Jordan, UT (US)",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,14432,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.westjordan.utah.gov/newsroom/2023/06/west-jordan-city-cyber-security-incident/,2023-07-17,2023-11-21
2431,Unknown actors disrupted information system of a dispensary of the Russian pharmacy JSC in the Primorsky Krai region on 14 July 2023,"Unknown actors disrupted the information system of a dispensary of the Russian pharmacy JSC in the Primorsky Krai region on 14 July 2023, the local health minister Anastasia Khudchenko reported on her Telegram channel the same day.
Khudchenko announced that the distribution of subsidised medicine had to be suspended as a result of the incident. Manual operations would ensure the continued distribution of urgently needed medication. ",2023-07-14,2023-07-14,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Pharmacy JSC,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Health,Not available,Not available,Not available,,1,14433,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-07-14 00:00:00,State Actors: Stabilizing measures,Subnational executive official,Russia,Anastasia Khudchenko (Minister of Health of the Primorsky Territory; Russia),No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.newsvl.ru/society/2023/07/14/218229/; https://t.me/anastasiyahudchenko/638,2023-07-17,2023-12-19
2429,Chinese state-sponsored threat actor APT3 targeted organizations in various critical infrastructure sectors and federal US agencies with spearphishing in Operation Clandestine Wolf in June 2015,"The Chinese state-sponsored threat actor APT3 targeted organizations in the aerospace and defense, construction and engineering, high-tech, telecommunications and transportation sectors with spearphishing in an Operation dubbed 'Clandestine Wolf' in June 2015, according to FireEye. Phishing messages included a malicious attachment designed to exploit a Adobe Flash Player zero-day vulnerability (CVE-2015-3113). In July of the same year, media reports stated that an ""unclassified but restricted For Official Use Only security advisory from the Agriculture Department (one of several federal agencies affected)"" revealed that Operation Clandestine Wolf also affected some large US federal agencies. The same media report by FWC also claimed to have received information from unnamed sources within affected agencies that reported network infiltrations via spearphishing and attached malware. ",2015-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available,United States; United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure, - Telecommunications - Defence industry - Transportation - Critical Manufacturing,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested",,1,13361,2015-06-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,FireEye,,United States,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested",,International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,Yes,One,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Cyber espionage,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.nextgov.com/cybersecurity/2015/07/feds-targeted-in-clandestine-wolf-phishing-campaign/207803/; https://www.mandiant.com/resources/blog/operation-clandestine-wolf-adobe-flash-zero-day,2023-07-14,2023-09-26
2427,"Chinese threat actor Storm-0558 gained access to email accounts of about 25 organisations, including government agencies, starting on 15 May 2023","Storm-0558, a group with suspected state links, gained access to email accounts of approximately 25 organizations, including government agencies, beginning on 15 May 2023. Other related consumer accounts were potentially compromised as well. Microsoft assessed with moderate confidence that the actor is China-based. In response to a media question, State Department spokesperson Matthew Miller on 12 July expressed that the US government had no reason to doubt Microsoft's conclusions but had not made its own attribution at this time. 
The Washington Post reported that the US Department of State, the US Department of Commerce, a congressional staffer, a US human rights advocate, and US think tanks were affected. Citing anonymous officials, the report names Commerce Secretary Gina Raimondo as among the senior government representatives individually targeted in the operation.
On 16 July, US National Security Advisor Jack Sullivan told CNN that the hacked email accounts were not classified and no secret/confidential data from state agencies could have been obtained by the hackers. Secretary of State Antony Blinken is said to have raised the issue with China's leading diplomat Wang Yi during a meeting in Jakarta, according to the same news report. 
On 20 July 2023, the Wall Street Journal reported that these same Beijing-linked threat actors had also managed to access the email accounts of key US diplomats, including the US ambassador to China, Nicholas Burns, and the Assistant Secretary of State for East Asia, Daniel Kritenbrink. 
On 27 July 2023 US Senator Ron Wyden (D-OR) asked the Department of Justice (DOJ), Federal Trade Commission (FTC) and Cybersecurity and Infrastructure Security Agency (CISA) in a letter to investigate whether negligent security practices of Microsoft allowed this breach to happen.
In a technical report dated 6 September 2023, Microsoft explained that a crash on the consumer signing system in April 2021 resulted in the acquisition of the consumer key by the threat actor.  As the crash dump was believed to contain no sensitive data, it was moved from the isolated production environment to the debug environment on the internet-connected corporate network. Storm-0558 had subsequently compromised a corporate network account belonging to a Microsoft engineer. The account had access to the debug environment with the crash dump, which mistakenly contained the key.
On 27 September 2023, Reuters reported that 60,000 emails were stolen from 10 State Department email accounts, a staffer of republican senator Eric Schmitt was told in a briefing by State Department IT officials. Nine of those email accounts belonged to people working in East Asia and the Pacific, and one email account belonged to a person working in Europe. Senator Eric Schmitt, wrote in an email to Reuters that ""we need to harden our defences against these types of cyber attacks"". Some affected institutions could not trace evidence of a breach as that would have required expanded logging, which is only available for premium clients. After criticism by the United States National Security Council and the Cybersecurity and Infrastructure Security Agency (USA), Microsoft rolled out expanded logging at the end of February 2024.
On 20 March 2024, the US Cyber Safety Review Board, which investigated the role Microsoft played in the intrusion, concluded that the intrusion was an ""avoidable error"" due to ""deprioritizing security"" that could have been prevented. The Board criticized the provider for lacking security and monitoring measures and urged Microsoft to focus on security first.
Another response came from Senator Ron Wyden, D-Ore., who released a draft legislation on 8 April 2024 to set mandatory cybersecurity standards, directly referencing the incident. ",2023-05-15,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None,United States; Not available; United States; United States; United States; United States; United States; United States; Western Europe,NATO; NORTHAM -  - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - ,Education - State institutions / political system - State institutions / political system - State institutions / political system - Social groups - State institutions / political system - State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system, - Government / ministries - Government / ministries - Government / ministries - Advocacy / activists (e.g. human rights organizations) - Government / ministries - Government / ministries - Legislative; Civil service / administration - Government / ministries,Storm-0558,China,State,,1,18781,2023-07-11 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,Microsoft,United States,Storm-0558,China,State,https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/,International power,Unknown,,Unknown,,3,2023-07-16 00:00:00; 2023-09-27 00:00:00; 2024-04-08 00:00:00,State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Legislative reactions,Statement by head of state/head of government (or executive official); Statement by other ministers (or spokespersons)/members of parliament; Legislative initiative,United States; United States; United States,"Jack Sullivan (US national security advisor); Eric Schmitt (Senator from Missouri, United States); Ron Wyden (Democratic Senator of Oregon, USA)",No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,0.0,1-10,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.hackread.com/chinese-group-storm-0558-hacked-europe-microsoft/; https://www.wired.com/story/microsoft-cloud-attack-china-hackers/; https://www.darkreading.com/endpoint/chinese-apt-cracks-microsoft-outlook-emails-government-agencies; https://securityaffairs.com/148387/hacking/microsoft-blocked-storm-0558-attack.html; https://www.databreaches.net/chinese-hackers-breached-government-email-accounts-microsoft-says/; https://therecord.media/chinese-hackers-breached-us-and-european-governments; https://www.bleepingcomputer.com/news/security/microsoft-chinese-hackers-breached-us-govt-exchange-email-accounts/; https://cyberscoop.com/china-hackers-email-us-government/; https://www.c4isrnet.com/management/2023/07/12/us-government-linked-email-accounts-hacked-from-china-microsoft-says/; https://www.jpost.com/international/article-749783; https://thediplomat.com/2023/07/china-based-hackers-breached-government-and-individual-email-accounts-microsoft-says/; https://thehackernews.com/2023/07/microsoft-thwarts-chinese-cyber-attack.html; https://www.govinfosecurity.com/china-based-hacker-hijacked-eu-us-government-emails-a-22527; https://www.elmundo.es/tecnologia/2023/07/12/64ae8f1021efa0357c8b45c2.html; https://elpais.com/https:/elpais.com/internacional/2023-07-12/microsoft-desvela-un-ataque-informatico-chino-a-cuentas-de-correo-del-gobierno-estadounidense.html; https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/; https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/; https://www.kleinezeitung.at/wirtschaft/6306407/Laut-MicrosoftAngaben_Hacker-aus-China-drangen-in-EMailKonten; https://thehackernews.com/2023/07/us-government-agencies-emails.html; https://www.defenseone.com/threats/2023/07/chinese-cybercriminals-breach-government-email-accounts-microsoft-cloud-hack/388461/; https://securityaffairs.com/148422/intelligence/chinese-hackers-compromised-emails-us-gov.html; https://www.cisa.gov/sites/default/files/2023-07/aa23-193a_joint_csa_enhanced_monitoring_to_detect_apt_activity_targeting_outlook_online_1.pdf; https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/; https://therecord.media/china-hacking-uk-members-parliament; https://www.wired.com/story/hikvision-cameras-telegram-children/; https://www.bleepingcomputer.com/news/microsoft/microsoft-still-unsure-how-hackers-stole-azure-ad-signing-key/; https://therecord.media/microsoft-changes-signing-key-system; https://www.jpost.com/international/article-750118; https://cyberscoop.com/microsoft-china-hacking-state/; https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html; https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html; https://cyberscoop.com/bide-cybersecurity-strategy-implementation/; https://www.n-tv.de/politik/Hacker-erbeuten-wohl-keine-US-Geheiminformationen-article24265321.html; https://www.govinfosecurity.com/hacker-stole-signing-key-hit-us-governments-microsoft-365-a-22565; https://www.darkreading.com/remote-workforce/microsoft-logging-tax-hinders-incident-response; https://nakedsecurity.sophos.com/2023/07/18/microsoft-hit-by-storm-season-a-tale-of-two-semi-zero-days/; https://jyllands-posten.dk/international/usa/ECE16286287/kinesisk-gruppe-har-hacket-sig-ind-i-amerikanske-regeringsemails/; https://politiken.dk/udland/art9439907/Kinesisk-gruppe-hacker-sig-ind-i-amerikanske-regerings-e-mails; https://www.nrc.nl/nieuws/2023/07/13/chinese-cyberspionnen-braken-in-bij-westerse-overheden-a4169674; https://cyberscoop.com/microsoft-cloud-breach-china/; https://www.darkreading.com/application-security/microsoft-relents-offers-free-key-logging-365-customers; https://thehackernews.com/2023/07/microsoft-expands-cloud-logging-to.html; https://www.channelnewsasia.com/world/us-ambassador-china-hacked-china-linked-spying-operation-report-3643856; https://www.reuters.com/world/us-ambassador-china-hacked-china-linked-spying-operation-wsj-2023-07-20/; https://www.wsj.com/articles/u-s-ambassador-to-china-hacked-in-china-linked-spying-operation-f03de3e4; https://www.wired.com/story/china-breach-microsoft-cloud-email-may-expose-deeper-problems/; https://www.ilsole24ore.com/art/spionaggio-internazionale-hacker-cinesi-violano-account-posta-ambasciatore-usa-pechino-burns-AF7BK0I; https://www.bleepingcomputer.com/news/security/stolen-azure-ad-key-offered-widespread-access-to-microsoft-cloud-services/; https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr; https://therecord.media/microsoft-disputes-report-on-chinese-hacking; https://www.darkreading.com/cloud/microsoft-365-breach-risk-widens-millions-of-azure-ad-apps; https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html; https://www.diepresse.com/13447406/smarte-geraete-aber-sicher-weisses-haus-kuendigt-initiative-an; https://tarnkappe.info/artikel/cyberangriff/hacker-stehlen-microsoft-keys-und-bedienen-sich-an-e-mails-278689.html; https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-july-17-23; https://www.state.gov/briefings/department-press-briefing-july-12-2023/; https://therecord.media/senator-calls-on-doj-to-investigate-alleged-china-microsoft-hack; https://www.wyden.senate.gov/imo/media/doc/wyden%5Fletter%5Fto%5Fcisa%5Fdoj%5Fftc%5Fre%5F2023%5Fmicrosoft%5Fbreach.pdf; https://www.darkreading.com/perimeter/senator-microsoft-negligence-365-email-breach; https://d.newsweek.com/en/file/466662/senators-write-state-department-about-outlook-hack.pdf; https://cyberscoop.com/microsoft-china-breach-encryption-key/; https://www.c4isrnet.com/c2-comms/2023/07/31/a-win-a-miss-and-a-path-to-stronger-digital-authentication/; https://cyberscoop.com/tenable-microsoft-negligence-security-flaw/; https://www.hackread.com/china-apt-group-gapped-systems-malware-europe/; https://www.govinfosecurity.com/tenable-ceo-slams-microsoft-for-failing-to-quickly-patch-bug-a-22719; https://therecord.media/russian-hackers-sent-phishing-lures; https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html; https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://therecord.media/chinese-cyber-spies-improve-but-have-not-eclipsed-nsa; https://www.darkreading.com/dr-tech/microsoft-expands-cloud-security-posture-management-to-google-cloud; https://www.wired.com/story/keystroke-attack-security-roundup/; https://www.bleepingcomputer.com/news/security/us-cyber-safety-board-to-analyze-microsoft-exchange-hack-of-govt-emails/; https://therecord.media/china-microsoft-hack-rep-don-bacon; https://www.heise.de/meinung/Kommentar-Microsoft-provoziert-den-Cloud-GAU-und-reagiert-dann-katastrophal-9258697.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://thehackernews.com/2023/08/the-vulnerability-of-zero-trust-lessons.html; https://www.faz.net/aktuell/wirtschaft/unternehmen/das-steckt-hinter-dem-hackerangriff-auf-microsoft-outlook-19065644.html; https://www.heise.de/news/Microsofts-gestohlener-Master-Key-FBI-informiert-wohl-noch-immer-Betroffene-9248083.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/hintergrund/Storm-558-Angriff-auf-Exchange-Mails-von-Regierungsbehoerden-und-vielleicht-mehr-9243694.html?wt_mc=rss.red.ho.ho.rdf.beitrag_plus.beitrag_plus; https://www.heise.de/ratgeber/LoRaWAN-Selbstbaunetz-fuer-die-Smart-City-9229746.html?wt_mc=rss.red.ho.ho.rdf.beitrag_plus.beitrag_plus; https://www.heise.de/hintergrund/Wohlfuehl-Kontrolle-Wie-Apps-die-Stimmungslage-von-Schuelern-kontrollieren-9237010.html?wt_mc=rss.red.ho.ho.rdf.beitrag_plus.beitrag_plus; https://www.heise.de/tests/Test-SoftMaker-Office-2024-und-NX-mit-KI-Anbindung-9242074.html?wt_mc=rss.red.ho.ho.rdf.beitrag_plus.beitrag_plus; https://cyberscoop.com/cyber-safety-review-board-microsoft-cisa-dhs/; https://www.heise.de/tests/3D-Drucker-Wir-haben-den-neuen-AnkerMake-M5C-getestet-9239449.html?wt_mc=rss.red.ho.ho.rdf.beitrag_plus.beitrag_plus; https://www.bleepingcomputer.com/news/security/new-hiatusrat-malware-attacks-target-us-defense-department/; https://arstechnica.com/security/2023/08/cybersecurity-experts-say-the-west-has-failed-to-learn-lessons-from-ukraine/; https://therecord.media/microsoft-details-outlook-hack-on-government-officials-china; https://www.bleepingcomputer.com/news/microsoft/hackers-stole-microsoft-signing-key-from-windows-crash-dump/; https://www.wired.com/story/china-backed-hackers-steal-microsofts-signing-key-post-mortem/; https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/; https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/; https://cyberscoop.com/microsoft-china-signing-key/; https://socradar.io/microsoft-reveals-how-storm-0558-acquired-the-signing-key-they-stole-from-a-crash-dump/; https://www.govinfosecurity.com/trail-errors-led-to-chinese-hack-microsoft-cloud-email-a-23035; https://www.hackread.com/microsoft-chinese-hackers-signing-key-breach-outlook/; https://www.channelnewsasia.com/business/microsoft-says-compromise-its-engineers-account-led-chinese-hack-us-officials-3751616; https://securityaffairs.com/150449/hacking/chinese-hackers-stole-microsoft-signing-key.html; https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html; https://www.heise.de/news/Gestohlener-Microsoft-Schluessel-stammte-aus-einem-Crash-Dump-9297240.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://blogs.microsoft.com/on-the-issues/2023/09/07/digital-threats-cyberattacks-east-asia-china-north-korea/; https://cyberscoop.com/chinese-ai-ops-microsoft/; https://www.malwarebytes.com/blog/news/2023/09/how-critical-microsoft-accounts-were-hacked; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://www.techrepublic.com/article/microsoft-apple-spyware/; https://www.darkreading.com/attacks-breaches/microsoft-ids-security-gaps-that-let-threat-actor-steal-signing-key; https://www.darkreading.com/attacks-breaches/double-edged-sword-cyber-espionage; https://therecord.media/ncsc-director-michael-casey-senate-confirmation; https://www.darkreading.com/application-security/microsoft-azure-hdinsight-xss-vulnerabilities; https://www.bleepingcomputer.com/news/security/microsoft-breach-led-to-theft-of-60-000-us-state-dept-emails/; https://www.reuters.com/world/us/chinese-hackers-stole-60000-emails-us-state-department-microsoft-hack-senate-2023-09-27/; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/china-blacktech-router-hack/; https://securityaffairs.com/151685/hacking/u-s-state-department-stolen-emails.html; https://www.heise.de/news/60-000-geklaute-Regierungsmails-Erste-Zahlen-nach-Microsofts-Cloud-Key-Debakel-9321044.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.techrepublic.com/article/new-nsa-cisa-iam-guidance/; https://www.bleepingcomputer.com/news/security/microsoft-extends-purview-audit-log-retention-after-july-breach/; https://www.techrepublic.com/article/five-eyes-five-principles-secure-innovation/; https://www.diepresse.com/13443917/hacker-aus-china-drangen-in-e-mail-konten-westlicher-regierungen-ein; https://cyberscoop.com/cisa-google-workspace-scuba-baselines-microsoft-breach-china/; https://www.01net.com/actualites/hackers-russes-pirate-microsoft-mot-passe-epu-securise.html; https://cyberscoop.com/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach/; https://www.bleepingcomputer.com/news/security/microsoft-reveals-how-hackers-breached-its-exchange-online-accounts/; https://www.bleepingcomputer.com/news/security/hpe-investigates-new-breach-after-data-for-sale-on-hacking-forum/; https://www.bleepingcomputer.com/news/security/microsoft-expands-free-logging-capabilities-after-may-breach/; https://cyberscoop.com/microsoft-logging-cisa-omb/; https://www.firstpost.com/tech/chinas-attack-on-microsoft-was-preventable-if-they-had-taken-cybersecurity-seriously-says-us-govt-13755823.html; https://www.euronews.com/next/2024/04/03/microsoft-criticised-for-cascade-of-security-failures-in-chinese-hacking-investigation; https://cyberscoop.com/microosft-csrb-china-hacking/; https://www.voachinese.com/a/us-says-china-hacking-us-officials-preventable-20240403/7554569.html; https://www.spiegel.de/netzwelt/netzpolitik/microsoft-regierungskommission-wirft-nachlaessigkeit-bei-chinesischem-hackerangriff-vor-a-acdf3f26-e0ef-4078-956f-8a449a7ac74f; https://therecord.media/dhs-cascade-of-security-failures-microsoft-china-hack; https://www.heise.de/news/Klatsche-fuer-Microsoft-US-Behoerde-wirft-MS-Sicherheitsversagen-vor-9674431.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.01net.com/actualites/etats-unis-microsoft-negligence-cyberattaque-chinoise.html; https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html; https://www.usine-digitale.fr/article/le-piratage-de-microsoft-par-la-chine-etait-evitable-assure-un-comite-gouvernemental-americain.N2211014; https://www.bleepingcomputer.com/news/security/microsoft-still-unsure-how-hackers-stole-msa-key-in-2023-exchange-attack/; https://www.voachinese.com/a/scathing-federal-report-rips-microsoft-for-shoddy-security-insincerity-in-response-to-chinese-hack-20240403/7556148.html; https://www.voachinese.com/a/us-says-china-hacking-us-officials-preventable-20240403/7554569.html; https://www.heise.de/news/Donnerstag-Comeback-der-Netzneutralitaet-in-den-USA-eintaegige-Google-I-O-im-Mai-9674505.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://es.benzinga.com/2024/04/04/microsoft-enfrenta-criticas-ciberataque-2023/; https://www.tomshw.it/hardware/exchange-e-un-colabrodo-lattacco-hacker-del-2023-poteva-essere-evitato-2024-04-04; https://cyberscoop.com/federal-government-russian-breach-microsoft/; https://www.lemondeinformatique.fr/actualites/lire-apres-le-piratage-d-exchange-le-gouvernement-us-etrille-la-securite-de-microsoft-93427.html; https://blogs.microsoft.com/on-the-issues/2024/04/04/china-ai-influence-elections-mtac-cybersecurity/; https://cyberscoop.com/microsoft-ai-election-taiwan/; https://fr.finance.yahoo.com/actualites/cyberattaque-chinoise-n%C3%A9gligence-microsoft-point%C3%A9e-153500929.html; https://www.wired.com/story/identity-thief-lived-as-a-different-man-for-33-years/; https://therecord.media/china-ai-influence-operations; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://www.schneier.com/blog/archives/2024/04/us-cyber-safety-review-board-on-the-2023-microsoft-exchange-hack.html; https://www.wired.com/story/the-us-government-has-a-microsoft-problem/; https://www.wyden.senate.gov/news/press-releases/wyden-releases-draft-legislation-to-end-federal-dependence-on-insecure-proprietary-software-in-response-to-repeated-damaging-breaches-of-government-systems,2023-07-13,2024-04-19
2425,"Snatch ransomware group gained access to network of Mount Desert Island Hospital in Maine, US, beginning in late April 2023","The Snatch ransomware group gained access to certain segments of the network of the Mount Desert Island Hospital in Maine during the period of 28 April to 7 May 2023, according to an incident notification published by the hospital on 5 June. The ransomware group claimed responsibility for the intrusion on the same day by adding the hospital's name to its leak site without providing any further evidence. According to the data breach notification, impacted data may have included individuals' name, address, date of birth, driving licence/state identification number, social security number, financial account information, medical record number, Medicare or Medicaid identification number, mental or physical treatment/condition information, diagnosis code/information, date of service, admission/discharge date, prescription information, billing/claims information, personal representative or guardian name, and health insurance information.",2023-04-28,2023-05-07,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Mount Desert Island Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,Snatch Ransomware Group,Not available,Non-state-group,Criminal(s),1,14430,2023-06-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Snatch Ransomware Group,Not available,Not available,Snatch Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/mount-desert-island-hospital-notifies-24180-patients-of-april-network-attack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/mount-desert-island-hospital-notifies-24180-patients-of-april-network-attack/; https://www.mdihospital.org/notice-of-data-security-incident/,2023-07-12,2023-11-21
2423,Unnamed actor stole personal patient information from external storage location of US HCA Healthcare provider,"An unnamed actor stole personal information of 11 million patients from an external storage location of US HCA Healthcare, the healthcare provider reported in a press release on 10 July 2023. 
Five days earlier, on 5 July, an unnamed user advertised 14 GB of patient data apparently obtained from HCA Healthcare for sale on a hacking forum. That same user claimed to be responsible for the intrusion. 
Operating 182 hospitals and 2,200 care centers in 21 US states and the United Kingdom, HCA is one of the largest hospital groups in the US. 
According to the company's press release, stolen data did not include patients' clinical data but may have contained their name, address information, email, telephone number, date of birth, gender, as well as service dates, locations and next appointment dates. ",2023-01-01,2023-07-05,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Hospital Corporation of America (HCA),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14429,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.databreaches.net/developing-hca-healthcare-patient-data-for-sale-on-hacking-forum/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govinfosecurity.com/hca-says-up-to-11m-patients-affected-by-email-data-hack-a-22505; https://www.sec.gov/Archives/edgar/data/860730/000119312523184269/d522417dex991.htm; https://www.databreaches.net/developing-hca-healthcare-patient-data-for-sale-on-hacking-forum/; https://www.bleepingcomputer.com/news/security/hca-confirms-breach-after-hacker-steals-data-of-11-million-patients/; https://securityaffairs.com/148371/data-breach/hca-healthcare-data-breach.html; https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html; https://socradar.io/major-cyberattacks-in-review-july-2023/; https://www.darkreading.com/vulnerabilities-threats/rhysida-ransomware-trains-its-sights-on-healthcare-operations; https://socradar.io/cyber-siege-the-growing-threat-to-the-us-healthcare/; https://www.wusf.org/health-news-florida/2024-02-17/hospital-cyberattacks-are-likely-to-increase-and-put-lives-at-risk-experts-warn,2023-07-12,2024-01-09
2422,BlackCat/AlphV ransomware group gained access to servers of Bangladesh Agricultural (Krishi) Bank (BKB) and disrupted operational software in June 2023,"The BlackCat/AlphV ransomware group gained access to the servers of Bangladesh Agricultural (Krishi) Bank (BKB) and disrupted operational software in June 2023.
Around 25 June, BKB officials confirmed to the Bangladeshi press that hackers had gained control of some of its servers on 21 June. The statements further detailed that bank employees noted problems in accessing core banking software the following day, 22 June, leading to the discovery of the intrusion. BKB managing director, Shaukat Ali Khan, reported on 25 June that the bank had recovered its systems. According to the bank's assessments, the incident did not result in disruptions of customer services or data theft. Executive Director and acting spokesperson of BKB, Zakir Hossain Chowdhury, went further, claiming that there had been ""no hacking"" and attributed the incident to server downtime. 
These post-incident assessments deviate from earlier reports by bank officials that the disruptions had affected bank transactions and stand in contrast to the actions announced by AlphV. 
The ransomware note AlphV sent to BKB had claimed the theft of 170 GB of sensitive data on 21 June, in addition to the encryption of data. In communications sent to the Bangladeshi press on 7 July, AlphV disputed BKB statements and announced that it had started to leak stolen data.  ",2023-06-09,2023-06-25,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Bangladesh Krishi Bank (BKB),Bangladesh,ASIA; SASIA,Critical infrastructure,Finance,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,14428,2023-06-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,https://www.databreaches.net/almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://www.databreaches.net/almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets/; https://newsbeezer.com/bangladesh/krishi-bank-in-the-hands-of-hackers/; https://barta24.com/details/national-en/180804/hackers-controlled-server-of-krishi-bank-for-four-days,2023-07-11,2024-01-25
2421,Unnamed Cyber Criminals Exploited Flaw in Revolut's Payment Systems Resulting in $20 Million Theft in Early 2022,"Revolut, a prominent global neobank and financial technology company, lost over $20 million of corporate funds to criminals exploiting a flaw in its payment systems in late 2021 and early 2022. The theft was enabled by a loophole in Revolut's US payment systems that led to erroneous refunds. Taking advantage of inconsistencies between the company's US and European systems, organised criminal groups devised a scheme that involved high-value purchases and swift ATM withdrawals. While efforts were made to recover some of the stolen funds, Revolut incurred a net loss of approximately $20 million. ",2022-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Hijacking with Misuse; Hijacking with Misuse,,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Finance,,Not available,Non-state-group,Criminal(s),1,14412,2023-07-09 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Financial Times,Not available,United Kingdom,,Not available,Non-state-group,https://www.hackread.com/global-neobank-revolut-hacked/,Unknown; Unknown,Not available; Not available,,Not available; Not available,,0,,Not available,,Not available,Not available,No; No,,Not available,Not available,Not available,False,Not available; Not available,Not available; Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity); Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none; none,none; none,2,Moderate - high political importance; Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,20000000.0,dollar,None/Negligent,Due diligence; Sovereignty; International economic law,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/global-neobank-revolut-hacked/; https://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html; https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/; https://securityaffairs.com/149821/cyber-crime/lapsus-member-convicted.html,2023-07-11,2023-11-21
2420,Unknown ransomware group encrypted the servers of the US-based Gates Corporation and stole personnel information beginning on 7 February 2023,"An unknown ransomware group encrypted the servers of the US-based Gates Corporation and stole personnel information during 7-14 February 2023, the Gates Corporation reported in a data breach notice on 7 July. The company, which specializes in the production of power transmission belts and fluid power products, reported to not have paid any ransom.  
The data breach affected a vast majority (11,000) of the company's approximately 15,000 employees. Exfiltrated information included HR records containing employee names, addresses, dates of birth, social security numbers, direct deposit information, driving licences, and passports, if provided.",2023-02-07,2023-02-14,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Gates Corporation,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,14427,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/gates-corporation-no-not-that-gates-discloses-a-ransomware-attack/; https://apps.web.maine.gov/online/aeviewer/ME/40/e8e69402-e462-4779-8798-c62de1d61c9a/a921db44-7bdd-454d-a62e-d49c20467725/document.html; https://apps.web.maine.gov/online/aeviewer/ME/40/e8e69402-e462-4779-8798-c62de1d61c9a.shtml,2023-07-11,2023-11-21
2419,Unknown actors gained access to the Facebook account of Bidhannagar City Police in India on 8 July 2023,"Unknown actors gained access to the official Facebook account of the Bidhannagar City Police in India on 8 July 2023. The actors hijacking the account made innocuous changes to the profile, changing the name to ""Bidhannagar City"" and altering the account banner to carry messages related to a recent police awareness campaign and Independence Day celebrations. The police department regained control over the account after liaising with Meta.",2023-07-08,2023-07-09,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse, Bidhannagar City Police,India,ASIA; SASIA; SCO,State institutions / political system,Police,Not available,Not available,Not available,,1,14426,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://timesofindia.indiatimes.com/city/kolkata/bidhannagar-polices-fb-page-down-for-hours-after-virus-attack/articleshow/101623537.cms,2023-07-10,2023-11-21
2418,Unknown actors hit Luigi Vanvitelli hospital in Italy in a ransomware attack on 1 July 2023,"Unknown actors hit the Luigi Vanvitelli university hospital in Italy in a ransomware attack on 1 July 2023. The attack resulted in network disruptions, particularly affecting access to analytic software used in the university's laboratories, forcing a switch to near-manual procedures. The cause of the infiltration and whether any data in addition to employee email account credentials has been breached remains under investigation.",2023-07-01,2023-07-01,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Luigi Vanvitelli hospital,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Health,Not available,Not available,Not available,,1,14424,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/it-luigi-vanvitelli-hospital-hit-by-ransomware/; https://news.italy24.press/local/677710.html,2023-07-10,2023-11-21
2417,Hacktivist group SiegedSec targeted satellite receivers and and deleted accounts to monitor satellite receivers through customer portal of ITC Global,"Hacktivist group SiegedSec gained access to the customer portal of US technology company ITC Global and deleted customer accounts, the group announced on its Telegram channel on 1 July 2023. The affected accounts appear to enable the monitoring of satellite receivers, but otherwise facilitate limited access. SiegedSec alleged to have removed company accounts of Halliburton, Shell, Helix Energy, and Oceaneering. Whether the group succeeded in this has not been independently confirmed.
In addition, the hacktivist group claimed to have ""targeted"" satellite receivers and industrial control systems (ICS) directly across several US states that the group linked together based on their policies to ban gender-affirming care. SiegedSec did not further specify which actions it performed on systems it claimed to have compromised. The access to affected receivers of the manufacturer Trimble may have been aided by the inclusion of default log in values in an online manual for one of the company's receiver models, netR9. Receivers of this type appear to be most commonly used for positioning.
In the same announcement, SiegedSec posted a link to a 40 GB cache of documents it claimed to have obtained from Fort Worth Transportation & Public Works in an apparent follow-up targeting of the city of Forth Worth after it had leaked 180 GB of city files on 23 June. After inspecting the files, city officials disputed a renewed infiltration, stating that the underlying servers had not been compromised and that the data in question was public information.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Hijacking with Misuse,ITC Global,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,SiegedSec,Not available,Non-state-group,Hacktivist(s),1,14422,2023-07-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,SiegedSec,Not available,Not available,SiegedSec,Not available,Non-state-group,https://t.me/SiegedSec/215,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Valid Accounts,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://cyberscoop.com/siegedsec-hack-transition-bans-satellite-systems/; https://twitter.com/N4hualH/status/1675147881211199488; https://t.me/SiegedSec/215; https://cyberscoop.com/nato-breach-of-unclassified-information-siegedsec/; https://therecord.media/fort-worth-officials-say-leaked-data-was-public,2023-07-07,2023-11-21
2416,Iranian state-sponsored hacking group 'TA453' aka 'Charming Kitten' gained access to computers of experts in nuclear proliferation policy and Middle Eastern affairs using Gorjol Echo backdoor beginning in mid-May 2023,"The Iranian state-sponsored hacking group 'TA453', aka 'Charming Kitten', gained access to computers of experts in nuclear proliferation policy and Middle Eastern affairs using the GorjolEcho backdoor beginning in mid-May 2023, the US-based IT security firm Proofpoint assessed with high confidence in a technical report on 6 July 2023.
In the process, the hackers, linked to the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO), posed as senior researchers and tricked their victims into clicking malicious links. In addition to the GorjolEcho backdoor, the hackers also used the NokNok backdoor to infect Apple macOS operating systems. ",2023-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Not available; United States, - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Research - Research,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,14420,2023-07-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Proofpoint,,United States,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware,International power,System/ideology; International power,Iran – USA; Iran – USA,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,2.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware; https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html; https://therecord.media/iran-ta453-apt42-charming-kitten-espionage-nuclear-security-think-tanks; https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-use-new-noknok-malware-for-macos/; https://securityaffairs.com/148275/apt/ta453-malware-windows-macos.html; https://www.darkreading.com/dr-global/apt35-mac-bespoke-malware,2023-07-07,2023-11-21
2413,Russian ransomware group 'LockBit 3.0' suspected of targeting the Nagoya Port Unified Terminal System (NUTS) of the Japanese Nagoya Harbor Transport Association on 4 July 2023,"The Russian ransomware group 'LockBit 3.0' is suspected of disrupting the Nagoya Port Unified Terminal System (NUTS) of the Japanese Nagoya Harbor Transport Association on 4 July 2023. Port authorities received a ransom note. NUTS controls all container terminals of the port. Its disruption has limited the port in the loading and unloading of containers from trailers, resulting in financial losses to the port and delaying the transfer of goods to and from Japan. The port is Japan's largest and functions as a hub for Toyota's exports and imports. Operations were expected to resume on 6 July. A report by the Financial Times on 29 August noted concerns among high-ranking Japanese officials that the incident may have been conducted by state actors, possibly from China, rather than a criminal group, to probe Japan's defences.
On February 24, 2024, the US-Biden administration announced a new Executive Order ""to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity"". Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, was cited by media reports that the initiative ties to Chinese cyber activity, but also refers to criminal operations such as this incident against the Port of Nagoya.  

",2023-07-04,2023-07-06,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Nagoya Harbor Transport Association,Japan,ASIA; SCS; NEA,Critical infrastructure,Transportation,Lockbit 3.0,Not available,Non-state-group,Criminal(s),1,17846,2023-07-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Lockbit 3.0,Not available,Not available,Lockbit 3.0,Not available,Non-state-group,https://www.japantimes.co.jp/news/2023/07/05/national/nagoya-port-cyberattack/,Unknown,Not available,,Not available,,1,2024-02-24 00:00:00,State Actors: Executive reactions,,United States,White House Official Anne Neuberger,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Law of the sea; International peace; Sovereignty,; Prohibition of intervention; ,Not available,1,2023-07-04 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Japan,Aichi Prefectural Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govinfosecurity.com/russian-ransomware-group-shuts-down-major-japanese-port-a-22467; https://www.bleepingcomputer.com/news/security/japans-largest-port-stops-operations-after-ransomware-attack/; https://www.databreaches.net/ransomware-attack-hits-japans-biggest-port-disrupting-cargo-shipments/; https://www.darkreading.com/attacks-breaches/ransomware-halts-operations-at-japan-port-of-nagoya; https://securityaffairs.com/148184/cyber-crime/port-of-nagoya-ransomware-attack.html; https://www.japantimes.co.jp/news/2023/07/05/national/nagoya-port-cyberattack/; http://s3.documentcloud.org/documents/23867021/nayoga-notice.pdf; https://therecord.media/major-japanese-port-suspends-operations-following-lockbit-attack; https://therecord.media/blackcat-claims-seiko-cyberattack; https://www.darkreading.com/remote-workforce/cybercriminals-harness-leaked-lockbit-builder-new-attacks; https://www.sueddeutsche.de/wirtschaft/toyota-japan-technische-probleme-wirtschaft-1.6174475; https://www.ft.com/content/de0042f8-a7ce-4db5-bf7b-aed8ad3a4cfd; https://therecord.media/japan-aviation-electronics-says-servers-accessed-during-cyberattack; https://thediplomat.com/2024/02/maritime-cybersecurity-an-emerging-area-of-concern-for-india/; https://www.defenseone.com/defense-systems/2024/02/biden-sign-executive-order-boosting-cybersecurity-ports-maritime-vessels/394340/; https://www.sankei.com/article/20240423-EIJL52CXT5LQXGJSEAZVRHB3K4/,2023-07-06,2024-04-18
2415,Pro-Ukrainian IT Army of Ukraine disrupted website and mobile app of Russian Railways (RZD),"The pro-Ukrainian IT Army of Ukraine appears to have disrupted access to the website and mobile app of Russian Railways (RZD) for at least six hours, RZD reported on its Telegram channel on 5 July 2023. The IT Army of Ukraine in turn claimed responsibility for the disruption via Telegram.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption,Russian Railways (RZD),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Transportation,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,11481,2023-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://therecord.media/russian-railway-site-taken-down-by-ukrainian-hackers,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/russian-railway-site-taken-down-by-ukrainian-hackers; https://t.me/telerzd/3338,2023-07-06,2024-01-25
2414,Unknown affiliate of ransomware group Cyclops gained access to network of Atherfield Medical & Skin Cancer Clinic in Australia and stole patient information,"An unknown affiliate of the ransomware group 'Cyclops' gained access to the network of the Atherfield Medical & Skin Cancer Clinic in Australia and stole patient information, Cyclops announced on 29 June 2023 when members leaked data alleged obtained from the clinic as proof. 
The sample disclosed on 29 June revealed patient names and treatment information as well as banking details of doctors, although individual files appeared to be password-protected, the independent incident monitor DataBreaches.net reported on 5 July. 
A practice manager at the affected clinic confirmed to DataBreaches unauthorized access to the clinic's network and that data had been stolen and leaked on 1 July. ",2023-06-29,2023-07-01,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Atherfield Medical & Skin Cancer Clinic,Australia,OC,Critical infrastructure,Health,Not available,Not available,Non-state-group,Criminal(s),1,14419,2023-07-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cyclops,Not available,Not available,Not available,Not available,Non-state-group,https://www.databreaches.net/au-atherfield-medical-skin-cancer-clinic-victim-of-cyberattack-by-cyclops/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/au-atherfield-medical-skin-cancer-clinic-victim-of-cyberattack-by-cyclops/,2023-07-06,2024-03-28
2410,'Rhysida' ransomware group targeted the services of the city council of Arganda on 27 June 2023,"The 'Rhysida' ransomware group targeted the services of the City Council of Arganda in Spain on 27 June 2023. The City Council reported the incident affecting its servers to the Guardia Civil, most of which were restored to service within the same day.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-06-27,2023-06-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,City Council of Arganda (Spain),Spain,EUROPE; NATO; EU(MS),State institutions / political system; State institutions / political system,Civil service / administration; Civil service / administration,Rhysida Ransomware Group,Not available,Non-state-group; Non-state-group,Criminal(s); Criminal(s),1,15589,2023-06-29 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Diario de Arganda,Not available,Spain,Rhysida Ransomware Group,Not available,Non-state-group,https://www.diariodearganda.es/arganda-denuncia-ciberataque/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.diariodearganda.es/arganda-denuncia-ciberataque/; https://www.diariodearganda.es/arganda-ataque-informatico/; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-07-05,2023-12-29
2407,Unknown actors disrupted the internal systems of Montpellier Airport during the night of 1-2 July 2023,"Unknown actors disrupted the internal systems of Montpellier Airport in France during the night of 1-2 July 2023, the French regional newspaper Midi Libre reported based on an anonymous source in the airport's management. The same unnamed representative reported that the incident put several internal systems out of order, requiring a switch to manual procedures for certain operations.
The chairman of the airport's management board, Emmanuel Brehmer, declined to comment on reports of an incident. 
The disruption lasted for several hours and caused delays to flights on Sunday, 2 July 2023. ",2023-07-01,2023-07-02,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Montpellier Airport (MPL),France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,14409,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.midilibre.fr/2023/07/02/nos-systemes-ont-ete-hs-durant-plusieurs-heures-une-cyberattaque-tres-violente-contre-laeroport-de-montpellier-11316240.php#,2023-07-05,2023-11-21
2409,Hacking group 'Medusa' attacked the Matej-Bel University (UMB) of Slovakia in June 2023,"Hacking group 'Medusa' attacked the Matej-Bel University (UMB) of Slovakia in June 2023. Access to the information system and the university's website were temporarily disrupted. In addition, the university registered the encryption of internal data and exfiltration of administrative records, which were followed by the receipt of a ransom demand of $460,000. The rector of UMB announced that the university would not pay the ransom.",2023-06-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Matej-Bel University,Slovakia,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,14410,2023-06-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://zive.aktuality.sk/clanok/k5rb75w/hackersky-utok-na-univerzitu-mateja-bela-ake-data-chcu-hackeri-zverejnit-a-co-sa-deje/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,7.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://zive.aktuality.sk/clanok/k5rb75w/hackersky-utok-na-univerzitu-mateja-bela-ake-data-chcu-hackeri-zverejnit-a-co-sa-deje/; https://www.facebook.com/umb.bbsr/,2023-07-05,2023-11-21
2411,'Play' ransomware group disrupted the network of Swiss newspaper Neue Züricher Zeitung (NZZ) with ransomware and affected other Swiss media on 24 March 2023,"The 'Play' ransomware group disrupted the network of the Swiss media company Neue Züricher Zeitung (NZZ) with ransomware, affecting other Swiss media on 24 March 2023, the Swiss IT magazine Inside IT reported the same day based on information provided by the victims. 
Besides NZZ, the incident also affected CH Media, as both media companies rely on shared IT infrastructure. The criminal group leaked 500 GB of data obtained from NZZ, including employee and possibly customer data, as well as files exfiltrated from CH Media. Within CH Media, the radio station FM1, its digital counterpart FM1 Today and the TV station TVO were named as specific victims. The incident left FM1 without access to the database used to play music. Both NZZ and CH Media subsequently declared to not have paid any ransom.
The incident gained prominence when the Play ransomware group published email addresses of subscribers for the March 2023 issue of Swiss Review on the darknet in mid-May. Swiss Review is a magazine for Swiss citizens abroad, published six times a year to inform those citizens about what is happening in Switzerland. On 21 June, the Federal Department of Foreign Affairs (FDFA) confirmed the incident and traced the compromise back to an intrusion at the Swiss printing company Vogt-Schild, which includes the media companies NZZ and CH Media. The data theft happened after the FDFA sent the current addresses to the Vogt-Schild printing company so that it could issue the Swiss Review. As of 4 July, it remained unclear how the ransomware group got hold of the email and postal addresses of Swiss citizens abroad, given that the FDFA transmits these contact details through encrypted channels and regulations require these records be stored in an encrypted format.
A member of the Swiss National Council for the Swiss People's Party, Franz Grüter, voiced concern that such stolen information could be exploited for election advertising, especially after the reintroduction of electronic voting in 2023. ",2023-03-24,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,CH Media - Neue Züricher Zeitung (NZZ) - FM1 - FM1 Today - Vogt-Schild - TVO,Switzerland; Switzerland; Switzerland; Switzerland; Switzerland; Switzerland,EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU,Media - Media - Media - Media - Media - Media, -  -  -  -  - ,PLAY,Not available,Non-state-group,Criminal(s),1,17230,2023-05-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,PLAY,Not available,Not available,PLAY,Not available,Non-state-group,https://www.swissinfo.ch/eng/politics/data-leak-affects-425-000-swiss-abroad/48628744,Unknown,Not available,,Not available,,2,2023-06-21 00:00:00; 2023-07-04 00:00:00,State Actors: Stabilizing measures; State Actors: Legislative reactions,Statement by minister of foreign affairs (or spokesperson); Dissenting statement by member of parliament,Switzerland; Switzerland,Federal Department of Foreign Affairs (FDFA; Switzerland); Franz Grüter (Memober of the Swiss National Council for the Swiss People`s Party),No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,6.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,1,2023-03-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Switzerland,Cantonal Police of Zürich,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/data-breach-by-play-affects-425000-swiss-abroad/; https://www.inside-it.ch/mehrere-schweizer-medien-von-cyberangriff-betroffen-20230324; https://www.persoenlich.com/medien/reduzierte-printausgaben-wegen-hackerangriff; https://www.blick.ch/schweiz/journalisten-duerfen-computer-nicht-benutzen-hacker-legen-nzz-netzwerk-lahm-id18429128.html; https://www.swissinfo.ch/eng/politics/data-leak-affects-425-000-swiss-abroad/48628744; https://www.eda.admin.ch/eda/en/fdfa/living-abroad/schweizerinnen-und-schweizer-im-ausland.html; https://chmedia.ch/news/daten-von-ch-media-nach-cyberangriff-veroeffentlicht; https://unternehmen.nzz.ch/2023/05/cyberangriff-auf-das-unternehmen-nzz-veroeffentlichung-von-nzz-daten-im-darknet/; https://www.diepresse.com/6273600/nzz-muss-nach-cyberangriff-system-fuer-zeitungsproduktion-abschalten; https://www.nzz.ch/technologie/kriminelle-hacker-greifen-die-nzz-an-und-erpressen-sie-cyberangriff-ransomware-ld.1778725; https://www.inside-it.ch/vogt-am-freitag-die-halbe-wahrheit-20240223,2023-07-05,2024-02-19
2412,Unknown hackers manipulated cross-chain bridge platform Poly Network to steal crypto assets worth several million dollars on 1 July 2023,"Unknown hackers gained access to cross-chain bridge platform Poly Network to create tokens for the exchange of cryptocurrency assets across different blockchains. The group used the manipulations for the large-scale theft of crypto funds on 1 July 2023, Poly Network announced via their Twitter account the following day. The estimated value of the tokens minted by the attackers varies but is assumed to number in the billions of dollars, possibly ranging between $34 and $42 billion. Given liquidity shortages on the targeted platforms, the actual funds attackers were able to withdraw is considered to be much lower, with estimates varying between $5 million and up to $20 million.
The cybersecurity researcher Arhat assumed a vulnerability in the smart contract. Dedaub, a US company specializing in smart contract security, assumes that compromised private keys facilitated the transfer of tokens.",2023-07-01,2023-07-01,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,Poly Network,Global (region),,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14415,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,0.0,euro,Not available,Human rights,"Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/148129/cyber-crime/poly-network-platform-hacked.html; https://therecord.media/crypto-platform-poly-network-suspends-service-after-hack; https://twitter.com/PolyNetwork2/status/1675384703149568001; https://dedaub.com/blog/poly-chain-hack-postmortem; https://twitter.com/PolyNetwork2/status/1675591279005106178; https://www.certik.com/resources/blog/7iLk3m8aamq1fe8rWxdrT3-poly-network-incident-analysis; https://twitter.com/0xArhat/status/1675483634935922688; https://socradar.io/major-cyberattacks-in-review-july-2023/,2023-07-05,2023-11-21
2405,Suspected hacktivist group SiegedSec targeted US state government institutions in June 2023,"The suspected hacktivist group SiegedSec targeted the resources of state government institutions across several US states in June 2023, the hackers disclosed on their Telegram account on 28 June 2023.
Specifically, the hacker group claimed to have compromised an intranet at the Nebraska Supreme Court, the Texas State Behavioural Health Executive Council (BHEC), and the South Carolina Criminal Justice Information Services (CJIS) and to have stolen data. In addition, the group declared to have defaced the South Dakota Boards and Commissions website and to have gained access to Pennsylvania's Provider Self-Service.
Confirmation of these claims varies across the stated targets. A BHEC representative denied that the organization had been hacked. A state court administrator of Nebraska's judicial branch noted that investigations showed no breach of sensitive data or personally identifiable information, with other institutions declining or not responding to requests for comment. 
The South Dakota Bureau of Information and Telecommunications acknowledged an incident, noting that no sensitive data had been affected but that a public-facing website had been defaced.",2023-06-01,2023-06-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption; Hijacking without Misuse,Texas State Behavioral Health Executive Council (BHEC) - South Carolina Law Enforcement Division - Nebraska Supreme Court,United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Police - Judiciary,SiegedSec,Not available,Non-state-group,Hacktivist(s),1,14408,2023-06-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,SiegedSec,Not available,Not available,SiegedSec,Not available,Non-state-group,https://t.me/SiegedSec/210,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/states-investigate-siegedsec-hacking-campaign; https://cyberscoop.com/siegedsec-hack-transition-bans-satellite-systems/; https://t.me/SiegedSec/210; https://therecord.media/fort-worth-officials-say-leaked-data-was-public; https://www.databreaches.net/why-gay-furry-hackers-are-leaking-state-government-documents/; https://cyberscoop.com/nato-breach-of-unclassified-information-siegedsec/; https://cyberscoop.com/kittensec-hacktivism-corruption/; https://socradar.io/threat-actor-profile-siegedsec/; https://therecord.media/kansas-supreme-court-hackers-stole-records-confidential-files; https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline,2023-07-04,2023-11-24
2404,Chinese state-sponsored hacking group VANGUARD PANDA aka Volt Typhoon gained access to computers systems of multiple high-value targets,"The Chinese state-sponsored hacking group VANGUARD PANDA aka Volt Typhoon gained access to computers or computer systems of an unspecified number of high-value targets, US-based cybersecurity firm Crowdstrike reported on 22 June 2023. 
The technical report matches previous threat activity targeting multiple sectors since mid-2020 with intrusions of critical infrastructure systems on the US mainland and Guam first disclosed by Microsoft and a Joint Cybersecurity Alert of Five Eyes cybersecurity agencies in May 2023. In the incidents observed by Crowdstrike, the threat actor demonstrated a pattern of exploiting a then zero-day vulnerability in ADSelfService Plus (CVE-2021-40539) to obtain initial access. ADSelfService Plus is a web based software provided by ManageEngine, a subsidiary of the Indian technology company Zoho, that allows users to independently reset passwords in Microsoft Active Directory. The group then transitions to setting up custom web shells to ensure continued access, and leverages living-off-the-land techniques for lateral movement through compromised networks. Crowdstrike noted a high familiarity with the target environment and highlighted the threat actor's capacity to evade detection that supports earlier assessments of VANGUARD PANDA's efforts to prioritize stealth in favour of establishing persistence under the radar in compromised systems.
The technical report details the detection and isolation by Crowdstrike software for one intrusion case that likely dated back to six months before the installation of Crowdstrike sensors. ",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Unknown,,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14407,2023-06-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,CrowdStrike,,United States,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China,"Non-state actor, state-affiliation suggested",https://www.crowdstrike.com/blog/falcon-complete-thwarts-vanguard-panda-tradecraft/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,One,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html; https://www.crowdstrike.com/blog/falcon-complete-thwarts-vanguard-panda-tradecraft/; https://thehackernews.com/2023/07/microsoft-thwarts-chinese-cyber-attack.html; https://socradar.io/living-off-the-land-lotl-the-invisible-cyber-threat-lurking-in-your-system/; https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html; https://cyberscoop.com/dhs-homeland-threat-assessment/; https://www.darkreading.com/vulnerabilities-threats/defending-against-attacks-on-vulnerable-iot-devices; https://www.c4isrnet.com/opinion/2023/12/20/how-to-bolster-security-against-intellectual-property-theft/; https://cyberscoop.com/ai-china-hacking-operations/; https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html; https://www.cktimes.net/news/%EC%A4%91%EA%B5%AD-%ED%95%B4%EC%BB%A4%EC%9D%98-%EB%AF%B8%EA%B5%AD-%EC%82%AC%EC%9D%B4%EB%B2%84-%EA%B3%B5%EA%B2%A9%EC%84%A4/; https://securityaffairs.com/158965/breaking-news/security-affairs-newsletter-round-458-by-pierluigi-paganini-international-edition.html; https://www.voachinese.com/a/chinese-hacking-campaign-aimed-at-critical-infrastructure-goes-back-five-years-us-says-20240208/7480543.html; https://www.voachinese.com/a/fact-check-china-state-sponsored-hacking-groups/7480512.html; https://www.joongang.co.kr/article/25227967; https://new.qq.com/rain/a/20240208A05I1E00; https://www.techrepublic.com/article/volt-typhoon-botnet-attack/; https://www.heise.de/news/US-Regierungsbehoerden-IT-seit-Jahren-durch-chinesische-Angreifer-unterwandert-9624187.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.malwarebytes.com/blog/news/2024/02/fbi-and-cisa-publish-guide-to-living-off-the-land-techniques; https://www.indiablooms.com/world-details/USN/41750/us-report-shows-malicious-activity-by-chinese-state-sponsored-cyber-actor.html; https://www.punto-informatico.it/volt-typhoon-accesso-reti-5-anni/; https://www.voachinese.com/a/chinese-hacking-campaign-aimed-at-critical-infrastructure-goes-back-five-years-us-says-20240208/7480543.html; https://www.usine-digitale.fr/article/transports-energie-eau-pendant-au-moins-5-ans-des-hackers-chinois-ont-infiltre-des-infrastructures-americaines.N2208093; https://www.spiegel.de/politik/deutschland/news-des-tages-weichmacher-in-urinproben-wladimir-putins-wahlfarce-proteste-in-fussballstadien-a-dda21299-5655-4922-b0bf-ab63e68a8a4b; https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/; https://therecord.media/china-ai-influence-operations; https://www.voachinese.com/a/fbi-calls-out-china-for-making-critical-infrastructure-fair-game-for-cyber-ops-20240418/7576392.html,2023-07-03,2024-03-22
2403,Unknown actors gained access to an unspecified Japanese cryptocurrency exchange using JOKERSPY backdoor beginning in May 2023,"Unknown actors gained access to an unspecified Japanese cryptocurrency exchange deploying the macOS backdoor JOKERSPY beginning in May 2023, US-based IT company Elastic reported on 21 June 2023. The actors broke into systems of the exchange, likely taking advantage of a compromised plugin or a vulnerable third-party dependency. Elastic tracks the activity as REF9134. ",2023-05-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Japan,ASIA; SCS; NEA,Critical infrastructure,Finance,Not available,Not available,Not available,,1,14406,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.elastic.co/de/security-labs/inital-research-of-jokerspy; https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html; https://quointelligence.eu/2023/06/weekly-threat-intelligence-snapshot-week-26-2023/?lang=de; https://www.sentinelone.com/blog/jokerspy-unknown-adversary-targeting-organizations-with-multi-stage-macos-malware/; https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html,2023-07-03,2023-12-13
2402,Unknown foreign government spies targeted British government in June 2003,"In June 2003, the UK government detected an intrusion by an unnamed state actor, the UK National Cyber Security Centre (NCSC) disclosed on 30 June 2023, at the 20th anniversary of the incident. The compromise was initiated by a phishing email that led to the discovery of a piece of malware designed to steal sensitive data while avoiding detection by anti-virus solutions. 
In response to the incident, GCHQ for the first time deployed its signal intelligence capabilities under its cybersecurity responsibility to identify the threat actor. Communications-Electronics Security Group (CESG), which was absorbed into the NCSC when the agency was established in 2016, led the investigation as the information assurance arm of GCHQ at the time. CESG identified the activity as focused on espionage and traced the efforts to an undisclosed nation state. The NCSC did not reveal further details about the operation or whether the threat actor succeeded in obtaining any data.
",2003-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,UK Government,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Not available,Not available,State,,1,14405; 14405,2023-06-30 00:00:00; 2023-06-30 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,United Kingdom’s National Cyber Security Centre (NCSC); Communications-Electronic Security Group (CESG),Not available; Not available,United Kingdom; United Kingdom,Not available; Not available,Not available; Not available,State; State,https://www.ncsc.gov.uk/news/20th-anniversary-of-first-response-to-state-sponsored-cyber-attack,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/britain-gchq-2003-hack-espionage-revealed; https://www.govinfosecurity.com/details-1st-government-hack-are-disclosed-20-years-later-a-22419; https://www.thetimes.co.uk/article/foreign-spies-hacked-government-20-years-ago-krb2dg9lq,2023-07-03,2023-11-21
2401,"Subgroup of North Korean state-sponsored hacking group 'Lazarus', 'Andariel', infected unidentified victim with new malware family EarlyRAT","The subgroup of the North Korean state-sponsored hacking group 'Lazarus', 'Andariel', infected an unidentified victim with previously undocumented malware of the EarlyRAT family, the Russian IT security firm Kaspersky reported on 28 June 2023. Kaspersky discovered the tool when investigating cases, in which organizations had been targeted through a Log4j exploit. The EarlyRAT instance detected in the process, however, appeared to have been deployed through a phishing campaign.
",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Not available,,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14404,2023-06-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/; https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/147976/apt/andariel-apt-earlyrat-malware.html,2023-07-03,2023-11-21
2400,Ransomware group 'LockBit' suspected of having stolen system information from Taiwanese cloud computing service provider Kinmax Technology's internal testing environment in June 2023,"The ransomware group 'LockBit' is suspected of having stolen system information from Taiwanese cloud computing service provider Kinmax Technology's internal testing environment in June 2023.
The company circulated a notification on 30 June 2023 disclosing the compromise of the testing environment and leak of default configurations, including initial server setups, that Kinmax provides to customers to prepare the deployment of its products. Published data also included customer names. 
'Bassterlord', a LockBit affiliate, first shared details of the intrusion on Twitter, claiming to have compromised the Taiwanese semiconductor manufacturer TSMC. The posts were subsequently deleted. 
Shortly after, LockBit listed TSMC on the group's leak site, demanding a ransom of $70 million - one of the highest amounts recorded. 
Referring to details about the data breach at Kinmax, a spokesperson of TSMC clarified that the incident occurred at a supplier and did not affect the company. The spokesperson noted that TSMC subjected hardware components to rigorous security tests prior to their incorporation into company systems, including reviews and adjustments of product configurations. TSMC had suspended data connections with the supplier following notification about the incident, in line with standard operating procedures.
As part of Operation Cronos against the LockBit ransomware group, which was announced on 20 February 2024, the United States District Court of New Jersey indicted four individuals affiliated with the LockBit ransomware group, namely Mikhail Vasiliev, Artur Sungatov, Mikahil Pavlovich Matveev and Ivan Gennadievich Kondratyev. The cyber incident against Kinmax Technology is included in this indictment.",2023-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Kinmax Technology,Taiwan,ASIA; SCS,Critical infrastructure,Telecommunications,"LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit",Russia; Russia; Russia,Non-state-group; Individual hacker(s); Non-state-group,Criminal(s); ; Criminal(s),3,17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17977; 17978,2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-29 00:00:00; 2023-06-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attacker confirms,LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; LockBit; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; Bassterlord,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available; Not available; Not available; Not available; United States; United States; United States; United States; Not available,"LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit; LockBit; Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); Ivan Gennadievich Kondratiev aka Ivan Kondratev aka Bassterlord (Leader of LockBit affiliate National Hazard Society, Russia); LockBit",Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group,https://twitter.com/vxunderground/status/1674782166679703554; https://www.justice.gov/opa/media/1338956/dl?inline,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2024-02-20 00:00:00,Peaceful means: Retorsion (International Law),Travel bans,United States,US Department of the Treasury,Not available; Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://s3.documentcloud.org/documents/23865155/news-letter-from-kinmax-2023630f.pdf; https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/148022/cyber-crime/tsmc-lockbit-ransomware.html; https://www.databreaches.net/tsmc-confirms-data-breach-after-lockbit-cyberattack-on-third-party-supplier/; https://twitter.com/vxunderground/status/1674782166679703554; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-30th-2023-mistaken-identity/; https://www.darkreading.com/attacks-breaches/chip-giant-tsmc-blames-lockbit-breach-it-hardware-supplier; https://www.govinfosecurity.com/taiwan-semiconductor-denies-lockbits-70m-hack-claim-a-22421; https://therecord.media/tsmc-information-leaked-kinmax-lockbit-claims; https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/; https://socradar.io/major-cyberattacks-in-review-june-2023/; https://socradar.io/top-10-ransomware-demands/; https://www.heise.de/news/Lockbit-veroeffentlicht-Daten-von-britischem-Hochsicherheits-Zaunbauer-9296464.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023; https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/; https://www.justice.gov/opa/media/1338956/dl?inline,2023-07-03,2024-03-14
2399,Kativik Regional Government in Canada hit by a cyber attack on 25 June 2023,"The Kativik Regional Government in the Canadian province of Quebec suffered an intrusion and subsequent disruption of its internal communication networks on 25 June 2023. Conducted by unknown actors the two disruptions lasted several days. The regional administration launched an investigation to uncover the extent of the attack, in particular to identify whether information of citizens had been affected. ",2023-06-25,2023-06-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Kativik Regional Government,Canada,NATO; NORTHAM,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,12054,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-06-29 00:00:00,State Actors: Stabilizing measures,Subnational executive official,Canada,Kativik Regional Government (Canada),No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://ici.radio-canada.ca/nouvelle/1992263/cyber-attaque-administration-regionale-kativik,2023-06-30,2023-08-03
2398,Unnamed hackers attack Russian satellite telecommunications provider Dozor in support of Wagner Group,"Dozor, a Russian satellite telecommunications provider that services power lines, oil fields was hit by a cyberattack from unnamed hackers on 28 June 2023. Initial reports also referred to but also parts of the Russian military and Federal Security Service (FSB) as Dozor clients. A company executive denied that Dozor was providing services to the Russian Ministry of Defense. The hack resulted in destruction of information, leakage of communications between the satellite provider and the Federal Security Service, stoppage of services. The group in parallel conducted defacements against four unrelated Russian websites to post messages in support of the Wagner Group, which four days earlier marched on Moscow in a brief violent revolt in an apparent challenge to Russia's top military leadership. 
The group claimed to be the Wagner group, using insignia from the group, but analysts believe that it may have been a Ukrainian campaign masquerading as Wagner to cause unrest. The identity of the group remains unclear as of 30 June.
On June 30, the general director of ""Dozor-Teleport"" and the first deputy general director of ""Amtel-Svyaz"" Alexander Anosov confirmed the cyber incident and explained that the cloud provider's infrastructure had been compromised. ",2023-06-28,2023-06-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,Not available - Not available - Dozor,Russia; Not available; Russia,EUROPE; EASTEU; CSTO; SCO -  - EUROPE; EASTEU; CSTO; SCO,Unknown - Critical infrastructure - Critical infrastructure; Critical infrastructure, - Telecommunications - Telecommunications; Space,Not available,Not available,Non-state-group,Hacktivist(s),1,11479; 11479; 11479; 11479,2023-06-28 00:00:00; 2023-06-28 00:00:00; 2023-06-28 00:00:00; 2023-06-28 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Contested attribution; Attacker confirms; Contested attribution,Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://cyberscoop.com/russian-satellite-hack-wagner-group/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Destruction; Defacement; Network Denial of Service; Service Stop,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://cyberscoop.com/russian-satellite-hack-wagner-group/; https://www.wired.com/story/cyberstalking-first-amendment-us-supreme-court-security-roundup/; https://www.comnews.ru/content/227163/2023-07-03/2023-w27/khakery-obrushili-dozor-teleport-cherez-oblako; https://www.securitylab.ru/news/539455.php; https://www.darkreading.com/attacks-breaches/hackers-claiming-wagner-group-ties-down-russian-satellite-internet-comms-; https://cyberscoop.com/russia-satellite-hack-wagner/; https://www.comnews.ru/content/227150/2023-06-30/2023-w26/dozor-teleport-stal-zhertvoy-bukvy-z; https://therecord.media/hackers-take-down-russian-satellite-provider; https://www.darkreading.com/edge/how-researchers-hijacked-a-satellite,2023-06-30,2024-01-15
2397,Rhysida ransomware group stole personal data from Lumberton Independent School District,"Lumberton Independent School District (ISD) in Lumberton, Texas, became the victim of a ransomware attack from Rhysida group on 13 June 2023, following a recent attack on Stephen F. Austin State University, also in Texas. According to a local cybersecurity firm with knowledge of the attack, the primary motivation of the group is to point out weaknesses in victims' systems. In the course of the attack, the group stole 300 GB of personal data from Lumberton ISD, including social security details of employees and students, driver licenses, tax filing documentation. Despite the group's stated intention of only pointing out weaknesses in systems, the group stated in email correspondence with media sources reporting on the incident that they would put the data up for auction.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-06-13,2023-06-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Lumberton Independent School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15590,2023-06-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://www.theexaminer.com/news/lumberton-isd-cyberattacked-personal-information-stolen,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,No justification under IL,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/lumberton-isd-cyberattacked-personal-information-stolen/; https://fox4beaumont.com/news/community-news/cybersecurity-spotlighted-after-lumberton-isd-falls-victim-to-hacking-group; https://www.theexaminer.com/news/lumberton-isd-cyberattacked-personal-information-stolen; https://www.theexaminer.com/news/lumberton-isd-officials-report-cyberattack; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-06-30,2023-12-29
2395,Unknown actors gained access to instagram account of the German city administration of Kaufbeuren on 23 June 2023,Unknown actors gained control over the instagram account from the German city administration of Kaufbeuren on 23 June 2023. The perpetrators hid the account from other users and demanded money in exchange for turning access over back to the city. City officials are in touch with Meta to restore access to the account.,2023-06-23,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,City of Kaufbeuren,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,11478,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.allgaeuer-zeitung.de/allgaeu/kaufbeuren/kaufbeuren-instagram-account-der-stadt-gehackt-kriminelle-fordern-geld_arid-593072; https://www.facebook.com/StadtKaufbeuren?fref=nf&ref=embed_post; https://www.merkur.de/bayern/schwaben/kaufbeuren-kreisbote/stadtverwaltung-cyberattacke-kaufbeuren-kriminelle-erpressen-92368344.html,2023-06-29,2023-10-26
2390,Unknown actors conducted DDoS attack against government websites in Belgium on 26 June 2023,Unknown actors conducted a DDoS attack against websites of federal governments departments in Belgium on 26 June 2023. ,2023-06-26,2023-06-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Not available,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,11482,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-06-27 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Belgium,Centrum voor Cybersecurity België (CCB),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.vrt.be/vrtnws/nl/2023/06/27/cyberaanval-federale-overheidsdiensten/,2023-06-28,2023-07-12
2393,Unknown actors disrupted government websites of Russia's Saratov Oblast with a DDoS attack,"Unknown actors disrupted the government websites of Russia's Saratov Oblast with a DDoS attack, the Minister of Digital Development and Communications of the Saratov region, Vladimir Starkov, reported. 
The DDoS attack reportedly lasted a week, but the exact start remains unclear. ",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,Saratov Oblast,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,12055,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,1,2023-06-23 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Russia,Vladimir Starkov (Minister of Digital Development and Communications of the Saratov region; Russia),No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.vzsar.ru/news/2023/06/23/ddosataka-paralizovala-raboty-saytov-gosorganov-v-saratovskoy-oblasti.html,2023-06-28,2023-08-03
2392,Unknown actors disrupted unspecified services of French veterinary pharmaceutical manufacturer Visac Group on the night of 19-20 June 2023,Unknown actors disrupted unspecified services of French veterinary pharmaceutical manufacturer Visac Group on the night of 19-20 June 2023. ,2023-06-19,2023-06-20,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Virbac,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,11476,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://www.marketscreener.com/quote/stock/VIRBAC-5234/news/Virbac-Cyber-attack-on-several-sites-44201440/,2023-06-28,2023-07-12
2391,Unknown actor gained access to server at the Basile Diagnostic Center for Nuclear Medicine in Naples and stole patient data in June 2023,"An unknown actor gained access to a server at the Basile Diagnostic Center for Nuclear Medicine in Naples and stole patient data in June 2023, the Center first reported on 12 June 2023.
A second notice posted 21 June on the Center's website stated that the presumed attacker contacted the Center and threatened to release the stolen data.
Exfiltrated information included patients' name, surname, gender, e-mail, telephone number, tax code, address of residence, password hashing for access to the patient portal, date of birth, and, in some cases, health-related data, including clinical laboratory analysis reports.",2023-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Basile Diagnostic Center for Nuclear Medicine,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Health,Not available,Not available,Individual hacker(s),,1,14401,2023-06-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Basile Diagnostic Center for Nuclear Medicine,Not available,Italy,Not available,Not available,Individual hacker(s),https://www.centrobasile.it/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.centrobasile.it/; https://www.centrobasile.it/,2023-06-28,2023-12-13
2389,Rhysida ransomware group conducted cyber attack on Stephen F. Austin State University in Texas in June 2023,"The Stephen F. State University in Nacogdoches, Texas, became the victim of a cyber attack during the period of 10-12 June 2023. The attack led to disruptions in the university's online services. Rhysida ransomware group later claimed responsibility for the attack and stated that they downloaded more than 1.2 TB of data, including personal information and even files from law enforcement agencies, that use software on the university's servers. Rhysida announced plans to sell the stolen data. 
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-06-10,2023-06-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Stephen F. Austin State University,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15591,2023-06-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida,Not available,United States,Rhysida Ransomware Group,Not available,Non-state-group,https://www.dailysentinel.com/social_media/hackers-leak-documents-they-say-were-stolen-in-sfa-attack-plan-to-auction-data/article_7d99d91e-3137-50d9-be1a-d6495bb90925.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-06-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.dailysentinel.com/social_media/hackers-leak-documents-they-say-were-stolen-in-sfa-attack-plan-to-auction-data/article_7d99d91e-3137-50d9-be1a-d6495bb90925.html; https://twitter.com/SFASU/status/1668361837916696582; https://www.databreaches.net/stephen-f-austin-state-university-breach-included-counseling-records/; https://www.sfasu.edu/about-sfa/online-systems-outage; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-06-27,2023-12-29
2387,French municipality Bouchemaine hit by cyber attack in June 2023,"The administration of the municipality of Bouchemaine in Western France was hit by a cyber attack on the weekend before 19 June 2023. The administration disclosed the incident on Tuesday, 20 June, and stated that the unknown attackers gained access to city systems. The attack led to disruptions in the communication and administrative systems of the municipality. ",2023-06-17,2023-06-18,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Municipality of Bouchemaine,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,11472,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.ville-bouchemaine.fr/actualites/intrusion-systeme-informatique/,2023-06-27,2023-07-12
2386,"Unknown actors exfiltrated patient data from Rennes University Hospital in France on June 21, 2023","Unknown actors exfiltrated patient data from the university hospital (CHU) in Rennes, France, on June 21, 2023, the regional health agency in Brittany confirmed. ",2023-06-21,2023-06-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,Rennes University Hospital,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,11471,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-06-22 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Agence nationale de la sécurité des systèmes d’information (ANSSI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.sudouest.fr/faits-divers/le-chu-de-rennes-victime-d-une-cyberattaque-pas-d-incidence-sur-la-prise-en-charge-des-patients-15661045.php; https://twitter.com/CHURennes/status/1671635197584986112?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1671635197584986112%7Ctwgr%5E8ebe006945cc9fce6b34525ed81404ef9f6b4f7f%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.sudouest.fr%2Ffaits-divers%2Fle-chu-de-rennes-victime-d-une-cyberattaque-pas-d-incidence-sur-la-prise-en-charge-des-patients-15661045.php; https://www.lemagit.fr/actualites/366542518/Cyberattaque-au-CHU-de-Rennes-un-acteur-stoppe-en-phase-dexfiltration; https://www.usine-digitale.fr/article/l-hopital-d-armentieres-vise-par-une-attaque-par-ransomware-les-urgences-ferment.N2208158; https://www.lemondeinformatique.fr/actualites/lire-l-hopital-d-armentieres-perturbe-par-un-ransomware-92940.html; https://www.letelegramme.fr/bretagne/face-aux-cyberattaques-ces-bretons-sont-le-premier-bouclier-de-letat-6557797.php,2023-06-27,2024-02-13
2385,US hacktivist group SiegedSec attacked administrative website of the City of Fort Worth in Texas in June 2023,"On Friday 23 June, the US hacktivist group SiegedSec claimed an attack against an administrative website of the city of Fort Worth in Texas on Telegram and provided links to 180 GB of stolen data containing 500,000 files. The city confirmed the attack to the press a day later. According to the city's investigations the leak did not originate from the city's website but rather an internal information system called Vueworks. The application is used to coordinate work orders for the Transportation & Public Works and Property Management departments and does not handle sensitive information. It is unclear how the attackers acquired the necessary login information they used to access the website. SiegedSec declared the banning of gender affirming care by the state of Texas as their motivation for the attack. In a follow-on Telegram post on 1 July, SiegedSec posted a link to 40 GB cache of documents it claimed to have obtained from Fort Worth Transportation & Public Works. After inspecting the files, city officials disputed these claims, stating that the underlying servers had not been compromised and that the data in question was public information.",2023-01-01,2023-06-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,"City of Fort Worth, TX (US)",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,SiegedSec,Not available,Non-state-group,Hacktivist(s),1,12056,2023-06-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,SiegedSec,Not available,Not available,SiegedSec,Not available,Non-state-group,https://t.me/SiegedSec/204,System / ideology,Not available,,Not available,,1,2023-06-24 00:00:00,State Actors: Stabilizing measures,Subnational executive official,United States,Kevin Gunn (Chief Technology Officer of City of Forth Worth; USA),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/fort-worth-cyberattack-sieged-sec; https://cyberscoop.com/siegedsec-hack-transition-bans-satellite-systems/; https://t.me/SiegedSec/204; https://www.youtube.com/watch?v=IIWk0FBWMpM; https://www.darkreading.com/attacks-breaches/trans-rights-hacktivists-steal-fort-worth-data; https://therecord.media/states-investigate-siegedsec-hacking-campaign; https://therecord.media/fort-worth-officials-say-leaked-data-was-public; https://socradar.io/major-cyberattacks-in-review-june-2023/; https://t.me/SiegedSec/215; https://therecord.media/fort-worth-officials-say-leaked-data-was-public; https://www.fortworthtexas.gov/news/2023/6/data-breach?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=top; https://therecord.media/dallas-county-play-ransomware-incident,2023-06-27,2023-08-03
2384,Unknown actors attacked the Canadian energy company Suncor Energy on 23 June 2023,"Unknown actors attacked the Canadian energy company Suncor Energy on 23 June 2023. Access to the app and websites of the gas-station chain of Suncor, Petro Canada, was temporarily disrupted. ",2023-06-23,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Suncor Energy,Canada,NATO; NORTHAM,Critical infrastructure,Energy,Not available,Not available,Not available,,1,14148,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://therecord.media/canadian-oil-giant-suncor-cyberattack; https://www.bleepingcomputer.com/news/security/suncor-energy-cyberattack-impacts-petro-canada-gas-stations/; https://securityaffairs.com/147834/hacking/petro-canada-suncor-problems.html; https://www.sec.gov/Archives/edgar/data/311337/000110465923074667/tm2318006d2%5Fex99-1.htm; Petro-Canada outage at Ontario gas stations and on website, app; https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/toronto-public-library-services-down-following-weekend-cyberattack/",2023-06-27,2023-11-13
2383,"Unknown actors targeted computer systems of the Atlantic General Hospital in Berlin, Maryland, in a ransomware attack on 20 January 2023","Unknown actors gained targeted the computer systems of the Atlantic General Hospital in the city of Berlin, Maryland, with an ransomware attack beginning on 20 January 2023. The threat actors compromised sensitive information of nearly 137,000 patients, including names,
social security numbers, dates of birth, financial account information, medical/treatment information, and
health insurance information. ",2023-01-20,2023-01-29,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Atlantic General Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,11468,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govinfosecurity.com/victim-count-in-maryland-ransomware-breach-jumps-fivefold-a-22378; https://apps.web.maine.gov/online/aeviewer/ME/40/dd9e509f-bdbf-49ba-abae-56239ec46b6b.shtml; https://www.atlanticgeneral.org/patients-visitors/notice-of-data-privacy-event/; https://apps.web.maine.gov/online/aeviewer/ME/40/dd9e509f-bdbf-49ba-abae-56239ec46b6b/17d46f85-69bc-4d71-b21b-8b6fb626093c/document.html; https://www.wmdt.com/2023/01/atlantic-general-hospital-experiences-ransomware-event/,2023-06-27,2023-07-12
2388,Russian hackers gained access to a single-digit number of email inboxes of board members of the Social Democratic Party of Germany (SPD) in January 2023,"Russian hackers gained access to a single-digit number of email inboxes of board members of the Social Democratic Party of Germany (SPD) in January 2023.
The Russian hackers reportedly exploited a vulnerability in a Microsoft software to compromise systems of the SPD's party headquarters, the Willy Brandt House, in Berlin. Microsoft linked the activity to Russian actors.
A spokeswoman for the SPD said on 26 June that it could not be ruled out that data had been exfiltrated from isolated email inboxes. 
SPD secretary general, Kevin Kühnert, added that ""there was solid evidence that attackers from Russia had carried out the attack."" Linking the motivations for the incident to Russia's war against Ukraine, Kühnert asserted that the party saw itself confirmed in the conviction to ""resolutely oppose Putin's war against international law and his other attacks at all levels.""",2023-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,Willy Brandt House,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Political parties,Not available,Russia,Unknown - not attributed,,2,12057; 12058,2023-06-26 00:00:00; 2023-06-26 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Receiver attributes attacker,"Microsoft; Kevin Kühnert (General Secretary of the Social Democratic Party of Germany (SPD), Germany)",Microsoft; Not available,United States; Germany,Not available; Not available,Russia; Russia,Unknown - not attributed; Unknown - not attributed,https://www.rnd.de/politik/angriff-auf-spd-mailkonten-spur-fuehrt-nach-russland-I4FBFDGPXBNCFJXMDL6ZK5TEMU.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-06-26 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Germany,Kevin Kühnert (SPD secretary general; Germany),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Not available,Bundesamt für Verfassungsschutz (BfV),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.rnd.de/politik/angriff-auf-spd-mailkonten-spur-fuehrt-nach-russland-I4FBFDGPXBNCFJXMDL6ZK5TEMU.html; https://www.spiegel.de/politik/deutschland/spd-hackerangriff-auf-parteispitze-mutmasslich-aus-russland-a-5bc07e63-bfae-45df-bc7d-e6504822a181,2023-06-27,2023-12-13
2381,Unknown actors gained access to the network of pilot recruiting service provider Pilot Credentials and stole personal information from applicants of American Airlines and Southwest Airlines on or about 30 April 2023,"Unknown actors gained access to the network of pilot recruiting service provider Pilot Credentials and stole personal information from pilots and cadet applicants of American Airlines and Southwest Airlines on or about 30 April 2023, both airlines reported via separate data breach notification letters on 23 June. 
The personal information included names and social security numbers, driver’s license numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification number(s). American Airlines data concerned 5745 individuals. In the case of Southwest Airlines, the affected information involved 3009 individuals.",2023-04-30,2023-04-30,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,American Airlines - pilotcredentials - Southwest Airlines,United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure,Transportation -  - Transportation,Not available,Not available,Not available,,1,11466,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,3.0,1-10,1.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/american-airlines-southwest-airlines-disclose-data-breaches-affecting-pilots/; https://s3.documentcloud.org/documents/23859183/american-airlines-data-breach-notification-letters.pdf; https://s3.documentcloud.org/documents/23859182/southwest-data-breach-notification-letters.pdf; https://apps.web.maine.gov/online/aeviewer/ME/40/4ee89ba6-fe52-4034-8beb-c13e4e74f9d3.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/df985f22-23a9-4764-bf40-d9710d7c1e33.shtml; https://www.darkreading.com/attacks-breaches/pilot-applicant-information-for-american-southwest-hacked-; https://www.databreaches.net/pilot-applicant-information-for-american-southwest-hacked/; https://www.bleepingcomputer.com/news/security/american-airlines-pilot-union-hit-by-ransomware-attack/,2023-06-26,2023-07-27
2382,Unknown actors gained access to the network of debt buyer NCB Management Services and stole personal information from customers of other banks beginning on 1 February 2023,"Unknown actors gained access to the network of debt buyer NCB Management Services and stole personal information from customers of other banks during 1-6 February 2023.
NCB Management Services reported the cyber incident, among other state authorities, to the Maine Attorney General's office as early as 24 March. In this notification, NCB Management Services announced that customer information related to credit card accounts mainted by Bank of America had been stolen. This customer information may have included customer names, addresses, phone numbers, email addresses, dates of birth, employment position, pay amounts, driver's license numbers, social security numbers, account numbers, credit card numbers, routing numbers, account balance, and/or account status. In an initial notification about the data breach from 24 March, NCB had listed the number of affected customers as almost half a million. A subsequent incident notification from 19 May put the number at one million affected individuals.
On 26 May, the financial services provider Capital One submitted that information from their customers had also been stolen as part of the breach of NCB Management Services. Affected records included details regarding customer names, physical addresses, social security Numbers, account number, and/or account status.",2023-02-01,2023-02-06,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Capital One - NCB Management Services - Bank of America,United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure,Finance -  - Finance,Not available,Not available,Not available,,1,11467,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,3.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/capital-one-ncb-management-services-data-breach; https://apps.web.maine.gov/online/aeviewer/ME/40/9722fba0-1bd9-4060-af03-63c53884cf3d.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/9722fba0-1bd9-4060-af03-63c53884cf3d/a42d39ae-215e-4811-a633-2a5fcfdda25d/document.html; https://apps.web.maine.gov/online/aeviewer/ME/40/9722fba0-1bd9-4060-af03-63c53884cf3d/a42d39ae-215e-4811-a633-2a5fcfdda25d/document.html; https://apps.web.maine.gov/online/aeviewer/ME/40/fcafcce5-ef56-4784-a86a-820c6b1aa127.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/fcafcce5-ef56-4784-a86a-820c6b1aa127/36165108-5d54-4071-81cc-7ec0746e6a40/document.html; https://apps.web.maine.gov/online/aeviewer/ME/40/fcafcce5-ef56-4784-a86a-820c6b1aa127/36165108-5d54-4071-81cc-7ec0746e6a40/document.html; https://apps.web.maine.gov/online/aeviewer/ME/40/65d544dc-79b0-437c-a7f8-757ffec624af.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/65d544dc-79b0-437c-a7f8-757ffec624af/d7667acf-0b40-44c3-a168-5efbdd973ca0/document.html,2023-06-26,2023-07-12
2380,Unknown actors gained access to internal systems of senior residence Williamsport Home in Pennsylvania beginning on 18 April 2023,"Unknown actors gained access to internal systems of senior residence Williamsport Home in Pennsylvania during  18-23 April 2023, Williamsport Home reported in a press release. 
The press release said that information may have been stolen from the network. This stolen information may have included names, addresses, birth dates, admission dates, discharge dates, death dates, medical record numbers, provider or facility names, medical condition, diagnosis and/or treatment information, lab results, medications, payment amount history information, insurance payment amount information, dates of services, social security numbers, financial account information, credit card numbers, medical information, health insurance information, driver's license or state identification numbers, passport numbers, and any information on an individual that was created, used, or disclosed in the course of providing health care services.
On the same day, Senior Choice, a network of senior residences, issued an near-identically phrased press release. It is unclear whether the incidents are related or whether they had a ransomware component. ",2023-04-18,2023-04-23,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,Senior Residence Williamsport Home (USA),United States,NATO; NORTHAM,Critical infrastructure,Health,,Not available,Not available,,1,11465,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/four-senior-residences-in-pennsylvania-disclose-a-data-security-breach-in-april/; https://www.prnewswire.com/news-releases/williamsport-home-provides-notice-of-security-incident-301861283.html,2023-06-26,2023-07-12
2379,Unknown actors gained access to internal systems of three different senior residences of the care network Senior Choice beginning on 18 April 2023,"Unknown actors gained access to internal systems of three different senior residences - The Atrium in Johnstown, Beacon Ridge in Indiana, and The Patriot in Somerset -  of the care network Senior Choice during the period of 18-24 April 2023, Senior Choice disclosed in a press release.
The press release stated that information may have been stolen from the compromised networks. This stolen information may have included names, addresses, birth dates, admission dates, discharge dates, death dates, medical record numbers, provider or facility names, medical condition, diagnosis and/or treatment information, lab results, medications, payment amount history information, insurance payment amount information, dates of services, Social Security numbers, financial account information, credit card numbers, medical information, health insurance information, driver's license or state identification numbers, passport numbers, and any information on an individual that was created, used, or disclosed in the course of providing health care services.
On the same day, Williamsport Home, another independent senior residence, issued a near-identically phrased press release. Whether both incidents are related or involved ransomware could not immediately be independently verified. ",2023-04-18,2023-04-23,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,The Atrium - The Patriot - Beacon Ridge,United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health,Not available,Not available,Not available,,1,11464,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,3.0,1-10,1.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/four-senior-residences-in-pennsylvania-disclose-a-data-security-breach-in-april/; https://www.prnewswire.com/news-releases/senior-choice-inc-provides-notice-of-security-incident-301861306.html,2023-06-26,2023-07-12
2378,Unauthorised person gained access to the Sweetwater Union High School District network and stole personal information from employees beginning on 11 February 2023,"An unauthorised person gained access to the Sweetwater Union High School District network and stole personal information from employees during 11-12 February 2023, the school district disclosed on 23 June. 
In February 2023, the school district told local media that there was a disruption in the school's computer systems, including email communication, and that the school shut down the network on 12 February. 
In the official notification letter, dated to 23 June 2023, the school district declared that the stolen information included some personal information of current and former employees, dependents, students, families and others who provided information to the district. The school district did not disclosed whether the incident showed indications of ransomware. ",2023-02-11,2023-02-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Sweetwater Union High School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,11463,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/sweetwater-union-high-school-district-now-admits-february-outage-was-a-hack-but-still-hasnt-answered-questionssweetwater-union-high-school-district-now-admits-february-outage-was-a-hack-but-still-h/; https://ewscripps.brightspotcdn.com/60/af/23e19f4745de800e6422caaa5203/data-security-23.pdf; https://www.sandiegouniontribune.com/news/education/story/2023-02-16/sweetwater-schools-systems-outage-week; https://www.10news.com/news/local-news/south-bay-news/sweetwater-union-high-school-district-confirms-data-breach-caused-outages-in-february,2023-06-26,2023-12-18
2376,USB Stick used inadvertently in Camaro Dragon campaign to accidentally attack European healthcare institution,"According to analysis by security company Check Point, in early 2023, an infected USB drive made a European hospital system the victim of a cyber espionage campaign run by Camaro Dragon, widely understood to be a Chinese state-sponsored APT group. 
As Check Point reported on 22 June 2023, an employee of the hospital had used his USB drive to share his presentation with other attendees at a conference in Asia. In the process the USB drive was connected to the computer of an attendee that was already infected with Camaro Dragon malware, from where it copied itself to unknowing owner. Upon returning home from the conference, the employee connected the USB drive with a machine at work, unintentionally allowing the malware to propagate to the hospital's network. While identifying considerable overlaps with Mustang Panda in an earlier report from mid-May 2023, Check Point at the time considered the differences sufficient to continue tracking Camaro Dragon as a separate activity cluster. The main payload variant was called ""WispRider"", the launcher in order to propagate via USB was named ""HopperTick"".",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Europe (region); Not available, - ,Critical infrastructure - End user(s) / specially protected groups,Health - ,Camaro Dragon,China,Unknown - not attributed,,1,11221,2023-06-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,Check Point ,Israel,Camaro Dragon,China,Unknown - not attributed,https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.darkreading.com/threat-intelligence/usb-drives-spyware-china-mustang-panda-apt-global; https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html; https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/; https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html; https://www.darkreading.com/attacks-breaches/sogu-snowydrive-malware-usb-based-cyberattacks-surge,2023-06-23,2023-07-18
2373,North Korean state-sponsored hacking group Kimsuky stole documents from unspecified victims in May 2023,"The North Korean state-sponsored hacking group Kimsuky stole documents from the desktop of unspecified victims in May 2023, the South Korean IT security company AhnLab reported on 21 June 2023. ",2023-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Not available,,Unknown,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14399,2023-06-21 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,"Korea, Republic of",Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/en/54678/,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,4.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights,Non-state actors; Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/apt37-hackers-deploy-new-fadestealer-eavesdropping-malware/; https://asec.ahnlab.com/en/54678/; https://cyberscoop.com/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit/,2023-06-22,2023-12-11
2372,8Base Ransomware Group targeted US company Taylor Made Hose between April 2022 and May 2023,"The US hose manufacturer Taylor Made Hose was hit by a ransomware attack between April 2022 and May 2023. Initial incident reporting did not detail whether attackers encrypted company data, but a range of internal documents were stolen and subsequently leaked. The cybersecurity firm Hackmanac attributes the attack to the emerging ransomware group 8Base. ",2023-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft & Doxing; Hijacking with Misuse; Ransomware,Taylor Made Hose,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,8Base,Not available,Non-state-group,Criminal(s),1,14398,2023-05-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Hackmanac,Hackmanac,United Arab Emirates,8Base,Not available,Non-state-group,https://hackmanac.com/news/8base-extra-cyber-attacks-24-05-2023,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally; https://hackmanac.com/news/8base-extra-cyber-attacks-24-05-2023; https://www.bleepingcomputer.com/news/security/8base-ransomware-gang-escalates-double-extortion-attacks-in-june/; https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html; https://socradar.io/dark-web-profile-8base-ransomware/; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-8base,2023-06-22,2024-04-26
2371,8Base Ransomware Group targeted Italian company SiComputer between April 2022 and May 2023,"The Italian Company SiComputer, which produces IT hardware and offers cloud services, was hit by a ransomware attack between April 2022 and May 2023. Whether the incident resulted in the encryption of data was not immediately publicly reported. The threat actors were able to extract a small amount of data, which the group subsequently leaked. The cybersecurity company Hackmanac attributed the attack to the emerging ransomware group 8Base. ",2023-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse; Ransomware,SiComputer,Italy,EUROPE; NATO; EU(MS),Critical infrastructure; Critical infrastructure,Critical Manufacturing; Digital Provider,8Base,Not available,Non-state-group,Criminal(s),1,14397,2023-05-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Hackmanac,,United Arab Emirates,8Base,Not available,Non-state-group,https://hackmanac.com/news/8base-extra-cyber-attacks-24-05-2023,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally; https://hackmanac.com/news/8base-extra-cyber-attacks-24-05-2023; https://www.bleepingcomputer.com/news/security/8base-ransomware-gang-escalates-double-extortion-attacks-in-june/; https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html; https://socradar.io/dark-web-profile-8base-ransomware/; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-8base,2023-06-22,2024-04-26
2374,"Unknown actors gained access to customer data of the South African retail pharmacy ""Clicks"" on 31 May 2023","The IT systems of the South African retail pharmacy chain ""Clicks"" suffered a data breach on 31 May 2023. Unknown attackers gained access to a few customer data including contact data, ID numbers, and personal healthcare information as related to the purchase of over-the-counter medication. Whether any of the accessed data had also been exfiltrated remained unclear. The company subsequently declared that they had patched vulnerabilities in their system, which had allowed for the attack, and informed affected customers. ",2023-05-31,2023-05-31,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Hijacking without Misuse,Clicks,South Africa,AFRICA; SSA,Critical infrastructure,Health,Not available,Not available,Not available,,1,14400,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,none,none,none,0,Moderate - high political importance,0.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.timeslive.co.za/news/south-africa/2023-06-21-clicks-limits-access-to-customers-personal-data-after-cyber-attack/,2023-06-22,2023-11-21
2370,North Korean state-sponsored hacking group APT37 stole data from and wiretapped unspecified South Korean individuals using information stealer FadeStealer in May 2023,"The North Korean state-sponsored hacking group APT37 stole data from and wiretapped unspecified South Korean individuals using information stealer FadeStealer in May 2023, South Korean IT security company AhnLab reported on 21 June 2023.
The exfiltrated data included screenshots, keylogs, intercepted microphone recordings, and data collected of smartphone devices and removable media.",2023-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,End user(s) / specially protected groups,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,14396,2023-06-21 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,AhnLab,"Korea, Republic of",APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/en/54349/,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/apt37-hackers-deploy-new-fadestealer-eavesdropping-malware/; https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html; https://asec.ahnlab.com/en/54349/,2023-06-22,2023-11-21
2369,Rhysida ransomware group gained access to the IT infrastructure of Kaiserslautern College in Germany on 7 June 2023,"Rhysida ransomware group gained access to the IT infrastructure of Kaiserslautern College in Germany on 7 June 2023.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-06-07,2023-06-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,College Kaiserslautern,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Education,Civil service / administration; ,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15592,2023-06-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://twitter.com/ransomwaremap/status/1671074497363845121,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence,"Economic, social and cultural rights; ",Not available,1,2023-06-09 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Landeskriminalamt Rheinland-Pfalz (GER),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.swr.de/swraktuell/rheinland-pfalz/kaiserslautern/hackerangriff-auf-hochschule-in-kaiserslautern-102.html; https://twitter.com/ransomwaremap/status/1671074497363845121; https://therecord.media/ransomware-attack-kaiserslautern-university-applied-sciences-germany; https://www.hs-kl.de/hochschule/aktuelles/cyberangriff/aktuelle-meldungen-und-hinweise; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-06-21,2024-03-25
2367,Hacking group 'NoName' conducted DDoS attacks against IT systems of the Swiss canton Basel-Stadt on 14 June 2023,"The hacking group 'NoName' conducted DDoS attacks against the IT systems of the Swiss canton Basel-Stadt on 14 June 2023, leaving the website of the canton temporarily inaccessible. ",2023-06-14,2023-06-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Canton of Basel City,Switzerland,EUROPE; WESTEU,State institutions / political system,Government / ministries,NoName057(16) ,Russia,Non-state-group,Hacktivist(s),1,11462,2023-06-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16) ,Russia,Non-state-group,https://t.me/noname05716eng/1696,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bs.ch/nm/2023-auch-kanton-basel-stadt-von-ddos-angriff-betroffen-pd.html; https://t.me/noname05716eng/1696; https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/berichte/fachberichte/ddos-bericht-6-2023.html,2023-06-21,2024-02-05
2366,Hacking group 'NoName' conducted DDoS attacks against IT systems of the swiss canton Nidwalden on 16 June 2023  ,"The hacking group 'NoName' conducted DDoS attacks against IT systems of the Swiss canton Nidwalden and local municipalities on 16 June 2023, temporarily taking several websites offline.",2023-06-16,2023-06-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Canton of Nidwalden,Switzerland,EUROPE; WESTEU,State institutions / political system,Government / ministries,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,11460,2023-06-16 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/1712,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.nw.ch/aktuellesinformationen/103514; https://t.me/noname05716eng/1712; https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/berichte/fachberichte/ddos-bericht-6-2023.html,2023-06-21,2023-07-25
2365,Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023,"The Russian state-sponsored hacking group BlueDelta, better known as APT28, gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities (CVE-2020-35730, CVE-2021-44026 and CVE-2020-12641) beginning in March 2023, the Ukrainian Computer Emergency Response Team (CERT-UA) reported in cooperation with US IT security firm Recorded Future on 20 June 2023.
The hacking group compromised a regional prosecutor's office, a central executive authority as well as unspecified government entities and military entities involved in aviation infrastructure. 
Based on the reported assessments, the operation aimed to support intelligence collection efforts against high-value Ukrainian targets in furtherance of Russia's war efforts. ",2023-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Hijacking without Misuse,None - None - None - None,Ukraine; Ukraine; Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Judiciary -  - Military,,Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13780; 13780; 13780; 13780; 13780; 13780; 13780; 13780,2023-06-20 00:00:00; 2023-06-20 00:00:00; 2023-06-20 00:00:00; 2023-06-20 00:00:00; 2023-06-20 00:00:00; 2023-06-20 00:00:00; 2023-06-20 00:00:00; 2023-06-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,CERT-UA; CERT-UA; Recorded Future; Recorded Future; CERT-UA; CERT-UA; Recorded Future; Recorded Future,Recorded Future; Recorded Future; Recorded Future; Recorded Future; Recorded Future; Recorded Future; Recorded Future; Recorded Future,United States; Ukraine; United States; Ukraine; United States; Ukraine; United States; Ukraine,; ; ; ; ; ; ; ,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2023-0620.pdf; https://cert.gov.ua/article/4905829,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-06-20 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Armed conflict; Sovereignty,Prohibition of intervention; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/; https://therecord.media/russia-fancy-bear-hackers-targeted-ukraine; https://cert.gov.ua/article/4905829; https://go.recordedfuture.com/hubfs/reports/cta-2023-0620.pdf; https://securityaffairs.com/147681/apt/apt28-hacked-roundcube-ukraine.html; https://therecord.media/cisa-latest-vmware-analytics-bug-being-exploited; https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-bugs-exploited-by-russian-hackers/; https://securityaffairs.com/147797/breaking-news/security-affairs-newsletter-round-425-by-pierluigi-paganini-international-edition.html; https://securityaffairs.com/147782/hacking/known-exploited-vulnerabilities-catalog-apple-bugs.html; https://research.checkpoint.com/2023/11th-september-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/european-govt-email-servers-hacked-using-roundcube-zero-day/; https://securityaffairs.com/153131/apt/france-anssi-apt28.html; https://www.techrepublic.com/article/winter-vivern-exploits-zero-day-roundcube-webmail/; https://www.bleepingcomputer.com/news/security/france-says-russian-state-hackers-breached-numerous-critical-networks/; https://www.bleepingcomputer.com/news/security/russian-military-hackers-target-nato-fast-reaction-corps/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2023-06-21,2023-10-30
2368,Italian machine producer Blowtherm suffered cyber attack in June 2023,The Italian mechanical engineering company and automotive supplier Blowtherm from Padua in northern Italy suffered a cyber attack starting on 16 or 17 June 2023. The attack by unknown actors caused a complete failure of the company's computer systems. The company launched an investigation contracting outside security experts. Whether the incident was related to a ransomware attack could not immediately be confirmed.,2023-06-17,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Blowtherm,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,13777,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://mattinopadova.gelocal.it/padova/cronaca/2023/06/20/news/blowtherm_hacker_padova_peghin-12867727/?__vfz=medium%3Dsharebar,2023-06-21,2023-10-19
2363,Hacker group CL-STA-0043 gained access to the networks of Middle Eastern and African government entities with the aim to steal information,"The hacker group CL-STA-0043 gained access to the networks of Middle Eastern and African government entities with the aim to steal information affecting individuals, embassies, and military-related organisations, US IT security firm Palo Alto Networks reported on 14 June 2023. 
Palo Alto suspects CL-STA-0043 to be a nation-state threat actor. ",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Africa; Middle East (region), - ,State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,CL-STA-0043,Not available,State,,1,13775,2023-06-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,United States,CL-STA-0043,Not available,State,https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/06/state-backed-hackers-employ-advanced.html; https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/; https://www.bleepingcomputer.com/news/security/hackers-use-new-agent-raccoon-malware-to-backdoor-us-targets/,2023-06-20,2024-01-12
2362,Pro-Russian Hacktivists Target website of the European Investment Bank with DDoS Attack on 19 June 2023,"On 19 June 2023, the website of the European Investment Bank (EIB) became the target of a DDoS attack apparently carried out by the pro-Russian hacking group known as Killnet. The attack ranks among the larger campaigns of pro-Russian hackers in response to European support for Ukraine. Killnet claimed responsibility for the attack on the EIB's inter-network infrastructure which caused the bank's website to go offline. On its Telegram channel, Killnet announced its intention to sanction European money transfer systems such as SEPA, IBAN, WIRE, SWIFT and WISE. According to Twitter communications by the EIB of the same day, the website of the European Investment Fund (EIF) was also affected. ",2023-06-19,2023-06-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,European Investment Bank (EIB),EU (institutions),,International / supranational organization,,Killnet,Russia,Non-state-group,Hacktivist(s),1,13774,2023-06-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://t.me/killnet_reservs/6968,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,Not available,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://cybernews.com/news/european-investment-bank-cyberattack-russia/; https://twitter.com/EIB/status/1670783791600656384?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1670783791600656384%7Ctwgr%5E5d38e8bf9feac1debd2663afb1224b4d1d11f7fe%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcybernews.com%2Fnews%2Feuropean-investment-bank-cyberattack-russia%2F; https://t.me/killnet_reservs/6968; https://www.techrepublic.com/article/anonymous-sudan-attacks-european-investment-bank/; https://quointelligence.eu/2023/06/weekly-threat-intelligence-snapshot-week-25-2023/?lang=de; https://socradar.io/overview-of-cloudflares-2023-q2-ddos-threat-report/,2023-06-20,2023-10-19
2361,TimisoaraHackerTeam ransomware group targeted an unnamed Cancer Center in the US in June 2023,"The US Department of Health and Human Services reported a ransomware attack on a cancer treatment facility that disrupted patient treatment capabilities, digital services and threatened exposure of the patients' health and personal information. The incident was disclosed in a notification published on 16 June 2023. The government alert ties the intrusion to TimisoaraHackerTeam, a relatively unknown threat actor that was discovered by security researchers in 2018 and has previously attacked healthcare sector entities globally. The group's name includes a reference to a Romanian town and source code elements of its main ransomware module are believed to have been developed by Romanian speakers. Whether these characteristics are planted false leads remains under investigation. The group's methods reportedly suggest possible connections to other threat actors such as DeepBlueMagic and various Chinese hackers, including APT41, fueling speculation about operational coordination.",2023-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Not available,United States,NATO; NORTHAM,Critical infrastructure,Health,TimisoaraHackerTeam (THT),Not available,Non-state-group,Criminal(s),1,13773,2023-06-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity, US Department of Health and Human Services,Not available,United States,TimisoaraHackerTeam (THT),Not available,Non-state-group,https://www.hhs.gov/sites/default/files/healthcare-public-health-sector-cybersecurity-notification.pdf,Unknown,Not available,,Not available,,1,2023-06-16 00:00:00,State Actors: Preventive measures,Awareness raising,United States,US Department of Health and Human Services,No,,Phishing,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govinfosecurity.com/feds-warn-health-sector-timisoarahackerteam-threats-a-22325; https://www.hhs.gov/sites/default/files/healthcare-public-health-sector-cybersecurity-notification.pdf,2023-06-20,2023-10-19
2360,Indian APT 'DoNot' targeted Pakistani indivduals using malicious apps,"The suspected Indian APT group 'DoNot'/'APT-C-35' used malicious apps to target and steal data from individuals based in Pakistan. The Android apps 'nSure Chat' and 'iKHfaa VPN' that copied software from other applications were offered in the Google Play Store and probably promoted by a spear messaging campaign. After being downloaded the apps allowed for the extraction of contact data and precise location information from the infected mobile device. This could be the first stage of a campaign gathering information for the more targeted and sophisticated second stage attack. 
The cybersecurity firm Cyfirma attributed the campaign to the Indian threat actor DoNot/APT-C-35 based on similarities with previously identified activity. SOC Radar in March 2023 noted that DoNot Team is believed to be linked to the Indian government. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,South Asia (region); Pakistan, - ASIA; SASIA; SCO,Unknown - Unknown, - ,DoNot Team/ APT-C-35,India,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,13771,2023-06-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cyfirma,,Singapore,DoNot Team/ APT-C-35,India,"Non-state actor, state-affiliation suggested",https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/,Territory; Resources; International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights,; Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/android-spyware-camouflaged-as-vpn-chat-apps-on-google-play/; https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/; https://socradar.io/apt-profile-apt-c-35-donot-team/; https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html; https://www.bleepingcomputer.com/news/security/hackers-steal-signal-whatsapp-user-data-with-fake-android-chat-app/,2023-06-20,2023-10-19
2358,"Unknown actors stole data from Des Moines Public School District, IA (US), in ransomware attack detected on 9 January 2023","Des Moines Public Schools, a school district in Iowa (US) that is responsible for over 60 schools, fell victim to a ransomware attack that was detected on 9 January 2023. On 19 June 2023 the school district confirmed the nature of the attack and that data had been exfiltrated in the process. The district is now reaching out to nearly 6,700 individuals who have been potentially affected by the breach. In the immediate aftermath of the attack, all classes were cancelled for several days, impacting 31,000 students and 5,000 staff. The district declared in a statement that it would not pay any ransom.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Des Moines Public School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Unknown - not attributed,,1,13770,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/iowas-largest-school-district-confirms-ransomware-attack-data-theft/; https://www.bleepingcomputer.com/news/security/iowa-s-largest-school-district-cancels-classes-after-cyberattack/; https://therecord.media/iowa-school-district-cancels-classes-another-day-due-to-cyberattack/; https://www.securityweek.com/iowas-largest-city-cancels-classes-due-cyber-attack; https://twitter.com/ransomwaremap/status/1612708349635710978; https://research.checkpoint.com/2023/16th-january-threat-intelligence-report/; https://www.dmschools.org/news_release/dmps-notifies-individuals-of-data-security-incident/; https://www.databreaches.net/iowas-largest-school-district-confirms-ransomware-attack-data-theft/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-23rd-2023-the-reddit-files/; https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack,2023-06-20,2023-12-18
2355,Alleged Russian false-flag operation Anonymous Sudan disrupted at least three Microsoft services with DDoS attacks in the second week of June 2023,"Alleged Russian false-flag operation Anonymous Sudan disrupted at least three Microsoft services with DDoS attacks during 5-9 June 2023, according to Telegram posts by the hacktivist group as well as subsequent confirmation from Microsoft.
On 5 June, the hacking group, tracked by Microsoft as Storm-1359, disrupted the web portal of Microsoft's cloud-based Outlook email service, first in the morning and then late in the evening. On the same day, the hacker group declared that they were carrying out DDoS attacks in response to the US government's interference in Sudan's internal affairs. Outlook disruptions intermittently continued until 7 June.
On 8 June, the hacker group disrupted access to Microsoft's OneDrive service and on the following day to Microsoft's Azure portal.
The disruption attempts were accompanied by demands of $ 1 million to stop the DDoS attacks. 
On 2 July, Anonymous Sudan further claimed to having obtained credentials for 30 million customer accounts of Microsoft and offered the data for sale for 50,000 $. A Microsoft spokesperson denied the theft of customer data upon request by BleepingComputer on July 3. Past activities by the group have been attributed as an alleged Russian false-flag operation by the hacktivist group Killnet. ",2023-06-05,2023-06-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Microsoft,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),4,17303; 17305; 17306; 17304,2023-06-05 00:00:00; 2023-06-06 00:00:00; 2023-06-08 00:00:00; 2023-06-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Not available; Not available; Not available; Not available,Russia; Russia; Russia; Russia,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Russia; Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://t.me/AnonymousSudan/1395; https://t.me/AnonymousSudan/1401; https://t.me/AnonymousSudan/1414; https://t.me/AnonymousSudan/1425; https://t.me/AnonymousSudan/1450; https://t.me/AnonymousSudan/1460,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://english.elpais.com/science-tech/2023-06-18/microsoft-says-early-june-disruptions-to-outlook-and-cloud-platform-were-cyberattacks.html; https://socradar.io/us-experiences-increased-dos-and-ddos-activities-across-multiple-sectors/; https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-azure-outlook-outages-caused-by-ddos-attacks/; https://www.bleepingcomputer.com/news/microsoft/outlookcom-hit-by-outages-as-hacktivists-claim-ddos-attacks/; https://www.bleepingcomputer.com/news/microsoft/microsoft-onedrive-down-worldwide-following-claims-of-ddos-attacks/; https://www.bleepingcomputer.com/news/microsoft/microsofts-azure-portal-down-following-new-claims-of-ddos-attacks/; https://www.bleepingcomputer.com/news/microsoft/microsoft-azure-portal-outage-was-caused-by-traffic-spike-/; https://twitter.com/MSFT365Status/status/1665814515198435329; https://twitter.com/MSFT365Status/status/1665857657964560387; https://twitter.com/MSFT365Status/status/1666204500313399329; https://azure.status.microsoft/status/history/; https://msrc.microsoft.com/blog/2023/06/microsoft-response-to-layer-7-distributed-denial-of-service-ddos-attacks/; https://t.me/AnonymousSudan/1395; https://t.me/AnonymousSudan/1401; https://t.me/AnonymousSudan/1407; https://t.me/AnonymousSudan/1410; https://t.me/AnonymousSudan/1414; https://t.me/AnonymousSudan/1425; https://t.me/AnonymousSudan/1450; https://t.me/AnonymousSudan/1460; https://www.channelnewsasia.com/business/microsoft-says-early-june-service-outages-were-cyberattacks-3570041; https://securityaffairs.com/147605/hacking/microsoft-outages-ddos.html; https://thehackernews.com/2023/06/microsoft-blames-massive-ddos-attack.html; https://www.databreaches.net/microsoft-admitted-it-was-targeted-in-a-cyber-attack-claimed-by-a-russian-linked-group-called-anonymous-sudan/; https://www.techradar.com/news/microsoft-azure-outage-caused-by-huge-spike-that-could-have-been-a-ddos-attack; https://www.techrepublic.com/article/anonymous-sudan-attacks-european-investment-bank/; https://www.bleepingcomputer.com/news/microsoft/outlook-for-the-web-outage-impacts-users-across-america/; https://www.bleepingcomputer.com/news/security/cisa-issues-ddos-warning-after-attacks-hit-multiple-us-orgs/; https://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/; https://securityaffairs.com/148119/hacktivism/anonymous-sudan-claims-stolen-microsoft-data.html; https://www.hackread.com/microsoft-anonymous-sudan-stolen-accounts/; https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-outlookcom-bug-breaking-email-search/; https://quointelligence.eu/2023/06/weekly-threat-intelligence-snapshot-week-25-2023/?lang=de; https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/; https://www.darkreading.com/threat-intelligence/killnet-kremlin-connection-unclear-cybercrime-collective-grows; https://www.bleepingcomputer.com/news/security/hacktivists-fund-their-operations-using-common-cybercrime-tactics/; https://socradar.io/major-cyberattacks-in-review-july-2023/; https://www.bbc.co.uk/news/technology-66668053?at_medium=RSS&at_campaign=KARANGA; https://www.darkreading.com/attacks-breaches/anonymous-sudan-sets-sights-telegram-ddos-attack; https://securityaffairs.com/150690/hacking/anonymous-sudan-ddos-on-telegram.html; https://www.bleepingcomputer.com/news/technology/cloudflare-website-downed-by-ddos-attack-claimed-by-anonymous-sudan/; https://securityaffairs.com/153939/hacktivism/chatgpt-chatgpt-ddos-attack.html; https://www.bleepingcomputer.com/news/security/openai-confirms-ddos-attacks-behind-ongoing-chatgpt-outages/; https://www.hackread.com/chatgpt-down-openai-ddos-attacks-outages/; https://www.bleepingcomputer.com/news/microsoft/microsoft-says-outlook-apps-cant-connect-to-outlookcom/; https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-connection-issue-affecting-outlook-email-apps/,2023-06-19,2024-02-20
2357,Unknown actors infected mobile phones of Belgian police officers and judges with spyware since at least 2022,"Unknown actors have infected the mobile phones of Belgian police officers and judges with spyware since at least 2022, the Belgian public broadcaster RTBF reported on 15 June 2023, based on anonymous sources. 
Details on the number of police officers and judges affected, the type of spyware used and possible motivations were not immediately clear. 
The only person affected who was mentioned with full name is Michel Claise, investigating judge in Brussels. Claise is presiding over proceedings related to the so-called Qatargate case, in which certain officials of the European Parliament, lobbyists, and their families have been accused of being influenced by the governments of Qatar, Morocco, and Mauritania. RTBF also reported that its sources believe that Belgian authorities have been spied on because of their responsibilities in the investigation of Qatargate. RTBF, however, notes that this hypothesis is challenged by infections that predate public reporting on Qatargate in December 2022. Access obtained through the spyware may have allowed the actors behind the operation to gather intelligence on the state of the investigation or to put pressure on the people involved in the investigation through information discovered on their phones. ",2022-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,"Michel Claise (Investigating Judge in Brussels, Belgium) - Not available - Not available",Belgium; Belgium; Belgium,EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system - State institutions / political system - State institutions / political system,Judiciary - Judiciary - Police,Not available,Not available,Not available,,1,12997,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,,0.0,euro,Not available,Human rights,Civic / political rights,Not available,1,2023-06-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Belgium,Federal Computer Crime Unit (FCCU),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.rtbf.be/article/un-logiciel-espion-dans-le-telephone-de-policiers-et-de-magistrats-belges-dont-le-juge-michel-claise-11213192,2023-06-19,2023-09-12
2356,Hacktivist group Anonymous gained access to the Selyatino Agrohub near Moscow on 26 February 2022,"The hacktivist collective Anonymous gained access to the Selyatino Agrohub near Moscow on 26 February 2022, the Securitylab blog of Russian IT security company Positive Technologies reported on 2 March 2022, based on a letter from logistics company Slavtrans-Service to the Russian Ministry of Agriculture. 
Anonymous sought to spoil thousands of tonnes of food stored there by setting the operating temperature from -24°C to +30°C shortly after gaining access to the head controller manufactured by Danish refrigeration and heating company Danfoss. Securitylab reports these attempts were discovered and prevented before they resulted in any impact.",2022-02-26,2022-02-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking with Misuse,Selyatino Agrohub,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Food,Anonymous,Not available,Non-state-group,Hacktivist(s),1,12996,2022-03-02 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker,Positive Technologies,Positive Technologies,Russia,Anonymous,Not available,Non-state-group,https://www.securitylab.ru/news/530388.php,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.securitylab.ru/news/530388.php,2023-06-19,2024-03-06
2354,Russia-linked state-sponsored hacking group Shuckworm gained access to a variety of Ukrainian organisations beginning in February 2023,"The Russia-linked state-sponsored hacking group Shuckworm (aka Gamaredon) gained access to a variety of Ukrainian organisations from February 2023 to, in some cases, May 2023, US IT security firm Symantec reported on 15 June 2023. Ukrainian officials previously had linked Shuckworm to the FSB.
The hacking group intended to infiltrate organisations holding military and security intelligence to support the ongoing Russian invasion. Human resource departments of victim organizations, in particular, were a frequent target - suggesting an interest in information about individuals working at the respective institutions. The group also searched for reports on the number of dead Ukrainian military service members, enemy engagements and air strikes, arsenal inventories, and military training activities on compromised systems. 
A new PowerShell script deployed by Shuckworm identifies and spreads to any removable media connected to infected devices, in the apparent attempt to migrate attack tools to air-gapped systems within compromised organisations.",2023-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Unknown; State institutions / political system; Critical infrastructure; State institutions / political system,; Government / ministries; Research; Military,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11733,2023-06-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Armed conflict; Sovereignty,Non-state actors; Civic / political rights; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/147497/apt/gamaredon-targets-ukraine-new-ttps.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military; https://thehackernews.com/2023/06/new-report-reveals-shuckworms-long.html; https://www.bleepingcomputer.com/news/security/russian-hackers-use-powershell-usb-malware-to-drop-backdoors/; https://www.govinfosecurity.com/russian-hackers-using-usb-malware-to-target-ukraine-a-22318; https://securityaffairs.com/147570/breaking-news/security-affairs-newsletter-round-424.html,2023-06-16,2023-09-05
2353,Suspected Chinese threat actor UNC4841 exploited zero-day vulnerability in Barracuda Email Security Gateway to conduct espionage against victim organisations in at least 16 countries since 10 October 2022,"Victim organisations using the Email Security Gateway offered by the IT security company Barracuda started receiving emails designed to exploit the zero-day vulnerability CVE-2023-2868 starting on 10 October 2022. The malicious acitivity was first detected on 19 May 2023 by Barracuda, which launched an investigation in cooperation with the threat intelligence company Mandiant. The investigation uncovered a large-scale campaign that in many cases had successfully extracted data from infected systems. Among the victims from at least 16 different countries are academic targets in Taiwan and Hong Kong as well as government officials in Southeast Asia. Nearly a third of the victims are from the public sector. Mandiant assessed with high confidence that the campaign by the threat actor UNC4841 was conducted in support of the People's Republic of China. 
Barracuda distributed a patch to close the vulnerability on the day after it was discovered, on May 20. Concerns about threat actors persisting in virtual or hardware ESG appliances subsequently led the company to advise the immediate replacement of compromised appliances, irregardless of whether patches had been applied.
On 29 August 2023, Mandiant published a subsequent technical report with new findings. According to this report, the cyber incident lasted into June 2023, and especially after Barracuda published the given vulnerability in May 2023, UNC4841 attempted to maintain access to certain already compromised environments they deemed most important with additional malware. The additional malware was the SKIPJACK, DEPTHCHARGE and FOXTROT backdoors and the FOXGLOVE launcher. The technical report also provided new information on the exact organisations and regions affected. ",2022-10-10,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Ecuador; Nicaragua; Mexico; Canada; Paraguay; Argentina; United States; Peru; Panama; Costa Rica; Chile; Brazil; Not available; Czech Republic; Serbia; France; Bulgaria; Ireland; Switzerland; Denmark; Turkey; Japan; Norway; Belgium; Egypt; Iceland; Germany; United Kingdom; Spain; Poland; Indonesia; Cyprus; Austria; Bahrain; Montenegro; Latvia; Croatia; Bangladesh; Yemen; Qatar; Vietnam; Netherlands; Oman; Mongolia; Armenia; North Macedonia; Israel; Slovakia; Tunisia; Kenya; Pakistan; Cameroon; Cambodia; Malaysia; Uganda; Saudi Arabia; Lebanon; Nepal; Italy; India; Romania; Moldova, Republic of; Thailand; Morocco; Burundi; Albania; Sri Lanka; United Arab Emirates; Botswana; Australia; China; Taiwan; Hong Kong", - CENTAM -  - NATO; NORTHAM - SOUTHAM - SOUTHAM - NATO; NORTHAM - SOUTHAM - CENTAM - CENTAM - SOUTHAM - SOUTHAM -  - EUROPE; NATO; EU(MS); EASTEU - EUROPE; BALKANS; WBALKANS - EUROPE; NATO; EU(MS); WESTEU - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; EU(MS); NORTHEU - EUROPE; WESTEU - EUROPE; NATO; EU(MS); NORTHEU - ASIA; NATO; MEA - ASIA; SCS; NEA - EUROPE; NATO; NORTHEU - EUROPE; EU(MS); NATO; WESTEU - MENA; MEA; AFRICA; NAF - EUROPE; NATO; NORTHEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); EASTEU - ASIA; SCS; SEA - EUROPE; EU(MS); MEA - EUROPE; EU(MS); WESTEU - ASIA; MENA; MEA; GULFC - EUROPE; BALKANS; NATO; WBALKANS - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; BALKANS; NATO; EU(MS) - ASIA; SASIA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; SCS; SEA - EUROPE; NATO; EU(MS); WESTEU - ASIA; MENA; MEA; GULFC - ASIA; EASIA; NEA - ASIA; CENTAS; CSTO - EUROPE; BALKANS; NATO; WBALKANS - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); EASTEU - AFRICA; NAF; MENA - AFRICA; SSA - ASIA; SASIA; SCO - AFRICA; SSA - ASIA; SEA - ASIA; SCS; SEA - AFRICA; SSA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; SASIA - EUROPE; NATO; EU(MS) - ASIA; SASIA; SCO - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; EASTEU - ASIA; SEA - AFRICA; NAF; MENA - AFRICA; SSA - EUROPE; BALKANS; NATO; WBALKANS - ASIA; SASIA - ASIA; MENA; MEA; GULFC - AFRICA; SSA - OC - ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS - ASIA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Education; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - International / supranational organization - State institutions / political system; Critical infrastructure; Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Education; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Judiciary; Military; Police; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Judiciary; Military; Police; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Judiciary; Military; Police; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research -  - Government / ministries; Energy; ; Civil service / administration; Military; Transportation; Health; Telecommunications; Finance; ; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; ; ; Civil service / administration; Military; Transportation; Health; Telecommunications; ; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; Religious; ; ; Civil service / administration; Military; Transportation; Health; ; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; Religious; ; ; Civil service / administration; Military; Transportation; Health; ; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research - Government / ministries; Energy; Religious; ; ; Civil service / administration; Military; Transportation; Health; ; Telecommunications; Finance; Defence industry; Space; Critical Manufacturing; Research,UNC4841 ,China,Non-state-group,Hacktivist(s),1,12599,2023-06-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,Mandiant,United States,UNC4841 ,China,Non-state-group,https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally,Autonomy; International power; Secession,Autonomy; Secession; Secession,China (Hong Kong); China (Taiwan); China (Hong Kong),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,Yes,One,Phishing,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,9.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,0.0,11-20,14.0,,0.0,euro,None/Negligent,Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://krebsonsecurity.com/2023/06/cisa-order-highlights-persistent-risk-at-network-edge/; https://www.darkreading.com/attacks-breaches/critical-barracuda-esg-zero-day-chinese-apt; https://securityaffairs.com/147511/apt/barracuda-esg-zero-day-china-apt.html; https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html; https://www.databreaches.net/google-claims-it-caught-china-government-hackers-redhanded-breaking-into-hundreds-of-networks-around-the-world/; https://therecord.media/attacks-on-barracuda-linked-to-china; https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html; https://www.bleepingcomputer.com/news/security/barracuda-esg-zero-day-attacks-linked-to-suspected-chinese-hackers/; https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally; https://www.databreaches.net/chinese-nation-state-actor-behind-barracuda-esg-attacks/; https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html; https://cybergeeks.tech/a-technical-analysis-of-the-saltwater-backdoor-used-in-barracuda-0-day-vulnerability-cve-2023-2868-exploitation/; https://securityaffairs.com/148942/malware/submarine-backdoor-barracuda-esg-attacks.html; https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html; https://www.bleepingcomputer.com/news/security/cisa-new-submarine-malware-found-on-hacked-barracuda-esg-appliances/; https://www.darkreading.com/attacks-breaches/cisa-submarine-backdoor-barracuda-email-security; https://securityaffairs.com/149392/hacking/whirlpool-backdoor-barracuda-esg-attacks.html; https://www.bleepingcomputer.com/news/security/cisa-new-whirlpool-backdoor-used-in-barracuda-esg-hacks/; https://www.darkreading.com/threat-intelligence/cisa-whirlpool-backdoor-barracuda-esg-security; https://www.bleepingcomputer.com/news/security/fbi-warns-of-patched-barracuda-esg-appliances-still-being-hacked/; https://www.govinfosecurity.com/us-fbi-urges-action-on-barracuda-esg-hacking-a-22918; https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/230823-1.pdf; https://thehackernews.com/2023/08/urgent-fbi-warning-barracuda-email.html; https://securityaffairs.com/149845/hacking/barracuda-esg-cve-2023-2868-flaw.html; https://www.heise.de/news/FBI-Warnung-Barracuda-ESG-Appliances-noch-immer-bedroht-umgehend-entfernen-9284695.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://securityaffairs.com/150055/apt/barracuda-esg-us-gov-server.html; https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation; https://arstechnica.com/security/2023/08/barracuda-thought-it-drove-0-day-hackers-out-of-customers-networks-it-was-wrong/; https://www.mandiant.com/resources/blog/traditional-advice-modern-threats; https://therecord.media/china-barracuda-bug-target-us-agencies-research; https://thehackernews.com/2023/08/chinese-hacking-group-exploits.html; https://www.malwarebytes.com/blog/news/2023/08/barracuda-patch-is-not-effective-warns-fbi; https://www.bleepingcomputer.com/news/security/us-govt-email-servers-hacked-in-barracuda-zero-day-attacks/; https://www.govinfosecurity.com/chinese-hackers-anticipated-barracuda-esg-patch-a-22964; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://thehackernews.com/2023/08/earth-estries-espionage-campaign.html; https://research.checkpoint.com/2023/4th-september-threat-intelligence-report/; https://www.darkreading.com/edge/why-identity-management-key-stopping-apt-cyberattacks; https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/; https://www.computerweekly.com/de/feature/10-der-groessten-Zero-Day-Angriffe-im-Jahr-2023,2023-06-16,2024-03-05
2352,"Apparent Russian hacker group gained access to network of Ukrainian video game developer GSC Game World, stealing and leaking a version of the first-person shooter game S.T.A.L.K.E.R. 2 in 2022","An apparent Russian hacker group gained access to the network of Ukrainian video game developer GSC Game World and stole as well as leaked a version of the first-person shooter game S.T.A.L.K.E.R. 2: Heart of Chornobyl in 2022. 
The stolen files were distributed via the Russian social network VK by an account called ""That Very Stalker"" on 30 May 2023. Two days later, on 1 June, the Ukrainian video game developer GSC Game World confirmed that Russian hackers had gained access to the internal test builds of the studio through a vulnerability. The Ukrainian company said that they have been attacked by Russian hackers for one and a half years. 
British computer magazine PC Gamer connected the leak to a message from 11 March 2023, when the same VK account claimed to have stolen content from the game. In his message, the account demanded that the Ukrainian video game developer apologize to Russian and Belarusian gamers, lift the ban on user NF Star on Discord, and restore Russian localization for the upcoming Stalker 2 game. The Ukrainian game developer confirmed the compromise of an employee account a day later, on 12 March. ",2022-01-01,2023-05-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,GSC Game World,Ukraine,EUROPE; EASTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Not available,Russia,Non-state-group,Hacktivist(s),3,11731; 11729; 11730,2023-06-01 00:00:00; 2023-03-12 00:00:00; 2023-06-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Receiver attributes attacker; Receiver attributes attacker,PC Gamer; GSC Game World; GSC Game World,Not available; Not available; Not available,United Kingdom; Ukraine; Ukraine,Not available; Not available; Not available,Russia; Russia; Russia,Non-state-group; Unknown - not attributed; Unknown - not attributed,https://www.pcgamer.com/gsc-game-world-says-russian-hackers-are-leaking-stalker-2-test-builds-please-dont-look-at-them/?utm_source=substack&utm_medium=email; https://twitter.com/stalker_thegame/status/1664315994683195412; https://twitter.com/stalker%5Fthegame/status/1634939872317411329,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Intellectual property law; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Dennis_Kipker/status/1664260031385157635; https://www.pcgamer.com/gsc-game-world-says-russian-hackers-are-leaking-stalker-2-test-builds-please-dont-look-at-them/?utm_source=substack&utm_medium=email; https://twitter.com/stalker_thegame/status/1664315994683195412; https://twitter.com/stalker%5Fthegame/status/1634939872317411329; https://vk.com/wall-165011456_31259; https://vk.com/vestnik_tss?w=wall-165011456_49833,2023-06-15,2023-07-18
2349,Pro-Russian Hacktivist Group 'NoName' Disrupted Website Of Geneva International Airport With DDoS Attacks On 13 June 2023,"The pro-Russian hacktivist group NoName057(16) temporarily shut down the website of the Geneva International Airport through a DDoS attack on 13 June 2023. The attack lines up with disruptions directed against parts of the Swiss Federal Administration and state-related companies on the previous day and in the previous week against the Swiss Parliament.
The attacks are believed to be a reaction to Switzerland's adoption of an EU sanctions package against Moscow and coincide with the announcement of a video message by Ukrainian President Volodymyr Zelenskyy to the Swiss Parliament scheduled for 15 June. 

",2023-06-13,2023-06-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Geneva International Airport (GVA),Switzerland,EUROPE; WESTEU,Critical infrastructure,Transportation,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,11727,2023-06-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/1685,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://t.me/noname05716eng/1685; https://www.channelnewsasia.com/world/pro-russian-hackers-step-attacks-against-swiss-targets-authorities-say-3559391; https://www.abc.es/sociedad/violamos-empresas-vendemos-datos-hackers-prorrusos-noname-20230725194555-nt.html; https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/berichte/fachberichte/ddos-bericht-6-2023.html,2023-06-14,2023-08-22
2347,Russian ransomware group 'Akira' attacked the state-owned Development Bank of South Africa (DBSA) on 21 May 2023,"The Russian ransomware group 'Akira' attacked the state-owned Development Bank of South Africa (DBSA) on 21 May 2023. Initial investigations suggest stolen information may involve personal data of employees, including ID numbers, as well as the names, addresses and financial information of shareholders. The group threatened to publish exfiltrated data online unless its ransom demands were met. DBSA stated that the Akira gang is based in Russia.
Later on, Akira denied the responsibility for the attack, claiming that ""unknown actors"" used its ransomware without permission, also offering help to the bank in order to recover its systems.",2023-05-21,2023-05-21,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Development Bank of Southern Africa (DBSA),South Africa,AFRICA; SSA,Critical infrastructure,Finance,Akira Ransomware Group/Storm-1567,Russia,Non-state-group,Criminal(s),1,11726; 11726,2023-06-12 00:00:00; 2023-06-12 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Contested attribution,Development Bank of South Africa (DBSA); Development Bank of South Africa (DBSA),Not available; Not available,South Africa; South Africa,Akira Ransomware Group/Storm-1567; Akira Ransomware Group/Storm-1567,Russia; Russia,Non-state-group; Non-state-group,https://www.dbsa.org/press-releases/notification-security-compromise,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/development-bank-of-southern-africa-akira-ransomware-attack; https://www.dbsa.org/press-releases/notification-security-compromise; https://riskybiznews.substack.com/p/risky-biz-news-romania-to-hack-back?utm_source=substack&utm_medium=email; https://therecord.media/decryptor-released-for-akira-ransomware-avast; https://therecord.media/yamaha-confirms-cyberattack-after-multiple-ransomware-gangs-claim; https://therecord.media/akira-ransomware-early-victims-conti-links; https://therecord.media/akira-ransomware-attacked-hundreds-millions,2023-06-14,2024-04-19
2350,Unknown actors accessed the network of Commonwealth Health Physician Network-Cardiology beginning on 2 February 2023,"Unknown actors accessed the network of the Commonwealth Health Physician Network-Cardiology, also known as the Great Valley Cardiology (GVC), in Pennsylvania during 2 February to 14 April 2023, the GVC's parent organization Commonwealth Health Physician Network reported on its website on 12 June 2023.
Whether any of the accessed information has been exfiltrated remains under investigation. The information concerned varied among the 181,764 patients notified in the data breach but included names, addresses, dates of birth, social security numbers, driver’s license numbers, passport numbers, credit card or debit card information, bank account information, health insurance information and health insurance claims information, and medical information (such as dates of service, diagnoses, medications, lab results, and other treatment information).",2023-02-02,2023-04-14,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Commonwealth Health Physician Network-Cardiology / Great Valley Cardiology (GVC),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,11728,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/commonwealth-health-physician-network-cardiology-notified-181764-patients-of-network-breach/; https://www.cwhphysiciannetwork.net/security-incident; https://news.yahoo.com/records-more-181-000-patients-000400881.html,2023-06-14,2023-07-18
2346,Ransomware group Play encrypted data of the Swiss software developer Xplain and stole information belonging to Swiss state authorities,"The Play ransomware group encrypted data of the Swiss software developer Xplain and stole data belonging to Swiss state authorities. 
On 22 May 2023, the Play ransomware group claimed to have stolen approximately 907 GB from Xplain and disclosed an initial sample on 1 June. This sample included contracts, technical specifications, identifiers for access to certain services linked to IT projects within the Swiss Federal Police and some cantonal police forces. In addition, the sample included unspecified documents related to the Federal Office for Customs and Border Security (FOCBS), the RUAG defence company, the Swiss Air-Rescue (Rega), and the Swiss Armed Forces. 
The National Cyber Security Centre (NCSC) of Switzerland announced on 8 June that operational data of the Federal Administration may have been part of exfiltrated files. Initially, Xplain gave assurances that client data had not been affected. Both the Federal Police and FOCBS uphold assessments that the stolen data concerning them at a maximum could involve correspondence between their offices and Xplain. The NCSC announced on 14 June that operational data of the Federal Administration had been exfiltrated from Xplain and leaked. According to Swiss media reports disclosed data included security measures of the Federal Police to protect foreign dignitaries and embassies, as well as information relating to Interpol Red Notices. Why this information was stored on Xplain systems, possibly in an unencrypted format, remains subject to federal investigations.
On 10 June, the Neue Züricher Zeitung (NZZ) wrote that data from the Swiss Federal Railways and the canton of Aargau had also been exfiltrated. The data from the canton of Aargau is said to be operational data from error logs that Xplain stored. On 13 June, it became known that the Liechtenstein National Police was also affected, but presumably only project information had been accessed via Xplain.
An NCSC report published on 7 March 2024 indicated that around 1.3 million documents were published on the dark net the aftermath of the theft, with 65,000 documents being relevant to the NCSC. 95% of these files affect the administrative units of the Federal Department of Justice and Police (FDJP): the Federal Office of Justice, the Federal Office of Police, the State Secretariat for Migration, and the internal IT service center ISC-FDJP. Just over 3% of the data impacts the Federal Department of Defence, Civil Protection and Sport (DDPS).
Around 5,000 documents contained sensitive information, including personal data (names, email addresses, telephone numbers, and addresses), technical details, classified information, and account passwords, while another small set of only a few hundred files contained IT system documentation, software or architectural data, and passwords.",,2023-06-01,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Federal Administration of Switzerland - None - Swiss Federal Railways (SBB) - None - None,Switzerland; Switzerland; Switzerland; Switzerland; Switzerland,EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU,State institutions / political system - State institutions / political system - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system,Civil service / administration - Government / ministries - Transportation -  - Government / ministries,,Russia,Non-state-group,Criminal(s),2,17891; 17890,2023-05-23 00:00:00; 2023-05-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Attacker confirms,Watson; PLAY,Not available; Not available,Switzerland; Not available,,Russia; Not available,Non-state-group; Non-state-group,https://www.watson.ch/digital/ransomware/671465872-ransomware-bande-play-hackt-schweizer-anbieterin-von-polizei-software,Unknown,Not available,,Not available,,1,2023-06-08 00:00:00,State Actors: Stabilizing measures,,Switzerland,"National Cyber Security Centre (NCSC, Switzerland)",No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,14.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,11-50,0.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,Non-state actors; ; ,Not available,3,2023-06-01 00:00:00; 2023-06-21 00:00:00; 2023-06-16 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests)",; ; ,Switzerland; Switzerland; Switzerland,Office of the Attorney General of Switzerland; Federal Data Protection and Information Commissioner (Switzerland); Federal Department of Finance (Switzerland),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/swiss-ransomware-attack-xplain-government-data; https://www.watson.ch/digital/ransomware/671465872-ransomware-bande-play-hackt-schweizer-anbieterin-von-polizei-software; https://www.letemps.ch/economie/cyber/une-cyberattaque-norme-frappe-suisse-touchant-larmee-nombreuses-polices; https://www.inside-it.ch/xplain-hack-fedpol-und-bazg-betroffen-20230605; https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2023/xplain.html; https://twitter.com/Dennis_Kipker/status/1661411834728009728; https://twitter.com/dani_stoffers/status/1661023671757176835; https://magazin.nzz.ch/nzz-am-sonntag/wirtschaft/hackerangriff-auf-den-bund-weitet-sich-aus-ld.1741904#back-register; https://securityaffairs.com/147346/malware/national-railway-fss-xplain.html; https://securityaffairs.com/147322/breaking-news/security-affairs-newsletter-round-423.html; https://www.databreaches.net/switzerland-fears-government-data-stolen-in-cyberattack-by-play-threat-actors/; https://securityaffairs.com/147047/data-breach/fedpol-swiss-police-cyber-attack.html; https://www.bleepingcomputer.com/news/security/swiss-government-warns-of-ongoing-ddos-attacks-data-leak/; https://www.watson.ch/schweiz/digital/614212642-auch-liechtensteiner-landespolizei-von-hackerangriff-betroffen; https://securityaffairs.com/147570/breaking-news/security-affairs-newsletter-round-424.html; https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2023/xplain_2.html; https://www.efd.admin.ch/efd/en/home/the-fdf/nsb-news_list.msg-id-96169.html; https://therecord.media/play-ransomware-targets-hundreds; https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-300-victims-including-critical-orgs/; https://www.watson.ch/fr/suisse/volodymyr%20zelensky/505672336-la-confederation-encore-victime-d-une-cyberattaque-prorusse; https://www.watson.ch/digital/justiz/774283360-ransomware-attacke-gegen-xplain-und-den-bund-beschaeftigt-die-anwaelte; https://www.zonebourse.com/actualite-bourse/L-enquete-administrative-sur-Xplain-doit-se-passer-du-dossier-penal-45774730/; https://www.computerworld.ch/business/gerichtsfall/strafakten-administrativuntersuchung-im-fall-xplain-2904620.html; https://www.netzwoche.ch/news/2024-02-06/wie-es-bei-xplain-nach-dem-ransomware-angriff-weitergeht; https://www.letemps.ch/economie/cyber/apres-son-gigantesque-piratage-xplain-sort-du-silence; https://www.letemps.ch/opinions/editoriaux/la-suisse-n-a-rien-appris-des-cyberattaques; https://www.netzwoche.ch/news/2024-02-06/christian-folini-ueber-die-ransomware-attacke-gegen-xplain; https://www.derbund.ch/gehackt-schweiz-haelt-an-it-firma-xplain-fest-464556309188; https://www.bluewin.ch/de/news/wirtschaft-boerse/xplain-haben-weder-kunden-noch-mitarbeiter-verloren-2069541.html; https://www.computerworld.ch/security/ransomware/xplain-weder-kunden-mitarbeiter-verloren-2907135.html; https://www.rts.ch/info/regions/vaud/2024/article/le-canton-de-vaud-met-fin-a-un-contrat-a-21-millions-avec-la-societe-xplain-28396067.html; https://www.bluewin.ch/de/newsregional/nord/aargau-fuehrt-zusammenarbeit-mit-gehackter-softwarefirma-weiter-2100507.html; https://www.badische-zeitung.de/kanton-haelt-an-softwarefirma-fest; https://www.srf.ch/news/schweiz/hackerangriff-trotz-datenklau-aargau-arbeitet-weiter-mit-xplain; https://www.badische-zeitung.de/kanton-haelt-an-softwarefirma-fest; https://www.ncsc.admin.ch/2024-bericht-datenanalyse-en; https://therecord.media/play-ransomware-leaked-government-files-swiss; https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/bericht-datenanalyse-xplain.html; https://www.computerworld.ch/security/hacking/haelfte-bund-gestohlenen-daten-sensitiv-2911125.html; https://www.bluewin.ch/it/attualita/borsa-economia/attacco-informatico-contro-xplain-i-dati-sono-stati-analizzati-2114797.html; https://www.letemps.ch/cyber/plus-de-16-000-fichiers-ont-ete-voles-a-la-confederation-aux-cantons-et-a-des-polices-dans-l-attaque-contre-xplain; https://www.admin.ch/gov/it/pagina-iniziale/documentazione/comunicati-stampa.msg-id-100315.html; https://www.admin.ch/gov/fr/accueil/documentation/communiques.msg-id-100315.html; https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-100315.html; https://www.inside-it.ch/die-mehrheit-der-gestohlenen-daten-gehoert-xplain-selbst-20240307; https://www.netzwoche.ch/news/2024-03-07/bund-veroeffentlicht-datenanalyse-zum-xplain-hack; https://www.bleepingcomputer.com/news/security/switzerland-play-ransomware-leaked-65-000-government-documents/; https://new.qq.com/rain/a/20240308A05M8000; https://securityaffairs.com/160174/data-breach/xplain-data-breach-report.html; https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-100315.html; https://research.checkpoint.com/2024/11th-march-threat-intelligence-report/; https://www.rts.ch/info/suisse/2024/article/la-confederation-fautive-dans-la-cyberattaque-sur-xplain-28488617.html; https://www.nau.ch/news/schweiz/hackerangriff-datenschutzer-sieht-fehler-bei-bund-und-xplain-66755297; https://www.letemps.ch/suisse/dans-l-affaire-de-la-cyberattaque-sur-xplain-la-confederation-a-commis-des-erreurs; https://www.watson.ch/fr/suisse/cybercrime/522252813-la-confederation-fautive-dans-la-cyberattaque-contre-xplain; https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-100890.html; https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-100884.html; https://www.bluewin.ch/fr/infos/suisse/la-conf-d-ration-fautive-dans-la-cyberattaque-sur-xplain-2186621.html,2023-06-13,2024-05-02
2345,Pro-Russian hacktivist group NoName disrupted access to Swiss Parliament website on 7 June 2023,"The website of the Swiss Parliament suffered a DDoS attack on 7 June 2023 conducted by the pro-Russian hacktivist group NoName, the Swiss National Cyber Security Centre (NCSC) reported referring to social media claims by the group. The Swiss Parliament disclosed the attack on the same day via Twitter, claiming that no internal data or other systems were affected. The Attorney General's Office of Switzerland opened a criminal investigation into the attack. ",2023-06-07,2023-06-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Switzerland,EUROPE; WESTEU,State institutions / political system,Legislative,,Russia,Non-state-group,Hacktivist(s),1,12062,2023-06-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,,Russia,Non-state-group,https://t.me/noname05716eng/1625,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-06-07 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Switzerland,Swiss Parliament,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-06-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Switzerland,Office of the Attorney General of Switzerland,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/ParlCH/status/1666457455650373635; https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-95641.html; https://t.me/noname05716eng/1625; https://securityaffairs.com/147346/malware/national-railway-fss-xplain.html; https://www.bleepingcomputer.com/news/security/swiss-government-warns-of-ongoing-ddos-attacks-data-leak/; https://www.abc.es/sociedad/violamos-empresas-vendemos-datos-hackers-prorrusos-noname-20230725194555-nt.html; https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/berichte/fachberichte/ddos-bericht-6-2023.html; https://www.watson.ch/fr/suisse/volodymyr%20zelensky/505672336-la-confederation-encore-victime-d-une-cyberattaque-prorusse; https://www.lapresse.ca/international/europe/2024-01-17/la-suisse-se-dit-victime-de-hackers-prorusses-apres-la-visite-du-president-ukrainien.php; https://www.admin.ch/gov/fr/accueil/documentation/communiques.msg-id-99736.html,2023-06-13,2023-08-22
2344,Pro-Russian hacktivist group NoName disrupted websites of Swiss Federal Administration and state-related companies with DDoS attacks on 12 June 2023,"The pro-Russian hacktivist group NoName disrupted multiple websites of the Swiss Federal Administration and state-affiliated companies with DDoS attacks on 12 June 2023. Among them was the Swiss Federal Railways (SBB CFF FFS). Thus, their online services were unavailable on said Monday morning of the 12th, but were quickly restored.",2023-06-12,2023-06-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by victim,Disruption,Not available - Not available - Swiss Federal Railways (SBB-CFF-FFS) ,Switzerland; Switzerland; Switzerland,EUROPE; WESTEU - EUROPE; WESTEU - EUROPE; WESTEU,State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure,Civil service / administration -  - Transportation,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,12063,2023-06-12 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-95641.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-06-12 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Switzerland,Federal Department of Finance (Switzerland),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-06-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Switzerland,Office of the Attorney General of Switzerland,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/swiss-government-warns-of-ongoing-ddos-attacks-data-leak/; https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-95641.html; https://www.tagesanzeiger.ch/diverse-webseiten-und-anwendungen-unerreichbar-322507603967; https://www.abc.es/sociedad/violamos-empresas-vendemos-datos-hackers-prorrusos-noname-20230725194555-nt.html; https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/berichte/fachberichte/ddos-bericht-6-2023.html; https://www.luzernerzeitung.ch/wirtschaft/bund-warnt-vor-cyber-angriffen-auf-die-sbb-ld.2611687,2023-06-13,2024-04-30
2340,Pro-Ukrainian hacker group Cyber Anarchy Squad disrupted operations of Russian telecommunications company Infotel JSC and defaced other Russian websites in June 2023,"The pro-Ukrainian hacker group Cyber Anarchy Squad disrupted the Russian telecommunications company Infotel JSC, the hackers claimed via their Telegram channel on 8 June 2023. Infotel in a statement acknowledged being targeted and noted that network equipment had been damaged. A spokesperson for the Ukrainian Cyber Alliance, an umbrella group of various hacktivist cells, declared central systems at Infotel had been ""wiped, including servers (backups too) and core routers (configs reset, firmware erased)"". As a result, Infotel had been unable to route Internet traffic. 
The Ukrainian news portal Economichna Pravda reported on the same day that the disruption of Infotel JSC resulted in banks being unable to get into their computer systems and make payments, as Infotel JSC is responsible for telecommunications between the Russian Central Bank and other banks and organizations. Coinciding with the disruption, several Russian websites were defaced to show a picture of a Ukrainian soldier and messages blessing Ukraine's counteroffensive that had been initiated a few days earlier. ",2023-06-08,2023-06-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,JumboShop - army25 - Akvamatika - Infotel JSC - pkmvk - Grand Capital - Tehnika4u - Dengissoboy - INGROUP - Inrus - The Moscow Metochion of the Trinity-Sergius Lavra - 64ampera - aanapa - Katrenstyle,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Unknown - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Social groups - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Media, -  -  - Telecommunications -  - Health -  -  -  - Food - Religious -  -  - ,Cyber Anarchy Squad,Not available,Non-state-group,Hacktivist(s),1,11717,2023-06-08 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cyber Anarchy Squad,Not available,Not available,Cyber Anarchy Squad,Not available,Non-state-group,https://t.me/anarchy_squad/818,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Medium,11.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,0.0,1-10,1.0,,0.0,euro,None/Negligent,International telecommunication law; Armed conflict; Due diligence; Sovereignty,; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/147307/hacktivism/cyber-anarchy-squad-hacks-infotel-jsc.html; https://www.epravda.com.ua/news/2023/06/8/700979/; https://infotel.ru/; https://t.me/anarchy_squad/818; https://cyberscoop.com/ukraine-counteroffensive-hackers-infotel/; https://therecord.media/proukraine-hackers-claim-to-take-down-russian-isp; https://www.bleepingcomputer.com/news/security/ukrainian-hackers-take-down-service-provider-for-russian-banks/; https://www.databreaches.net/ukrainian-hackers-take-down-service-provider-for-russian-banks/; https://securityaffairs.com/147570/breaking-news/security-affairs-newsletter-round-424.html,2023-06-12,2023-07-18
2338,Threat actor Storm-1167 accessed email conversations and documents of banking and financial services organizations,"The threat actor Storm-1167 accessed email conversations and documents of banking and financial services organizations.
The hackers conducted a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) campaign, intercepting the targeted organizations' user credentials through a website mimicking legitimate log-in sites. Hijacking compromised email accounts, the threat actors sent an additional 16,000 phishing emails to other organisations. Public reporting did not further specify the time-frame of the operation. ",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Critical infrastructure,Finance,Storm-1167 fka DEV-1167,Not available,Unknown - not attributed,,1,13769,2023-06-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,Storm-1167 fka DEV-1167,Not available,Unknown - not attributed,https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,3.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html; https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/; https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html; https://www.techrepublic.com/article/microsoft-news-business-email-compromise-attacks-phishing/,2023-06-12,2023-10-19
2339,Unknown threat actor gained access to data from the University of Manchester in June 2023,"The University of Manchester confirmed a cyber incident on Friday 9 June 2023 in which an unknown unauthorised criminal threat actor gained access to some of its data and probably made additional copies on the same morning. 
The university said it was working with a number of organizations including the Information Commissioner's Office, the UK National Cyber Security Centre (NCSC), and the National Crime Agency.
Regular university operations were not disrupted. The university and the NCSC warned that all those potentially impacted should be ""vigilant"" about phishing emails.
The University of Manchester is a public research institution - with over 10,000 staff and 45,000 students one of the largest and prestigious education and research centres in the UK.",2023-06-09,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,University of Manchester,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,11716,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/uk-university-of-manchester-trying-to-resolve-cyber-incident/; https://studentnews.manchester.ac.uk/2023/06/09/notification-of-a-cyber-incident-at-the-university-of-manchester/; https://therecord.media/university-manchester-cyber-incident-uk; https://www.bleepingcomputer.com/news/security/university-of-manchester-says-hackers-likely-stole-data-in-cyberattack/; https://securityaffairs.com/147290/data-breach/university-of-manchester-cyber-attack.html; https://securityaffairs.com/147322/breaking-news/security-affairs-newsletter-round-423.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-9th-2023-its-clop-again/; https://www.bleepingcomputer.com/news/security/hackers-warn-university-of-manchester-students-of-imminent-data-leak/; https://therecord.media/manchester-university-confirms-criminal-entity-ransomware; https://www.bleepingcomputer.com/news/security/university-of-manchester-confirms-data-theft-in-recent-cyberattack/; https://www.databreaches.net/more-than-a-million-nhs-patients-details-compromised-after-cyber-attack/; https://socradar.io/major-cyberattacks-in-review-june-2023/; https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-july-3-9; https://www.wired.com/story/ransomware-attacks-rise-2023/; https://www.govinfosecurity.com/software-vendor-attack-slows-down-2-uk-ambulance-services-a-22659; https://www.bleepingcomputer.com/news/security/university-of-sydney-data-breach-impacts-recent-applicants/; https://securityaffairs.com/150310/hacking/university-of-sydney-security-breach.html; https://www.digitalhealth.net/2024/03/nhs-dumfries-and-galloway-hit-by-focused-and-ongoing-cyber-attack/; https://www.iyigunler.net/spor/spor-dunyasinda-gerceklesen10-siber-saldiri-h353183.html,2023-06-12,2023-07-27
2342,State-sponsored Vietnamese hacking group OceanLotus gained access to a Vietnamese unspecified agribusiness,"State-sponsored Vietnamese hacking group OceanLotus gained access to an unspecified Vietnamese agribusiness, the US-based IT security firm Elastic Security Labs assessed with moderate confidence on 9 June 2023. 
Elastic tracks this activity as REF2754. The agricultural business concerned is identified as a critical component of both food production and distribution.
OceanLotus used the malware loaders DONUTLOADER and P8LOADER as well as POWERSEAL and the previously unknown SPECTRALVIPER malware. Elastic assesses the intrusion was conducted for intelligence gathering purposes.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Vietnam,ASIA; SCS; SEA,Critical infrastructure,Food,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",,1,11719,2023-06-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Elastic Security Labs,,United States,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",https://www.elastic.co/de/security-labs/elastic-charms-spectralviper,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,"Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/06/new-spectralviper-backdoor-targeting.html; https://www.elastic.co/de/security-labs/elastic-charms-spectralviper,2023-06-12,2023-12-18
2341,Daixin Ransomware Group encrypted data from US healthcare facility CRHS and leaked data in June 2023,"Columbus Regional Healthcare System (CRHS), a non-profit healthcare facility in North Carolina with 154 licensed beds, fell victim to a ransomware attack carried out by the Daixin ransomware group. The attack took place on 18 May 2023 and concluded in the encryption of CRHS's servers after data had been exfiltrated and backups deleted.
A CRHS representative briefly entered into negotiations with Daixin on 5 June, three days after the hospital servers were encrypted, but discontinued the exchange soon after.
Daixin subsequently leaked more than 250,000 files of the 70 GB of data the group claimed to have exfiltrated from CRHS. A preliminary review of disclosed data did not uncover any sets of patient information. 
CRHS had recently undergone an external security review, a final report from which identified numerous critical and high-risk vulnerabilities. A spokesperson for Daixin claimed CRHS had no network anomaly monitoring systems (IPS - IDS systems) in place.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and US Department of Health and Human Services (HHS) warned in a cybersecurity advisory from October 2022 that the Daixin Team ransomware and data extortion group poses an active threat to the healthcare sector.",2023-05-18,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company; Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Columbus Regional Healthcare System (CRHS),United States,NATO; NORTHAM,Critical infrastructure,Health,Daixin Team,Not available,Non-state-group,Criminal(s),1,14291,2023-06-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Daixin Team,Not available,Not available,Daixin Team,Not available,Non-state-group,https://www.databreaches.net/another-hospital-hit-by-ransomware-columbus-regional-healthcare-system-in-north-carolina-hit-by-daixin/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/another-hospital-hit-by-ransomware-columbus-regional-healthcare-system-in-north-carolina-hit-by-daixin/; https://cloudsecurityalliance.org/blog/2023/02/15/what-you-need-to-know-about-the-daixin-team-ransomware-group/,2023-06-12,2023-11-16
2343,State-sponsored Vietnamese hacking group OceanLotus gained access to a Vietnamese financial service,"The state-sponsored Vietnamese hacking group OceanLotus gained access to a Vietnamese financial service, the US-based IT security firm Elastic Security Labs assessed with high confidence twice, on 7 March 2022 and in a subsequent report on 9 June 2023.
Elastic tracks the activity as REF4322. This case designation is based on the malware and technology used as well as the observed victimology. The financial service affected is identified as managing capital for business acquisitions and former state-owned enterprises.
In its first report from 2022, Elastic already attributed the cyber incident to the Vietnamese state-sponsored hacker group OceanLotus, at which time they only identified the PHOREAL/RIZZO backdoor. In the second report from 2023, the IT security company Elastic identified the malware loaders DONUTLOADER and P8LOADER as well as POWERSEAL and PIPEDANCE and the previously unknown SPECTRALVIPER malware in addition to the PHOREAL/RIZZO backdoor. Elastic assesses OceanLotus conducted the operation for intelligence gathering purposes. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Vietnam,ASIA; SCS; SEA,Critical infrastructure,Finance,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",,2,11720; 11721,2023-06-09 00:00:00; 2022-03-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Elastic Security Labs; Elastic Security Labs,,United States; United States,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH; APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.elastic.co/de/security-labs/elastic-charms-spectralviper; https://www.elastic.co/de/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,"Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/06/new-spectralviper-backdoor-targeting.html; https://www.elastic.co/de/security-labs/elastic-charms-spectralviper; https://www.elastic.co/de/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector,2023-06-12,2023-12-18
2337,Unknown actor stole personal information of Vodafone customers via its distribution partner Vertriebswerk on 16 May 2023,"An unknown actor stole personal information from Vodafone customers via its distribution partner Vertriebswerk on 16 May 2023, according to notifications sent by Vodafone to its customers asking them to reset their passwords.
The email stated that the affected information included names, dates of birth, email addresses, mobile phone numbers, addresses, bank account details, and customer passwords. 
",2023-05-16,2023-05-16,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,Vertriebswerk - Vodafone,Germany; United Kingdom,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Telecommunications,Not available,Not available,Not available,,1,13768,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Datenleck-Sensible-Daten-bei-Einbruch-bei-Vodafone-Vetriebspartner-kopiert-9181334.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag,2023-06-09,2023-10-19
2336,North Korean state-sponsored hacking group Lazarus potentially responsible for stealing $100 million by compromising cryptocurrency wallet platform Atomic Wallet in June 2023,"The North Korean state-sponsored hacking group Lazarus stole $100 million in cryptocurrency assets by compromising user wallets on the decentralised cryptocurrency wallet service Atomic Wallet in early June 2023. Atomic Wallet supports a wide range of popular cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Ripple (XRP), and others. The company determined that less than 1% of its monthly active users had been affected by the hack.
Researchers at blockchain analytics firm Elliptic attributed the incident on 6 June 2023 to the Lazarus Group “with a high level of confidence” pointing to similarities in laundering techniques observed in previous attacks associated with Lazarus.
On 22 August 2023, the FBI warned cryptocurrency companies of a possible USD 40 million transfer of cryptocurrencies by North Korean TraderTraitor-affiliated actors, also known as Lazarus, which are linked to cyberattacks on cryptocurrency companies. In the same warning, the FBI also attributed the cyber incident on cryptocurrency companies Alphapo, CoinsPaid and AtomicWallet to the Lazarus hacking group.",2023-06-01,2023-06-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking with Misuse,Atomic Wallet,Estonia,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,13766; 13767,2023-06-06 00:00:00; 2023-08-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites)",IT-security community attributes attacker; Attribution by third-party,Elliptic; Federal Bureau of Investigation (FBI),Elliptic; Not available,United Kingdom; United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://hub.elliptic.co/analysis/north-korea-s-lazarus-group-likely-responsible-for-35-million-atomic-crypto-theft/; https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk,Unknown,Not available,,Not available,,1,2023-08-22 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,100000000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/lazarus-group-attributed-to-atomic-wallet-heist-elliptic; https://thehackernews.com/2023/06/kimsuky-targets-think-tanks-and-news.html; https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-the-35-million-atomic-wallet-heist/; https://securityaffairs.com/147141/digital-id/atomic-wallet-security-incident.html; https://twitter.com/AtomicWallet/status/1664946301815910400; https://hub.elliptic.co/analysis/north-korea-s-lazarus-group-likely-responsible-for-35-million-atomic-crypto-theft/; https://twitter.com/AtomicWallet/status/1665550651735023616?s=20; https://twitter.com/zachxbt/status/1665267820836319233?s=20; https://securityaffairs.com/147322/breaking-news/security-affairs-newsletter-round-423.html; https://www.jpost.com/international/article-746182; https://www.wired.com/story/mt-gox-indictment-security-roundup/; https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/; https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/; https://securityaffairs.com/148895/cyber-crime/coinspaid-cyber-heist.html; https://therecord.media/millions-stolen-in-vyper-crypto-hack; https://securityaffairs.com/149798/hacking/north-korea-cash-out-stolen-crypto-assets.html; https://therecord.media/north-korea-lazarus-behind-crypto-heists; https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk; https://www.bleepingcomputer.com/news/security/crypto-casino-stakecom-loses-41-million-to-hot-wallet-hackers/; https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen; https://securityaffairs.com/150957/apt/lazarus-stole-240m-crypto-assets.html; https://securityaffairs.com/151433/hacking/mixin-network-200m-cyber-heist.html; https://securityaffairs.com/152106/apt/north-korea-laundered-900-million.html; https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen; https://www.techrepublic.com/article/sekoia-financial-sector-evolutions-threats/; https://therecord.media/us-treasury-sanctions-sinbad-crypto-mixer; https://www.bleepingcomputer.com/news/security/us-seizes-sinbad-crypto-mixer-used-by-north-korean-lazarus-hackers/; https://www.bleepingcomputer.com/news/security/north-koreas-state-hackers-stole-3-billion-in-crypto-since-2017/; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts; https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html,2023-06-09,2024-03-17
2335,Unknown actors encrypted servers of Japanese pharmaceutical company Eisai in a ransomware attack on 3 June 2023,"Unknown actors encrypted servers of Japanese pharmaceutical company Eisai as part of a ransomware attack detected on 3 June 2023,  the company reported in a notification letter on 6 June 2023. A number of systems in and outside of Japan, including elements of the company's logistics chain, have been taken offline to aide recovery efforts. ",2023-06-03,2023-06-03,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Eisai,Japan,ASIA; SCS; NEA,Critical infrastructure,Health,Not available,Not available,Not available,,1,13765,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/japanese-pharma-giant-eisai-discloses-ransomware-attack/; https://www.eisai.com/news/2023/news202341.html; https://therecord.media/eisai-japan-pharmaceutical-giant-ransomware; https://securityaffairs.com/147322/breaking-news/security-affairs-newsletter-round-423.html; https://securityaffairs.com/147276/cyber-crime/eisai-ransomware-attack.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-9th-2023-its-clop-again/; https://therecord.media/blackcat-claims-seiko-cyberattack; https://therecord.media/japan-aviation-electronics-says-servers-accessed-during-cyberattack,2023-06-09,2023-11-08
2331,Unknown actor blocked communication systems and access to the single central record of Leytonstone School in London around late May 2023,"An unknown actor accessed a significant number of internal files and prevented access to the communication systems and the single central record of Leytonstone School in London. The incident occured around the summer half-term holidays, which fell on the time from 29 May to 2 June 2023. In the UK, it is illegal for schools to open without a single central record in place, as the register collects background details and results from vetting checks of all staff. The school has remained closed to its 800 students, with the exception of those sitting for standardized exams. 
",2023-05-31,2023-06-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Leytonstone School,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,13764,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.standard.co.uk/news/london/leytonstone-school-closes-it-system-hacked-cyber-attack-b1085973.html; https://www.leytonstoneschool.org/news/?pid=3&nid=1&storyid=67,2023-06-07,2023-10-19
2330,Unknown threat actor attacked the municipal computer systems of the US city of Montclair on 6 June 2023,"A yet unknown criminal group attacked the township IT department of Montclair, in New Jersey. This attack is suspected to follow a series of attacks against municipalities traced back to one unique criminal actor. Investigations regarding this strand of activity by law enforcement agencies, including Homeland Security, the FBI, and state authorities remain ongoing.
The Mayor of Montclair, Sean Spiller, emphasised in his public disclosure of the incident on 6 June 2023 that the electoral system had not been affected and encouraged residents to participate in the primaries for the state legiaslature then underway. 
Councillor at Large Peter Yacobellis underscored that no critical services have been affected.
On 28 July, Montclair Local reported that Montclair Township's insurer, the Garden State Joint Insurance Fund, reached a $450,000 settlement with the attackers to end the cyberattack. 
",2023-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,"City of Montclair, NJ (US)",United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Non-state-group,Criminal(s),1,13763,2023-06-06 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Receiver attributes attacker,"Sean M. Spiller (Mayor of Montclair, United States)",Not available,United States,Not available,Not available,Non-state-group,https://www.youtube.com/watch?v=ZmDKnnXTMzY,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-06-06 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,United States Department of Homeland Security (DHS),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://eu.northjersey.com/story/news/essex/montclair/2023/06/06/montclair-township-nj-cyber-attack-mayor/70295593007/; https://baristanet.com/2023/06/criminal-group-strikes-montclair-with-cyber-attack-mayor-says/; https://www.youtube.com/watch?v=ZmDKnnXTMzY; https://therecord.media/montclair-new-jersey-cyberattack; https://www.databreaches.net/cyber-attack-on-montclair-township-led-to-450k-ransom-payment/; https://montclairlocal.news/cyber-attack-on-montclair-township-led-to-450k-settlement/,2023-06-07,2023-10-19
2328,Unknown actor gained access to the network of unnamed US aerospace company using PowerDrop malware in May 2023,"An unknown actor gained access to the network of an unnamed US aerospace company using PowerDrop malware in May 2023, US IT security firm Adlumin reported on 6 June 2023.
The technical report concluded that the incident used both custom and ""off-the-shelf"" tactics. Noted that the incident unfolded against the backdrop of increasing R&D investments into missile programmes in light of the ongoing Russian-Ukrainian war, analysts suspected a nation-state actor operation.",2023-05-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Defence industry; Space,Not available,Not available,State,,1,14392,2023-06-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Adlumin,,United States,Not available,Not available,State,https://adlumin.com/post/powerdrop-a-new-insidious-powershell-script-for-command-and-control-attacks-targets-u-s-aerospace-defense-industry/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/new-powerdrop-powershell-malware-targets-us-aerospace-industry/; https://www.darkreading.com/vulnerabilities-threats/us-aerospace-contractor-hacked-powerdrop-backdoor; https://adlumin.com/post/powerdrop-a-new-insidious-powershell-script-for-command-and-control-attacks-targets-u-s-aerospace-defense-industry/; https://therecord.media/powerdrop-malware-targets-us-aerospace-industry; https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html; https://www.govinfosecurity.com/suspected-nation-state-actors-target-us-aerospace-industry-a-22255; https://securityaffairs.com/147168/apt/powerdrop-targets-aerospace.html; https://securityaffairs.com/147322/breaking-news/security-affairs-newsletter-round-423.html,2023-06-07,2023-11-21
2327,Unknown actors gained access to servers of South Jersey Behavioral Health Resources (SJBHR) beginning on 3 April 2023,"Unknown actors gained access to and encrypted files on servers of South Jersey Behavioral Health Resources (SJBHR) beginning on 3 April 2023, the clinic reported in an incident notification letter on 4 June. Whether the intrusion resulted in the exfiltration of data has not immediately been ascertained. Affected data storages contained individual’s name and contact information, Social Security number, driver’s license number, date of birth, medical record number, treating/referring physician, health insurance information, subscriber number, medical history information, diagnosis/treatment information.",2023-04-03,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,South Jersey Behavioral Health Resources (SJBHR),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,14391,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/south-jersey-behavioral-health-resources-discloses-ransomware-attack/; https://drive.google.com/file/d/1unEgQgbiCcq5GzTaoa3dk4GXTr3dPEEz/view,2023-06-06,2023-11-21
2323,Ransomware group RansomHouse gained access to networks of Mission Community Hospital in California and encrypted files on the virtual network on 29 April 2023,"The ransomware group RansomHouse gained access to the physical and virtual network of Mission Community Hospital in California and encrypted files on the virtual network on 29 April 2023, according to a letter dated 1 June 2023 obtained by DataBeaches.net from Garner Health Law, the external general counsel engaged by the hospital.
The ransomware group announced on 31 May that they had stolen 2.5 TB worth of data from Mission Community Hospital. A data sample released by the group suggests it may have gained access to image files, employee-related records, and certain financial reports. The exact contents and the claimed volume remain unverified. RansomHouse reportedly focuses on exfiltrating rather than encrypting victim data but in this case appears to have encrypted files in the hospital's virtual storage area network.",2023-04-29,2023-04-29,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Mission Community Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,RansomHouse,Not available,Non-state-group,Criminal(s),1,15459,2023-05-31 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,RansomHouse,Not available,Not available,RansomHouse,Not available,Non-state-group,https://www.databreaches.net/another-hospital-hit-by-ransomware-mission-community-hospital/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/mission-community-hospital-attackers-exploited-vulnerabilites-in-paragon-and-cisco/; https://www.databreaches.net/another-hospital-hit-by-ransomware-mission-community-hospital/; https://www.databreaches.net/mission-community-hospital-issues-notification-for-may-1-ransomware-attack/,2023-06-05,2023-12-22
2324,Alleged Russian false-flag group Anonymous Sudan disrupted online services of Scandinavian Airlines (SAS) on 24 May 2023,"On 24 May 2023, the website and mobile application of Scandinavian Airlines (SAS) was not available for up to 22 hours following a DDoS attack. The alleged Russian False-Flag Group Anonymous Sudan claimed responsiblity for the attempted disruption on Telegram. The inital demand of a ransom of 3,500 USD for stopping the attack and not leaking allegedly stolen data was later increased to 175,000 USD. Whether the group was actually able to access internal information remains unclear. After sustaining its focus on SAS for nine days, albeit with limited effects on downtime, the group upped its demands again first to three million USD on 31 May and then ten million USD on 2 June. This strand of disruption attempts marks a second wave of attacks by Anonymous Sudan against the Swedish airline's online services within a year, following targeting on 14 February. ",2023-05-31,2023-05-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Scandinavian Airlines,Sweden,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Transportation,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),1,17307,2022-05-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Russia,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,https://t.me/AnonymousSudan/1286,System / ideology,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyberknow20/status/1664612098050240512; https://twitter.com/ransomwaremap/status/1664844889182355457; https://cybernews.com/security/sas-airlines-cyber-attack-pro-russian-anonymous-sudan-again/; https://t.me/AnonymousSudan/1286; https://www.techrepublic.com/article/anonymous-sudan-attacks-european-investment-bank/; https://www.bleepingcomputer.com/news/security/cisa-issues-ddos-warning-after-attacks-hit-multiple-us-orgs/; https://www.hackread.com/microsoft-anonymous-sudan-stolen-accounts/; https://therecord.media/bangladesh-hacktivistis-targeting-india; https://www.bleepingcomputer.com/news/security/hacktivists-fund-their-operations-using-common-cybercrime-tactics/; https://www.darkreading.com/threat-intelligence/russian-hacktivism-takes-toll-organizations-ukraine-eu-us; https://therecord.media/queretaro-international-airport-mexico-cyberattack,2023-06-05,2024-02-20
2325,Unknown ransomware group gained access to the University of Waterloo's on-premises email server in Canada on 30 May 2023,"An unknown ransomware group gained access to the University of Waterloo's on-premises email server on 30 May 2023, announced the Canadian university with its 40,000 students on its website the following day.
The spokesperson revealed that only a small number of accounts belonging to about a dozen users had been affected by the compromise. While efforts were being made to restore authentication systems, access to other university platforms that require logging in was temporarily unavailable for a period of two to six hours.",2023-05-30,2023-05-30,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Hijacking without Misuse; Ransomware,University of Waterloo,Canada,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,15457,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-05-28 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Royal Canadian Mounted Police (RCMP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/canadian-uni-dealing-with-ransomware-attack; https://uwaterloo.ca/information-systems-technology/news/update-security-response-email-service-breach; https://www.therecord.com/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html; https://www.bleepingcomputer.com/news/security/how-to-manage-a-mass-password-reset-due-to-a-ransomware-attack/,2023-06-05,2023-12-21
2322,Unspecified Chinese threat actor gained access to information systems of the Taiwanese government and critical infrastructure in February 2023,"An unspecified Chinese threat actor gained access to information systems of the Taiwanese government and related entities as well as critical infrastructure in February 2023, the Dutch IT security company EclecticIQ concluded with moderate confidence on 2 June 2023.
The hackers used four known remote code execution (RCE) vulnerabilities (CVE-2023-21839; CVE-2021-3129; CVE-2020-2551; and CVE-2021-44228) and a variety of open-source tools, traced back to Chinese underground fora, including the modified version of Cobalt Strike referred to as ""Cat"".
For example, the hackers managed to gain access to the CCTV cameras of the Directorate General of Highways (MOTC) in Taiwan leveraging SONAS software used by a compromised target, which allows remote control of hardware devices.
In its attribution findings, EclecticIQ noted TTP overlaps between the observed threat actor and the Chinese state-sponsored hacking group ""Budworm"". ",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Directorate General of Highways (MOTC),Taiwan; Taiwan; Taiwan,ASIA; SCS - ASIA; SCS - ASIA; SCS,Critical infrastructure - State institutions / political system - State institutions / political system, - Government / ministries - Civil service / administration,Not available,China,Unknown - not attributed,,1,15460,2023-06-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,EclecticIQ,,Netherlands,Not available,China,Unknown - not attributed,https://blog.eclecticiq.com/chinese-threat-actor-used-modified-cobalt-strike-variant-to-attack-taiwanese-critical-infrastructure,System / ideology; Secession,System/ideology; Secession,China (Taiwan); China (Taiwan),Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Due diligence; Sovereignty,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/147059/breaking-news/security-affairs-newsletter-round-422.html; https://blog.eclecticiq.com/chinese-threat-actor-used-modified-cobalt-strike-variant-to-attack-taiwanese-critical-infrastructure; https://twitter.com/Cyber_O51NT/status/1664798064454901765; https://twitter.com/Arkbird_SOLG/status/1664945301537390592,2023-06-05,2023-12-22
2317,Alleged Anti-NATO hacktivist group CyberTriad disrupted electronic systems and parking services of the City of Bratislava during GLOBSEC conference on 31 May 2023,"The electronic systems and parking services of the City of Bratislava were disrupted by a DDoS attack during the Bratislava Forum, a high-level conference organized by the think tank GLOBSEC, on 31 May 2023. According to the mayor, there was no data breach. Euractiv, a European news agency, reported that the perpetrators, who claimed the attack, were an anti-NATO hacktivist group who wanted to disrupt the GLOBSEC conference, where state leaders like Emmanuel Macron and other high-ranking politicians were present. The group CyberTriad claimed responsility for the activities on Twitter.",2023-05-31,2023-05-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,City of Bratislava,Slovakia,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Civil service / administration,Unknown,Not available,Non-state-group,Hacktivist(s),1,15464,2023-06-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Unkown,Not available,Not available,Unknown,Not available,Non-state-group,https://www.euractiv.com/section/politics/news/bratislava-faced-massive-cyber-attack-during-globsec-conference/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-06-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Slovakia,Slovakian National Security Bureau/Národný bezpečnostný úrad (NBÚ),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.euractiv.com/section/politics/news/bratislava-faced-massive-cyber-attack-during-globsec-conference/; https://twitter.com/CyberTriadHT/status/1663800729453187074; https://thehackernews.com/2023/12/remote-encryption-attacks-surge-how-one.html,2023-06-02,2023-12-22
2319,"Unnamed hackers stole patient and employee data from Geno-hospitals in Bremen, Germany, in May 2023 ","Gesundheit-Nord (Geno), a hospital group in Bremen, Germany, was the victim of a cyber attack in mid-May 2023. Digital services were partly disrupted because of precautionary measures by the hospitals. The hospital group confirmed on 1 June that 100,000 files were exfiltrated including sensitive patient data, such as personal information, clinical findings, and employee data such as meeting minutes and holiday plans. ",2023-05-10,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Klinikverbund Gesundheit Nord (Geno),Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,15463,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-06-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Bremen,Not available,,Not available,,https://twitter.com/dani_stoffers/status/1664219396800143367; https://tarnkappe.info/artikel/cyberangriff/hackerangriff-auf-die-kliniken-der-bremer-gesundheit-nord-vermutet-274642.html; https://twitter.com/dani_stoffers/status/1658136256105136130; https://www.butenunbinnen.de/nachrichten/cyber-angriff-geno-bremen-patientendaten-100.html; https://twitter.com/Dennis_Kipker/status/1664680597304868864; https://www.heise.de/news/Cyber-Angriff-bei-Medizinischen-Diensten-von-Niedersachsen-und-Bremen-9185092.html?wt_mc=rss.red.ix.ix.rdf.beitrag.beitrag,2023-06-02,2023-12-22
2320,Unknown ransomware group gained access to Harvard Pilgrim Health Care (HPHC) computer systems and stole patient information beginning in March 2023,"An unknown ransomware group gained access to Harvard Pilgrim Health Care (HPHC) computer systems and stole patient information during the period of 28 March to 17 April 2023, HPHC reported in a notification on their website on 24 May.
The stolen information of 2.5 million patients may include names, physical addresses, phone numbers, dates of birth, health insurance account information, social security numbers, provider taxpayer identification numbers, and clinical information (e.g., medical history, diagnoses, treatment, dates of service, and provider names).",2023-03-28,2023-04-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Harvard Pilgrim Health Care (HPHC),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15462,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-05-30 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,U.S. District Court for the District of Massachusetts,Not available,,No response justified (missing state attribution & breach of international law),,https://www.bleepingcomputer.com/news/security/harvard-pilgrim-health-care-ransomware-attack-hits-25-million-people/; https://www.harvardpilgrim.org/data-security-incident/; https://twitter.com/Dinosn/status/1664323148391628800; https://securityaffairs.com/146975/data-breach/point32health-ransomware-attack-2.html; https://twitter.com/securityaffairs/status/1664669648929914890; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-2nd-2023-whodunit/; https://twitter.com/Dinosn/status/1664720244089270281; https://www.govinfosecurity.com/point32health-harvard-pilgrim-facing-4-data-breach-lawsuits-a-22271; https://www.databreaches.net/after-cyber-breach-point32health-suffers-financial-losses/; https://www.govinfosecurity.com/midwest-hospital-group-experiencing-systemwide-outage-a-22961; https://www.bleepingcomputer.com/news/security/ransomware-isnt-going-away-the-problem-is-only-getting-worse/; https://www.point32health.org/member-faq/; https://research.checkpoint.com/2024/1st-april-threat-intelligence-report/,2023-06-02,2023-12-22
2318,Clop ransomware group exploited a zero-day in software developer Ipswitch's MOVEit Managed File Transfer and stole data from over 100 organisations beginning on 27 May 2023,"An unknown actor exploited a zero-day (CVE-2023-34362) in software developer Ipswitch's MOVEit Managed File Transfer (MFT) and stole data from over 100 organizations beginning on 27 May 2023, a number of companies and individuals in the cybersecurity community reported after Ipswitch's parent company, Progress Software Corporation, disclosed the vulnerability on 31 May 2023. The cybersecurity community - including news website Bleeping Computer, IT security company Huntress, UK IT security researcher Kevin Beaumont - were able to say as early as 1 June 2023 that a large number of organisations using MOVEit MFT had been affected and had data stolen from them. Kevin Beaumont even said that in addition to Moveit MFT, Moveit Cloud was also affected by this vulnerability. On 2 June 2023, US IT security firm Mandiant wrote that the threat actor they named UNC4875 was responsible for data theft against a range of industries in India, Canada, the United States and probably other countries. UNC4875 exploited the LEMURLOOT webshell to access the targeted organisations. UNC4875 is also said to have similarities to the FIN11 cyber criminal group, according to the report. 
The University of Rochester reported a data theft on 2 June, followed by Microsoft attributing the incident to the Lace Tempest ransomware group, also known as Storm-0950, on 5 June. The Clop ransomware group claimed responsibility for the attack and revealed specific victims, including the BBC, British Airways, Aer Lingus, and Boots. The Clop group set a ransom deadline for affected organizations to prevent data publication. Nova Scotia Health and the Better Outcomes Registry & Network (BORN) Ontario also suffered data breaches. On 8 June, US corporate investigation firm Kroll discovered that the Clop group had known about the MOVEit vulnerability since July 2021 and had started testing it. In 2023, they automated the exploitation, leading to mass data exfiltration on 27 May. On 9 June, the Illinois Department of Innovation & Technology evicted the hacking group from the Illinois state government network within three hours. The Health Service Executive in Ireland and the Minnesota Department of Education also reported breaches on the same day. Progress Software Corporation, the owner of MOVEit, cooperated with third-party cybersecurity experts to uncover a second vulnerability (CVE-2023-35036) on 9 June. The Minnesota Department of Education revealed that 95,000 students were affected, with data transferred from the Department of Human Services and two school districts being compromised. Ofcom, the British communications regulator, was also impacted. On 15 June, it was reported that Oak Ridge National Laboratory and a Department of Energy contractor were compromised, potentially affecting tens of thousands of employees and contractors. 
Progress Software Corporation discovered a third vulnerability (CVE-2023-35708) on 15 June. The Louisiana Office of Motor Vehicles, Oregon Driver & Motor Vehicle Services, and associated Department of Transportation confirmed the theft of personal information of citizens in their respective states. On 27 June, the US Department of Health and Human Services notified Congress of a breach affecting HHS contractors and over 100,000 individuals. Researchers estimate that hackers accessed data from more than 16 million people through MOVEit vulnerabilities by the end of June, with the actual number likely higher. The US government warned of three new vulnerabilities in MOVEit software on 7 July, and Progress Software Corporation had already released a service pack to address them on 6 July. 
On 26 July 2023, the government contractor Maximus filed a notification report with the US Securities and Exchange Commission (SEC), reporting that personal information of 8 to 11 million individuals had been accessed. The following day, on 27 July 2023, the Centers for Medicare & Medicaid Services (CMS), the federal agency that administers the federal insurance programme Medicare, announced that personal and health information of approximately 645,000 individuals had been stolen in the data breach at government contractor Maximus.
On July 31, 2023, VALIC Retirement Services Company (VRSCO) reported the compromise of Social Security numbers and other confidential information of an estimated 798,000 consumers through its third-party vendor Pension Benefit Information (PBI).
In a breach notification filed with the Office of the Maine Attorney General on 2 August 2023, Serco Inc, an IT service management company contracted by various US and Canadian government organisations, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server. The company that fell victim to the attack is called ""CBIZ"" and functions as Serco Inc.'s benefits administration provider.
On 8 August 2023, the Missouri Department of Social Services (DSS) reported in a press release that their software vendor, IBM Consulting, notified them that DSS should assume that certain files from DSS stored by IBM in MOVEit software had been accessed by unauthorised users. Three days later, both the press and the Colorado Department of Health Care Policy & Financing (HCPF) itself reported that personal information and personal health information of HCPF members had also been accessed through IBM.
On 3 October 2023, the US-based Flagstar Bank informed that its customer data had been stolen via its third-party service provider Fiserv, which in turn used MoveIT. On the same day, Sony Interactive Entertainment also informed that personal information was stolen from their MoveIT platform.",2023-05-27,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None - None,United States; United Kingdom; United States; United States; United States; Canada; United States; United States; United States; United States; United Kingdom; United States; India; Ireland; United States; United Kingdom; Canada; United States; United Kingdom; United States; Canada; United States; United Kingdom; United States; United States; United States; United States; Canada; France; United States; United States; United States; United Kingdom; United States; United States; United States; United States; United States; United States; Ireland; United States; Not available; United States; United States; Canada; United States; United States; France; United States; Belgium; United States; United States; Ireland; United States; Not available; United States; Ireland; United Kingdom; United States; Ireland; United States; United States; Germany; Canada; United States; United States; United States; United States; Luxembourg; United Kingdom; United States; Canada; United States; United Kingdom; United States; United States; United States; United States,NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - ASIA; SASIA; SCO - EUROPE; EU(MS); NORTHEU - NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; EU(MS); NORTHEU - NATO; NORTHAM -  - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - EUROPE; EU(MS); NATO; WESTEU - NATO; NORTHAM - NATO; NORTHAM - EUROPE; EU(MS); NORTHEU - NATO; NORTHAM -  - NATO; NORTHAM - EUROPE; EU(MS); NORTHEU - EUROPE; NATO; NORTHEU - NATO; NORTHAM - EUROPE; EU(MS); NORTHEU - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; NORTHEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; NORTHEU - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Education - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Critical infrastructure - Critical infrastructure - Science - State institutions / political system - State institutions / political system - State institutions / political system - Unknown - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Media - State institutions / political system - State institutions / political system - Critical infrastructure - Critical infrastructure - State institutions / political system - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - State institutions / political system - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Social groups - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - Unknown - State institutions / political system - Critical infrastructure - State institutions / political system - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - State institutions / political system - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - State institutions / political system - State institutions / political system - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - State institutions / political system - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Science; Education - State institutions / political system; Education - Critical infrastructure; Education - State institutions / political system; Education,Government / ministries -  -  - Finance -  - Health - Finance -  - Civil service / administration -  -  -  -  - Transportation - Finance -  - Government / ministries - Government / ministries - Civil service / administration -  - Police -  -  - Government / ministries - Government / ministries - Finance - Telecommunications - Civil service / administration - Health -  - Finance - Government / ministries - Transportation - Energy -  - Civil service / administration -  - Health - Advocacy / activists (e.g. human rights organizations) - Transportation -  -  - Civil service / administration - Government / ministries -  - Civil service / administration - Finance - Civil service / administration - Telecommunications - Critical Manufacturing - Finance -  -  -  -  - Civil service / administration - Health - Telecommunications - Research -  - Transportation - Health - Energy - Civil service / administration - Government / ministries - Critical Manufacturing -  - Government / ministries -  - Finance - Civil service / administration - Research - Health -  - ;  - Civil service / administration;  - Research;  - Civil service / administration; ,,Not available,Non-state-group,Criminal(s),3,18373; 18372; 18374,2023-06-05 00:00:00; 2023-06-02 00:00:00; 2023-06-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; IT-security community attributes attacker; IT-security community attributes attacker,Clop Ransomware Group; Mandiant; Microsoft,Not available; ; Microsoft,Not available; United States; United States,; ; ,Not available; Not available; Not available,Non-state-group; Not available; Non-state-group,https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft; https://twitter.com/MsftSecIntel/status/1665537730946670595; https://news.sky.com/story/bas-uk-staff-exposed-to-global-data-theft-spree-12896900,Unknown,Not available,,Not available,,2,2023-06-07 00:00:00; 2023-06-07 00:00:00,State Actors: Preventive measures; State Actors: Preventive measures,Awareness raising; Awareness raising,United States; United Kingdom,Cybersecurity and Infrastructure Security Agency (CISA); UK National Cyber Security Centre (NCSC),Yes,One,Exploit Public-Facing Application; Phishing,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,9.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",201-500,0.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://krebsonsecurity.com/2023/06/cisa-order-highlights-persistent-risk-at-network-edge/; https://twitter.com/Cyberknow20/status/1664382451895144448; https://twitter.com/hackerfantastic/status/1664327758489460743; https://therecord.media/moveit-transfer-tool-zero-day-exploited; https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/; https://twitter.com/UK_Daniel_Card/status/1664270733164568578; https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response; https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023; https://cyberplace.social/@GossiTheDog/110469935523717355; https://securityaffairs.com/147059/breaking-news/security-affairs-newsletter-round-422.html; https://twitter.com/Mandiant/status/1664399677414883330; https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-moveit-bug-used-for-data-theft/; https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft; https://www.govinfosecurity.com/hackers-using-moveit-flaw-to-deploy-web-shells-steal-data-a-22228; https://socradar.io/attackers-exploit-critical-zero-day-vulnerability-in-moveit-transfer/; https://thehackernews.com/2023/06/moveit-transfer-under-attack-zero-day.html; https://twitter.com/Dinosn/status/1664536135966531584; https://www.databreaches.net/hackers-using-moveit-flaw-to-deploy-web-shells-steal-data/; https://securityaffairs.com/146963/hacking/moveit-transfer-zero-day.html; https://www.malwarebytes.com/blog/news/2023/06/update-now-moveit-transfer-vulnerability-actively-exploited; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-2nd-2023-whodunit/; https://securityaffairs.com/146998/security/cisa-moveit-transfer-0day-catalog.html; https://www.govinfosecurity.com/microsoft-attributes-moveit-transfer-hack-to-clop-affiliate-a-22234; https://www.bleepingcomputer.com/news/security/microsoft-links-clop-ransomware-gang-to-moveit-data-theft-attacks/; https://twitter.com/MsftSecIntel/status/1665537730946670595; https://www.malwarebytes.com/blog/news/2023/06/a-week-in-security-may-29-june-4; https://securityaffairs.com/147093/hacking/clop-ransomware-moveit-transfer.html; https://news.sky.com/story/bas-uk-staff-exposed-to-global-data-theft-spree-12896900; https://news.sky.com/story/bas-uk-staff-exposed-to-global-data-theft-spree-12896900; https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html; https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-moveit-extortion-attacks/; https://www.darkreading.com/application-security/microsoft-links-moveit-attack-cl0p-british-airways-fall; https://nakedsecurity.sophos.com/2023/06/05/moveit-zero-day-exploit-used-by-data-breach-gangs-the-how-the-why-and-what-to-do/; https://therecord.media/clop-behind-moveit-attacks-microsoft; https://www.darkreading.com/application-security/mass-exploitation-0-day-bug-imoveit-file-transfer-underway; https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/; https://www.techrepublic.com/article/zero-day-moveit-vulnerability/; https://www.techradar.com/news/clop-ransomware-gang-admits-moveit-attack-following-microsoft-accusation; https://www.heise.de/news/MOVEit-Weltweit-potenziell-2-500-verwundbare-Systeme-im-Netz-erreichbar-9178871.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://www.databreaches.net/british-airways-boots-bbc-payroll-data-stolen-in-moveit-supply-chain-attack/; https://www.techradar.com/news/boots-ba-and-bbc-have-data-stolen-in-cyber-attack; https://arstechnica.com/information-technology/2023/06/mass-exploitation-of-critical-moveit-flaw-is-ransacking-orgs-big-and-small/; https://securityaffairs.com/147119/data-breach/zellis-data-breach-bbc-ba.html; https://www.heise.de/news/MOVEit-Ransomware-Gang-Clop-warnt-Unternehmen-nach-Sicherheitsluecke-9179875.html?wt_mc=rss.red.ix.ix.rdf.beitrag.beitrag; https://www.heise.de/news/MOVEit-Ransomware-Gang-Clop-warnt-Unternehmen-nach-Sicherheitsluecke-9179875.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://www.darkreading.com/attacks-breaches/cl0p-claims-moveit-attack-how-gang-did-it; https://news.sky.com/story/cyber-gang-issue-ultimatum-to-bbc-ba-and-boots-after-hack-12897907; https://www.darkreading.com/ics-ot/clop-cybercrime-gang-delivers-ultimatum-after-payroll-breach; https://nakedsecurity.sophos.com/2023/06/08/s3-ep138-i-like-to-moveit-moveit/; https://cyberscoop.com/cisa-cl0p-ransomwarae-moveit-transfer-attack/; https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html; https://securityaffairs.com/147195/cyber-crime/clop-ransomware-moveit-transfer-attacks.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a; https://www.databreaches.net/data-on-as-many-as-100000-nova-scotia-healthcare-staff-stolen-in-moveit-breach/; https://www.bleepingcomputer.com/news/security/clop-ransomware-likely-testing-moveit-zero-day-since-2021/; https://www.govinfosecurity.com/moveit-discloses-more-vulnerabilities-issues-patch-a-22274; https://www.cybersecasia.net/news/how-one-ransomware-group-caused-data-breaches-for-three-bs-in-the-uk; https://securityaffairs.com/147322/breaking-news/security-affairs-newsletter-round-423.html; https://www.techrepublic.com/article/cyber-gang-issues-ultimatum-to-bbc-british-airways-boots/; https://www.databreaches.net/thousands-of-students-data-breached-in-minnesota-department-of-education-hack/; https://securityaffairs.com/147299/security/new-moveit-transfer-sql-inj.html; https://thehackernews.com/2023/06/new-critical-moveit-transfer-sql.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-9th-2023-its-clop-again/; https://nakedsecurity.sophos.com/2023/06/09/more-moveit-mitigations-new-patches-published-for-further-protection/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/moveit-vulnerabilities-exploits; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023; https://securityaffairs.com/147264/cyber-crime/clop-testing-moveit-transfer-bug-2021.html; https://www.malwarebytes.com/blog/news/2023/06/a-week-in-security-june-5-11; https://www.malwarebytes.com/blog/news/2023/06/more-moveit-vulnerabilities-found-while-the-first-one-still-resonates; https://www.darkreading.com/attacks-breaches/cl0p-gang-exploit-moveit-flaw-2-years; https://www.kroll.com/en/insights/publications/cyber/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362; https://therecord.media/moveit-announces-new-vulnerability-minnesota-breached; https://www.bleepingcomputer.com/news/security/new-moveit-transfer-critical-flaws-found-after-security-audit-patch-now/; https://www.darkreading.com/vulnerabilities-threats/brand-new-security-bugs-affect-all-moveit-transfer-versions; https://therecord.media/ofcom-cyberattack-uk-regulator-moveit-vulnerability; https://novascotia.ca/news/release/?id=20230606004; https://www.rochester.edu/data-security/university-responding-to-data-breach/; https://ltgov.illinois.gov/news/press-release.26572.html; https://securityaffairs.com/147396/data-breach/ofcom-hacked-moveit-zero-day.html; https://securityaffairs.com/147404/hacking/moveit-transfer-poc.html; https://nakedsecurity.sophos.com/2023/06/14/patch-tuesday-fixes-4-critical-rce-bugs-and-a-bunch-of-office-holes/; https://cyberscoop.com/energy-department-cl0p-moveit-cisa/; https://federalnewsnetwork.com/cybersecurity/2023/06/energy-department-among-several-federal-agencies-hit-by-moveit-breach/?readmore=1; https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-starts-extorting-moveit-data-theft-victims/; https://www.databreaches.net/state-governments-among-victims-of-moveit-transfer-breach/; https://www.jpost.com/international/article-746489; https://www.bleepingcomputer.com/news/security/moveit-transfer-customers-warned-of-new-flaw-as-poc-info-surfaces/; https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023; https://www.hse.ie/eng/services/news/media/pressrel/hse-statement1.html; https://www.bornontario.ca/en/news/cybersecurity-incident-moveit.aspx; https://nakedsecurity.sophos.com/2023/06/15/moveit-mayhem-3-disable-http-and-https-traffic-immediately/; https://therecord.media/several-us-federal-agencies-affected-by-moveit-breach; https://www.govinfosecurity.com/moveit-reveals-another-sql-injection-bug-new-victims-emerge-a-22321; https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html; https://www.defenseone.com/threats/2023/06/cyberattack-hits-several-federal-agencies-drawing-all-hands-call-response/387606/; https://securityaffairs.com/147541/cyber-crime/moveit-transfer.html; https://www.databreaches.net/energy-department-and-other-federal-agencies-affected-by-moveit-breach/; https://www.bleepingcomputer.com/news/security/millions-of-oregon-louisiana-state-ids-stolen-in-moveit-breach/; https://securityaffairs.com/147545/cyber-crime/shell-clop-ransomware-attacks.html; https://www.malwarebytes.com/blog/news/2023/06/moveit-discloses-yet-another-vulnerability-three-times-a-charm; https://www.darkreading.com/vulnerabilities-threats/third-moveit-transfer-vulnerability-progress-software; https://therecord.media/third-moveit-vulnerability-raises-alarms; https://www.wired.com/story/clop-moveit-hack-us-agencies-data-theft/; https://securityaffairs.com/147577/cyber-crime/clop-ransomware-reward.html; https://www.databreaches.net/us-energy-dept-gets-two-ransom-notices-as-moveit-hack-claims-more-victims/; https://securityaffairs.com/147570/breaking-news/security-affairs-newsletter-round-424.html; https://content.govdelivery.com/accounts/ORDOT/bulletins/36045f9; https://www.oregon.gov/odot/DMV/Pages/Data_Breach.aspx; https://www.expresslane.org/alerts/; https://www.synlab.fr/acutalites/news/cybersecurite-communique-de-synlab-france/?tx_news_pi1%5Bcontroller%5D=News&tx_news_pi1%5Baction%5D=detail&cHash=a7460a4bef808a89a348444232df5a09; https://www.malwarebytes.com/blog/news/2023/06/rewards-up-to-10-million-for-information-about-cl0p-ransomware-operation; https://www.malwarebytes.com/blog/news/2023/06/a-week-in-security-june-12-18; https://www.databreaches.net/ransomware-gang-haunted-us-firms-long-before-moveit-hack/; https://www.darkreading.com/attacks-breaches/new-doj-natsec-cyber-prosecution-team-will-go-after-nation-state-threat-actors; https://www.darkreading.com/attacks-breaches/avast-norton-victim-moveit-ransomware-attacks; https://therecord.media/moveit-vulnerabilities-attacks-gen-norton-vancouver-missouri; https://transitpolice.ca/news-posts/cyberattack-on-third-party-software-impacts-transit-police/; https://nakedsecurity.sophos.com/2023/06/14/patch-tuesday-fixes-4-critical-rce-bugs-and-a-bunch-of-office-holes/; https://www.malwarebytes.com/blog/news/2023/06/reducing-your-attack-surface-is-more-effective-than-playing-patch-a-mole; https://therecord.media/calpers-california-pension-fund-affected-by-moveit-breach; https://securityaffairs.com/147739/cyber-crime/gen-digital-moveit-ransomware-attack.html; https://securityaffairs.com/147380/data-breach/intellihartx-data-breach.html; https://www.govinfosecurity.com/another-healthcare-vendor-reports-big-forta-goanywhere-hack-a-22280; https://www.wired.com/story/mt-gox-indictment-security-roundup/; https://securityaffairs.com/147797/breaking-news/security-affairs-newsletter-round-425-by-pierluigi-paganini-international-edition.html; https://www.welivesecurity.com/videos/what-to-know-about-the-moveit-hack-week-in-security-with-tony-anscombe/; https://www.databreaches.net/moveit-breach-also-impacted-major-pension-systems-and-insurers/; https://www.calpers.ca.gov/page/newsroom/calpers-news/2023/calpers-responds-to-third-party-breach-of-retiree-information; https://www.genworth.com/moveit.html; https://apps.web.maine.gov/online/aeviewer/ME/40/f74d0aa0-eb90-46c1-8093-58aabe65a9d6.shtml; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-23rd-2023-the-reddit-files/; https://www.bleepingcomputer.com/news/security/moveit-breach-impacts-genworth-calpers-as-data-for-32-million-exposed/; https://www.darkreading.com/dr-tech/cl0p-in-your-network-how-to-find-out; https://www.techrepublic.com/article/anonymous-sudan-attacks-european-investment-bank/; https://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/; https://www.schools.nyc.gov/alerts/alert-regarding-data-incident; https://cyberscoop.com/schnieder-electric-siemens-energy-moveit-cl0p/; https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/; https://therecord.media/ucla-siemens-energy-latest-moveit-victims; https://securityaffairs.com/147865/data-breach/schneider-electric-siemens-energy-moveit.html; https://www.darkreading.com/attacks-breaches/ucla-siemens-among-latest-victims-of-relentless-moveit-attacks; https://nakedsecurity.sophos.com/2023/06/28/interested-in-10000000-ready-to-turn-in-the-clop-ransomware-crew/; https://www.databreaches.net/national-student-clearinghouse-notifies-schools-of-moveit-breach/; https://therecord.media/data-of-sixteen-million-exposed-moveit; https://www.wired.com/story/apple-google-moveit-security-patches-june-2023-critical-update/; https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/cyberstalking-first-amendment-us-supreme-court-security-roundup/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-30th-2023-mistaken-identity/; https://nakedsecurity.sophos.com/2023/07/03/wordpress-plugin-lets-users-become-admins-patch-early-patch-often/; https://www.darkreading.com/attacks-breaches/chip-giant-tsmc-blames-lockbit-breach-it-hardware-supplier; https://www.govinfosecurity.com/hhs-tells-congress-100000-people-affected-by-moveit-hacks-a-22420; https://nakedsecurity.sophos.com/2023/07/04/ghostscript-bug-could-allow-rogue-documents-to-run-system-commands/; https://securityaffairs.com/148152/data-breach/dublin-airport-data-breach.html; https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks; https://alert.studentclearinghouse.org/; https://www.darkreading.com/attacks-breaches/shell-latest-cl0p-moveit-victim; https://www.govinfosecurity.com/latest-moveit-bug-another-critical-sql-injection-flaw-a-22494; https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html; https://www.bleepingcomputer.com/news/security/moveit-transfer-customers-warned-to-patch-new-critical-flaw/; https://securityaffairs.com/148252/security/moveit-transfer-critical-flaw.html; https://www.darkreading.com/endpoint/moveit-transfer-another-critical-data-theft-bug; https://therecord.media/three-new-moveit-bugs-spur-cisa-warning; https://therecord.media/ransomware-tracker-the-latest-figures; https://socradar.io/major-cyberattacks-in-review-june-2023/; https://www.malwarebytes.com/blog/news/2023/07/moveit-transfer-fixes-three-new-vulnerabilities; https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-July-2023; https://www.plainscapital.com/moveit-update/; https://www.firstmerchants.com/moveit-data-incident; https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/; https://www.bleepingcomputer.com/news/security/deutsche-bank-confirms-provider-breach-exposed-customer-data/; https://thehackernews.com/2023/07/ransomware-extortion-skyrockets-in-2023.html; https://securityaffairs.com/148399/cyber-crime/cl0p-hacker-operating-from-russia-ukraine.html; https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/; https://socradar.io/journey-into-the-top-10-vulnerabilities-used-by-ransomware-groups/; https://www.bleepingcomputer.com/news/security/colorado-state-university-says-data-breach-impacts-students-staff/; https://source.colostate.edu/moveit-software-cyberattack-notification/; https://www.bleepingcomputer.com/news/security/deutsche-bank-confirms-provider-breach-exposed-customer-data/; https://cybernews.com/security/deutsche-ing-postbank-impacted-moveit-hack-clop/; https://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/; https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html; https://quointelligence.eu/2023/07/weekly-threat-intelligence-snapshot-week-28-2023/?lang=de; https://therecord.media/more-companies-confirm-moveit-related-data-incidents-shutterfly-tjmaxx-tomtom; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/; https://www.darkreading.com/attacks-breaches/estee-lauder-moveit-hacks-different-ransom-groups; https://www.bleepingcomputer.com/news/security/clop-gang-to-earn-over-75-million-from-moveit-extortion-attacks/; https://www.bleepingcomputer.com/news/security/clop-now-leaks-data-stolen-in-moveit-attacks-on-clearweb-sites/; https://securityaffairs.com/148745/breaking-news/security-affairs-newsletter-round-429-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-21st-2023-avaddon-back-as-noescape/; https://therecord.media/dhl-moveit-breach-investigation; https://apps.web.maine.gov/online/aeviewer/ME/40/932cae5f-9dee-49b1-be5d-0f9b27216636.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/e610bdde-d212-4ac9-969f-87b9094507f4.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/3548fcca-35b4-4d23-a763-1dc9faaed891.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/7d40dc71-f561-4c3f-a698-6b60d05febcb.shtml; https://www.coveware.com/blog/2023/7/21/ransom-monetization-rates-fall-to-record-low-despite-jump-in-average-ransom-payments; https://www.malwarebytes.com/blog/news/2023/07/este-lauder-targeted-by-cl0p-and-blackcat-ransomware-groups; https://www.bleepingcomputer.com/news/security/netscaler-adc-bug-exploited-to-breach-us-critical-infrastructure-org/; https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-july-17-23; https://www.mirror.co.uk/travel/news/uk-airports-targeted-coordinated-russia-30504938; https://www.hackread.com/cl0p-ransomware-moveit-data-clearweb-sites/; https://www.jpost.com/international/article-748102; https://www.hackread.com/cl0p-ransomware-strikes-deloitte-refutes-breach/; https://www.databreaches.net/deloitte-denies-cl0p-data-breach-claims-in-wake-of-moveit-attack/; https://securityaffairs.com/148875/data-breach/depositfiles-exposed-config-file.html; https://www.bleepingcomputer.com/news/security/8-million-people-hit-by-data-breach-at-us-govt-contractor-maximus/; https://therecord.media/contractor-says-data-on-up-to-10-million-leaked-in-moveit-attack; https://www.darkreading.com/perimeter/millions-people-moveit-attack-us-government-vendor; https://www.toyota-boshoku.com/global/news/_assets/upload/230610e.pdf; https://investor.maximus.com/sec-filings/all-sec-filings/content/0001032220-23-000061/0001032220-23-000061.pdf; https://securityaffairs.com/148955/breaking-news/security-affairs-newsletter-round-430-by-pierluigi-paganini-international-edition.html; https://www.databreaches.net/health-data-of-more-than-8-million-people-accessed-by-moveit-hackers-us-govt-contractor/; https://www.databreaches.net/centers-for-medicare-and-medicaid-notifying-645000-medicare-members-about-moveit-breach/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-28th-2023-new-extortion-tactics/; https://unit42.paloaltonetworks.com/threat-brief-cve-2023-35078/; https://www.cms.gov/files/document/alternate-consumer-notice-july-2023.pdf; https://nakedsecurity.sophos.com/2023/07/31/sec-demands-four-day-disclosure-limit-for-cybersecurity-breaches/; https://research.checkpoint.com/2023/31st-july-threat-intelligence-report/; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/uncover-the-hidden-story-of-ransomware-victims.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://socradar.io/major-cyberattacks-in-review-july-2023/; https://www.darkreading.com/attacks-breaches/valic-retirement-services-company-experiences-pbi-data-breach-exposing-approximately-798-000-social-security-numbers; https://apps.web.maine.gov/online/aeviewer/ME/40/9a08c47a-bb7f-4aa3-9b60-20c8fdaeee96.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/c7adbabd-3bf5-480c-97d1-ea15fb68fa10.shtml; https://www.bleepingcomputer.com/news/security/us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks/; https://www.malwarebytes.com/blog/threat-intelligence/2023/08/global-ransomware-attacks-at-an-all-time-high-shows-latest-2023-state-of-ransomware-report; https://www.bleepingcomputer.com/news/security/clop-ransomware-now-uses-torrents-to-leak-data-and-evade-takedowns/; https://research.checkpoint.com/2023/7th-august-threat-intelligence-report/; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/stepping-ahead-of-risk-trend-micro-2023-midyear-cybersecurity-threat-report; https://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html; https://www.bleepingcomputer.com/news/security/missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach/; https://therecord.media/missouri-medicaid-health-info-moveit-breach; https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://www.cybersecasia.net/news/threat-actors-shifting-to-zero-day-and-one-day-vulnerabilities-in-smes; https://www.darkreading.com/attacks-breaches/clop-gang-steals-personal-health-data-of-4-million-in-colorado-breach; https://securityaffairs.com/149498/data-breach/colorado-hcpf-department-data-breach.html; https://www.bleepingcomputer.com/news/security/colorado-warns-4-million-of-data-stolen-in-ibm-moveit-breach/; https://www.govinfosecurity.com/data-theft-via-moveit-45-million-more-individuals-affected-a-22810; https://www.databreaches.net/134k-massachusetts-residents-impacted-by-global-security-incident/; https://www.malwarebytes.com/blog/threat-intelligence/2023/08/ransomware-review-august-2023; https://securityaffairs.com/149686/breaking-news/security-affairs-newsletter-round-433-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-18th-2023-lockbit-on-thin-ice/; https://www.darkreading.com/cloud/cycognito-finds-large-volume-of-personal-identifiable-information-in-vulnerable-cloud-and-web-applications; https://www.malwarebytes.com/blog/news/2023/08/citrix-sharefile-joins-list-of-vulnerabilities-in-file-sharing-software; https://www.heise.de/news/MOVEit-Luecke-Gesundheitsdaten-von-Millionen-Menschen-in-den-USA-geleakt-9272470.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://research.checkpoint.com/2023/21st-august-threat-intelligence-report/; https://apps.web.maine.gov/online/aeviewer/ME/40/5b434968-ff60-47f4-ac52-fb7946cf3bc6.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/5b434968-ff60-47f4-ac52-fb7946cf3bc6/164900ab-0183-4480-a421-d767aea8d382/document.html; https://dss.mo.gov/press/pdf/dss-third-party-cyber-attack-protection.pdf; https://www.darkreading.com/attacks-breaches/software-vendors-may-face-greater-liability-in-wake-of-moveit-lawsuit; https://therecord.media/hong-kong-software-supply-chain-attack-carderbee-apt; https://www.darkreading.com/attacks-breaches/chinese-apt-targets-hong-kong-in-supply-chain-attack; https://cyberscoop.com/hacking-group-hong-kong-supply-chain-cyberattack/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply-chain-certificate-abuse; https://www.bleepingcomputer.com/news/security/the-moveit-hack-and-what-it-taught-us-about-application-security/; https://securityaffairs.com/149790/apt/carderbee-apt-supply-chain-attack.html; https://www.govinfosecurity.com/moveit-health-data-breach-tally-keeps-growing-a-22916; https://securityaffairs.com/149890/breaking-news/pole-emploi-data-breach.html; https://www.darkreading.com/attacks-breaches/-genworth-financial-under-investigation-for-data-breach; https://www.bleepingcomputer.com/news/security/data-breach-at-french-govt-agency-exposes-info-of-10-million-people/; https://www.darkreading.com/attacks-breaches/financial-firms-breached-in-moveit-cyberattacks-now-face-lawsuits; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-supply-chain-attacks/; https://socradar.io/chain-reactions-footprints-of-major-supply-chain-attacks/; https://research.checkpoint.com/2023/28th-august-threat-intelligence-report/; https://www.heise.de/news/MOVEit-Luecke-Franzoesisches-Arbeitsamt-verliert-10-Millionen-Datensaetze-9286515.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://securityaffairs.com/149921/hacking/massive-moveit-campaign-campaign.html; https://www.darkreading.com/edge-articles/moveit-was-a-sql-injection-accident-waiting-to-happen; https://www.mandiant.com/resources/blog/traditional-advice-modern-threats; https://www.bleepingcomputer.com/news/security/university-of-michigan-shuts-down-network-after-cyberattack/; https://securityaffairs.com/150277/breaking-news/security-affairs-newsletter-round-435-by-pierluigi-paganini-international-edition.html; https://therecord.media/paramount-data-breach-cyberattack; https://www.bleepingcomputer.com/news/security/university-of-michigan-requires-password-resets-after-cyberattack/; https://www.hipaajournal.com/ibm-notifies-janssen-carepath-patients-about-unauthorized-database-access/; https://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html; https://www.govinfosecurity.com/lessons-to-learn-from-clops-moveit-supply-chain-attacks-a-23093; https://www.govinfosecurity.com/nuance-notifying-14-nc-healthcare-clients-moveit-hacks-a-23107; https://therecord.media/nova-scotia-all-victims-notified; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023; https://www.bleepingcomputer.com/news/security/national-student-clearinghouse-data-breach-impacts-890-schools/; https://securityaffairs.com/151281/data-breach/national-student-clearinghouse-data-breach.html; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://therecord.media/moveit-fallout-continues-nsc-schools; https://www.darkreading.com/application-security/moveit-flaw-900-university-data-breaches; https://research.checkpoint.com/2023/25th-september-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/born-ontario-child-registry-data-breach-affects-34-million-people/; https://www.bleepingcomputer.com/news/security/sickkids-impacted-by-born-ontario-data-breach-that-hit-34-million/; https://securityaffairs.com/151475/data-breach/born-ontario-data-breach.html; https://www.bleepingcomputer.com/news/security/progress-warns-of-maximum-severity-ws-ftp-server-vulnerability/; https://therecord.media/progress-new-file-transfer-vulnerability; https://securityaffairs.com/151744/breaking-news/security-affairs-newsletter-round-439-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-29th-2023-dark-angels/; https://www.wired.com/story/moveit-breach-victims/; https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/; https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/; https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/; https://securityaffairs.com/151982/data-breach/sony-sent-data-breach-notifications-to-about-6800-individuals.html; https://apps.web.maine.gov/online/aeviewer/ME/40/a67798f0-9798-4a17-b31f-6c7d003dbfb6.shtml; https://s3.documentcloud.org/documents/24017531/flagstar-consumer-notification-template.pdf; https://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/; https://apps.web.maine.gov/online/aeviewer/ME/40/8b595be6-d1d7-47df-84d5-05738edd84f9.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/8b595be6-d1d7-47df-84d5-05738edd84f9/f939ea5f-3db0-47a7-9e02-8c204388f02d/document.html; https://securityaffairs.com/152118/breaking-news/security-affairs-newsletter-round-440-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/apple-heat-initiative-dark-money/; https://securityaffairs.com/152143/data-breach/flagstar-bank-data-breach-2.html; https://www.darkreading.com/risk/moveit-shift-cyber-insurance-calculus; https://www.heise.de/hintergrund/Die-MOVEit-Sicherheitsluecke-eine-Zwischenbilanz-9318038.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Montag-Aenderungen-am-Strassenverkehrsrecht-Ransomware-Gang-gehackt-und-gelaehmt-9340886.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.darkreading.com/attacks-breaches/2023-ransomware-attacks-up-more-than-95-over-2022-according-to-corvus-insurance-q3-report; https://www.bleepingcomputer.com/news/security/september-was-a-record-month-for-ransomware-attacks-in-2023/; https://arstechnica.com/security/2023/10/active-attacks-exploiting-ws_ftp-pose-a-grave-threat-to-the-internet/; https://www.malwarebytes.com/blog/threat-intelligence/2023/10/ransomware-review-october-2023; https://www.darkreading.com/attacks-breaches/attacks-on-maximum-severity-ws_ftp-bug-have-been-limited-so-far; https://www.heise.de/hintergrund/Missing-Link-Welche-Laender-und-Branchen-von-der-MOVEit-Luecke-betroffen-sind-9347621.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Montag-Cyberattacke-auf-Boeing-mit-Datenklau-Bitcoin-ist-ein-Klimasuender-9348074.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/trellix-2024-threat-predictions.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://www.hackread.com/moveit-hack-us-defense-officials-emails-breached/; https://s3.documentcloud.org/documents/24005170/sample-individual-notice-10032023.pdf; https://www.darkreading.com/operations/ransomware-readiness-assessments-one-size-doesnt-fit-all; https://www.darkreading.com/risk/meet-your-new-cybersecurity-auditor-your-insurer; https://www.bleepingcomputer.com/news/security/maine-govt-notifies-13-million-people-of-moveit-data-breach/; https://www.darkreading.com/attacks-breaches/state-maine-latest-moveit-victim; https://securityaffairs.com/154066/data-breach/state-of-maine-data-breach.html; https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/11/state-of-maine-data-breach-impacts-1-3-million-people; https://research.checkpoint.com/2023/13th-november-threat-intelligence-report/; https://therecord.media/more-than-hundreds-thousands-medicare-moveit; https://socradar.io/predicting-vulnerability-exploitation-for-proactive-cybersecurity-whats-epss-and-how-can-svrs-enhance-it/; https://www.darkreading.com/attacks-breaches/autozone-moveit-data-breach-state-of-maine; https://www.bleepingcomputer.com/news/security/auto-parts-giant-autozone-warns-of-moveit-data-breach/; https://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/; https://socradar.io/exploitation-attempts-observed-for-critical-owncloud-vulnerability-cve-2023-49103/; https://www.techrepublic.com/article/cisco-talos-year-end-report/; https://www.hackread.com/delta-dental-data-breach-moveit-linked-attack/; https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/; https://www.techrepublic.com/article/top-techrepublic-articles-2023/; https://www.wired.com/story/most-dangerous-people-2023/; https://www.malwarebytes.com/blog/threat-intelligence/2023/11/ransomware-review-november-2023; https://therecord.media/long-beach-facing-cyber-incident; https://www.wired.com/story/worst-hacks-2023/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/; https://www.financialexpress.com/business/digital-transformation-india-records-15-spike-with-2138-weekly-attacks-report-3369635/; https://www.bleepingcomputer.com/news/security/energy-giant-schneider-electric-hit-by-cactus-ransomware-attack/; https://www.silicon.de/41711715/zero-trust-verhinderung-von-angriffen-auf-software-lieferkette; https://www.computerweekly.com/de/feature/10-der-groessten-Zero-Day-Angriffe-im-Jahr-2023; https://www.infoworld.com/article/3712543/protecting-against-software-supply-chain-attacks.html; https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/; https://www.khgames.co.kr/news/articleView.html?idxno=224468; https://www.malwarebytes.com/blog/cybercrime/2024/02/how-ransomware-changed-in-2023; http://www.detaykibris.com/fidye-saldirilariyla-toplanan-kripto-para-miktari-2023te-rekor-kirdi-336233h.htm; https://www.columbian.com/news/2024/mar/03/why-health-care-has-become-a-top-target-for-cybercriminals/; https://www.it-daily.net/it-sicherheit/cybercrime/ransomware-zahlungen-auf-rekordhoch; https://therecord.media/national-amusements-data-breach-cyberattack; https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-sql-injection-vulnerabilities/; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/rise-in-active-raas-groups-parallel-growing-victim-counts-ransomware-in-2h-2023; https://www.techrepublic.com/article/cyber-security-trends-uk/; https://cyberscoop.com/sisense-supply-chain-breach/; https://www.ferner-alsdorf.de/allianz-cybersecurity-trends-2023-aktuelle-cybersicherheitstrends-und-herausforderungen-in-der-cyber-bedrohungslage/; https://therecord.media/chinese-russian-hackers-edge-devices; https://www.computerweekly.com/de/meinung/IT-Security-2024-Auf-Zero-Day-folgt-nicht-immer-Ransomware; https://www.hackread.com/agent-tesla-taskun-malware-us-education-govt/; https://www.govinfosecurity.com/verizon-dbir-cyber-defenders-are-facing-exploit-fatigue-a-24989,2023-06-02,2024-03-28
2321,Unknown actors locked South African telecommunications company Seacom out of their hosting and virtual environment in May 2023  ,"Unknown actors allegedly locked South African telecommunications company Seacom out of their hosting and virtual environment beginning on 10 May 2023, an anonymous source disclosed to the news website ITWEB on 1 June.
The cyber incident was publicly reported on 11 May, when Seacom business customers noticed that Seacom's services went offline. Seacom confirmed the incident on 11 May declaring that it had only affected the hosting environment - a claim the company still claimed maintained by 1 June 2023. According to the company, no data theft had occurred and all affected information systems had been restored. 
",2023-05-10,Not available,Attack on critical infrastructure target(s),,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,SEACOM,South Africa,AFRICA; SSA,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,15461,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.itweb.co.za/content/GxwQDM1DrQw7lPVo,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Law of the sea; International telecommunication law; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/noelle_cowling/status/1664224406292316160; https://www.itweb.co.za/content/GxwQDM1DrQw7lPVo; https://mybroadband.co.za/news/cloud-hosting/491297-seacom-hit-by-cyber-attack.html,2023-06-02,2023-12-22
2316,Federal Security Service of the Russian Federation (FSB) accused US National Security Agency (NSA) of spying on Apple iPhones of unspecified Russian users and diplomats of various countries in Russia,"The Federal Security Service of the Russian Federation (FSB) in cooperation with the Federal Protective Service (FSO) accused the US National Security Agency (NSA) of spying on Apple iPhones of unspecified Russian users and diplomats of various countries in Russia, the FSB reported in a press release on its website on 1 June 2023. 
The FSB accused the US technology company Apple of passing vulnerability information to the US intelligence agency facilitating the installation of backdoors on iPhones. Apple rebuked claimes to have left vulnerabilities open intentionally. The iPhone manufacturer released fixes for the two zero-day vulnerabilities (CVE-2023-32434 and CVE-2023-32435) identified by Kaspersky researchers that enabled the zero-click exploitation of iMessage.
The FSB claimed that the operation targeted devices registered to diplomatic missions in Russia of former Soviet Union countries, NATO member states, Israel, Syria, and China.   
Also on 1 June, the Russian IT security company Kaspersky published a technical report on ""Operation Triangulation"", in which iPhone mobile phones were compromised, including mobile phones of senior Kaspersky employees. Although unclear in the beginning, the Russian Federation's Computer Emergency Response Team (CERT) said in a technical report on the same day that the Indicators of Compromise were the same in both incidents. In addition, Kaspersky security researcher Ivan Kwiatkowski announced via Twitter, also on 1 June, that the two incidents were linked.  ",,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None - None - None,NATO (region); Russia; China; Israel; Not available; Syria, - EUROPE; EASTEU; CSTO; SCO - ASIA; SCS; EASIA; NEA; SCO - ASIA; MENA; MEA -  - ASIA; MENA; MEA,State institutions / political system - End user(s) / specially protected groups - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,"Other (e.g., embassies) -  - Other (e.g., embassies) - Other (e.g., embassies) - Other (e.g., embassies) - Other (e.g., embassies)",,United States,State,,1,15465; 15465,2023-06-01 00:00:00; 2023-06-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Federal Security Service (FSB); Federal Protective Service (FSO),Not available; Not available,Russia; Russia,,United States; United States,State; State,http://www.fsb.ru/fsb/press/message/single.htm%21id%3D10439739%40fsbMessage.html,International power,International power,,Unknown,,1,2023-06-01 00:00:00,State Actors: Stabilizing measures,,Russia,Federal Security Service (FSB),Yes,multiple,Drive-By Compromise,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,6.0,1-10,6.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Diplomatic / consular law; Sovereignty; Law of treaties (pacta sunt servanda),State actors; ; ; ,Not available,1,2023-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Russia,Federal Security Service (FSB),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.euractiv.com/section/global-europe/news/russia-says-us-accessed-thousands-of-apple-phones-in-spy-plot/; https://www.elmundo.es/internacional/2023/06/01/6477fc13506cc200282fccd5-directo.html; http://www.fsb.ru/fsb/press/message/single.htm%21id%3D10439739%40fsbMessage.html; https://twitter.com/Bing_Chris/status/1664289243294777348; https://twitter.com/z_edian/status/1664272508613464078; https://www.rferl.org/a/russia-diplomats-iphones-hacking-fsb/32438777.html; https://www.jpost.com/breaking-news/article-744862; https://www.heise.de/news/Russischer-Geheimdienst-NSA-spioniert-angeblich-tausende-iPhones-dank-Apple-aus-9154815.html?wt_mc=rss.red.mac-and-i.mac-and-i.rdf.beitrag.beitrag; https://twitter.com/CyberScoopNews/status/1664305992543137796; https://twitter.com/josephfcox/status/1664355560593174528; https://twitter.com/RecordedFuture/status/1664341266543288337; https://twitter.com/lorenzofb/status/1664322338135982084; https://therecord.media/russia-accusses-us-of-hacking-apple-devices-to-spy-on-diplomats; https://twitter.com/HostileSpectrum/status/1664259814812155904; https://www.bleepingcomputer.com/news/security/russia-says-us-hacked-thousands-of-iphones-in-ios-zero-click-attacks/; https://cyberscoop.com/russian-apple-nsa-iphone-spying/; https://twitter.com/thegrugq/status/1664314699062837248; https://www.wired.com/story/kaspersky-apple-ios-zero-day-intrusion/; https://securityaffairs.com/147059/breaking-news/security-affairs-newsletter-round-422.html; https://twitter.com/josephmenn/status/1664413868964339712; https://securityaffairs.com/146939/apt/operation-triangulation-ios-devices.html; https://www.hackread.com/kaspersky-employees-iphones-spyware-infected/; https://twitter.com/Cyber_O51NT/status/1664429692823441408; https://www.brisbanetimes.com.au/world/europe/moscow-accuses-us-of-hacking-thousands-iphones-in-spy-plot-20230602-p5ddbk.html?ref=rss&utm_medium=rss&utm_source=rss_feed; https://www.heise.de/news/Nach-iPhone-Spionagevorwuerfen-Apple-widerspricht-russischem-Geheimdienst-9162817.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://twitter.com/chuksjonia/status/1664565276971597824; https://www.techradar.com/news/russia-blames-us-and-apple-for-hacking-diplomat-iphones; https://www.wired.com/story/security-roundup-ai-scams-voice-cloning/; https://securityaffairs.com/146954/intelligence/fsb-blames-us-intel-operation-triangulation.html; https://twitter.com/securityaffairs/status/1664583917905510402; https://www.databreaches.net/russia-says-us-hacked-thousands-of-apple-phones-in-spy-plot/; https://twitter.com/hackerfantastic/status/1664854516561313792; https://www.darkreading.com/endpoint/apple-zero-days-imessage-4-year-spying-ios; https://twitter.com/Dennis_Kipker/status/1664653147329949696; https://www.techrepublic.com/article/iphone-zero-click-hack/; https://therecord.media/apple-patch-zero-days-exploited-in-spyware-campaign; https://cyberscoop.com/apple-security-patch-kaspersky-russia-spyware/; https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-days-used-to-deploy-triangulation-spyware-via-imessage/; https://nakedsecurity.sophos.com/2023/06/22/apple-patch-fixes-zero-day-kernel-hole-reported-by-kaspersky-update-now/; https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html; https://www.malwarebytes.com/blog/news/2023/06/update-now-apple-fixes-three-actively-exploited-vulnerabilities; https://securityaffairs.com/147717/malware/triangledb-implant-used-operation-triangulation.html; https://securityaffairs.com/147729/hacking/apple-zero-day-flaws-exploited.html; https://www.darkreading.com/endpoint/more-apple-zero-days-exploited-ios-spying-campaign; https://securityaffairs.com/147797/breaking-news/security-affairs-newsletter-round-425-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/apple-zero-day-spyware-patch-security-roundup/; https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-iphone-bugs-abused-in-spyware-attacks/; https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/; https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html; https://www.nrc.nl/nieuws/2023/07/17/russische-overheid-verbiedt-gebruik-iphones-wegens-vermoeden-van-spionage-a4169964; https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://www.bleepingcomputer.com/news/security/iphone-triangulation-attack-abused-undocumented-hardware-feature/; https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html; https://www.heise.de/news/Operation-Triangulation-Raffiniertester-Exploit-aller-Zeiten-auf-iPhones-9583427.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/; https://securityaffairs.com/156696/breaking-news/security-affairs-newsletter-round-452-by-pierluigi-paganini-international-edition.html; https://cybersecasia.net/news/apt-actors-exploit-apples-undocumented-hardware-back-door; https://www.bleepingcomputer.com/news/security/cisa-warns-agencies-of-fourth-flaw-used-in-triangulation-spyware-attacks/; https://www.informador.mx/tecnologia/Ciberseguridad-Kaspersky-descubre-una-vulnerabilidad-desconocida-en-iPhones-20240112-0122.html; https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/; https://therecord.media/russia-belarus-cyberthreat-research-facct,2023-06-02,2024-01-24
2311,Unknown ransomware group accessed information systems of biotechnology company Enzo Biochem and stole clinical test information of approximately 2.5 million individuals in April 2023,"A ransomware group had accessed the information systems of biotechnology company Enzo Biochem and accessed and in some cases exfiltrated clinical test information of approximately 2,470,000 individuals on 6 April 2023, the company reported in an 8-K filing with the US Securities and Exchange Commission. Affected data comprised names and test information. For 600,000 participants this also included social security numbers. No ransomware group has publicly claimed responsibility for the incident. ",2023-04-06,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Enzo Biochem,United States,NATO; NORTHAM,Critical infrastructure,Chemicals,Not available,Not available,Not available,,1,15472,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,=< 10 Mio,2300000.0,dollar,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-04-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,New York Attorney General,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/clinical-test-data-of-2-5-million-people-stolen-from-biotech-company-enzo-biochem/; https://www.sec.gov/Archives/edgar/data/316253/000121390023044007/ea178836-8k%5Fenzobiohem.htm; https://therecord.media/clinical-test-data-of-enzio-biochem-stolen; https://twitter.com/lorenzofb/status/1664233328201826304; https://www.darkreading.com/attacks-breaches/2-5m-impacted-by-enzo-biochem-data-leak-after-ransomware-attack; https://www.sec.gov/ix?doc=/Archives/edgar/data/316253/000121390023083566/f10k2023_enzobio.htm,2023-06-01,2023-12-22
2312,Ukrainian hacktivists gained partial access to information systems of Russia's Skolkovo Foundation on the night of 28-29 May 2023,"Ukrainian hacktivists gained partial access to the information systems of Russia's Skolkovo Foundation on the night of 28-29 May 2023, according to a claim by via a Telegram post.
The Skolkovo Foundation, created in 2010 by then-President Dmitry Medvedev, is the main agency responsible for Russia's Skolkovo Innovation Center, a science and technology hub. 
In particular, the hacktivists accessed the file exchange platform and stole presentation, photos, contracts, lists of partners and legal counterparts, which was confirmed by the Russian Telegram group 'Information Leaks'.
The only thing that remains ambiguous is the name of the Ukrainian hacktivist group; Skolkovo's Telegram post on 29 May stated that the Ukrainian CyberFront had claimed responsibility for the cyber incident against Skolkovo. In the central Telegram post claiming the cyber incident, the name Ukrainian CyberFront is absent and the Telegram channel that published this post is called 'sudo rm -RF'. ",2023-05-28,2023-05-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,Skolkovo Foundation,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,sudo rm -RF,Not available,Non-state-group,Hacktivist(s),2,15471; 15470,2023-05-29 00:00:00; 2023-05-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,sudo rm -R; Ukrainian CyberFront,Not available; Not available,Not available; Not available,sudo rm -RF; Ukrainian CyberFront,Not available; Not available,Non-state-group; Non-state-group,https://t.me/skolkovolive/4497; https://t.me/sudo_RM_RF_6/4,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Armed conflict; Due diligence,Civic / political rights; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.databreaches.net/russias-silicon-valley-hit-by-cyberattack-ukrainian-group-claims-deep-access/; https://t.me/skolkovolive/4497; https://t.me/dataleak/2984; https://t.me/sudo_RM_RF_6/4; https://twitter.com/SimonZerafa/status/1664372422135492610,2023-06-01,2023-12-22
2313,Unknown actors targeted school fund of the city of Le Robert in Martinique with ransomware on 25 April 2023,Unknown actors targeted the school fund of the city of Le Robert in Martinique with ransomware on 25 April 2023. Data held by the fund has been encrypted and a ransom note has been sent. ,2023-04-25,2023-04-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Le Robert,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15467,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1663801331990028288; https://www.zayactu.org/2023/05/la-caisse-des-ecoles-du-robert-egalement-victime-dune-cyberattaque-avec-demande-de-rancon; https://ville-robert.fr/actualite/paiement-aslh-des-vacances-et-prestations-de-juin-2023,2023-06-01,2023-12-22
2314,Bl00dy ransomware gang targeted Indian university through PaperCut vulnerability in May 2023,"The Bl00dy ransomware gang targeted an Indian university through a PaperCut vulnerability (CVE-2023-27350) in May 2023, demanding a ransom of $90,000. ",2023-05-28,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Not available,India,ASIA; SASIA; SCO,State institutions / political system; Education,Civil service / administration; ,Bl00dy Ransomware Gang,Not available,Non-state-group,Criminal(s),1,15466,2023-05-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Bl00dy Ransomware Gang,Not available,Not available,Bl00dy Ransomware Gang,Not available,Non-state-group,https://blog.cyble.com/2023/05/30/bl00dy-ransomware-targets-indian-university-actively-exploiting-papercut-vulnerability/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyber_O51NT/status/1663858967184023553; https://blog.cyble.com/2023/05/30/bl00dy-ransomware-targets-indian-university-actively-exploiting-papercut-vulnerability/; https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://www.techrepublic.com/article/cisco-talos-year-end-report/,2023-06-01,2024-02-28
2310,Bangladeshi hacktivist group conducted DDoS attacks against official Senegalese websites for the second time on 29 May 2023,"Mysterious Team, a suspected Bangladeshi hacktivist group, launched DDoS attacks against official Senegalese websites for the second time in one month on 29 May 2023. The group announced the disruption attempt the day before and then claimed credit for it after its execution. 
The hacktivist group demanded that accusations against opposition leader Ousmane Sonko be dropped. Sonko had been sentenced to a suspended six-month prison term for defamation and faces charges of sexual assault that his supporters believe are politically motivated and engineered by Senegal's current president, Macky Sall, with the aim to sideline Sonko ahead of the 2024 presidential election.",2023-05-29,2023-05-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Senegal,AFRICA; SSA,State institutions / political system,Government / ministries,,Bangladesh,Non-state-group,Hacktivist(s),1,11185,2023-05-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Mysterious Team Bangladesh,Not available,Bangladesh,,Bangladesh,Non-state-group,https://twitter.com/MysteriousTeamO/status/1663272473239105536,System / ideology; National power,System/ideology; National power,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/netblocks/status/1663330076916609027; https://twitter.com/MysteriousTeamO/status/1663272473239105536,2023-05-31,2023-10-11
2309,Unknown hackers paralysed IT systems of India's power utility MPPMC Limited through ransomware attack on 22 May 2022,"A ransomware attack crippled IT system used for internal communication at Madhya Pradesh Power Management Company Limited (MPPMC) - a state-run entity - on 22 May 2023.
The Indian holding company oversees the administration of electricity in the state by selling and purchasing electricity according to demand, at a time when summer brings peak consumption, sources said.
MPPMC IT director Reeta Kshetrapal said those behind the ransomware attack had left contact details but not approached the company with any money demands so far.",2023-05-22,2023-05-22,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,MPPMC Limited ,India,ASIA; SASIA; SCO,Critical infrastructure,Energy,Not available,Not available,Not available,,1,11182,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://timesofindia.indiatimes.com/city/bhopal/mp-power-mgmt-co-hit-by-ransomware/articleshow/100577880.cms?from=mdr; https://energyasia.co.in/power/mp-power-management-co-hit-by-ransomware/,2023-05-31,2023-07-12
2308,Bangladeshi hacktivist group Mysterious Team disrupted the website of French state-owned postal service La Poste 29 May 2023,"The hacktivist group Mysterious Team, suspected to be of Bangladeshi origin, disrupted the website of French state-owned postal service La Poste on 29 May 2023, the postal service disclosed.
Mysterious Team said they targeted the French postal service with a DDoS attack because a French researcher was spreading false information about them.",2023-05-29,2023-05-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption,La Poste,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Other,Mysterious Team Bangladesh,Bangladesh,Non-state-group,Hacktivist(s),1,11181,2023-05-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Mysterious Team Bangladesh,Not available,Bangladesh,Mysterious Team Bangladesh,Bangladesh,Non-state-group,https://twitter.com/MysteriousTeamO/status/1663110320465018880,Cyber-specific,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bfmtv.com/tech/victime-d-une-cyberattaque-le-site-de-la-poste-est-indisponible_AN-202305290357.html; https://twitter.com/FalconFeedsio/status/1663115234570010624; https://twitter.com/MysteriousTeamO/status/1663110320465018880; https://thehackernews.com/2023/08/mysterious-team-bangladesh-targeting.html,2023-05-31,2023-08-04
2302,Unknown actors attacked hospitals in Idaho Falls on 29 May 2023,"Unknown actors attacked the US Mountain View Hospital, Idaho Falls Community Hospital and their partner clinics in Idaho Falls on 29 May 2023. No data was breached, according to the hospitals. Idaho Falls Community Hospital diverted ambulances to nearby hospitals for the first day after the incident was discovered. At least one partner clinic, Redicare, remained closed for ten days, to facilitate incident response. On 30 June it was reported that Mountain View Hospital has managed to reinstate clinical functions for itself, Idaho Falls Community Hospital and its partner clinics, while administrative functions are not yet fully restored.",2023-05-29,2023-05-29,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Idaho Falls Community Hospital - Mountain View Hospital - Not available,United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health,Not available,Not available,Not available,,1,15473,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.mountainviewhospital.org/blog/posts/2023/may/mountain-view-managing-it-issue/; https://securityaffairs.com/147089/cyber-crime/idaho-hospitals-cyber-attacks.html; https://www.eastidahonews.com/2023/05/local-hospital-clinic-close-following-cyberattack/; https://therecord.media/idaho-hospital-diverting-ambulances-after-cyberattack; https://twitter.com/snlyngaas/status/1664098773243445248; https://www.malwarebytes.com/blog/news/2023/06/a-week-in-security-may-29-june-4; https://securityaffairs.com/147322/breaking-news/security-affairs-newsletter-round-423.html; https://www.databreaches.net/mountain-view-hospital-restores-clinical-functions-culprit-behind-cyberattack-still-unknown/; https://therecord.media/safford-arizona-hospital-st-louis-call-a-ride-cyberattacks; https://www.techrepublic.com/article/top-cybersecurity-threats/,2023-05-31,2023-12-22
2301,Unknown actors disrupted computer systems of the German municipality of Bad Langensalza in Thuringia beginning on 27 May 2023 ,"Unknown actors disrupted the computer systems of the German municipality of Bad Langensalza in Thuringia beginning on 27 May 2023, the municipality reported on its website.  ",2023-05-27,2023-05-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Bad Langensalza,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15474,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-05-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Thüringer Polizei,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/dani_stoffers/status/1663441186424586240; https://twitter.com/z_edian/status/1663442087184826369; https://www.mdr.de/nachrichten/thueringen/nord-thueringen/unstrut-hainich/hackerangriff-bad-langensalza-stadtverwaltung-cyberattacke-polizei-100.html; https://badlangensalza.de/; https://twitter.com/ein_ISB/status/1663882112892542978,2023-05-31,2023-12-22
2300,Unknown actors targeted high school examination platform Subject Bank in Greece with DDoS attack in May 2023,"Unknown actors targeted the high school examination platform ""Subject Bank"" in Greece with a DDoS attack during 29-30 May 2023. The platform is part of the Greece's Education Ministry. The disruption attempt caused delays to high school exams.
The spokeswoman for the left-wing opposition party ""Syriza"", Popi Tsananidou, criticized the former government under the liberal-conservative party ""Nea Dimokratia"", for having ""failed"" to introduce ""adequate digital protection measures to shield the Subject Bank platform"". ",2023-05-29,2023-05-30,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Greece,EUROPE; NATO; EU(MS); BALKANS,State institutions / political system,Government / ministries,,Not available,Not available,,1,15475,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-05-30 00:00:00,EU: Legislative reactions,Dissenting statement by member of parliament,Greece,Popi Tsananidou (spokeswoman for Syriza),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-05-30 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Greece,Hellenic Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/worst-cyberattack-in-greece-disrupts-high-school-exams-causes-political-spat/; https://twitter.com/netblocks/status/1663666006948999170; https://apnews.com/article/cyberattack-cybercrime-greece-school-highschool-ddos-9258842dbd84d67430cf5eb39999f93d; https://abcnews.go.com/Technology/wireStory/worst-cyberattack-greece-disrupts-high-school-exams-causes-99692485; https://abcnews.go.com/Technology/wireStory/worst-cyberattack-greece-disrupts-high-school-exams-causes-99692485; https://therecord.media/exam-boards-uk-data-breach,2023-05-31,2023-12-22
2299,Unknown actors gained access to Tennessee Orthopaedic Clinics (TOC) and stole patient information in March 2023,"Unknown actors gained access to Tennessee Orthopaedic Clinics (TOC) and stole patient information during 20-24 March 2023, TOC disclosed it on its website on 26 May.
The stolen information could have included names, contact information, dates of birth, diagnosis and treatment information, provider names, dates of service, cost of services, prescription information, and/or health insurance information.",2023-03-20,2023-03-24,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Tennessee Orthopaedic Clinics (TOC),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15476,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/tennessee-orthopaedics-clinics-notifies-hhs-of-breach-has-yet-to-notify-patients/; https://www.tocdocs.com/notice-of-security-incident/,2023-05-31,2023-12-22
2298,"Unknown presumably pro-Ukrainian hackers defaced the website of the residence in Peredelkino of Patriarch Kirill of Moscow on May 27, 2023","Unknown, presumably pro-Ukrainian, hackers defaced the website of the Peredelkino residence of Patriarch Kirill of Moscow on 27 May 2023. 
The homepage was configured to display a message announcing that the ""Patriarch of Moscow and All Russia blesses the Ukrainian Armed Forces’ counter-offensive"". The hackers spread other pro-Ukrainian messages on the patriarch's website. ",2023-05-27,2023-05-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Russian Orthodox Church,Russia,EUROPE; EASTEU; CSTO; SCO,Social groups,Religious,Not available,Ukraine,Non-state-group,Hacktivist(s),1,15477,2023-05-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Ukraine,Not available,Ukraine,Non-state-group,https://www.thedailybeast.com/hackers-force-vladimir-putins-holy-man-patriarch-kirill-to-bless-ukraines-counteroffensive,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Armed conflict; Due diligence,Civic / political rights; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/KennethGeers/status/1662774108944310272; https://www.thedailybeast.com/hackers-force-vladimir-putins-holy-man-patriarch-kirill-to-bless-ukraines-counteroffensive,2023-05-31,2023-12-22
2293,Pro-Russian hacktivist group 'NoName057(16)' conducted DDoS attack against the website of Italy's Industry Ministry in May 2023,"The Italian Ministry of Industry and Made in Italy announced that its website became the target of a DDoS attack on 26 May 2023, causing access problems for users. The pro-Russian hacktivist group 'NoName057(16)' claimed responsibility for the activity.",2023-05-26,2023-05-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Ministry for Business and Made in Italy - MiSE (Italy),Italy,EUROPE; NATO; EU(MS),State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,15499,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.channelnewsasia.com/world/italys-industry-ministry-reports-heavy-cyberattack-3517836; https://twitter.com/ransomwaremap/status/1662320160957505537; https://www.bloomberg.com/news/articles/2023-05-26/italy-s-industry-ministry-says-website-down-after-cyberattack#xj4y7vzkg,2023-05-30,2023-12-27
2295,Unidentified hackers launched targeted attacks against Belgian CHRSM hospitals in May 2023,"Early on 26 May 2023, two sites of the Belgian hospital CHRSM, Sambre and Meuse, fell victim to a cyber attack. To prevent malware deployed by the hackers from spreading, all computer communication was cut off. Employees, consequently, no longer had access to their emails. Access to wi-fi and centrally hosted software was down. ""Given the number of recent victims in hospitals, including the Saint-Luc Bouge in Namur and more recently the Vivalia, we expected this type of attack,"" explained Stéphane Rillaerts, Director General of CHRSM. Details of the perpetrators or the exact modus operandi are not yet known. Some of the scheduled consultations, hospitalisations, and surgical interventions had to be postponed as a result of the incident, with the in-house laborartory only handling emergency cases. No ransom demand had been received. ",2023-05-26,2023-05-26,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft; Disruption,Centre Hospitalier Régional Sambre et Meuse,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,15494,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-05-26 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Belgium,Belgian Federal Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1662041340207587329; https://twitter.com/ransomwaremap/status/1664483676426567680; https://bouke.media/info/cyberattaque-au-chr-le-bilan-apres-plus-dun-mois/9562; https://www.chrsm.be/cyberattaque,2023-05-30,2024-01-16
2294,Alleged hacking group GhyamSarnegouni claimed to have defaced the Iranian presidency website and other related websites on 29 May 2023,"An alleged hacking group by the name GhyamSarnegouni claimed to have defaced the Iranian presidency website and other government websites on 29 May 2023, the hacker group announced via an account with the same name on social media on the same day.
The website of the president's office, and presumably as well other affected websites, displayed the Iranian Supreme Leader Khamenei and current President Ebrahim Raisi crossed out, and in turn displayed the former leader of the Iranian People's Mojahedin Organization of Iran (MEK), Massoud Rajavi, and the current leader and widow of Massoud Rajavi, Maryam Rajavi.",2023-05-29,2023-05-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None,"Iran, Islamic Republic of; Iran, Islamic Republic of",ASIA; MENA; MEA - ASIA; MENA; MEA,Unknown; Unknown - State institutions / political system; State institutions / political system,;  - Government / ministries; Government / ministries,GhyamSarnegouni = Uprising till Overthrow,Not available,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,17218,2023-05-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,GhyamSarnegouni = Uprising till Overthrow,Not available,Not available,GhyamSarnegouni = Uprising till Overthrow,Not available,Non-state-group,https://www.independent.co.uk/news/world/americas/us-politics/iran-ap-egypt-ayatollah-ali-khamenei-cairo-b2347732.html,System / ideology; National power,System/ideology; National power,Iran (People's Mujahideen); Iran (People's Mujahideen),Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.independent.co.uk/news/world/americas/us-politics/iran-ap-egypt-ayatollah-ali-khamenei-cairo-b2347732.html; https://apnews.com/article/iran-presidency-websites-hacked-mek-397ad60fa53f957b4c8a7119b5b887d5; https://abcnews.go.com/International/wireStory/websites-linked-irans-presidency-hacked-images-exile-groups-99670253; https://twitter.com/campuscodi/status/1663895411667480576; https://cyberscoop.com/iranian-dissidents-presidential-hack/; https://twitter.com/JohnHultquist/status/1664038931103633409,2023-05-30,2024-02-16
2290,Mysterious Team conducted DDoS cyberattack against multiple Senegalese government websites in May 2023,"Mysterious Team, a hacktivist group of suspected Bangladeshi origin, claimed to have conducted a DDoS cyberattack against multiple Senegalese government websites in May 2023. The attack appeared to also have extended to the presidential government network ADIE.",2023-05-26,2023-05-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Ministry of Finance (Senegal) - Presidency (Senegal) - Not available,Senegal; Senegal; Senegal,AFRICA; SSA - AFRICA; SSA - AFRICA; SSA,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,Mysterious Team Bangladesh,Bangladesh,Non-state-group,Hacktivist(s),1,15509,2023-05-26 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Mysterious Team Bangladesh,Not available,Bangladesh,Mysterious Team Bangladesh,Bangladesh,Non-state-group,https://twitter.com/MysteriousTeamO/status/1662188418770833408; https://twitter.com/MysteriousTeamO/status/1662204840561491971,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/netblocks/status/1662477733132402689; https://www.thestar.com.my/news/world/2023/05/28/senegalese-government-websites-hit-with-cyberattack; https://twitter.com/Cyber_O51NT/status/1662611760887779328; https://twitter.com/MysteriousTeamO/status/1662188418770833408; https://twitter.com/MysteriousTeamO/status/1662204840561491971; https://thehackernews.com/2023/08/mysterious-team-bangladesh-targeting.html,2023-05-30,2023-12-27
2291,Alleged Russian false-flag hacktivist group 'Anonymous Sudan' disrupted the website and mobile app of the First Abu Dhabi Bank on 21 May 2023,"Alleged Russian false-flag hacktivist group 'Anonymous Sudan' disrupted the website and mobile app of the First Abu Dhabi Bank in the United Arab Emirates on 21 May 2023, the hackers admitted in a Telegram post on the same day.
The hacktivist group announced in the post that they had disrupted the bank because of UAE support for rebel leader Abdul Rahim Hamdan Dagalo's paramilitary Rapid Support Forces (RSF) in the power struggle against Abdel Fattah al-Burhan's Sudanese Armed Forces (SAF).",2023-05-21,2023-05-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,First Abu Dhabi Bank,United Arab Emirates,ASIA; MENA; MEA; GULFC,Critical infrastructure,Finance,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),2,15502; 15503,2023-05-21 00:00:00; 2023-05-29 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker,Anonymous Sudan (Storm-1359) < Killnet; Cloud SEK,Not available; ,Russia; India,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Russia; Russia,Non-state-group; Non-state-group,https://t.me/AnonymousSudan/1265; https://cloudsek.com/threatintelligence/anonymous-sudan-claims-successful-takedown-of-first-abu-dhabi-bank-website-application-via-ddos-attacks,Autonomy; Subnational predominance; Resources,Autonomy; Subnational predominance; Resources; Third-party intervention / third-party affection,Sudan (Darfur); Sudan (Darfur); Sudan (Darfur); Sudan (Darfur),Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1663178036710354946; https://cloudsek.com/threatintelligence/anonymous-sudan-claims-successful-takedown-of-first-abu-dhabi-bank-website-application-via-ddos-attacks; https://t.me/AnonymousSudan/1265,2023-05-30,2023-12-27
2296,Unknown hackers breached computer system of US healthcare provider Universal Health Services of Delaware in early 2023,"The computer systems of  Universal Health Services (UHS) of Delaware, a healthcare provider in the US, were breached by unidentified hackers in early 2023. UHS of Delaware made this incident public by filing a data breach notice with the Attorney General of Texas on 17 May. 
According to the notification letter, which only addressed patients in Texas, personal data, including protected health information, of more than 130,000 patients had been compromised, with potentially more patients affected across other states. Pennsylvania-based UHS maintains 400 health facilities across the US.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"Universal Health Services of Delaware, Inc.",United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15479,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/attacks-breaches/130k-patients-social-security-numbers-leaked-in-uhs-of-delaware-data-breach,2023-05-30,2023-12-22
2297,Pro-Russian hacker group 'NoName057(16)' disrupted the website of the Italian cooperative bank BCC Roma on 28 May 2023,"The pro-Russian hacker group 'NoName057(16)' disrupted the website of the Italian cooperative bank BCC Roma on 28 May 2023, the hackers announced on their Telegram channel on the same day.",2023-05-28,2023-05-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Banca di Credito Cooperativo di Roma (BCC Roma),Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Finance,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,15478,2023-05-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716/3456,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1663077199245893633; https://t.me/noname05716/3456,2023-05-30,2023-12-22
2292,BianLian and RansomHouse claimed to have attacked US medical specialty practice Albany ENT & Allergy Services in March 2023,"Albany ENT & Allergy Service, an upstate New York medical specialty practice, notified regulators and 224,486 potentially affected employees and patients of a breach that they determined happened between 23 March and 4 April 2023. The notification was sent out in the week of 22 May. Both BianLian and RansomHouse claimed to have been perpetrators of this attack and listed the practice as victim on their extortion websites. BianLian claims to have stolen 630 GB of data, while RansomHouse posted proof of the 2 TB of data they supposedly downloaded. On or about 9 May, RansomHouse appears to have leaked the data. BianLian declared information it had obtained contained patient personal data, financial and business data, accounting information and post archives.",2023-03-23,2023-04-04,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Albany ENT & Allergy Services,United States,NATO; NORTHAM,Critical infrastructure,Health,RansomHouse,Not available,Non-state-group,Criminal(s),2,15501; 15500,2023-04-28 00:00:00; 2023-04-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,RansomHouse; BianLian Ransomware Group,Not available; Not available,Not available; Not available,RansomHouse; BianLian Ransomware Group,Not available; Not available,Non-state-group; Non-state-group,https://www.databreaches.net/two-ransomware-groups-claimed-to-have-attacked-albany-ent-allergy-services-and-leaked-data-but-aent-doesnt-mention-that-at-all-in-their-notification/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/two-ransomware-groups-claimed-to-have-attacked-albany-ent-allergy-services-and-leaked-data-but-aent-doesnt-mention-that-at-all-in-their-notification/; https://www.govinfosecurity.com/medical-specialty-practice-says-recent-hack-affects-224500-a-22181; https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/notice-data-event-albany-ent-allergy-services-me-1-2.pdf; https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/notice-data-event-albany-ent-allergy-services-me-1-2.pdf; https://www.darkreading.com/dr-global/ncsc-why-cyber-extortion-attacks-no-longer-require-ransomware,2023-05-30,2023-12-27
2289,"Unknown actors stole information of 237,000 US Department of Transportation employees","Unknown actors stole information of 237,000 former and current U.S. Department of Transportation (DOT) employees, Reuters reported on 15 May 2023, based on statements from sources briefed on the matter.
In an email seen by Reuters, DOT notified Congress on 12 May that the data breach was limited to certain systems in specific departments that have administrative functions. For example, the cyber incident affected the TRANServe Parking and Transit Benefit System (PTBS), which reimburses government officials for commuting expenses.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,United States Department of Transportation (USDOT),United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,15510,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.reuters.com/world/us/data-237000-us-government-employees-breached-2023-05-12/,2023-05-29,2023-12-27
2286,Portuguese Banks hit by Brazilian Hackers in Operation Magalenha,"Over 30 Portuguese banks have been hit by Brazil-based cybercriminals in an ongoing financially-motivated cybercampaign called 'Operation Magalenha'. This campaign originated in 2021 but only became active in early 2023, with most attacks launched in May 2023, and uses phishing emails to deploy information-stealing malware, which resulted in a number of people having personal information stolen. The hackers subsequently leveraged personal data they had obtained for further exploitation activities. ",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Caixadirecta - ING - Caixa de Crédito Agrícola Mútuo (Credito Agricola) - Portuguese Treasury and Public Debt Management Agency (IGCP) - Novobanco - Citibanamex - Openbank - Millennium BCP - Not available - Banco Bilbao Vizcaya Argentaria (BBVA) - Banco CTT - Santander - Caixadirecta - Banco Montepio - EuroBic - Cetelem - Banco BPI - Citibanamex - Bankia - Novobanco - CaixaBank - ActivoBank - Banco Best - Bankinter,Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal; Portugal,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Critical infrastructure - Critical infrastructure - Critical infrastructure - State institutions / political system - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Finance - Finance - Finance - Civil service / administration - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance,Not available,Brazil,Non-state-group,Criminal(s),1,11180,2023-05-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,SentinelOne,SentinelOne Labs,United States,Not available,Brazil,Non-state-group,https://www.sentinelone.com/labs/operation-magalenha-long-running-campaign-pursues-portuguese-credentials-and-pii/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,11-50,0.0,,0.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.hackread.com/brazilian-hackers-portuguese-banks-malware-attack/; https://www.sentinelone.com/labs/operation-magalenha-long-running-campaign-pursues-portuguese-credentials-and-pii/; https://thehackernews.com/2023/05/alert-brazilian-hackers-targeting-users.html; https://cyberscoop.com/brazilian-hackers-portuguese-banks/; https://www.bleepingcomputer.com/news/security/operation-magalenha-targets-credentials-of-30-portuguese-banks/; https://twitter.com/Cyber_O51NT/status/1661714712151863297; https://twitter.com/CyberScoopNews/status/1661717568652996616; https://twitter.com/SentinelOne/status/1661733914308923392; https://twitter.com/SentinelOne/status/1661735416054312966; https://www.darkreading.com/endpoint/-operation-magalenha-attacks-window-brazil-cybercrime-ecosystem; https://twitter.com/CyberScoopNews/status/1661764346832117760; https://twitter.com/Dinosn/status/1661953379243786240; https://twitter.com/HackRead/status/1662109213802283008; https://twitter.com/SentinelOne/status/1662155187728056320; https://twitter.com/CyberScoopNews/status/1662148434747445248; https://www.darkreading.com/threat-intelligence/grandoreiro-trojan-targets-global-banking-customers; https://thehackernews.com/2023/10/malvertising-campaign-targets-brazils.html,2023-05-26,2023-11-23
2288,BlackCat/AlphaV ransomeware group attacked Norton Healthcare in Kentucky and Indiana in May 2023,"Norton Healthcare, a health care system with more than 40 clinics and hospitals in Kentucky and Indiana, disclosed an incident on 20 May 2023 first discovered on 9 May. On 25 May, the BlackCat ransomware group (also known as Alpha V) claimed responsibility for the incident and leaked a sample of the alleged 4.7 TB of data that they declared to have obtained. This data contained personal and sensitive information of patients, images of checks and bank statements, and files with employee personal information such as name, date of birth, and social security number. In an update on 9 December, Norton Healthcare indicated that while their medical record system had not been affected, sensitive information may have been affected.",2023-05-09,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,Norton Healthcare,United States,NATO; NORTHAM,Critical infrastructure,Health,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,15511,2023-05-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,https://www.databreaches.net/norton-healthcare-didnt-call-it-a-ransomware-attack-then-blackcat-claimed-responsibility-for-it/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,2,2023-12-01 00:00:00; 2023-07-21 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States; United States,Not available; United States District Court for the Western District of Kentucky,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.databreaches.net/norton-healthcare-didnt-call-it-a-ransomware-attack-then-blackcat-claimed-responsibility-for-it/; https://www.databreaches.net/norton-healthcare-update-on-cyberattack/; https://nortonhealthcare.com/news/norton-healthcare-network-update/; https://www.govinfosecurity.com/class-action-attorneys-circling-major-healthcare-breaches-a-22721; https://www.bleepingcomputer.com/news/security/norton-healthcare-discloses-data-breach-after-may-ransomware-attack/; https://securityaffairs.com/155495/data-breach/norton-healthcare-ransomware-attack.html; https://securityaffairs.com/155564/breaking-news/security-affairs-newsletter-round-449-by-pierluigi-paganini-international-edition.html; https://nortonhealthcare.com/news/norton-healthcare-network-update/; https://therecord.media/kentucky-norton-healthcare-millions-affected-in-may-ransomware-attack; https://research.checkpoint.com/2023/11th-december-threat-intelligence-report/; https://www.malwarebytes.com/blog/news/2023/12/healthcare-giant-norton-breach-leads-to-theft-of-millions-of-patient-records; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-15th-2023-ransomware-drama/; https://therecord.media/nearly-three-mil-affected-ransomware-medtech,2023-05-26,2023-12-27
2287,Unnamed government used Pegasus spyware to infect cell phones of 12 Armenian civil society activists and journalists beginning on 11 October 2020,"An undisclosed government used the Pegasus spyware to infect the cell phones of 12 Armenian civil society activists and journalists in the period from 11 October 2020, to 7 December 2022, CitizenLab reported in collaboration with Access Now, CyberHUB-AM, Amnesty International's Security Lab, and independent mobile security researcher Ruben Muradyan on May 25, 2023.
The individuals affected are two NGO representatives, one of whom was the spokesperson for the Armenian Ministry of Foreign Affairs, a professor, five journalists, a United Nations official, a former Ombudsman for Human Rights of the Armenian Republic, and two other activists.
CitizenLab was able to identify two Pegasus operators in Azerbaijan, one investigators called BOZBASH, who is responsible for monitoring targets both inside and outside Azerbaijan, and a second identified as Yamar, who is responsible only for monitoring targets inside Azerbaijan. Both operators were registered on the Pegasus platform by the end of 2018 at the latest. 
Circumstantial evidence suggested that the infections are related to the military conflict between Azerbaijan and Armenia in the disputed Nagorno-Karabakh region.",2020-10-11,2022-12-07,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"Not available - Astghik Bedevyan (Senior Journalist at RFE/RL’s Armenian Service (Radio Azatutyun), Armenia) - Karlen Aslanyan (Journalist at RFE/RL Armenian Service (Radio Azatutyun), Armenia) - Ruben Melikyan (Co-founder of Path of Law, Armenia) - Not available - Not available - Not available - Kristinne Grigoryan (Human Rights Ombudsperson of the Republic of Armenia, Armenia) - Samvel Farmanyan (Co-Founder of ArmNews TV, Armenia) - Not available - Anna Naghdalyan (NGO representative and former Spokesperson of the Ministry of Foreign Affairs of the Republic of Armenia, Armenia) - Dr. Varuzhan Geghamyan (Assisstant Professor at Yerevan State University, Armenia)",Armenia; Armenia; Armenia; Armenia; Armenia; Armenia; United Nations; Armenia; Armenia; Armenia; Armenia; Armenia,ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO -  - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO,Media - Media - Media - Social groups - Social groups - Media - International / supranational organization - State institutions / political system - Media - Social groups - State institutions / political system; Social groups - State institutions / political system; Critical infrastructure; Education, -  -  - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) -  -  - Civil service / administration -  - Advocacy / activists (e.g. human rights organizations) - Government / ministries; Advocacy / activists (e.g. human rights organizations) - Civil service / administration; Research; ,Not available,Not available,State,,1,15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512; 15512,2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00; 2023-05-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,"CitizenLab; CitizenLab; CitizenLab; CitizenLab; Security Lab; Security Lab; Security Lab; Security Lab; Ruben Muradyan (Mobile Security Researcher, Armenia); Ruben Muradyan (Mobile Security Researcher, Armenia); Ruben Muradyan (Mobile Security Researcher, Armenia); Ruben Muradyan (Mobile Security Researcher, Armenia); CyberHUB-AM; CyberHUB-AM; CyberHUB-AM; CyberHUB-AM; Access Now; Access Now; Access Now; Access Now",Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; Canada; Armenia; United Kingdom; United States; Canada; Armenia; United Kingdom; United States; Canada; Armenia; United Kingdom; United States; Canada; Armenia; United Kingdom; United States; Canada; Armenia; United Kingdom,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State; State,https://www.accessnow.org/publication/armenia-spyware-victims-pegasus-hacking-in-war/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,,Drive-By Compromise,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,12.0,1-10,2.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Human rights; Armed conflict; International organizations; Human rights; Armed conflict,"State actors; Civic / political rights; Conduct of hostilities; ; Economic, social and cultural rights; Certain persons",Not available,0,,Not available,,Not available,Not available,Human rights,Civic / political rights,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/pegasus-used-armenia-during-war; https://citizenlab.ca/2023/05/cr1-armenia-pegasus/; https://www.accessnow.org/publication/armenia-spyware-victims-pegasus-hacking-in-war/; https://www.nbcnews.com/tech/security/nso-spyware-used-armenia-azerbaijan-conflict-report-finds-rcna84035; https://twitter.com/Cyber_O51NT/status/1661715427050004480; https://www.haaretz.com/israel-news/security-aviation/2023-05-25/ty-article/.premium/azerbaijan-suspected-in-hacking-of-armenian-officials-with-israeli-nso-spyware/00000188-4d93-df79-a19d-ff9f51c10000; https://www.jpost.com/international/article-744207; https://twitter.com/k8em0/status/1661872959433359360; https://www.govinfosecurity.com/pegasus-spyware-spotted-in-nagorno-karabakh-war-a-22183; https://www.haaretz.com/israel-news/security-aviation/2023-05-29/ty-article/azerbaijan-suspected-in-hacking-of-armenian-officials-with-israeli-nso-spyware/00000188-4d93-df79-a19d-ff9f51c10000; https://thehackernews.com/2023/05/predator-android-spyware-researchers.html; https://www.heise.de/news/iPhone-Spyware-Pegasus-erstmals-in-militaerischem-Konflikt-eingesetzt-9067624.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://netzpolitik.org/2023/justizstatistik-2021-polizei-hackt-alle-elf-tage-mit-staatstrojanern/; https://therecord.media/meduza-ceo-hacked-pegasus-spyware-russian-journalist; https://therecord.media/apple-warns-armenians-state-sponsored-hacking-attempts-azerbaijan,2023-05-26,2024-03-28
2279,BlackByte ransomware group attacked US city of Augusta in May 2023,"The US city of Augusta has been a victim of a cyber attack that was caused by malicious actors accessing the computer network, as reported by the mayor, Garnett Johnson during a press conference on 23 May 2023. On its online portal it stated ""experiencing technical difficulties"" on Sunday, 21 May. As of 26 May BlackByte ransomware group has claimed the attack and are demanding a 50 million dollars as a ransom payment, adding the city to their extortion website. This attribution is being refuted by the mayor who, in an interview with a local news outlet, stated that the incident was not a ransomware attack.
On 1 June 2023, the cyber news website SuspectFile published an article comparing the City of Augusta's announcements with the ransomware group's statements and the leaked data sample. In the article, SuspectFile wrote that the 10GB of leaked data included identifying and health information, as well as other documents. In addition, the article stated that the ransom demanded was USD 2 million after SuspectFile contacted BlackByte, but it remained unclear how the USD 50 million ransom was brought up, a sum that the City of Augusta denied as early as 25 May 2023. Last but not least, the article also criticised the network administrator of the city of Augusta, who committed negligent mistakes in his work, such as storing private documents in the city's network or using weak and repetitive passwords.",2023-05-21,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,City of Augusta,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,BlackByte,Not available,Non-state-group,Criminal(s),1,15519; 15519,2023-05-26 00:00:00; 2023-05-26 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Contested attribution,BlackByte; BlackByte,Not available; Not available,Not available; Not available,BlackByte; BlackByte,Not available; Not available,Non-state-group; Non-state-group,https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-05-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/UK_Daniel_Card/status/1661481762164441089; https://www.wfxg.com/story/48954250/city-leaders-unauthorized-access-to-city-network; https://www.augustaga.gov/CivicAlerts.aspx?AID=3122; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/; https://securityaffairs.com/146717/hacking/city-of-augusta-cyberattack.html; https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-claims-city-of-augusta-cyberattack/; https://twitter.com/VessOnSecurity/status/1662090050971086853; https://twitter.com/Dinosn/status/1662100154965524480; https://twitter.com/JAMESWT_MHT/status/1662401559567671297; https://twitter.com/vxunderground/status/1662092695261806592; https://www.databreaches.net/blackbyte-attacks-city-of-augusta-ga-and-demands-a-ransom-of-2-million/; https://therecord.media/augusta-georgia-no-contact-with-ransomware-attacker; https://www.databreaches.net/can-exposed-vc-attract-breachforums-loyal-users-its-trying-to/; https://www.suspectfile.com/blackbyte-attacks-city-of-augusta-ga-and-demands-a-ransom-of-2-million/?utm_source=substack&utm_medium=email; https://www.augustaga.gov/CivicAlerts.aspx?AID=3122; https://www.augustaga.gov/CivicAlerts.aspx?AID=3122; https://www.databreaches.net/city-of-augusta-ga-data-theft-one-of-the-largest-government-data-thefts-in-recent-years-in-u-s-suspectfile/; https://therecord.media/fayetteville-arkansas-dealing-with-debilitating-cyber-incident; https://therecord.media/dallas-ransomware-gang-report,2023-05-25,2024-01-15
2285,Iranian state-sponsored hacking group APT34 gained access to the network of an unspecified UAE government agency using the PowerExchange backdoor in 2022,"The Iranian state-sponsored hacking group APT34 gained access to the network of an unspecified UAE government agency using the PowerExchange backdoor in 2022, Fortinet's threat intelligence unit assessed on 24 May 2023.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,United Arab Emirates,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,15513,2023-06-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Fortinet,,United States,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fortinet.com/blog/threat-research/operation-total-exchange-backdoor-discovered,Territory,Territory,Iran - UAE,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/new-powerexchange-malware-backdoors-microsoft-exchange-servers/; https://www.fortinet.com/blog/threat-research/operation-total-exchange-backdoor-discovered; https://twitter.com/Dinosn/status/1661697525785427968; https://twitter.com/Cyber_O51NT/status/1661556386600468480; https://twitter.com/780thC/status/1661687456406593536; https://thehackernews.com/2023/05/new-powerexchange-backdoor-used-in.html; https://twitter.com/hackerfantastic/status/1661729275991474176; https://twitter.com/unix_root/status/1661729353678602253; https://twitter.com/securityaffairs/status/1662562441325150209; https://twitter.com/securityaffairs/status/1662213575669346304; https://securityaffairs.com/146690/apt/powerexchange-backdoor-iran.html; https://twitter.com/Dinosn/status/1661955621669724161,2023-05-25,2023-12-27
2284,Vice Society Ransomware Group targeted French Lender CAFPI With Hack-And-Leak Operation In May 2023,"CAFPI, a renowned credit specialist and loan provider in France, became the victim of the prolific ransomware actor VICE Society during May 2023. The attack resulted in the theft of a significant amount of sensitive customer data, including identity documents, credit contracts, loan applications and confidential operational information. The institution notified the French national data protection authority and filed a criminal complaint with the public prosecutor.",2023-05-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,Conseil à l'accession et au financement en prêts immobiliers (CAFPI),France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Finance,Vice Society,Not available,Non-state-group,Criminal(s),1,15514,2023-05-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Vice Society,Not available,Not available,Vice Society,Not available,Non-state-group,https://twitter.com/ransomwaremap/status/1661311720311123970,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1661311720311123970; https://www.zataz.com/un-expert-francais-en-credits-voit-les-donnees-de-ses-clients-pillees/; https://www.cafpi.fr/faq-intrusion; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-05-25,2023-12-27
2283,Indonesian hacktivist group Hacktivist Indonesia defaced Indian news site Swaraj TV 24 on 24 May 2023,"Indonesian hacktivist group Hacktivist Indonesia defaced Indian news site Swaraj TV 24 on 24 May 2023.
The same Indonesian hacktivist group also allegedly compromised several Indian government websites as well as other Indian websites and leaked the associated databases, but there is currently no evidence of this.",2023-05-24,2023-05-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Swaraj TV 24,India,ASIA; SASIA; SCO,Media,,Hacktivist Indonesia,Indonesia,Non-state-group,Hacktivist(s),1,15515,2023-05-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Hacktivist Indonesia,Not available,Indonesia,Hacktivist Indonesia,Indonesia,Non-state-group,https://twitter.com/darktracer_int/status/1661473382133805056,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Defacement,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/darktracer_int/status/1661473382133805056,2023-05-25,2023-12-27
2282,German digital service provider United Hoster hit by ransomware attack in May 2023,"The digital service provider United Hoster based in Stuttgart, Germany, was hit by a ransomware attack in late May 2023. The attack, conducted by an unknown actor, led to the disruption of the company's hosted exchange service. ",2023-05-20,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,United Hoster,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Digital Provider,Not available,Not available,Not available,,1,15516,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-05-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Baden-Württemberg,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Ransomware-Attacke-Hosted-Exchange-von-United-Hoster-offline-9064768.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://twitter.com/secIT_DE/status/1661609929264988162; https://twitter.com/Dennis_Kipker/status/1661683866917130241; https://twitter.com/SteffenHeyde/status/1662699178827423744,2023-05-25,2023-12-27
2281,Iran-aligned hacker group Agrius gained access to networks of unspecified Israeli organizations and stole information using Moneybird ransomware,"Iran-aligned hacker group Agrius gained access to networks of unspecified Israeli organizations and stole information using Moneybird ransomware, Israeli cybersecurity firm Check Point Research reported on 24 May 2023.
Agrius has been linked to the Iranian Ministry of Intelligence and Security (MOIS) in the past. The group aims to disguise its intent to carry out destructive influence operations primarily against Israeli targets as ransomware attacks.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Not available,Israel,ASIA; MENA; MEA,Unknown,,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,15517,2023-05-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,Check Point ,Israel,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,External Remote Services,Data Exfiltration; Data Encrypted for Impact,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cahlberg/status/1661478135769202688; https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/; https://twitter.com/DigitalPeaceNow/status/1661473393588465665; https://www.bleepingcomputer.com/news/security/iranian-hackers-use-new-moneybird-ransomware-to-attack-israeli-orgs/; https://twitter.com/cyb3rops/status/1661455682552446977; https://therecord.media/iran-hackers-agrius-deploying-new-ransomware; https://twitter.com/Arkbird_SOLG/status/1661704848700497922; https://twitter.com/Cyber_O51NT/status/1661553862833213442; https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://therecord.media/iran-linked-hackers-target-israel-education-tech-sectors; https://cyberscoop.com/microsoft-iran-is-refining-its-cyber-operations/,2023-05-25,2023-12-27
2280,Lazarus Group targeted Windows IIS Web Servers in Global Campaign,"On 23 May 2023, the AhnLab Security Emergency Response Center (ASEC) reported on a recent discovery of activity by the Lazarus group, linked to North Korea, targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers to install malware. 
Using DLL side-loading techniques, the threat actor places a malicious DLL (msvcr100.dll) alongside a legitimate application (Wordconv.exe) in the same file path. When the application runs, the malicious DLL is triggered, allowing an encrypted payload to be decrypted and run in memory. The group pursued a variety of attack vectors, including Log4Shell, public certificate vulnerabilities, and distribution channels uncovered as part of the 3CX supply chain attack. Publication of the ASEC report coincided with additional sanctions against entities and individuals involved in supporting North Korea's cyber activities communicated by the US Treasury Department on 23 May.
On 29 June, the UK National Cyber Security Centre (NCSC) published a malware analysis report on ""Smooth Operator"", the mac os supply chain malware used by Lazarus. 
",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,Microsoft Internet Information Services,Not available,,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,15518,2023-05-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,AhnLab,"Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/en/53132/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Supply Chain Compromise,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/05/n-korean-lazarus-group-targets.html; https://asec.ahnlab.com/en/53132/; https://twitter.com/Dinosn/status/1661294281573670913; https://www.darkreading.com/cloud/lazarus-group-striking-vulnerable-windows-iis-web-servers; https://securityaffairs.com/146639/hacking/lazarus-targets-microsoft-iis-servers.html; https://twitter.com/Dinosn/status/1661696845905645568; https://twitter.com/securityaffairs/status/1661691351912656898; https://twitter.com/securityaffairs/status/1661815761596194826; https://twitter.com/securityaffairs/status/1661816108393832454; https://twitter.com/hackerfantastic/status/1663187787237974018; https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-windows-iis-web-servers-for-initial-access/; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/; https://asec.ahnlab.com/en/55369/; https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/smooth-operator/NCSC_MAR-Smooth-Operator.pdf,2023-05-25,2024-03-01
2278,"UAC-0063 Espionage Campaign targeted Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel and India in April 2023","A CERT-UA report revealed the UAC-0063 espionage campaign targeting Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel and India.
The campaign, which has been active since 2021, involves phishing emails with malicious attachments or links.  In the chain of attacks described by Ukraine's CERT, the phishing emails targeted an unspecified ministry and pretended to originate from the embassy of Tajikistan in Ukraine. Investigations for targets in Ukraine uncovered that on 25 April 2023, under unspecified circumstances (probably with the help of HATVIBE), additional programmes were created on the computer: the LOGPIE keylogger (stores the values of keystrokes and the contents of the clipboard in a file) and the CHERRYSPY backdoor (executes Python code received from the control server) were used. In addition, the STILLARCH malware was utilised to browse and exfiltrate files. Specific operational details about threat activity directed at targets in other countries and their potential impact were not immediately reported.",2023-04-18,2023-04-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,,UAC-0063,Not available,Not available,,1,15520,2023-05-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,UAC-0063,Not available,Not available,https://cert.gov.ua/article/4697016,Unknown,Unknown,,Unknown,,1,2023-05-22 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,6.0,,0.0,euro,Not available,Cyber espionage; Diplomatic / consular law; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html; https://cert.gov.ua/article/4697016; https://twitter.com/unix_root/status/1661265773082361859; https://securityaffairs.com/146602/apt/cert-ua-espionage-uac-0063.html; https://twitter.com/securityaffairs/status/1661326535398178819; https://twitter.com/securityaffairs/status/1661438544945053714; https://twitter.com/securityaffairs/status/1661671205059821570; https://securityaffairs.com/151414/cyber-warfare-2/phishing-campaign-targets-ukrainian-military-entities.html,2023-05-25,2024-01-05
2277,Chinese threat actor BackdoorDiplomacy allegedly hacked Kenyan government targets during 2019 and 2023,"The Chinese APT BackdoorDiplomacy allegedly conducted a cyber operation targeting Kenyan government institutions from late 2019 until at least 2022, possibly extending into February 2023. According to reports by the news organisation Reuters, the Chinese threat actor sought to gain information about Kenyan plans for debt repayment of Chinese credit lines granted as part of the Belt and Road initiative. While targeting a number of government agencies, such as the defence, information, health, land and interior ministries, the campaign was at least partially successful in stealing documents from the ministry of foreign affairs and the finance department in a spearphishing attack in 2019 and by gaining access to servers of Kenya's National Intelligence Service in early 2021. ",2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by media (without further information on source); Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking without Misuse,"Ministry of Defence (Kenya) - National Counter Terrorism Centre (Kenya) - Ministry of Health and Medical Services (Kenya) - Ministry of Foreign and Diaspora Affairs (Kenya) - Ministry Of Information, Communications And Telecommunication (Kenya) - Ministry of Interior and National Administration (Kenya) - Office of the President (Kenya) - National Treasury / Ministry of Finance (Kenya) - Ministry of Lands, Public Works, Housing, and Urban Development (Kenya) - National Intelligence Service (NIS) - Not available",Kenya; Kenya; Kenya; Kenya; Kenya; Kenya; Kenya; Kenya; Kenya; Kenya; Kenya,AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Civil service / administration - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Intelligence agencies - ,BackdoorDiplomacy/CloudComputating,China,"Non-state actor, state-affiliation suggested",,2,15521; 15522,2021-07-01 00:00:00; 2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; IT-security community attributes attacker,Unknown; Unknown,Not available; ,Not available; Kenya,BackdoorDiplomacy/CloudComputating; Not available,China; China,"Non-state actor, state-affiliation suggested; State",https://www.reuters.com/world/africa/chinese-hackers-attacked-kenyan-government-debt-strains-grew-2023-05-24/,International power,International power,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",11-50,11.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/China_Digital/status/1661402281584082945; https://twitter.com/Cyber_O51NT/status/1661250955709657090; https://twitter.com/aselawaid/status/1661379328213504008; https://twitter.com/weberv_/status/1661372583676108800; https://www.euractiv.com/section/global-europe/news/chinese-hackers-attacked-kenyan-government-as-debt-strains-grew/; https://twitter.com/InfoSecSherpa/status/1661341776408465409; https://twitter.com/Bing_Chris/status/1661323532125585410; https://twitter.com/780thC/status/1661315521004949506; https://twitter.com/UK_Daniel_Card/status/1661287347772698624; https://twitter.com/Bing_Chris/status/1661332524973400065; https://www.reuters.com/world/africa/chinese-hackers-attacked-kenyan-government-debt-strains-grew-2023-05-24/; https://twitter.com/lukOlejnik/status/1661825972318904320; https://twitter.com/cybersecboardrm/status/1662127142472171534; https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html; https://www.darkreading.com/dr-global/chinese-tech-influence-africa-soft-power-concerns,2023-05-25,2023-12-27
2276,Chinese state-sponsored hacking group Volt Typhoon gained access to critical infrastructure organisations on Guam and US mainland beginning in mid-2021,"The Chinese state-sponsored hacking group Volt Typhoon gained access to a variety of critical infrastructure organisations on Guam and the US mainland beginning in mid-2021, as disclosed by Microsoft and a Joint Cybersecurity Advisory by the National Security Agency (NSA) as well as other US and other Five Eye cyber security agencies on 24 May 2023.
Microsoft's technical report concluded with medium confidence that the Chinese hacking group intended to build capabilities that could disrupt critical communications infrastructure between the United States and Asia in future crises. The affected organisations are active in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. 
On 18 March 2024, the Biden administration sent a letter to the US governors, raising awareness for cyber operations against water and wastewater systems in the US, citing the Volt Typhoon operations as an example.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Not available,United States; Guam,NATO; NORTHAM - ,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure; Critical infrastructure; Education,Government / ministries; Energy; ; Water; Transportation; Telecommunications;  - Government / ministries; Energy; ; Water; Transportation; Telecommunications; ,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China,"Non-state actor, state-affiliation suggested",,2,18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18186; 18185,2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00; 2023-05-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); New Zealand National Cyber Security Centre (NCSC-NZ); New Zealand National Cyber Security Centre (NCSC-NZ); New Zealand National Cyber Security Centre (NCSC-NZ); New Zealand National Cyber Security Centre (NCSC-NZ); New Zealand National Cyber Security Centre (NCSC-NZ); Microsoft,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Microsoft,United States; Canada; United Kingdom; New Zealand; Australia; United States; Canada; United Kingdom; New Zealand; Australia; United States; Canada; United Kingdom; New Zealand; Australia; United States; Canada; United Kingdom; New Zealand; Australia; United States; Canada; United Kingdom; New Zealand; Australia; United States; Canada; United Kingdom; New Zealand; Australia; United States; Canada; United Kingdom; New Zealand; Australia; United States,Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87; Volt Typhoon fka DEV-0391/BRONZE SILHOUETTE/Vanguard Panda/UNC3236/Voltzite/Insidious Taurus/TAG-87,China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/; https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html; https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,System / ideology; International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,2,2023-05-24 00:00:00; 2024-03-18 00:00:00,State Actors: Preventive measures; State Actors: Executive reactions,Awareness raising; ,United States; United States,Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,2.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Law of the sea; International telecommunication law; Sovereignty,"; Economic, social and cultural rights; ; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/cahlberg/status/1661491862958665728; https://www.govinfosecurity.com/chinese-state-hacker-volt-typhoon-targets-guam-us-a-22158; https://elpais.com/https:/elpais.com/internacional/2023-05-24/microsoft-desvela-un-ataque-informatico-chino-a-infraestructuras-criticas-de-estados-unidos.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a#_Toc135639517; https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/; https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html; https://twitter.com/switch_d/status/1661477430551527427; https://therecord.media/china-state-backed-hacking-group-compromises-us; https://twitter.com/UK_Daniel_Card/status/1661473192521912320; https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-us-critical-infrastructure-in-stealthy-attacks/; https://twitter.com/UK_Daniel_Card/status/1661466785227460614; https://twitter.com/ericgeller/status/1661466634345652229; https://twitter.com/KimZetter/status/1661465900015579136; https://twitter.com/MsftSecIntel/status/1661447876906561536; https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html; https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns; https://www.techrepublic.com/article/volt-typhoon-global-cyberwar/; https://www.darkreading.com/endpoint/-volt-typhoon-china-backed-apt-infiltrates-us-critical-infrastructure; https://twitter.com/DigitalPeaceNow/status/1661836966881533965; https://www.volkskrant.nl/nieuws-achtergrond/vs-door-china-gesteunde-hackers-infiltreerden-kritieke-infrastructuur~b130d792/; https://www.wired.com/story/china-volt-typhoon-hack-us-critical-infrastructure/; https://twitter.com/DarkReading/status/1661495998684774403; https://cyberscoop.com/china-critical-infrastructure-volt-typhoon/; https://www.databreaches.net/chinese-hackers-spying-on-us-critical-infrastructure-western-intelligence-says/; https://www.spiegel.de/netzwelt/web/microsoft-warnt-vor-cyberangriffen-auf-kritische-us-infrastrukturen-a-10fe6583-3947-4431-855f-8d4fd827ed01; https://twitter.com/Cyber_O51NT/status/1661541366428753921; https://twitter.com/hackerfantastic/status/1661535047692738562; https://www.diepresse.com/6291934/microsoft-kritische-us-infrastruktur-im-visier-chinesischer-hacker; https://www.heise.de/news/Microsoft-warnt-vor-chinesicher-Cyberspionage-gegen-kritische-US-Infrastruktur-9064871.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://twitter.com/Dinosn/status/1661613313443131392; https://twitter.com/CyberScoopNews/status/1661576342784147458; https://twitter.com/DuguinStephane/status/1661663424965746691; https://www.nytimes.com/2023/05/25/briefing/ron-desantis.html; https://time.com/6282599/microsoft-chinese-hackers-cybersecurity/; https://jyllands-posten.dk/international/ECE15895240/kina-anklages-for-omfattende-spionage-mod-amerikansk-infrastruktur/; https://twitter.com/Dennis_Kipker/status/1661684817463767040; https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html; https://twitter.com/unix_root/status/1661651902801559554; https://www.wsj.com/articles/china-hack-is-latest-challenge-for-wests-diplomatic-reset-with-beijing-9a7e880d; https://twitter.com/lukOlejnik/status/1661675792634466305; https://www.nbcnews.com/news/world/chinese-hackers-are-spying-us-critical-infrastructure-microsoft-rcna86174; https://securityaffairs.com/146649/hacking/china-linked-apt-volt-typhoon.html; https://fortune.com/2023/05/25/china-government-sponsored-backed-hackers-volt-typhoon-microsoft-critical-infrastructure/; https://www.jpost.com/international/article-744218; https://twitter.com/M_Miho_JPN/status/1661731315895652361; https://therecord.media/chinese-hackers-behind-guam-hack-targeting-us-for-years; https://thehill.com/policy/cybersecurity/4020742-chinese-hacking-campaign-targeting-us-infrastructure-microsoft-report/; https://twitter.com/RecordedFuture/status/1661732611083862016; https://twitter.com/securityaffairs/status/1661735412845658113; https://www.defenseone.com/threats/2023/05/the-d-brief-may-25-2023/386778/; https://twitter.com/UK_Daniel_Card/status/1661779359273738240; https://twitter.com/DarkReading/status/1661789681652998145; https://twitter.com/securityaffairs/status/1661815633988730880; https://www.wired.com/story/netflix-password-sharing/; https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/; https://www.nbcnews.com/politics/national-security/will-chinese-hacking-derail-us-hopes-thaw-beijing-rcna86353; https://twitter.com/snlyngaas/status/1662130478936215552; https://twitter.com/snlyngaas/status/1662129661231366144; https://twitter.com/snlyngaas/status/1662129158325927938; https://twitter.com/cybersecboardrm/status/1662123975076347905; https://www.japantimes.co.jp/news/2023/05/28/asia-pacific/us-navy-hack-china/; https://jyllands-posten.dk/international/ECE15900626/usa-maal-for-kinesisk-hacking-flere-andre-lande-kan-vaere-ramt/; https://www.heise.de/news/Volt-Typhoon-Erhoehte-Wachsamkeit-am-Perimeter-9066431.html?wt_mc=rss.red.ix.ix.rdf.beitrag.beitrag; https://twitter.com/M_Miho_JPN/status/1662475835654422528; https://twitter.com/Dinosn/status/1661953593975472128; https://www.techradar.com/news/clone-microsoft-claims-chinese-hackers-are-attacking-critical-us-infrastructure; https://twitter.com/SentinelOne/status/1662098946511065088; https://www.cbsnews.com/news/brad-smith-microsoft-president-vice-chair-face-the-nation-transcript-05-28-2023/; https://www.schneier.com/blog/archives/2023/05/chinese-hacking-of-us-critical-infrastructure.html; https://twitter.com/schneierblog/status/1663961568374292480; https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF; https://thediplomat.com/2023/06/emulating-russia-china-is-improving-its-ability-to-operate-in-the-gray-zone/; https://thehill.com/policy/cybersecurity/4032479-cyberspace-plays-key-role-in-growing-us-china-tension/; https://therecord.media/powerdrop-malware-targets-us-aerospace-industry; https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-rce-bug-may-have-been-exploited-in-attacks/; https://thehackernews.com/2023/06/critical-fortios-and-fortiproxy.html; https://www.darkreading.com/vulnerabilities-threats/fortinet-patched-critical-flaw-may-have-been-exploited; https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html; https://www.darkreading.com/attacks-breaches/new-doj-natsec-cyber-prosecution-team-will-go-after-nation-state-threat-actors; https://www.darkreading.com/cloud/china-volt-typhoon-apt-zoho-manageengine-fresh-cyberattacks; https://securityaffairs.com/147820/apt/vanguard-panda-novel-attacks.html; https://thehackernews.com/2023/06/chinese-hackers-using-never-before-seen.html; https://www.govinfosecurity.com/chinese-apt-group-uses-new-tradecraft-to-live-off-land-a-22379; https://www.bleepingcomputer.com/news/security/300-000-plus-fortinet-firewalls-vulnerable-to-critical-fortios-rce-bug/; https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/; https://www.darkreading.com/vulnerabilities-threats/china-s-volt-typhoon-apt-burrows-us-critical-infrastructure; https://securityaffairs.com/149041/security/china-malware-critical-infrastructure.html; https://www.nytimes.com/2023/07/29/us/politics/china-malware-us-military-bases-taiwan.html; https://www.defenseone.com/threats/2023/07/the-d-brief-july-31-2023/388964/; https://socradar.io/living-off-the-land-lotl-the-invisible-cyber-threat-lurking-in-your-system/; https://securityaffairs.com/149224/breaking-news/security-affairs-newsletter-round-431-by-pierluigi-paganini-international-edition.html; https://therecord.media/chinese-military-hackers-redhotel-target-countries-across-asia-north-america-europe; https://therecord.media/chinese-cyber-spies-improve-but-have-not-eclipsed-nsa; https://www.bleepingcomputer.com/news/security/new-hiatusrat-malware-attacks-target-us-defense-department/; https://cyberscoop.com/microsoft-china-taiwan-flax-typhoon/; https://www.darkreading.com/threat-intelligence/china-unleashes-flax-typhoon-apt-live-off-land-microsoft-warns; https://cyberscoop.com/chinese-ai-ops-microsoft/; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://www.darkreading.com/ics-ot/chinas-winnti-apt-compromises-national-grid-in-asia-for-6-months; https://www.wired.com/story/china-redfly-power-grid-cyberattack-asia/; https://www.c4isrnet.com/opinion/2023/09/13/how-to-protect-critical-infrastructure-and-ensure-mission-readiness/; https://cyberscoop.com/dhs-homeland-threat-assessment/; https://securityaffairs.com/150775/hacking/redfly-attack-asian-national-grid.html; https://www.darkreading.com/attacks-breaches/china-linked-actor-taps-linux-backdoor-in-forceful-espionage-campaign; https://therecord.media/middle-east-telecommunications-httpsnoop-malware; https://www.wired.com/story/nsa-china-hacking-criticial-us-infrastructure/; https://www.darkreading.com/vulnerabilities-threats/defending-against-attacks-on-vulnerable-iot-devices; https://www.darkreading.com/ics-ot/cisa-launches-pilot-program-critical-infrastructure-threats; https://www.bleepingcomputer.com/news/security/stealthy-kv-botnet-hijacks-soho-routers-and-vpn-devices/; https://www.c4isrnet.com/opinion/2023/12/20/how-to-bolster-security-against-intellectual-property-theft/; https://therecord.media/taiwan-elections-china-interference; https://cyberscoop.com/ai-china-hacking-operations/; https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html; https://www.benzinga.com/markets/asia/24/01/36849925/us-clamps-down-on-chinese-cyber-espionage-operation-volt-typhoon-report; https://www.zaobao.com.sg/news/world/story20240130-1465276; https://cyberscoop.com/chinese-cyber-threats-fbi-operation-botnet/; https://therecord.media/china-run-botnet-takedown-fbi-doj-routers; https://www.bleepingcomputer.com/news/security/fbi-disrupts-chinese-botnet-by-wiping-malware-from-infected-routers/; https://www.bleepingcomputer.com/news/security/cisa-vendors-must-secure-soho-routers-against-volt-typhoon-attacks/; https://arstechnica.com/security/2024/01/chinese-malware-removed-from-soho-routers-after-fbi-issues-covert-commands/; https://thehackernews.com/2024/02/us-feds-shut-down-china-linked-kv.html; https://www.defenseone.com/technology/2024/02/chinese-hacking-operations-have-entered-far-more-dangerous-phase-us-warns/393843/; https://suracapulco.mx/impreso/7/eu-denuncia-un-ciberataque-de-china-a-redes-de-agua-y-energia-pekin-lo-niega/; https://suracapulco.mx/impreso/7/eu-denuncia-un-ciberataque-de-china-a-redes-de-agua-y-energia-pekin-lo-niega/; https://www.wired.com/story/china-hackers-us-water-electricity-moreno-vault-7/; https://www.malwarebytes.com/blog/news/2024/02/fbi-removes-malware-from-hundreds-of-routers-across-the-us; https://grahamcluley.com/china-is-hacking-wi-fi-routers-for-attack-on-us-electrical-grid-and-water-supplies-fbi-warns/; https://manilastandard.net/news/314413411/hacking-attempts-alarming-and-outraging-poe.html; https://www.techrepublic.com/article/volt-typhoon-botnet-attack/; https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/; https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations; https://www.bleepingcomputer.com/news/security/chinese-hackers-hid-in-us-infrastructure-network-for-5-years/; https://therecord.media/cisa-fbi-warn-of-china-linked-hackers-targeting-critical-us-infrastructure; https://cyberscoop.com/feds-chinese-hacking-operations-have-been-in-critical-infrastructure-networks-for-five-years/; https://www.spiegel.de/netzwelt/netzpolitik/kritische-infrastruktur-chinesische-hacker-unterwanderten-fuenf-jahre-lang-us-netze-a-bc0c925a-2f15-4bbc-b414-4d6dbe0e105b; https://thediplomat.com/2024/02/us-official-warns-of-chinas-growing-offensive-cyber-power/; https://www.politico.eu/article/us-democrats-warn-grim-future-us-cyber-agency-donald-trump/; https://www.theguardian.com/technology/2024/feb/13/volt-typhoon-what-is-it-how-does-it-work-chinese-cyber-operation-china-hackers-explainer; https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/; https://www.voachinese.com/a/china-s-ministry-of-state-security-warns-of-overseas-cyber-espionage-threats-20240219/7493499.html; https://www.voachinese.com/a/china-s-ministry-of-state-security-warns-of-overseas-cyber-espionage-threats-20240219/7493499.html; https://cyberscoop.com/energy-department-funding-research-cybersecurity/; https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html; https://www.securityinfowatch.com/cybersecurity/article/53098118/the-us-electric-industry-is-not-responding-to-cyber-vulnerable-chinese-equipment; https://www.hstoday.us/subject-matter-areas/cybersecurity/article-cyber-threats-are-here-to-stay-3-tips-for-defending-u-s-critical-infrastructure-under-siege/; https://www.epa.gov/system/files/documents/2024-03/epa-apnsa-letter-to-governors_03182024.pdf; https://new.qq.com/rain/a/20240321A0AMPS00; https://therecord.media/china-ai-influence-operations; https://www.defenseone.com/threats/2024/04/some-volt-typhoon-victims-wont-know-theyre-impacted-mandiant-ceo-says/395664/; https://news.ifeng.com/c/8YnNgMXJJ39,2023-05-25,2024-04-16
2275,Unknown actors encrypted the network of Argentina's National Institute of Agricultural Technology (INTA) on 29 April 2023,"Unknown actors encrypted the network of Argentina's National Institute of Agricultural Technology (INTA) on 29 April 2023, based on a memo INTA delivered to its employees the following business day 1 May. INTA has not named the ransomware group involved but disclosed attackers had demanded a 2.5 USD million ransom. ",2023-04-29,2023-04-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking without Misuse; Ransomware,Argentina's National Institute of Agricultural Technology (INTA),Argentina,SOUTHAM,State institutions / political system,Civil service / administration,,Not available,Not available,,1,15542,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/intaargentina/status/1653518082969616384?cxt=HHwWgIC20fH7vPItAAAA; https://www.clarin.com/rural/alerta-inta-hackearon-sistemas-inta-piden-rescate-millonario-dolares%5F0%5F1VCac3ifsa.html; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-38/; https://tn.com.ar/campo/2023/05/29/inta-desconecto-sus-radares-tras-el-hackeo-a-sus-sistemas-informaticos/; https://tsnnecochea.com.ar/generales/hackeos-historicos-en-argentina-127653.html,2023-05-24,2023-12-28
2274,APT GoldenJackal gained access to the computer systems of government and diplomatic entities in South Asia and the Middle East since mid-2020,"APT GoldenJackal gained access to the computer systems of government and diplomatic entities in South Asia and the Middle East since mid-2020, Russian cybersecurity company Kaspersky reported on 23 May 2023.
Affected organisations were based in Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey.
Kaspersky did not connect GoldanJackal to any known threat actor and only assessed with low confidence that there may be a link between the activity and the long-standing Russian state-sponsored hacking group Turla based on overlaps in non-exclusive TTPs and operations against identical targets in similar timeframes.",2022-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available,"Iraq; Pakistan; Afghanistan; Iran, Islamic Republic of; Azerbaijan; Turkey",ASIA; MENA; MEA - ASIA; SASIA; SCO - ASIA; SASIA - ASIA; MENA; MEA - ASIA; CENTAS - ASIA; NATO; MEA,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,"Government / ministries; Other (e.g., embassies) - Government / ministries; Other (e.g., embassies) - Government / ministries; Other (e.g., embassies) - Government / ministries; Other (e.g., embassies) - Government / ministries; Other (e.g., embassies) - Government / ministries; Other (e.g., embassies)",GoldenJackal,Not available,Unknown - not attributed,,1,15543,2023-05-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,Kaspersky,Russia,GoldenJackal,Not available,Unknown - not attributed,https://securelist.com/goldenjackal-apt-group/109677/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,6.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Dinosn/status/1661094068133175301; https://securelist.com/goldenjackal-apt-group/109677/; https://twitter.com/securityaffairs/status/1661087431154606080; https://securityaffairs.com/146580/apt/goldenjackal-apt-targets-middle-east-south-asia.html; https://www.bleepingcomputer.com/news/security/goldenjackal-state-hackers-silently-attacking-govts-since-2019/; https://www.govinfosecurity.com/goldenjackal-apt-targeting-south-asian-government-agencies-a-22157; https://twitter.com/securityaffairs/status/1661273045166706690; https://twitter.com/securityaffairs/status/1661671343627157505; https://www.cybersecasia.net/news/apt-targeting-middle-east-south-asia-government-entities-brought-to-light,2023-05-24,2023-12-28
2273,Russian hackers allegedly conducted ransomware attack against Insurance Information Bureau of India in March 2023,"The Insurance Information Bureau of India was hit by a ransomware attack on 31 March 2023. An internal cyber forensics audit by the government agency traced the attack back to Russian servers. The attackers encrypted parts of the database of the Insurance Information Bureau, which contains sensitive citizen data, and demanded a ransom of 250,000 USD. The Bureau refused to pay the ransom and sought to restore operations relying on backup data. ",2023-03-30,2023-04-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Insurance Information Bureau of India,India,ASIA; SASIA; SCO,State institutions / political system,Civil service / administration,Not available,Russia,Unknown - not attributed,,1,15545,2023-04-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Insurance Information Bureau of India,Not available,India,Not available,Russia,Unknown - not attributed,https://timesofindia.indiatimes.com/city/hyderabad/russian-hackers-carry-out-ransomware-attack-iib-hit/articleshow/100433653.cms?from=mdr,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-04-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,India,Cyberabad Metropolitian Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/insurance-information-bureau-of-india-hit-by-ransomware-attack-hackers-demand-250000-as-ransom/; https://timesofindia.indiatimes.com/city/hyderabad/russian-hackers-carry-out-ransomware-attack-iib-hit/articleshow/100433653.cms?from=mdr,2023-05-24,2023-12-28
2272,Iranian state-sponsored hacking group Tortoiseshell infected at least eight websites of Israeli shipping and logistics companies beginning in May 2022,"Iranian state-sponsored hacking group Tortoiseshell infected at least eight websites of Israeli shipping and logistics companies beginning in May 2022, Israeli IT security company ClearSky concluded with low confidence.
The threat actors managed to collect the details regarding the operating system's language, IP address, and screen resolution of the visitors of the infected websites, as well as the URL from which the sites were accessed.",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Israel,ASIA; MENA; MEA,Critical infrastructure,Transportation,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,15546,2023-05-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ClearSky,ClearSky,Israel,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.clearskysec.com/wp-content/uploads/2023/05/Fata-Morgana-Israeli-Websites-Infected-by-Iranian-Group-1.8.pdf,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Drive-By Compromise,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,8.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Law of the sea; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/israel-shipping-logistics-watering-hole-cyberattacks; https://www.clearskysec.com/wp-content/uploads/2023/05/Fata-Morgana-Israeli-Websites-Infected-by-Iranian-Group-1.8.pdf; https://www.darkreading.com/dr-global/israeli-shipping-logistics-companies-targeted-in-watering-hole-attacks; https://twitter.com/Cyber_O51NT/status/1661191539396161536; https://twitter.com/Dinosn/status/1661388103553097738; https://thehackernews.com/2023/05/iranian-tortoiseshell-hackers-targeting.html; https://twitter.com/JohnHultquist/status/1661327586549456903; https://twitter.com/DigitalPeaceNow/status/1661473393588465665; https://therecord.media/iran-hackers-agrius-deploying-new-ransomware; https://twitter.com/securityaffairs/status/1661618432633196545; https://securityaffairs.com/146625/apt/iranian-tortoiseshell-israeli-logistics-industry.html; https://twitter.com/securityaffairs/status/1661995453037043712; https://therecord.media/israeli-hospital-ransomware-attack-disruptions; https://www.darkreading.com/dr-global/imperial-kitten-israeli-industry-multiyear-spy-effort; https://thehackernews.com/2023/11/iran-linked-imperial-kitten-cyber-group.html,2023-05-24,2023-12-28
2271,Mexican military suspected to have spied on cell phones of Mexican Undersecretary for Human Rights and two other government officials using Pegasus spyware until 2022,"The Mexican military is suspected to have spied on the cell phones of Mexican Undersecretary for Human Rights, Population and Migration Alejandro Encinas and two other government officials using Pegasus spyware until 2022, the New York Times reported, based on four anonymous sources and a yet-to-be-released CitizenLab report.
Alejandro Encinas has been infected with Pegasus in multiple instances. Under his chairmanship, a truth commission investigated the military's role in the abduction of 43 students in 2014 and in its findings called the events ""a crime of the state"". Infiltrations of his cell phone are believed to be linked to this work.
Pegasus licenses are exlusively offered to government entities. While public reporting has not explicitly linked the targeting of Encinas to Mexico's military, the military remains the only with access to the spyware based on information of several individuals familiar with NSO's contracts with Mexico.  
Encinas learned of the infection of his cell phone in early March 2023. After raising the issue with Mexican president Manuel Lopez Obrador, a personal friend of Encinas', he decided against making the incident public at the time. In a regular press conference on the day after the New York Times published its reporting, on 23 May, Obrador declared that the case of Encinas did not show intentions of espionage and that there would be no investigation.",,Not available,"Attack on (inter alia) political target(s), politicized",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"Alejandro Encinas (Undersecretary for Human Rights, Population and Migration, Mexico) - Not available",Mexico; Mexico, - ,State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration,Mexican Armed Forces,Mexico,State,,1,15547,2023-05-22 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,The New York Times,Not available,United States,Mexican Armed Forces,Mexico,State,,National power,National power,Mexico (opposition),Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,2.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Human rights,State actors; Civic / political rights,Not available,0,,Not available,,Not available,Not available,Cyber espionage; Human rights,; Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.nytimes.com/2023/05/23/world/americas/mexico-president-spying-pegasus.html; https://www.jpost.com/international/article-743918; https://elpais.com/https:/elpais.com/mexico/2023-05-23/lopez-obrador-reconoce-el-espionaje-a-alejandro-encinas-pero-niega-que-la-vigilancia-sea-del-ejercito.html; https://www.nytimes.com/2023/05/22/world/americas/mexico-spying-pegasus-israel.html?campaign_id=9&emc=edit_nn_20230522&instance_id=93175&nl=the-morning&regi_id=95017747&segment_id=133584&te=1&user_id=7a48a769819cdd423316547ac4672196; https://www.washingtonpost.com/world/2023/05/24/pegasus-spyware-ayotzinapa-mexico/; https://thehackernews.com/2023/05/predator-android-spyware-researchers.html; https://elpais.com/https:/elpais.com/mexico/2023-05-30/lopez-obrador-acusa-a-israel-de-proteger-a-tomas-zeron-y-anuncia-que-enviara-otra-carta-a-netanyahu.html; https://elpais.com/https:/elpais.com/espana/2023-07-10/el-juez-archiva-la-causa-sobre-el-presunto-espionaje-a-miembros-del-gobierno-con-pegasus-ante-la-falta-de-colaboracion-de-israel.html; https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html; https://www.eff.org/deeplinks/2023/12/recent-surveillance-revelations-enduring-latin-american-issues-2023-year-review; https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html,2023-05-24,2024-02-02
2270,"Unknown ransomware group disrupted the network of Thomas Hardye School in Dorchester, UK, on 21 May 2023","An unknown ransomware group disrupted the network of Thomas Hardye School in Dorchester, in the UK, on 21 May 2023. Functions at the school that serves 2,000 students that depend on in-house servers - such as canteen payments, electronic documents, and emails - are temporarily unavailable. Teaching and examinations continue.",2023-05-21,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Thomas Hardye School,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15549,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,1,2023-05-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United Kingdom,UK National Cyber Security Centre,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/UK_Daniel_Card/status/1661127505531613186; https://www.bbc.com/news/uk-england-dorset-65685607; https://www.databreaches.net/uk-dorchester-schools-it-system-struck-by-ransomware-attack/; https://www.bbc.com/news/uk-england-dorset-65811637,2023-05-24,2023-12-28
2269,"Unknown actors locked the network of Oklahoma Institute of Allergy, Asthma and Immunology possibly beginning February 2023","Unknown actors locked the network of Oklahoma Institute of Allergy, Asthma and Immunology possibly beginning February 2023, according to both the institute and employees who gave interviews to local media.
Dr. Amy Liebl Darter, the institute's medical director, in a statement to KFOR Media traced suspicious events back to February, when she and her husband downloaded an iPhone application and that application caused issues with the clinic's technology. As a result, the clinic was ""locked out of everything"" - phone, email, and electronic record systems - to the point that patients continued to receive notifications inviting them in for previously scheduled appointments that the clinic is not able to cancel within its systems. ",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,"Oklahoma Institute of Allergy, Asthma and Immunology",United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15550,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/oklahoma-allergy-clinic-blames-ransomware-for-shutdown; https://www.databreaches.net/patients-concerned-after-local-allergy-clinic-closes-its-doors-because-of-alleged-data-breach/,2023-05-23,2023-12-28
2268,Unknown actors disrupted access to some customer portals and websites of technology service provider ScanSource on 14 May 2023 ,"Unknown actors disrupted access to some customer portals and websites of the technology service provider ScanSource on 14 May 2023 as part of a ransomware attack, the company reported on its website on 16 May.",2023-05-14,2023-05-14,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,ScanSource,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,15552,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,1460000.0,dollar,Not available,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://storage.pardot.com/704223/1684277198bEZlDMDs/CIR_PressRelease_Final_051623.pdf; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://twitter.com/ransomwaremap/status/1658871661469356032; https://www.bleepingcomputer.com/news/security/scansource-says-ransomware-attack-behind-multi-day-outages/; https://www.scansource.com/~/media/Project/scansource/scansourceweb/scansource-corp/investors/10k/scsc_10k_fy23.pdf,2023-05-23,2023-12-28
2266,Russian hacktivists accessed and stole data from four Ukrainian insurance companies in April 2023,"As reported by the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), unnamed Russian hacktivists accessed and stole data from four of Ukraine's ten largest insurance companies in April 2023. This data was reportedly then made public. Depending on the affected insurer, the data included contact details, addresses, employment, travel and vehicle information, as well as medical data.",2023-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Not available,Russia,Non-state-group,Hacktivist(s),1,15553; 15553,2023-05-20 00:00:00; 2023-05-20 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,SSSCIP; CERT-UA,Not available; Not available,Ukraine; Ukraine,Not available; Not available,Russia; Russia,Non-state-group; Non-state-group,https://cip.gov.ua/en/news/vorozhi-khakeri-aktivizuvali-polyuvannya-na-personalni-dani-gromadyan,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-05-20 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,4.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/SSSCIP/status/1660575384818143232; https://cip.gov.ua/en/news/vorozhi-khakeri-aktivizuvali-polyuvannya-na-personalni-dani-gromadyan,2023-05-23,2023-12-28
2265,Unknown actors encrypted local systems at three manufacturing sites of French electronics supplier Lacroix starting on 12 May 2023,"Unknown actors encrypted local systems at three manufacturing sites - in France, Germany and Tunisia - belonging to the electronics division of French technology supplier Lacroix during the night of 12-13 May 2023, the firm reported on its website on 15 May. To assist with recovery, the three plants have been closed and were expected to resume operations on 22 May. The affected sites accounted for 19% of Lacroix' sales in 2022. In its 15 May statement, company leadership did not foresee the incident to influence the business' performance in 2023. 
",2023-05-12,2023-05-13,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Lacroix Electronics,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,15554,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.globenewswire.com/news-release/2023/05/15/2668384/0/en/LACROIX-Cyber-attack-contained-at-LACROIX.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://securityaffairs.com/146335/cyber-crime/lacroix-group-ransomware-attack.html; https://twitter.com/securityaffairs/status/1658955105721282560; https://twitter.com/securityaffairs/status/1658823008125894657; https://twitter.com/securityaffairs/status/1658596179444133891; https://www.globenewswire.com/en/news-release/2023/05/31/2679662/0/en/Lacroix-Production-resumes-at-LACROIX.html,2023-05-23,2023-12-28
2262,BlackBasta ransomware group stole data from German arms manufacturer Rheinmetall beginning in April 2023,"The BlackBasta ransomware group stole data from German arms manufacturer Rheinmetall, the ransomware group itself announced when it listed Rheinmetall as a victim on its website. 
To back up this claim, the ransomware group disclosed passport scans, confidentiality agreements, and technical schemes allegedly obtained from Rheinmetall. The company had announced plans to set up a new production facility in Ukraine four days earlier. Names included in the leak appeared to match those of of indivuals employeed by Rheinmetall in the United States.
Rheinmetall spokesman Oliver Hoffmann said that only the group's automotive supply branch was affected, not its defense branch. ",2023-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Rheinmetall,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Black Basta Ransomware Gang,Not available,Non-state-group,Criminal(s),1,11066,2023-05-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Black Basta Ransomware Gang,Not available,Not available,Black Basta Ransomware Gang,Not available,Non-state-group,https://twitter.com/cyb3rops/status/1659977098025394176,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cyb3rops/status/1659977098025394176; https://twitter.com/cyb3rops/status/1659977098025394176; https://twitter.com/switch_d/status/1660432430858117120; https://twitter.com/asfakian/status/1660722926390222863; https://therecord.media/rheinmetall-confirms-black-basta-ransomware-group-behind-cyberattack; https://twitter.com/thegrugq/status/1660836983998955520; https://securityaffairs.com/146571/cyber-crime/rheinmetall-black-basta-ransomware-attack.html; https://twitter.com/z_edian/status/1661004518438633476; https://twitter.com/securityaffairs/status/1661005836616105985; https://www.bleepingcomputer.com/news/security/arms-maker-rheinmetall-confirms-blackbasta-ransomware-attack/; https://twitter.com/VessOnSecurity/status/1661042895749623808; https://twitter.com/Dinosn/status/1661093940198514710; https://www.malwarebytes.com/blog/news/2023/05/blackbasta-ransomware-throws-wrench-in-rheinmetall-arms-production; https://twitter.com/hackerfantastic/status/1661383096334274561; https://twitter.com/securityaffairs/status/1661459262634094592; https://twitter.com/SteffenHeyde/status/1661826936178352142; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/; https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-22-28; https://therecord.media/ransomware-attack-kaiserslautern-university-applied-sciences-germany; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://therecord.media/raleigh-housing-authority-black-basta-ransomware-group; https://therecord.media/blackbasta-ransom-payments; https://securityaffairs.com/155054/cyber-crime/black-basta-ransomware-activities.html,2023-05-22,2023-11-17
2264,APT group Bad Magic used CloudWizard malware to steal data from unspecified individuals as well as from diplomatic and research institutions in Ukraine beginning in late 2016,"The APT group Bad Magic used various versions of CloudWizard malware to steal data from unspecified individuals as well as from diplomatic and research institutions in Ukraine - specifically in the embattled regions of Lugansk, Donetsk, and Crimea as well as in central and western Ukraine - during late 2016 and early 2020, Russian IT security company Kaspersky reported on 19 May 2023.
The researchers noted that Bad Magic was able to gather files, record keystrokes (keylogging), take screenshot, tap microphones, and steal passwords.
Kaspersky found that CloudWizard shares similarities with previously reported operations CommonMagic (2022 - Kaspersky), BugDrop (2017 - CyberX), and Groundbait (2016 - ESET). Kaspersky also stated with medium to high confidence that the actor behind CloudWizard is the same as for Operation BugDrop and Operation Groundbait. ESET concluded in 2016 that the actor responsible for Operation Groundbait likely operating from within Ukraine. ",2016-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU,Unknown - State institutions / political system; Science," - Other (e.g., embassies); ",Red Stinger / Bad Magic,Ukraine,Unknown - not attributed,,1,15568,2023-05-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,Red Stinger / Bad Magic,Ukraine,Unknown - not attributed,https://securelist.com/cloudwizard-apt/109722/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Not available,Human rights; Diplomatic / consular law; Armed conflict,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Arkbird_SOLG/status/1659910150306557953; https://securelist.com/cloudwizard-apt/109722/; https://www.wired.com/story/tiktok-challenge-hyundai-flaw-security-roundup/; https://twitter.com/Cyber_O51NT/status/1659749197510504448; https://www.darkreading.com/attacks-breaches/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine; https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html; https://twitter.com/e_kaspersky/status/1659523123111243776; https://securityaffairs.com/146549/apt/cloudwizard-apt-russo-ukrainian-conflict.html; https://twitter.com/securityaffairs/status/1660945401745141760; https://twitter.com/securityaffairs/status/1661273440135921666; https://socradar.io/recapping-cyberwatch-insights-and-key-takeaways-from-aprils-webinar/,2023-05-22,2023-12-28
2263,Karakurt ransomware group gained access to the network of Peachtree Orthopedics in Atlanta and claimed to have stolen 194 GB w in April 2023,"The Karakurt ransomware group is suspected to have gained access to limited systems of the network of Peachtree Orthopedics in Atlanta and claimed to have stolen 194 GB worth of data in April 2023, as disclosed by both the clinic in a notification letter and the criminal group on its leak site on 12 May.
Peachtree Orthopedics in their letter reported that they had discovered unauthorized access on 20 April, although the incident itself may have started earlier. In addition, the notification letter stated that information may have been exfiltrated, referring to addresses, dates of birth, driver’s license numbers, social security numbers (SSN), medical treatment/diagnosis information, treatment costs, financial account information, and health insurance claims/provider information.
Karakurt claimed in their leak message that the stolen data included SSNs, details relating to nearly 1,000 credit cards, other detailed personal information, medical records and significant amounts of corporate data.",2023-04-20,2023-05-12,Attack on critical infrastructure target(s),,Incident disclosed by victim; Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Peachtree Orthopedics,United States,NATO; NORTHAM,Critical infrastructure,Health,Karakurt,Not available,Non-state-group,Criminal(s),1,15569,2023-05-12 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Karakurt,Not available,Not available,Karakurt,Not available,Non-state-group,https://www.databreaches.net/peachtree-orthopedics-alerts-patients-of-cyberattack-third-patient-data-breach-in-seven-years/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/peachtree-orthopedics-alerts-patients-of-cyberattack-third-patient-data-breach-in-seven-years/; https://peachtreeorthopedics.com/notice/,2023-05-22,2023-12-28
2260,Russian IT worker Yevgeny Kotikov disrupted website of Russian Ministry of Defense and the President in February 2022,"A Russian IT worker by the name Yevgeny Kotikov allegedly disrupted the website of the Russian Ministry of Defense and that of the Russian president in February 2022, the Federal Security Service (FSB) press office in Rostov-on-Don reported.
The Rostov-on-Don District Court on 18 May sentenced Kotikov to three years' imprisonment in a so-called colony settlement and a fine of 800,000 rubles, or around 9,200 euros.
The FSB accused Kotikov of participating in a cyber operation in support of the Ukrainian government in the fight against Russia's invasion.",2022-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Ministry of Defence (Russia) - Website of the President of Russia,Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,Yevgeny Kotikov; Not available,Russia; Ukraine,Individual hacker(s); State,,2,11178; 11178; 11178; 11178; 11178; 11178; 11178; 11178; 11179,2023-05-18 00:00:00; 2023-05-18 00:00:00; 2023-05-18 00:00:00; 2023-05-18 00:00:00; 2023-05-18 00:00:00; 2023-05-18 00:00:00; 2023-05-18 00:00:00; 2023-05-18 00:00:00; 2023-05-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Federal Security Service (FSB); Federal Security Service (FSB); Federal Security Service (FSB); Federal Security Service (FSB); Federal Security Service (FSB); Federal Security Service (FSB); Federal Security Service (FSB); Federal Security Service (FSB); District Court Rostov-on-Don,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Yevgeny Kotikov; Yevgeny Kotikov; Yevgeny Kotikov; Yevgeny Kotikov; Not available; Not available; Not available; Not available; Yevgeny Kotikov,Russia; Russia; Ukraine; Ukraine; Russia; Russia; Ukraine; Ukraine; Russia,Individual hacker(s); State; Individual hacker(s); State; Individual hacker(s); State; Individual hacker(s); State; Individual hacker(s),https://tass.ru/proisshestviya/17778413,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,1,2023-05-18 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Russia,District court Rostov-on-Don,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/russian-it-worker-jailed-for-ddos-attacks; https://tass.ru/proisshestviya/17778413; https://twitter.com/thegrugq/status/1660233121273626624; https://twitter.com/lukOlejnik/status/1659953426187288579; https://twitter.com/lukOlejnik/status/1659952616380551168; https://twitter.com/josephmenn/status/1659698030378115072,2023-05-19,2023-07-03
2261,"Hive ransomware group and Mikhail Pavlovich Matveev attacked an unnamed nonprofit behavioral healthcare organization in Mercer County, New Jersey, on or about 27 May 2022","On or about 27 May 2022, access broker Mikhail Pavlovich Matveev and the Hive ransomware group allegedly deployed the ransomware variant against an unnamed nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey. The incident was referenced by the US Department of Justice on 16 May 2023, when it unsealed two indictments against Matveev, obtained in the Districts of New Jersey and Colombia, over his alleged role in various ransomware schemes involving Lockbit, Hive, and Babuk variants between 2020 and 2023. The US State Department simultaneously announced a reward of up to 10 million USD for information leading to the arrest or conviction of Matveev. ",2022-05-27,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Not available,United States,NATO; NORTHAM,Critical infrastructure,Health,Hive; Mikhail Pavlovich Matveev,Not available; Russia,Non-state-group; Individual hacker(s),Criminal(s); ,1,15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572; 15572,2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00,Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,Hive; Hive; Hive; Hive; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Hive; Hive; Hive; Hive; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Hive; Hive; Hive; Hive; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev,Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia,Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s),https://www.justice.gov/opa/pr/russian-national-charged-ransomware-attacks-against-critical-infrastructure; https://krebsonsecurity.com/wp-content/uploads/2023/05/Matveev.Indictment.pdf; https://www.justice.gov/usao-dc/press-release/file/1583786/download,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,1,2020-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.jpost.com/breaking-news/article-743309; https://twitter.com/Dinosn/status/1658728478794022920; https://thehackernews.com/2023/05/us-offers-10-million-bounty-for-capture.html; https://twitter.com/Dennis_Kipker/status/1658768984815161345; https://www.justice.gov/opa/pr/russian-national-charged-ransomware-attacks-against-critical-infrastructure; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://twitter.com/hackerfantastic/status/1659525649277628418; https://twitter.com/dani_stoffers/status/1658844428486811649; https://twitter.com/Dinosn/status/1658859215354560512; https://nakedsecurity.sophos.com/2023/05/17/us-offers-10m-bounty-for-russian-ransomware-suspect-outed-in-indictment/; https://twitter.com/DarkReading/status/1658942989010345985; https://therecord.media/wazawaka-cyber-most-wanted-interview-click-here; https://www.justice.gov/usao-dc/press-release/file/1583786/download; https://krebsonsecurity.com/wp-content/uploads/2023/05/Matveev.Indictment.pdf; https://www.state.gov/mikhail-pavlovich-matveev/; https://www.darkreading.com/risk/lockbit-affiliate-arrested-extortion-totals-91m; https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-affiliate-arrested-charged-in-us/; https://cyberscoop.com/lockbit-russian-national-arrested/; https://therecord.media/russian-arrested-in-us-for-lockbit; https://www.justice.gov/opa/pr/russian-national-arrested-and-charged-conspiring-commit-lockbit-ransomware-attacks-against-us; https://securityaffairs.com/147570/breaking-news/security-affairs-newsletter-round-424.html; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html; https://cyberscoop.com/fbi-operation-seizes-infrastructure-of-lockbit-ransomware-group/,2023-05-19,2023-12-28
2259,"LockBit and Mikhail Pavlovich Matveev used ransomware against law enforcement agency in Passaic County, New Jersey, on or about 25 June 2020","The Lockbit group and access broker Mikhail Pavlovich Matveev used ransomware against a law enforcement agency in Passaic County, New Jersey, on or about 25 June 2020. The incident was referenced by the US Department of Justice on 16 May 2023, when it unsealed two indictments against Matveev, obtained in the Districts of New Jersey and Colombia, over his alleged role in various ransomware schemes involving Lockbit, Hive, and Babuk variants between 2020 and 2023.
As part of Operation Cronos against the LockBit ransomware group, which was announced on 20 February 2024, the United States District Court of New Jersey indicted four individuals affiliated with the LockBit ransomware group, namely Mikhail Vasiliev, Artur Sungatov, Mikahil Pavlovich Matveev and Ivan Gennadievich Kondratyev. The cyber incident against the law enforcement agency in Passaic County is included in this indictment.",2020-06-25,2020-06-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Passaic County Police Department,United States,NATO; NORTHAM,State institutions / political system,Police,LockBit; Mikhail Pavlovich Matveev,Not available; Russia,Non-state-group; Individual hacker(s),Criminal(s); ,1,17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971; 17971,2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00; 2023-05-16 00:00:00,Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court District of New Jersey; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia; United States District Court for the District of Columbia,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,LockBit; LockBit; LockBit; LockBit; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; LockBit; LockBit; LockBit; LockBit; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; LockBit; LockBit; LockBit; LockBit; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev; Mikhail Pavlovich Matveev,Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia,Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s); Non-state-group; Individual hacker(s),https://www.justice.gov/opa/pr/russian-national-charged-ransomware-attacks-against-critical-infrastructure; https://www.justice.gov/opa/media/1338956/dl?inline,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,2,2020-01-01 00:00:00; 2023-05-16 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Peaceful means: Retorsion (International Law)",; Economic sanctions,United States; United States,Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/146345/cyber-crime/russian-ransomware-actor-reward.html; https://www.jpost.com/breaking-news/article-743309; https://twitter.com/Dinosn/status/1658728478794022920; https://thehackernews.com/2023/05/us-offers-10-million-bounty-for-capture.html; https://twitter.com/Dennis_Kipker/status/1658768984815161345; https://www.justice.gov/opa/pr/russian-national-charged-ransomware-attacks-against-critical-infrastructure; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://twitter.com/hackerfantastic/status/1659525649277628418; https://twitter.com/dani_stoffers/status/1658844428486811649; https://twitter.com/Dinosn/status/1658859215354560512; https://nakedsecurity.sophos.com/2023/05/17/us-offers-10m-bounty-for-russian-ransomware-suspect-outed-in-indictment/; https://twitter.com/DarkReading/status/1658942989010345985; https://therecord.media/wazawaka-cyber-most-wanted-interview-click-here; https://www.justice.gov/usao-dc/press-release/file/1583786/download; https://krebsonsecurity.com/wp-content/uploads/2023/05/Matveev.Indictment.pdf; https://www.state.gov/mikhail-pavlovich-matveev/; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/; https://www.darkreading.com/risk/lockbit-affiliate-arrested-extortion-totals-91m; https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-affiliate-arrested-charged-in-us/; https://cyberscoop.com/lockbit-russian-national-arrested/; https://therecord.media/russian-arrested-in-us-for-lockbit; https://www.justice.gov/opa/pr/russian-national-arrested-and-charged-conspiring-commit-lockbit-ransomware-attacks-against-us; https://securityaffairs.com/147570/breaking-news/security-affairs-newsletter-round-424.html; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html; https://cyberscoop.com/fbi-operation-seizes-infrastructure-of-lockbit-ransomware-group/; https://www.justice.gov/opa/media/1338956/dl?inline,2023-05-19,2024-03-14
2258,Rhysida ransomware group disrupted website and telephone services of the Territorial Authority of Martinique since 16 May 2023,"The website and telephone services of the Territorial Authority of the French overseas region Martinique (Collectivité Territoriale de Martinique) have not been accessible since 16 May 2023 due to disruptions of the agency's systems that occured on the same day. As of 19 May 2023 the access to the website had not yet been restored.
Then, in early June, the Rhysida Ransomware group posted the Territorial Authority on its leak site, with DataBreached.net writing in its article that the leaked files appear to be government-related.  
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-05-16,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Collectivité Territoriale de Martinique,Martinique,,State institutions / political system,Civil service / administration,Rhysida Ransomware Group,Not available,Non-state-group,Criminal(s),1,15593,2023-06-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Rhysida Ransomware Group,Not available,Not available,Rhysida Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/rhysida-ransomware-group-claims-attack-on-martinique/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,International telecommunication law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1658746862663348225; https://viaatv.tv/cyberattaque-le-site-internet-de-la-ctm-inaccessible-suite-a-un-piratage-informatique/; https://therecord.media/martinique-dealing-with-cyberattack-that-disrupted-government-services-france; https://www.databreaches.net/rhysida-ransomware-group-claims-attack-on-martinique/; https://therecord.media/kuwait-isolates-systems-after-ransomware-attack; https://therecord.media/trinidad-and-tobago-government-agency-hit-with-post-christmas-cyberattack; https://therecord.media/world-council-churches-lutheran-world-federation-cyberattacks,2023-05-19,2023-12-29
2257,Unknown actors gained access to Raleigh Radiology's network in North Carolina on or about 14 February 2021,"Unknown actors gained access to Raleigh Radiology's network in North Carolina on or about 14 February 2021, as made public by the company on 28 April 2023 in the wake of a lawsuit against their former insurance broker. Following the intrusion, the threat actors deployed ransomware on Raleigh Radiology's computer systems on 17 February 2021. According to Raleigh Radiology, the insurer had failed to inform it about the expiration of its policy on 15 February, two days before the ransomware module was activated.  
The attack occasioned 330,000 USD in recovery costs in additon to 5,000 USD to replace irrecoverable systems and a loss of 685,000 USD in net turnover during the period until operations returned to normal on 25 March 2021.",2021-02-14,2021-05-25,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Raleigh Radiology,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15578,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,1020000.0,dollar,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/WSJCyber/status/1659289215799029789; https://www.wsj.com/articles/radiology-group-sues-broker-over-lapsed-cyber-insurance-policy-c3dee8b5,2023-05-19,2023-12-28
2256,Three Turkish opposition media outlets claimed DDoS attacks targeted their websites during the general elections on 14 May 2023,"Three Turkish opposition media outlets (the television channel Halk TV and the daily newspapers Sözcü and Cumhuriyet) claimed DDoS attacks targeted their websites on 14 May 2023, the day the 2023 Turkish general elections commenced. The outlets all communicated the incident via social media, poiting to their editorial independence as the potential cause for the attack against them. ",2023-05-14,2023-05-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,Cumhuriyet - Halk TV - Sözcü,Turkey; Turkey; Turkey,ASIA; NATO; MEA - ASIA; NATO; MEA - ASIA; NATO; MEA,Media - Media - Media, -  - ,Not available,Not available,Not available,,1,15614,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.birgun.net/haber/halk-tv-cumhuriyet-ve-sozcu-ye-siber-saldiri-437187,System / ideology; National power,System/ideology; National power,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.duvarenglish.com/three-opposition-media-outlets-hit-by-cyber-attack-news-62414; https://www.birgun.net/haber/halk-tv-cumhuriyet-ve-sozcu-ye-siber-saldiri-437187; https://riskybiznews.substack.com/p/risky-biz-news-us-charges-and-sanctions,2023-05-17,2023-12-29
2255,Canadian Yellow Pages targeted by Black Basta ransomware gang around 15 March 2023,"The Canadian Yellow Pages (YP) were targeted by Black Basta ransomware gang on or around 15 March 2023. After the gang publicly claimed to have attacked YP on 22 April, Franco Sciannamblo, YP's Senior Vice President Chief Financial Officer confirmed the incident in a statement to BleepingComputer, published on 24 April. The company representative further announced initial findings suggesting certain employee data and a subset of information relating to our business customers had been obtained by threat actors. The statement noted impacted individuals and privacy regulatory authorities had been notified and all YP services restored. A sample of exfiltrated data posted by Black Basta to its leak site suggests the cache includes ID and tax documents, sales and purchase agreements, as well as certain accounting and financial statements from the previous four months.",2023-03-01,2023-04-24,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Canadian Yellow Pages,Canada,NATO; NORTHAM,Critical infrastructure,Digital Provider,Black Basta Ransomware Gang,Not available,Non-state-group,Criminal(s),1,15617,2023-04-22 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Black Basta Ransomware Gang,Not available,,Black Basta Ransomware Gang,Not available,Non-state-group,https://twitter.com/GossiTheDog/status/1650420583987912704,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://socradar.io/major-cyberattacks-in-review-april-2023/; https://twitter.com/alexfrudolph/status/1650859746638061569; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-28th-2023-clop-at-it-again/; https://twitter.com/Dinosn/status/1650791247551016960; https://twitter.com/GossiTheDog/status/1650420583987912704; https://www.bleepingcomputer.com/news/security/arms-maker-rheinmetall-confirms-blackbasta-ransomware-attack/; https://twitter.com/VessOnSecurity/status/1661042895749623808; https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/; https://www.bleepingcomputer.com/news/security/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files/,2023-05-17,2024-01-29
2254,Unknown actors gained access to customer data of Hyundai France and Hyundai Italy in April 2023,"Unknown actors infiltrated networks of the Italian and French branches of the car manufacturer Hyundai and successfully gained access to costumer data. Compromised data contained email addresses, physical addresses, telephone numbers, and vehicle chassis numbers of costumers who previously had booked a test drive. Hyundai Italy and France disclosed the incident to affected costumers in April 2023. ",2023-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Hyundai France - Hyundai Italy,France; Italy,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS),Critical infrastructure - Critical infrastructure,Critical Manufacturing - Critical Manufacturing,Not available,Not available,Not available,,1,15618,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://socradar.io/major-cyberattacks-in-review-april-2023/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Unknown,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,,0.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://socradar.io/major-cyberattacks-in-review-april-2023/,2023-05-17,2023-12-29
2253,Ransomware gang LockBit targeted Bank Syariah Indonesia since 8 May 2023,"The ransomware gang LockBit claimed to have targeted Bank Syariah Indonesia since 8 May 2023. The threat actors further stated they had halted services of the bank due through the intervention and exfiltrated 1.5 terabytes of confidential data. After an initial payment deadline passed unanswered on 15 May, the group started to leak data on 16 May on the dark web. Stolen data reported included several databases containing personal information of over 15 million customers and employees, including names, phone numbers, addresses, account data, banking card information, and transaction details. Among the compromised data were also legal documents, non-disclosure agreements, and critically credentials to access internal and external services of the bank. Statements by the group indicate an infiltration of the bank's systems via a vulnerability two months before it initiated the ransomware call.
",2023-03-08,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Bank Syariah Indonesia,Indonesia,ASIA; SCS; SEA,Critical infrastructure,Finance,LockBit,Not available,Non-state-group,Criminal(s),1,15619,2023-05-12 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,LockBit,Not available,Not available,LockBit,Not available,Non-state-group,https://thecyberexpress.com/lockbit-bank-syariah-indonesia-cyber-attack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Not available,0.0,Medium,11.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/darktracer_int/status/1658341177685573632; https://twitter.com/securityaffairs/status/1658341076980191232; https://thecyberexpress.com/lockbit-bank-syariah-indonesia-cyber-attack/; https://twitter.com/Dinosn/status/1658738486541791232; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/,2023-05-17,2023-12-29
2251,"Chinese state-sponsored APT Camaro Dragon infected router devices with malicious firmware implant featuring backdoor called ""Horse Shell""","The Chinese state-sponsored APT Camaro Dragon infected router devices with malicious firmware implants cotaining the ""Horse Shell"" backdoor, according to analysis by CheckPoint which began to track the activity in January 2023. Although the security company detected the incident during its analysis of attacks mainly targeting European foreign affairs entities, it did not conclude definitively that these organizations were intended targets of the router implants. According to the report, infecting routers should rather be seen as an arbitrary act of creating a ""chain of nodes between main infections and real command and control"", than as a targeted attack of individual devices. CheckPoint identified similarities between Camaro Dragon and the Chinese state-sponsored APT Mustang Panda but refrained from claiming a full overlap bewteen these two groups.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Not available,,Camaro Dragon,China,"Non-state actor, state-affiliation suggested",,1,15620,2023-05-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,,Israel,Camaro Dragon,China,"Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/05/chinas-mustang-panda-hackers-exploit-tp.html; https://twitter.com/chuksjonia/status/1658462287563243521; https://twitter.com/_r_netsec/status/1658551161073569792; https://twitter.com/780thC/status/1658429623934365697; https://twitter.com/Cyber_O51NT/status/1658428027917971457; https://twitter.com/securityaffairs/status/1658536868336615424; https://securityaffairs.com/146301/apt/mustang-panda-targets-tp-link-routers.html; https://www.bleepingcomputer.com/news/security/hackers-infect-tp-link-router-firmware-to-attack-eu-entities/; https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/; https://socradar.io/network-devices-under-threat-mustang-panda-targets-tp-link-routers-critical-teltonika-vulnerabilities/; https://twitter.com/Dinosn/status/1658712507886780418; https://twitter.com/Dinosn/status/1658713559134527494; https://www.cybersecasia.net/news/malicious-firmware-implant-for-tp-link-routers-linked-to-chinese-apt-group; https://twitter.com/securityaffairs/status/1658718197384708096; https://twitter.com/securityaffairs/status/1658823118062854145,2023-05-17,2023-12-29
2250,APT group Lancefly infected computers of governments and organizations from the communications and technology sectors in South and Southeast Asia with the Merdoor backdoor beginning in 2020,"The APT Lancefly infected a small number of computers belonging to governments and organizations from the communications and technology sectors in South and Southeast Asia with the Merdoor backdoor beginning in 2020, US-based IT security company Symantec reported on 15 May 2023.
The threat actor's exact identity remains under investigation. Circumstantial overlaps in TTPs point to a possible connection to Chinese activity clusters.
",2020-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Southeast Asia (region); South Asia (region), - ,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries; ,Lancefly,Not available,Unknown - not attributed,,1,15621,2023-05-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,Lancefly,Not available,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Phishing; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor; https://therecord.media/lancefly-espionage-malware-backdoor-asia-apt; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/,2023-05-16,2023-12-29
2245,New ransomware group RA Group compromised three organizations in the United States and one organization in South Korea along different business sectors in April 2023,"The new ransomware group RA Group compromised three organizations in the United States and one organization in South Korea along different business sectors - including manufacturing, wealth management, insurance providers and pharmaceuticals - in April 2023. The ransomware group listed three organizations as victims on its leak page on 27 April and an additional organization on 28 April.
As reported by Cisco Talos, ransomware used by RA Group is drawing on the Babuk ransomware source code leaked in September 2021 but highly customized to specific targets. ",2023-04-27,2023-04-28,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Not available - Not available,"United States; Korea, Republic of",NATO; NORTHAM - ASIA; SCS; NEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Health;  - Health; ,RA Group,Not available,Non-state-group,Criminal(s),1,15627,2023-04-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,RA Group,Not available,Not available,RA Group,Not available,Non-state-group,https://twitter.com/malwrhunterteam/status/1651653010345345024,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,4.0,1-10,2.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/new-ra-group-ransomware-targets-us-orgs-in-double-extortion-attacks/; https://blog.talosintelligence.com/ra-group-ransomware/; https://twitter.com/malwrhunterteam/status/1651653010345345024; https://securityaffairs.com/146248/cyber-crime/new-ra-group.html; https://cyberscoop.com/ransomware-group-ra-group-talos/; https://thehackernews.com/2023/05/new-ransomware-gang-ra-group-hits-us.html; https://twitter.com/Dinosn/status/1658096489380339712; https://twitter.com/Cyber_O51NT/status/1658113125902581761; https://twitter.com/cybereason/status/1658132267263303682; https://twitter.com/780thC/status/1658427185470775297; https://www.malwarebytes.com/blog/news/2023/05/leaked-babuk-ransomware-builder-code-lives-on-as-ra-group; https://twitter.com/Dinosn/status/1659132012240748545; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-15-21; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/,2023-05-16,2023-12-29
2246,"APT group Lancefly used Merdoor malware to attack government, aviation, education and telecommunication organisations in South and Southeast Asia beginning in mid-2022","As reported by Symantec in May 2023, an APT group named Lancefly used a custom malware called Merdoor in highly targeted attacks from mid-2022 into the first quarters of 2023 on government, aviation, education and telecommunication in unspecified countries in South and Southeast Asia. 
The motive is believed to be cyber espionage. Though the initial infection vector used by Lancefly has not been confirmed yet, there is evidence that the group uses phishing emails, SSH credentials brute forcing, and public-facing server vulnerabilities exploitation for unauthorized access. Circumstantial overlaps in TTPs point to a possible connection to Chinese activity clusters.",2022-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Southeast Asia (region); South Asia (region), - ,State institutions / political system; Critical infrastructure; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; State institutions / political system; Critical infrastructure,Government / ministries; Transportation; Civil service / administration; Telecommunications - Government / ministries; Transportation; Civil service / administration; Telecommunications,Lancefly,Not available,Unknown - not attributed,,1,15622,2023-05-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,Lancefly,Not available,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Phishing; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/stealthy-merdoor-malware-uncovered-after-five-years-of-attacks/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor; https://twitter.com/Dinosn/status/1658067556077383683; https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html; https://therecord.media/lancefly-espionage-malware-backdoor-asia-apt; https://securityaffairs.com/146274/apt/lancefly-apt-merdoor-backdoor.html; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html,2023-05-16,2023-12-29
2241,"Monti ransomware group gained access to archives of the Italian health authority of the municipalities of Avezzano, Sulmona and L'Aquila (ASL 1) and stole 500GB worth of data beginning on 3 May 2023","The Monti ransomware group gained access to the archives of the Italian health authority of the municipalities of Avezzano, Sulmona and L'Aquila (ASL 1) and stole 500GB worth of data beginning on 3 May 2023. In addition, disruption of the authority's system blocked access to the booking services for medical appointments.
The stolen data included medical records, genetic analysis reports, psychological reports about minors, inventory documents, data from the transplantation department, termination letters, implementation of rehabilitation measures , reports from child neuropsychiatry, documents with first and last names of HIV patients, documents on purchases, various letterheads, pre-written letters, orders for machines, medicines and other supplies for hospital operations, and then passwords and other access keys that have allowed the ransomware group to move within the network. Monti issued a ransom request of 2 million $.
The president of the Abruzzo region, Marco Marsilio, said he will not pay the ransom and will not make any public statements. Previously, this silence in the Abruzzo Regional Council caused discussion between the parties, the regional councilor Giorgio Fedele from the Five Star Movement said on 9 May 2023 that the ransomware group already published 10 GB worth of data on the darknet in the previous week.",2023-05-03,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,"Avezzano, Sulmona and L'Aquila (ASL 1) Health Authority",Italy,EUROPE; NATO; EU(MS),State institutions / political system,Civil service / administration,Monti ransomware group,Not available,Non-state-group,Criminal(s),1,15633,2023-05-03 00:00:00,"Attribution given, type unclear",Attacker confirms,Monti Ransomware Group,Not available,Not available,Monti ransomware group,Not available,Non-state-group,https://www.wired.it/article/asl-1-laquila-attacco-hacker-ramsomware/,Unknown,Not available,,Not available,,1,2023-05-11 00:00:00,EU member states: Legislative reactions,Dissenting statement by sub-national member of parliament,Italy,Giorgio Fedele (5 Star Movement; Regional Councilor),No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/securityaffairs/status/1657715674263822336; https://twitter.com/securityaffairs/status/1657083292225527822; https://www.wired.it/article/asl-aquila-attacco-hacker-cartelle-sanitarie-dati-abruzzo/; https://www.wired.it/article/asl-1-laquila-attacco-hacker-ramsomware/; https://twitter.com/JAMESWT_MHT/status/1658007518159806465; https://www.databreaches.net/hacker-attack-asl-abruzzo-guarantor-downloading-data-is-a-crime/,2023-05-15,2023-12-29
2244,Unknown actors disrupted Richmond University Medical Center in New York as of 5 May 2023,"Unknown actors disrupted the Richmond University Medical Center in New York starting on 5 May 2023, according to local media reports citing official information from the hospital and anonymous statements from staff. While the hospital maintained its operations, medical data had to be entered manually and patients had to be monitored in person.",2023-05-05,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Richmond University Medical Center,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15630,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/ny-richmond-university-medical-center-suffers-ransomware-attack-unclear-if-patient-info-compromised/; https://www.silive.com/news/2023/05/richmond-university-medical-center-suffers-ransomware-attack-unclear-if-patient-info-compromised.html; https://www.silive.com/news/2023/06/rumc-operating-normally-at-full-service-after-cyberattack-but-si-patient-says-some-issues-linger.html,2023-05-15,2023-12-29
2243,Several websites of the Danish Ministry of Defence and affiliated entities hit by DDOS attacks on 12 May 2023 ,"An unknown threat actor reportedly launched a series of DDoS attacks on the morning of 12 May 2023 against the websites of the Danish Ministry of Defence, the Centre for Cyber Security, the Danish Defence Intelligence Service, and the Danish Defence Material and Procurement Agency. ",2023-05-12,2023-05-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,Danish Defence Material and Procurement Agency - Danish Ministry of Defence - Danish Centre for Cyber Security - Danish Defence Intelligence Service,Denmark; Denmark; Denmark; Denmark,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Government / ministries - Civil service / administration - Intelligence agencies,Not available,Not available,Not available,,1,15631,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://politiken.dk/indland/art9348866/Forsvarets-hjemmesider-er-lagt-ned-af-cyberangreb; https://twitter.com/UK_Daniel_Card/status/1657029262312914948,2023-05-15,2023-12-29
2242,Ransomware group Money Message targeted PharMerica and BrightSprings in March 2023,"The ransomware group Money Message stole data affecting 5.8 million patients of the pharmacy company PharMerica and its holding company BrightSpring Health Services beginning on 12 March 2023, Money Message claimed as early as April 8, also leaking a first batch of stolen data on the same day.
The ransomware group claimed to have penetrated the networks of PharMerica and BrightSpring Health Services on 28 March and to have encrypted almost the entire infrastructure. 
According to PharMerica, exilftrated data comprise patients' name, address, date of birth, Social Security number, medications, and health insurance information. ",2023-03-12,2023-03-13,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,BrightSpring Health Services - Pharmerica,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Health - Health,Money Message,Not available,Non-state-group,Criminal(s),1,15632,2023-04-08 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Money Message,Not available,Not available,Money Message,Not available,Non-state-group,https://www.databreaches.net/pharmerica-and-brightspring-health-services-hit-by-money-message/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/ransomware-attack-on-pharmerica-affected-5-8-million-patients/; https://apps.web.maine.gov/online/aeviewer/ME/40/6282d559-46ff-434c-9edd-41815a7fcd74.shtml; https://www.databreaches.net/pharmerica-and-brightspring-health-services-hit-by-money-message/; https://www.hackread.com/money-message-ransomware-msi-data-leak/; https://www.darkreading.com/attacks-breaches/pharmerica-leaks-5-8m-deceased-users-pii-health-information; https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/; https://securityaffairs.com/146259/data-breach/pharmerica-data-breach.html; https://twitter.com/securityaffairs/status/1658182780868501505; https://www.govinfosecurity.com/pharmerica-reports-breach-affecting-nearly-6-million-people-a-22073; https://twitter.com/securityaffairs/status/1658560197990789120; https://www.malwarebytes.com/blog/news/2023/05/pharmerica-breach-impacts-almost-6-million-people; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-15-21; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://twitter.com/Cyber_O51NT/status/1661201080691359745; https://therecord.media/clinical-test-data-of-enzio-biochem-stolen,2023-05-15,2023-12-29
2240,Bl00dy ransomware gang gained access to unspecified US education facilities through a vulnerability in the PaperCut print management MF/NG servers in early May 2023,"The Bl00dy ransomware gang gained access to unspecified US education facilities through a vulnerability (CVE-2023-27350) in the PaperCut print management MF/NG servers in early May 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) reported in a Joint Advisory on 11 May 2023.
In some education sector facilities, most likely reffering to schools, the ransomware group managed to exfiltrate data and encrypt computers. ",2023-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Not available,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Bl00dy Ransomware Gang,Not available,Non-state-group,Criminal(s),1,15634,2023-05-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Bl00dy Ransomware Gang,Not available,Not available,Bl00dy Ransomware Gang,Not available,Non-state-group,https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a,Unknown,Not available,,Not available,,1,2023-05-11 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/cisa-warns-of-bl00dy-ransomware-gang-using-papercut-vulnerability; https://twitter.com/ddd1ms/status/1657117992969293858; https://www.databreaches.net/stopransomware-malicious-actors-exploit-cve-2023-27350-in-papercut-mf-and-ng/; https://twitter.com/CISAJen/status/1656774114751774722; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a; https://twitter.com/securityaffairs/status/1657680000609316865; https://thehackernews.com/2023/05/bl00dy-ransomware-gang-strikes.html; https://twitter.com/Dinosn/status/1656982506682343425; https://securityaffairs.com/146154/cyber-crime/bl00dy-ransomware-targets-education-sector.html; https://www.bleepingcomputer.com/news/security/fbi-bl00dy-ransomware-targets-education-orgs-in-papercut-attacks/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-12th-2023-new-gangs-emerge/; https://twitter.com/LisaForteUK/status/1657289550367006722; https://twitter.com/cahlberg/status/1657266317324320768; https://twitter.com/securityaffairs/status/1657157870587133953; https://www.techrepublic.com/article/papercut-vulnerability/; https://thehackernews.com/2023/05/buhti-ransomware-gang-switches-tactics.html; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/stepping-ahead-of-risk-trend-micro-2023-midyear-cybersecurity-threat-report; https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://www.techrepublic.com/article/cisco-talos-year-end-report/,2023-05-15,2023-12-29
2235,Akira ransomware group claimed to have gained access to the network of Mercer University in Georgia and to have stolen data in May 2023,"The Akira ransomware group gained access to the network of Mercer University in Georgia (US) and stole data in May 2023, both the university itself and the Akira ransomware group announced on 9 May 2023.
The stolen information is confirmed to have included social security numbers and driver's license numbers of students, parents and employees.",2023-05-01,2023-05-07,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim; Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Mercer University,United States,NATO; NORTHAM,Critical infrastructure; Education,Research; ,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),1,11174,2023-05-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Akira Ransomware Group,Not available,Not available,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,https://twitter.com/BrettCallow/status/1655992986998538245,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,3,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",5.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/cyberattacks-chattanooga-state-mercer-university; https://twitter.com/BrettCallow/status/1655992986998538245; https://den.mercer.edu/mercer-university-statement-on-data-incident/; https://therecord.media/decryptor-released-for-akira-ransomware-avast; https://therecord.media/cyberattacks-on-governments-way-up,2023-05-12,2023-07-20
2239,Unknown ransomware group stole data and encrypted internal computers and servers of Austrian scientific equipment manufacturer Anton Paar beginning on 6 April 2023,"An unknown ransomware group stole less than 1.3% of data and encrypted about 10% of the internal computers and servers of Austrian scientific equipment manufacturer Anton Paar during 6-19 April 2023, the company itself announced on its website.
Anton Paar manufactures measuring instruments for a variety of sectors, including the chemical, electronics, petroleum, beverage and  food industries, teaching and research, material science and nanotechnology, mining, the paper and textile industry, the pharmaceutical and cosmetics industry and power generation.",2023-04-06,2023-04-19,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Anton Paar,Austria,EUROPE; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,15635,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-04-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Austria,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1656509346480635906; https://www.anton-paar.com/de-de/cyberattack/,2023-05-12,2023-12-29
2234,Suspected Bangladeshi hacktivist group Mysterious Team conducted DDoS attack against website of Ethiopia's Ministry of Health,"The suspected Bangladeshi hacktivist group Mysterious Team claimed to have targeted the Ethiopian Ministry of Health in a DDoS attack on 11 May 2023, taking its website offline for several hours. The actions followed earlier DDoS attacks against Indian media organizations and are joined by announcement from Mysterious Team Bangladesh of plans to target other Ethiopian government ministries.

",2023-05-11,2023-05-11,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Ethiopian Ministry of Health,Ethiopia,AFRICA; SSA,State institutions / political system,Government / ministries,Mysterious Team Bangladesh,Not available,Non-state-group,Hacktivist(s),1,11172,2023-05-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Mysterious Team Bangladesh,Not available,Not available,Mysterious Team Bangladesh,Not available,Non-state-group,https://thecyberexpress.com/ethiopian-ministry-of-health-cyber-attack/; https://twitter.com/MysteriousTeamO/status/1656555668223193088,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1656719853418610693; https://thecyberexpress.com/ethiopian-ministry-of-health-cyber-attack/; https://twitter.com/FalconFeedsio/status/1656559064804098048?t=rPGFB47JcW3lB73VJoH4Bg&s=09; https://twitter.com/MysteriousTeamO/status/1656555668223193088; https://thehackernews.com/2023/08/mysterious-team-bangladesh-targeting.html,2023-05-12,2023-08-04
2233,"Unknown actors disrupted the municipal administration of Tulancingo, Mexico, using ransomware on 9 May 2023","The computer system of three areas of the Municipality of Tulancingo, Mexico, reportedly suffered a ransomware attack designed to extort the local government. The incident is being reported by the Cybernetic Police and there is no confirmation of data theft yet. According an official spokesperson, the compromised systems related to property tax, land registry and transfer of ownership as well as tax execution are down since the attack started on 9 May.",2023-05-09,2023-05-09,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Municipal Administration of Tulancingo,Mexico,,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15639,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-05-10 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Mexico, Policía Cibernética,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1656528438675529728; https://sintesis.com.mx/hidalgo/2023/05/10/sufre-ataque-cibernetico/; https://www.am.com.mx/tulancingo/2023/5/10/atacan-sistema-de-computo-de-alcaldia-de-tulancingo-659669.html,2023-05-12,2023-12-29
2236,Suspected state-directed hacking group stole a large amount of email communication from German IT companies Adesso and Init since May 2022,"A suspected state-directed hacking group stole a large amount of email communication from German IT companies  since May 2022, Bayerischer Rundfunk first reported on 10 May 2023, based on a warning letter issued by the Federal Information Technology Center (ITZ Bund) in late April. Among the confirmed targets were the two companies Adesso and Init.
A third IT company, Materna, stated that they had not experienced any data exfiltration to date.
The stolen information is said to be personal data, telephone numbers, places of employment, current projects, mail histories and attached documents.
IT security expert and managing director of the German Cyber Security Organization (DCSO), Andreas Rohr, said that ""if you look at the ITZ Bund or authorities being the target, you would indeed assume an intelligence background with a high probability."" A person familiar with the matter also believes that the three attacks were related and that the nature and execution pointed to a state-directed background.
The chairman of the Parliamentary Control Panel, which oversees the intelligence services, Konstantin Notz of the Green Party, expressed alarm at the cyber attacks on the three IT service providers. Anke Domscheit-Berg, network policy spokeswoman for the Left Party in the Bundestag, calls on the German government to take such attacks more seriously.",2022-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Init - Adesso,Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Telecommunications - ,Not available,Not available,State,,1,15638,2023-05-10 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Not available,Not available,Germany,Not available,Not available,State,"https://www.br.de/nachrichten/deutschland-welt/hackerangriffe-auf-it-dienstleister-des-bundes,TdnLki7",Unknown,Unknown,,Unknown,,2,2023-05-10 00:00:00; 2023-05-10 00:00:00,EU: Legislative reactions; EU: Legislative reactions,Dissenting statement by member of parliament; Dissenting statement by member of parliament,Germany; Germany,Konstantin von Notz (Chairman of the Parliamentary Control Committee); Anke Domscheit-Berg (network policy spokeswoman for the Left Party),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Human rights; Sovereignty,State actors; Civic / political rights; ,Not available,1,2023-04-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Berlin,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://twitter.com/Dennis_Kipker/status/1656637140048986115; https://www.br.de/nachrichten/deutschland-welt/hackerangriffe-auf-it-dienstleister-des-bundes,TdnLki7; https://twitter.com/perceptic0n/status/1656272960682881025",2023-05-12,2023-12-29
2237,Unknown actors disrupted the majority of student services at Chattanooga State Community College in Tennessee since 6 May 2023,"Unknown actors disrupted the majority of student services at Chattanooga State Community College in Tennessee from at least 6 May 2023, the university announced on 7 May via its website. 
The disrupted student services included systems for student IDs, parking passes, financial aid, academic advising, registration, bill payment, transcript requests, testing, disability services and more financial aid services, bill payment services, disability services, and more.",2023-05-06,2023-05-06,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Chattanooga State Community College ,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,15637,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,1,2023-05-10 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/cyberattacks-chattanooga-state-mercer-university; https://chattanoogastate.edu/news-center/press-release/chattanooga-states-cyber-incident-update-investigation-and-recovery; https://twitter.com/InfoSecSherpa/status/1658494086913970176; https://www.databreaches.net/ransomware-attack-at-chattanooga-state-affects-data-of-1244-people/; https://chattanoogastate.edu/cyber-incident-operational-updates,2023-05-12,2023-12-29
2238,Unknown actors defaced the website of the Romanian Ministry of Education with an anti-school message on the night of 7-8 May 2023,"Unknown actors defaced the website of the Romanian Ministry of Education with an anti-system message on the night of 7-8 May 2023.
The hackers called on the country's students to stop attending school referring to it as a ""waste of time"". ",2023-05-07,2023-05-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Ministry of Education (Romania),Romania,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system; State institutions / political system,Government / ministries; Government / ministries,,Not available,Unknown - not attributed; Unknown - not attributed,,1,15636,2023-05-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,,Not available,Unknown - not attributed,https://www.hotnews.ro/stiri-educatie-26252471-atac-cibernetic-ministerul-educatiei-mesajul-aparut-siteul-institutiei.htm,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1656763603905650688; https://www.hotnews.ro/stiri-educatie-26252471-atac-cibernetic-ministerul-educatiei-mesajul-aparut-siteul-institutiei.htm,2023-05-12,2023-12-29
2232,Manufacturing Firm ABB Hit by Black Basta Ransomware Attack on 7 May 2023,"Swiss manufacturing firm ABB, a leading developer of industrial control systems and manufacturing/energy systems, was hit by a Black Basta ransomware attack on 7 May 2023. ABB works with numerous commercial and government customers; according to ABB employees, the attack affected hundreds of devices and ABB had to terminate VPN connections with customers, further impacting business dealings. On top of this, the attack impacted factories and resulted in delayed projects.
On 23 May 2023, ABB issued a press release confirming unauthorized access into certain computer systems and subsequent data theft by ransomware actors. ",2023-05-07,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,ABB,Switzerland,EUROPE; WESTEU,Critical infrastructure,Critical Manufacturing,BlackBasta,Not available,Non-state-group,Criminal(s),1,11459,2023-05-11 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Bleeping Computer,Not available,United States,BlackBasta,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/multinational-tech-firm-abb-hit-by-black-basta-ransomware-attack/,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/VessOnSecurity/status/1656767735450173445; https://www.bleepingcomputer.com/news/security/multinational-tech-firm-abb-hit-by-black-basta-ransomware-attack/; https://twitter.com/securityaffairs/status/1657082394539589633; https://twitter.com/Dinosn/status/1656790827908071426; https://twitter.com/cyb3rops/status/1656791564742434819; https://twitter.com/BushidoToken/status/1656786271509925888; https://twitter.com/ransomwaremap/status/1656875412465623040; https://twitter.com/securityaffairs/status/1656965451954499585; https://securityaffairs.com/146132/cyber-crime/black-basta-ransomware-hit-abb.html; https://twitter.com/cybereason/status/1657057637094105088; https://twitter.com/Dinosn/status/1656983961552424960; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-12th-2023-new-gangs-emerge/; https://therecord.media/abb-confirms-it-security-incident; https://twitter.com/Dennis_Kipker/status/1658423089695211520; https://www.bleepingcomputer.com/news/security/arms-maker-rheinmetall-confirms-blackbasta-ransomware-attack/; https://twitter.com/VessOnSecurity/status/1661042895749623808; https://twitter.com/Dennis_Kipker/status/1661415608120901632; https://twitter.com/securityaffairs/status/1663292175629578240; https://new.abb.com/news/detail/103405/abb-provides-details-about-it-security-incident; https://twitter.com/Dinosn/status/1662182506127343638; https://www.bleepingcomputer.com/news/security/us-govt-contractor-abb-confirms-ransomware-attack-data-theft/; https://twitter.com/JAMESWT_MHT/status/1663042798159900675; https://twitter.com/securityaffairs/status/1662920512282976263; https://twitter.com/securityaffairs/status/1662869827923353602; https://securityaffairs.com/146752/cyber-crime/abb-ransomware-attack.html; https://twitter.com/VessOnSecurity/status/1662142065285775369; https://www.heise.de/news/ABB-Ransomware-Angriff-womoeglich-durch-Loesegeldzahlung-eingedaemmt-9068825.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://twitter.com/Dennis_Kipker/status/1663876740031062016; https://securityaffairs.com/147059/breaking-news/security-affairs-newsletter-round-422.html; https://securityaffairs.com/147047/data-breach/fedpol-swiss-police-cyber-attack.html; https://therecord.media/raleigh-housing-authority-black-basta-ransomware-group; https://www.bleepingcomputer.com/news/security/toronto-public-library-outages-caused-by-black-basta-ransomware-attack/; https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/; https://therecord.media/blackbasta-ransom-payments; https://securityaffairs.com/155054/cyber-crime/black-basta-ransomware-activities.html,2023-05-12,2024-02-09
2228,"The suspected North Korean state-sponsored hacking group Kimsuky gained access to the internal network of Seoul National University Hospital and stole personal information of approximately 831,00 patients and employees beginning in May 2021","The suspected North Korean state-sponsored hacking group Kimsuky gained access to the internal network of Seoul National University Hospital (SNUH) and stole personal information of approximately 831,00 patients and employees beginning from May to June 2021, National Assembly deputy Ha Tae-keung told Seoul Economic Daily in July 2021.
That year, Kimsuky was known to have hacked one server and 62 workstations as well as accessed 6,969 records from June 5 to June 11, 2021. The professor of North Korean studies, Park Won-gon also said that North Korea-affiliated hacker were either looking for data on COVID-19 vaccinations or wanted to harm the South Korean government. 
On May 10, 2023, the Cyber Investigation Bureau of the National Police Agency (KNPA) released a report on the cyber incident at Seoul National University Hospital, concluding that North Korean hackers stole and exposed personal information of approximately 831,000 patients and employees without attributing it to a specific North Korean hacking group. ",2021-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Seoul National University Hospital (SNUH),"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Health,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,12074; 12073,2021-07-01 00:00:00; 2023-05-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Ha Tae-keung (Member of the National Assembly, South Korea); Korean National Police Agency (KNPA)",Not available; Not available,"Korea, Republic of; Korea, Republic of",Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Not available,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Unknown - not attributed",https://www.police.go.kr/viewer/skin/doc.html?fn=d6c2795c-3930-44ab-970d-d2d7a14f9571.hwpx&rs=/viewer/202305; https://www.upi.com/Top_News/World-News/2021/07/15/nkorea-North-Korean-hackers-Kimsuky-Seoul-hospital/9191626356343/,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,1,2021-07-01 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,"Korea, Republic of","Ha Tae-keung (Member of the National Assembly, South Korea)",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-05-10 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,"Korea, Republic of",Korean National Police Agency (KNPA),Not available,,Not available,,https://www.bleepingcomputer.com/news/security/north-korean-hackers-breached-major-hospital-in-seoul-to-steal-data/; https://www.upi.com/Top_News/World-News/2021/07/15/nkorea-North-Korean-hackers-Kimsuky-Seoul-hospital/9191626356343/; https://www.police.go.kr/viewer/skin/doc.html?fn=d6c2795c-3930-44ab-970d-d2d7a14f9571.hwpx&rs=/viewer/202305; https://twitter.com/securityaffairs/status/1656641146431389698; https://twitter.com/DarkReading/status/1656728785897549824; https://www.darkreading.com/attacks-breaches/north-korean-hackers-behind-hospital-data-breach-in-seoul; https://securityaffairs.com/146088/apt/seoul-national-university-hospital-hack.html; https://twitter.com/Dinosn/status/1656611740421963783; https://twitter.com/securityaffairs/status/1657119220717572125; https://twitter.com/M_Miho_JPN/status/1657044566980042757; https://twitter.com/780thC/status/1661326518146985988; https://twitter.com/SentinelOne/status/1661427710252711936; https://www.govinfosecurity.com/north-korean-apt-group-kimsuky-shifting-attack-tactics-a-22159,2023-05-11,2024-04-24
2229,BianLian ransomware group gained access to a network of the Basel Department of Education and stole information concerning students and teachers beginning in late January 2023,"The BianLian ransomware group gained access to a network of the Basel Department of Education and stole information concerning students and teachers beginning in late January 2023, the education department shared on 10 May 2023.
BianLian stole 1.2 TB of information from the eduBS network, which is available for the student body and teachers of the city of Basel. The stolen information included personal information about students, teaching reports, and report cards. 
Conradin Cramer, a member of the Basel-Stadt cantonal government and head of the education department, called the attack a disaster. BianLian published the stolen data on the dark web on 10 March. As reported by the FBI, BianLian since 2023 has focused on the theft of data and in past incidents has foregone the encryption of data on target systems. ",2023-01-01,2023-05-10,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse; Ransomware,Basel Department of Education,Switzerland,EUROPE; WESTEU,State institutions / political system,Civil service / administration,BianLian Ransomware Group,Not available,Non-state-group,Criminal(s),1,11070,2023-05-10 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,BianLian Ransomware Group,Not available,Not available,BianLian Ransomware Group,Not available,Non-state-group,https://www.inside-it.ch/daten-des-basler-erziehungsdepartements-im-darknet-aufgetaucht-20230510,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,Civic / political rights; ; ; Other human rights instruments,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1656299910180773889; https://www.srf.ch/news/schweiz/grosser-cyberangriff-kinder-betroffen-daten-des-basler-erziehungsdepartements-gehackt?ns_source=mobile&srg_sm_medium=tw; https://twitter.com/mruef/status/1656234934451806208; https://tarnkappe.info/artikel/cyberangriff/basler-erziehungsdepartement-gehackt-vor-allem-kinder-betroffen-274700.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a; https://www.inside-it.ch/daten-des-basler-erziehungsdepartements-im-darknet-aufgetaucht-20230510; https://www.inside-it.ch/hacker-des-basler-erziehungsdepartements-aendern-ihre-strategie-20230519; https://tarnkappe.info/artikel/it-sicherheit/6-mio-gestohlene-kreditkarten-gefunden-ist-deine-dabei-276142.html; https://tarnkappe.info/artikel/cyberangriff/cyber-bedrohungslage-seit-kriegsbeginn-in-der-ukraine-gestiegen-276126.html,2023-05-11,2023-12-07
2231,Hacker group Red Stinger aka Bad Magic stole unspecified information from two military targets in central Ukraine beginning in February 2022,"The hacker group Red Stinger aka Bad Magic stole unspecified information from two military targets in central Ukraine beginning in February 2022, US-based cybersecurity company Malwarebytes reported on 10 May 2023.
The first target was an unspecified military target in Zhytomyr in central Ukraine. The organization recognized the cyber incident after a few hours and removed the Red Stinger hacking group from its network, but the hacking group still managed to capture screenshots, microphone recordings and some office documents. The second target was an officer in Vinnitsya in central Ukraine who works in critical infrastructure. Until January 2023, the Red Stinger hacker group also stole screenshots, microphone recordings, office documents and keystrokes from him. There was also a third target also in Vinnitsya, but there is no further information about the nature of the cyber incident. 
Malwarebytes was able to determine a total of five different cyber operations linked to Red Stinger since the end of 2020, but only in the present operation 4 as well as in operation 5, which was already covered by Kaspersky, a breach of information security can be proven. Operation 4 was aimed primarily at Ukraine-related targets and operation 5 at Russia-related targets. All operations are linked by the objective to gather data und conduct network reconnaissance. ",2022-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Military,Red Stinger / Bad Magic,Not available,Unknown - not attributed,,1,15768,2023-05-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,MalwareBytes,MalwareBytes,United States,Red Stinger / Bad Magic,Not available,Unknown - not attributed,https://admin.eurepoc.eu/articles?status=Inbound&needs_attention=false&search=&publish_end_date=2023-05-11T00%3A00%3A00%2B02%3A00&publish_start_date=2023-05-10T00%3A00%3A00%2B02%3A00&activePage=0,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Cyber espionage; Armed conflict; Sovereignty,; Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/red-stinger-russia-ukraine-apt/; https://twitter.com/WIRED/status/1656387266145599488; https://admin.eurepoc.eu/articles?status=Inbound&needs_attention=false&search=&publish_end_date=2023-05-11T00%3A00%3A00%2B02%3A00&publish_start_date=2023-05-10T00%3A00%3A00%2B02%3A00&activePage=0; https://twitter.com/KimZetter/status/1656424278886322176; https://twitter.com/alexfrudolph/status/1656425743818039296; https://thehackernews.com/2023/05/new-apt-group-red-stinger-targets.html; https://twitter.com/thegrugq/status/1656522594059952128; https://twitter.com/Dinosn/status/1656713410044739617; https://twitter.com/Dinosn/status/1656606059463843840; https://twitter.com/lukOlejnik/status/1656540400612417536; https://twitter.com/mikko/status/1656908132335906816; https://www.govinfosecurity.com/enigmatic-hacking-group-operating-in-ukraine-a-22065; https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-8-14; https://www.malwarebytes.com/blog/business/2023/05/apt-attacks-exploring-advanced-persistent-threats-and-their-evasive-techniques; https://www.wired.com/story/tiktok-challenge-hyundai-flaw-security-roundup/; https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html; https://www.wired.com/story/red-stinger-ukraine-russia-espionage-hackers/; https://twitter.com/lilyhnewman/status/1659584493160656896; https://twitter.com/securityaffairs/status/1661273440135921666,2023-05-11,2024-01-04
2230,Suspected Russian state-sponsored hacking group gained access to foreign government institutions in Kazakhstan and unspecified targets in Afghanistan in late 2022,"A suspected Russian state-sponsored hacking group gained access to foreign government institutions in Kazakhstan and unspecified targets in Afghanistan in late 2022, Romanian IT security company Bitdefender attributed with low confidence with respect to the origin of the state-sponsored hacking group.
The group exfiltrated unspecified data using the previously unknown DownEx malware.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Afghanistan; Not available,ASIA; SASIA - ,Unknown - State institutions / political system, - ,Not available,Russia,"Non-state actor, state-affiliation suggested",,1,15601,2023-05-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Bitdefender,,Romania,Not available,Russia,"Non-state actor, state-affiliation suggested",https://www.bitdefender.com/blog/businessinsights/deep-dive-into-downex-espionage-operation-in-central-asia/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,2.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1656317155984695297; https://www.bitdefender.com/blog/businessinsights/deep-dive-into-downex-espionage-operation-in-central-asia/; https://securityaffairs.com/146034/cyber-crime/downex-malware-central-asia-attacks.html; https://thehackernews.com/2023/05/sophisticated-downex-malware-campaign.html; https://twitter.com/securityaffairs/status/1656751244772274185; https://twitter.com/CSIS_Tech/status/1656730893300699137; https://twitter.com/CyberWarship/status/1662091237225029633,2023-05-11,2023-12-29
2225,FBI disrupted malware network of Russian state-sponsored hacking group Snake on US computers,"Under the umbrella of Operation Medusa, the FBI disrupted the malware network of the eponymous Russian state-sponsored hacking group Snake on US computers, the US Department of Justice alongside security agencies of the United States, the United Kingdom, Canada, Australia, and New Zealand announced in a joint advisory on 9 May 2023.
The Snake malware network refers to a peer-to-peer transmission system chaining infected computers. This network was used by the threat actor Snake (also tracked as Turla), associated with Center 16 in the Russian Federal Security Service (FSB), to move stolen data back and forth between nodes to transfer it to servers controlled by the group in Russia.
To take this network offline, the FBI developed a bespoke tool, PERSEUS. Deployed to infected systems under rule 41 of the federal criminal procedures, for authorizing warrants to search and seize, this software is able to communicate with the Snake malware and issue commands for the malware to overwrite itself and thus disable itself without harming the hosting computer.",,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Intelligence agencies,Federal Bureau of Investigation (FBI),United States,State,,1,17002,2023-05-09 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,US Department of Justice (DoJ),Not available,United States,Federal Bureau of Investigation (FBI),United States,State,https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled,Cyber-specific,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Medium,11.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.jpost.com/breaking-news/article-742535; https://www.rferl.org/a/russia-cyber-espionage-busted-us-justice-department/32403530.html; https://english.elpais.com/usa/2023-05-09/us-busts-russian-cyber-operation-in-dozens-of-countries.html; https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled; https://www.darkreading.com/attacks-breaches/fbi-disarms-russian-fsb-snake-malware-network; https://www.databreaches.net/justice-department-announces-court-authorized-disruption-of-snake-malware-network-controlled-by-russias-federal-security-service/; https://www.bleepingcomputer.com/news/security/fbi-nukes-russian-snake-data-theft-malware-with-self-destruct-command/; https://cyberscoop.com/fbi-disrupts-russian-cyber-espionage-tool/; https://therecord.media/turla-snake-russia-malware-takedown-fbi-doj; https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a; https://twitter.com/Cyber_O51NT/status/1656091273445670913; https://twitter.com/Cyber_O51NT/status/1656091628250222592; https://twitter.com/ciaranmartinoxf/status/1656387450825060355; https://twitter.com/nicoleperlroth/status/1656137482982031362; https://twitter.com/CyberScoopNews/status/1656145680899928064; https://twitter.com/stefan_frei/status/1656174614735646722; https://twitter.com/securityaffairs/status/1656384466204368899; https://www.washingtonpost.com/world/2023/05/10/russia-ukraine-war-news/; https://twitter.com/monica_kaminska/status/1656215183105114118; https://thehackernews.com/2023/05/us-government-neutralizes-russias-most.html; https://www.schneier.com/blog/archives/2023/05/fbi-disables-russian-malware.html; https://twitter.com/DarkReading/status/1656319091177582593; https://twitter.com/secIT_DE/status/1656355557782204416; https://securityaffairs.com/146017/apt/turla-snake-malware.html; https://twitter.com/securityaffairs/status/1656223836700831744; https://twitter.com/780thC/status/1656228759664484352; https://twitter.com/switch_d/status/1656323171534921730; https://twitter.com/CyberScoopNews/status/1656295096537456645; https://twitter.com/Mandiant/status/1656289324319535106; https://twitter.com/Dinosn/status/1656256725832400896; https://twitter.com/Dennis_Kipker/status/1656638134874931200; https://www.rferl.org/a/russia-fsb-malware-snake-takedown/32407612.html; https://twitter.com/securityaffairs/status/1656566902230073345; https://www.wired.com/story/turla-history-russia-fsb-hackers/; https://www.databreaches.net/the-underground-history-of-russias-most-ingenious-hacker-group/; https://www.hackread.com/fbi-gchq-foil-russian-malware-hacking-tool/; https://twitter.com/CyberWarship/status/1662812982655565824; https://www.rferl.org/a/32472306.html; https://socradar.io/apt-profile-turla/; https://socradar.io/may-2023-cyberwatch-recap-a-month-in-cybersecurity/; https://www.bleepingcomputer.com/news/security/microsoft-hackers-turn-exchange-servers-into-malware-control-centers/; https://cyberscoop.com/cynthia-kaiser-fbi-ransomware-hive/; https://www.darkreading.com/threat-intelligence/sprawling-qakbot-malware-takedown-spans-700-000-infected-machines; https://www.bleepingcomputer.com/news/security/how-the-fbi-nuked-qakbot-malware-from-infected-windows-pcs/; https://krebsonsecurity.com/2023/08/u-s-hacks-qakbot-quietly-removes-botnet-infections/; https://www.bleepingcomputer.com/news/security/qakbot-botnet-dismantled-after-infecting-over-700-000-computers/; https://www.diepresse.com/6286141/operation-medusa-usa-neutralisieren-russische-spionage-software; https://therecord.media/fbi-takes-down-ipstorm-malware-botnet; https://therecord.media/doj-to-increase-cybercrime-efforts,2023-05-10,2024-02-08
2227,Iranian state-sponsored hacking group OilRig deployed new backdoor Mango against Israeli healthcare organization in Dezember 2022,"The Iranian state-sponsored hacking group OilRig deployed a new backdoor, Mango, against an Israeli healthcare organization in December 2022, the Slovakian IT security company ESET assessed as part of its quarterly report published on 3 May 2023. ",2022-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,Critical infrastructure,Health,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15603,2023-05-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,ESET,Slovakia,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/wp-content/uploads/2023/05/eset_apt_activity_report_q42022_q12023.pdf,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,"Non-state actors; Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/05/operation-chattygoblin-hackers.html; https://www.welivesecurity.com/wp-content/uploads/2023/05/eset_apt_activity_report_q42022_q12023.pdf; https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html,2023-05-10,2023-12-29
2226,Unknown actors gained access to the database of software developer and IT service provider NextGen Healtcare beginning in March 2023,"Unknown actors gained access to the database of software developer and IT service provider NextGen Healtcare during 29 March to 14 April 2023, as Nextgen Healthcare reported to the Attorney General im California, Maine, Montana, and Texas on 5 May. The attackers stole name, date of birth, address, and social security numbers of more than one million individuals. ",2023-03-29,2023-04-14,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,NextGen Healthcare,United States,NATO; NORTHAM,Critical infrastructure,,Not available,Not available,Not available,,1,15604,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-04-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/hackers-accessed-data-on-more-than-one-million-people-after-healthcare-tech-breach; https://apps.web.maine.gov/online/aeviewer/ME/40/cb1d4654-0ce0-4e59-9eec-24391249e2a8.shtml; https://www.darkreading.com/application-security/1m-nextgen-healthcare-patient-records-stolen-; https://twitter.com/securityaffairs/status/1655652350692843539; https://twitter.com/securityaffairs/status/1655627270583726097; https://securityaffairs.com/145935/data-breach/nextgen-healthcare-data-breach.html; https://twitter.com/lorenzofb/status/1655576001055805440; https://www.govinfosecurity.com/cloud-based-ehr-vendor-notifying-1-million-data-breach-a-22008; https://twitter.com/securityaffairs/status/1656423543473594373; https://therecord.media/clinical-test-data-of-enzio-biochem-stolen,2023-05-10,2023-12-29
2224,Global food distribution giant Sysco suffered data breach beginning on 14 January 2023,"The global food distribution giant Sysco suffered an data breach by a not further specified threat actor beginning on 14 January 2023. The incident was discovered on 5 March. It is believed, that the threat actors had access to customer and supplier data in the US and Canada. Personal information of US employees may also have been impacted. According to a quarterly filing with the US Securities and Exchange Commission, the incident had no effect on business operations.  ",2023-01-14,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Sysco Corporation,United States,NATO; NORTHAM,Critical infrastructure,Food,Not available,Not available,Not available,,1,15607,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/145996/data-breach/sysco-discloses-data-breach.html; https://therecord.media/norwegian-giant-tomra-dealing-with-cyberattack; https://www.bleepingcomputer.com/news/security/food-distribution-giant-sysco-warns-of-data-breach-after-cyberattack/; https://otp.tools.investis.com/clients/us/sysco1/SEC/sec-show.aspx?Type=page&Outline=no&FilingId=16611993-291099-291922&CIK=0000096021&Index=12600; https://twitter.com/securityaffairs/status/1656384623817940992; https://www.darkreading.com/attacks-breaches/sysco-data-breach-exposes-customer-employee-data; https://therecord.media/sysco-data-breach-social-security-numbers; https://apps.web.maine.gov/online/aeviewer/ME/40/28ded7f7-4f72-4a32-b531-1ba31469d1aa.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/28ded7f7-4f72-4a32-b531-1ba31469d1aa/eb054b8e-7646-47ae-be3e-4131b3b80951/document.html,2023-05-10,2023-12-29
2221,Iranian state-sponsored hacker groups Mint Sandstorm and Mango Sandstorm gained access to vulnerable PaperCut print managment servers,"The Iranian state-sponsored hacker groups Mint Sandstorm (formerly tracked as Phosphorus) and Mango Sandstorm (previously referred to as Mercury) gained access to vulnerable PaperCut MF/NG print management servers (via CVE-2023-27350), Microsoft announced on 6 May 2023.
Mint Sandstorm operators have been associated the Ministry of Intelligence and Security of the Islamic Republic of Iran (MOIS). Mango Sandstorm is believed to be linked to the Islamic Revolutionary Guard Corps (IRGC). Microsoft assesses Mint Sandstorm follows an opportunistic approach by attacking organizations across all sectors and in various geographic areas, with Mango Sandstorm reportedly being more concerned with maintaining a low profile. On 29 June, Threat Intelligence company Deep Instinct published a report in which it analyzed a new C2 (command & control) framework called ""PhonyC2"" used by MuddyWater in this campaign. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,PaperCut,Australia,OC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,15610; 15610,2023-05-06 00:00:00; 2023-05-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft,Microsoft; Microsoft,United States; United States,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://twitter.com/MsftSecIntel/status/1654620021476458496,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/microsoft-iranian-hacking-groups-join-papercut-attack-spree/; https://twitter.com/MsftSecIntel/status/1654620021476458496; https://twitter.com/joel_dpa/status/1655674636820946965; https://therecord.media/iranian-state-sponsored-hackers-exploiting-printer-vulnerability; https://securityaffairs.com/145952/apt/iranian-apt-papercut-exploitation.html; https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html; https://www.hackread.com/microsoft-iran-hackers-exploit-papercut-flaw/; https://twitter.com/securityaffairs/status/1656423154040938497; https://twitter.com/Dinosn/status/1656641641439002624; https://therecord.media/cisa-warns-of-bl00dy-ransomware-gang-using-papercut-vulnerability; https://thehackernews.com/2023/06/from-muddyc3-to-phonyc2-irans.html; https://www.govinfosecurity.com/critical-bugs-found-in-papercut-allow-rce-a-22752; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/stepping-ahead-of-risk-trend-micro-2023-midyear-cybersecurity-threat-report; https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater ,2023-05-09,2024-01-19
2223,Unknown actors gained access to network of OT&P Healthcare and possibly stole patient information on 4 May 2023,"Unknown actors gained access to the networks of Hong Kong-based OT&P Healthcare and possibly stole personal and medical information of approximately 100,000 patients on 4 May 2023, the clinic's CEO Robin Green said on 8 May.
",2023-05-04,2023-05-04,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,OT&P Healthcare,Hong Kong,ASIA,Critical infrastructure,Health,Not available,Not available,Not available,,1,15608,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/hk-personal-data-medical-history-of-100000-otp-healthcare-patients-may-have-been-compromised-in-cyberattack/,2023-05-09,2023-12-29
2222,Royal Ransomware group disrupted server network of Curry County in Oregon on 26 April 2023,"The Royal Ransomware group disrupted the server network of Curry County in Oregon on 26 April 2023, the county with a population of 23,000 announced on its website.
",2023-04-26,2023-04-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Curry County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Royal Ransomware Group,Not available,Non-state-group,Criminal(s),1,15609,2023-05-05 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Curry County,Not available,United States,Royal Ransomware Group,Not available,Non-state-group,https://www.co.curry.or.us/newslist.php,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-05-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.co.curry.or.us/newslist.php; https://therecord.media/dallas-ransomware-attack-courts-fire-police; https://therecord.media/coastal-mississippi-county-recovering-from-ransomware-attack-digital-hurricane; https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline,2023-05-09,2023-12-29
2217,Unknown actors hijacked two email accounts of Fairfax County Public Schools in December 2022,"Unauthorized actors accessed two email accounts of Fairfax County Public Schools (FCPS) in Virgina on or about 19 December 2022, according to an incident notifiaction filed with the Maryland Attorney General by external counsel on 17 April 2023. According to the data breach notification, there were eight potential victims and the impacted email accounts contained personally identifiable information, including certain mental or physical health information relied on by FCPS teachers to address specific educational needs of students. The attack was detected shortly after the incident, but the investigation has not been able to determin which personal data had been accessed.",2022-12-19,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Fairfax County Public Schools,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15613,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/va-fairfax-county-public-schools-breach-exposed-sensitve-student-information/; https://www.marylandattorneygeneral.gov/ID%20Theft%20Breach%20Notices/2023/ITU-367546.pdf; https://www.marylandattorneygeneral.gov/ID%20Theft%20Breach%20Notices/2023/ITU-367546.pdf,2023-05-09,2023-12-29
2220,Unknown actors attacked German drug discovery and development company Evotec in April 2023,"German drug discovery and development company Evotec detected an intrusion of its systems on 6 April 2023. In response to the discovery, the company took down all IT systems, reportedly without reprcussions for business continuity. Evotec has not further elaborated on the scope of the incident or whether it involved data theft. In May, the company had to leave the German stock index MDax, due to its inability to publish its annual report in time as a result of its systems being offline. A readmittance ot the index is likely following the submission of the report, which is expected for mid-May. ",2023-04-06,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Evotec,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,15611,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,10.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,> 10 Mio - 100 Mio,25000000.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://amp2-handelsblatt-com.cdn.ampproject.org/c/s/amp2.handelsblatt.com/technik/biotechnologiefirma-nach-cyberangriff-evotec-verlaesst-mdax-wegen-fristverletzung/29133970.html; https://twitter.com/Dennis_Kipker/status/1655535727298461696; https://www.evotec.com/en/investor-relations/news/p/evotec-se-provides-update-on-cyber-attack-6276; https://therecord.media/ransomware-attack-kaiserslautern-university-applied-sciences-germany; https://www.evotec.com/en/investor-relations/news/p/evotec-provides-update-on-financial-impact-of-cyber-attack-6314; https://www.evotec.com/en/investor-relations/news/p/ceo-letter-researchneverstops-cannot-be-stopped-by-cyber-attacks-6277; https://www.n-tv.de/wirtschaft/der_boersen_tag/Evotec-erleidet-nach-Cyber-Angriff-Gewinneinbruch-article24896684.html; https://www.zonebourse.com/cours/action/EVOTEC-SE-436047/actualite/Evotec-veut-retrouver-une-croissance-rentable-en-2024-46510314/,2023-05-09,2023-12-29
2219,BianLian ransomware group stole and published internal company data from the German auto spare parts manufacturer Bilstein Group in April 2023,"The BianLian ransomware group apparently stole and published 60 GB of internal corporate data from German automotive spare parts manufacturer Bilstein Group in late April 2023.
Bilstein disclosed having suffered a network intrusion but did not convey any further information. Leaked information includes personnel, accounting, and financial data. According to reporting by the cybersecurity company redacted from March 2023, BianLian has shifted away from a double-extorion approach, refraining from encrypting and focusing on exfiltrating victim data.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Bilstein Group,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,BianLian Ransomware Group,Not available,Non-state-group,Criminal(s),1,11068,2023-04-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BianLian Ransomware Group,Not available,Not available,BianLian Ransomware Group,Not available,Non-state-group,"https://www.csoonline.com/de/a/deutscher-autoersatzteilespezialist-bilstein-gehackt,3680894",Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://twitter.com/Dennis_Kipker/status/1654466958413144070; https://www.csoonline.com/de/a/deutscher-autoersatzteilespezialist-bilstein-gehackt,3680894; https://www.databreaches.net/stopransomware-bianlian-ransomware-group/",2023-05-09,2023-10-27
2218,Medusa ransomware group targeted Italian water supplier in April 2023,"The Medusa ransomware group targeted an Italian water supplier in the southern region of Campania. The government-run company Alto Calore Servizi SpA, which handles fresh water supply and sewage management for 500,000 people in 125 municiplities across South Italy, declared disruption of operations involving their database on 28 April 2023. The affected data reportedly are personal data of costumers and data concering business operations. Medusa claimed it had obtained customer data, contracts, records from board meetings, internal reports, pipe distribution information, and expansion plans. The group announced a seven-day deadline to pay 100,000 USD for the data to be deleted.",2023-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Alto Calore Servizi SpA,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Water,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,15612,2023-05-02 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://therecord.media/italian-water-supplier-ransomware-attack-disruptions-medusa,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/italian-water-supplier-ransomware-attack-disruptions-medusa; https://therecord.media/philippines-state-health-insurer-struggles-with-ransomware; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/paris-wastewater-agency-hit-cyberattack; https://therecord.media/tarrant-county-texas-ransomware-attack-medusa,2023-05-09,2023-12-29
2216,Suspected Russian hackers carried out DDoS attacks against Dutch government websites in early May 2023,"Russian hacktivists of the NoName057(16) group are likely responsible for a series of DDoS attacks against government websites, including the website of the Dutch court system, Rechtspraak.nl, and of the Dutch Senate. Launched on 4 May, this series of attacks seems to be a direct reaction to the state visit of Ukrainian President Volodymyr Zelenskyy. The Council for the Judiciary has announced that it will file a criminal report.",2023-05-04,2023-05-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Dutch Senate - Dutch court system,Netherlands; Netherlands,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system,Legislative - Judiciary,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,15770,2023-05-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/1330; https://t.me/noname05716eng/1334,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/ransomwaremap/status/1654380841210970115; https://t.me/noname05716eng/1330; https://t.me/noname05716eng/1334,2023-05-08,2024-01-04
2215,Pro-Russian hacktivist group NoName057(16) took down the website of the French senate with a DDoS attack on 5 May 2023,The pro-Russian group NoName057(16) took offline the website of the French Senate with a DDoS attack on 5 May 2023.,2023-05-05,2023-05-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,French Senate,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Legislative,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,15771,2023-05-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/1335,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/securityaffairs/status/1654896448813580289; https://twitter.com/securityaffairs/status/1654581971455025153; https://securityaffairs.com/145813/hacktivism/noname-ddos-french-senate.html; https://twitter.com/Senat/status/1654408818934120448?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1654408818934120448%7Ctwgr%5E737d6295b6fc2f071fac280f32ec19a6230442e3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F145813%2Fhacktivism%2Fnoname-ddos-french-senate.html; https://t.me/noname05716eng/1335; https://twitter.com/securityaffairs/status/1655500687919263747,2023-05-08,2024-01-04
2214,Unknown threat actor accessed protected health information at New York urology clinic in early 2023,"On or about 1 February 2023, activities that gained unknown actors access to data of 56,000 patients on the network environment of New York health clinic University Urology (UU) were detected. The infiltrating actors were in a position to obtain full names, addresses, birthdates, credentials including password and/or security questions, billing details, as well as medical conditions and treatments, test results, and prespecitpion information of patients. ",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,University Urology,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,15894,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://socradar.io/cyber-attackers-continue-threatening-education-and-healthcare-organizations/; https://www.universityurology.com/data-incident/,2023-05-08,2024-01-06
2213,Murfreesboro Medical Clinic suffered data breach during ransomware attack on 22 April 2023,"The Murfreesboro Medical Clinic (USA) sustained a data breach during a ransomware attack on 22 April 2023. The attack appears to have been conducted by the ransomware gang BianLian, which claimed to have obtained over 250 GB of files. Affiliated walk-in clinics remained closed during 4-8 May. Non-emergency surgeries, gastroenterology procedures were cancelled for five days. Laboratory and radiology services remained unavailable one week after the clinic network had initiated its public incident response on 2 May.

",2023-04-22,2023-04-22,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Murfreesboro Medical Clinic ,United States,NATO; NORTHAM,Critical infrastructure,Health,BianLian Ransomware Group,Not available,Non-state-group,Criminal(s),1,15895,2023-05-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BianLian Ransomware Group,Not available,United States,BianLian Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/murfreesboro-medical-clinic-reopens-some-but-not-all-services-attack-appears-to-be-work-of-bianlian/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-04-22 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/murfreesboro-medical-clinic-reopens-some-but-not-all-services-attack-appears-to-be-work-of-bianlian/; https://www.mmclinic.com/www/blog/viewpost/276/important-update; https://www.databreaches.net/murfreesboro-medical-clinic-surgicenter-ransomware-attack-affected-559000-patients/; https://www.govinfosecurity.com/tennessee-clinic-april-bianlian-attack-affected-559000-a-22462; https://www.mmclinic.com/www/download/213.2151,2023-05-08,2024-01-07
2212,Unknown actors compromised personal information of Rochester Public School employees in Minnesota in a ransomware attack on 6 April 2023,"Unknown actors compromised personal information of some former and current employees of Rochester Public Schools in Minnesota in a ransomware attack on 6 April 2023, the school confirmed on 4 May 2023. As a result of the attack, classes had to be suspended for one day to isolate affected systems after the incident had been discovered.",2023-04-06,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Rochester Public Schools (RPS),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15896,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/UK_Daniel_Card/status/1654593515177799681; https://www.rochesterschools.org/about-us/news/news-story/~board/district-homepage-news/post/important-technology-update; https://www.rochesterschools.org/about-us/news/news-story/~board/district-homepage-news/post/important-technology-update,2023-05-08,2024-01-07
2211,San Bernardino County Sheriffs Departement was targeted with ransomware on 7 April 2023,"The San Bernardino County Sheriffs Departement was targeted in a ransomware attack on 7 April 2023. The office confirmed it had paid 1.1 million USD to the attackers. Impacted systems included email, in-car computers, and certain law enforcement databases but no data breach or corruption has been recorded.",2023-04-07,2023-04-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,San Bernardino County Sheriffs Departement (USA),United States,NATO; NORTHAM,State institutions / political system,Police,Not available,Eastern Europe,Unknown - not attributed,,1,10102,2023-05-06 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,Not available,Not available,United States,Not available,Eastern Europe,Unknown - not attributed,"https://www.latimes.com/california/story/2023-05-06/hackers-targeted-a-california-sheriffs-department-should-they-have-paid-the-ransom#:~:text=San%20Bernardino%20County%20Sheriff's%20Department%20deputies%20attend%20a%20briefing%20in,million%20ransom%2C%20a%20spokesperson%20said.",Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,7.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,0.0,dollar,Not available,Sovereignty,,Not available,1,2023-04-08 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://securityaffairs.com/145892/cyber-crime/san-bernardino-county-sheriff-paid-ransom.html; https://twitter.com/matthew_d_green/status/1654902500330274820; https://www.foxnews.com/us/southern-california-county-pays-1-1m-fix-sheriffs-department-cyberattack; https://www.databreaches.net/san-bernardino-county-pays-1-1m-ransom-after-cyberattack-disrupts-sheriffs-department-systems/; https://twitter.com/vmyths/status/1654966725224329219; https://www.sbsun.com/2023/04/08/fbi-investigating-electronic-network-disruption-at-san-bernardino-county-sheriffs-department/; https://www.latimes.com/california/story/2023-05-06/hackers-targeted-a-california-sheriffs-department-should-they-have-paid-the-ransom#:~:text=San%20Bernardino%20County%20Sheriff's%20Department%20deputies%20attend%20a%20briefing%20in,million%20ransom%2C%20a%20spokesperson%20said.; https://twitter.com/securityaffairs/status/1655469886603231233; https://www.databreaches.net/san-bernardino-sheriffs-department-update-cant-rule-out-that-pii-and-phi-were-accessed-in-ransomware-attack/; https://therecord.media/hayward-california-shuts-down-municipal-sites-cyberattack; https://therecord.media/coastal-mississippi-county-recovering-from-ransomware-attack-digital-hurricane; https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit; https://therecord.media/san-bernardino-housing-authority-cyberattack; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/",2023-05-08,2023-07-04
2204,AvosLocker ransomware group disrupted Bluefield University IT systems and hijacked the emergency alert system starting 30 April 2023,"The AvosLocker ransomware group disrupted the IT systems of Bluefield University in Bluefield, Virginia, on 30 April 2023 causing examinations for the student body of 1,000 to be postponed by one day. One day after the university disclosed this incident, on 1 May, the group then hijacked Bluefield University's emergency broadcast system, ""RamAlert,"" to send students and staff text messages and email alerts claiming that the group had obtained 1.2 TB of data, including admission files, that would soon be released.
On 7 May 2023, the Avos Locker ransomware group began leaking data and continued to claim access to computer systems other than RamAlert's. The leaked data included student transcripts and employee W-2 data.
On 12 May 2023, it appeared that the Avos Locker ransomware group continued to have access to Bluefield University computer systems. As evidence, on 11 May 2023, the ransomware group initially sent to infosec.exchange an internal email from the Executive Assistant to the University President dated the same day, inviting all personnel to prayer at 1:00 PM. In addition to the leaked information already mentioned above, the ransomware group apparently accessed Social Security numbers, financial information and VTAG applications of the students. ",2023-04-30,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Bluefield University,United States,NATO; NORTHAM,Critical infrastructure; Education,Research; ,AvosLocker,Not available,Non-state-group,Criminal(s),1,15903,2023-05-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,AvosLocker,Not available,Not available,AvosLocker,Not available,Non-state-group,https://www.wvva.com/2023/05/01/ransomware-cyberattack-continues-bluefield-university/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cybereason/status/1654179923148324870; https://twitter.com/InfoSecSherpa/status/1653901937274699776; https://www.bleepingcomputer.com/news/security/ransomware-gang-hijacks-university-alert-system-to-issue-threats/; https://therecord.media/bluefield-university-virginia-hacked-warns-students-ramalert; https://www.wvva.com/2023/05/01/ransomware-cyberattack-continues-bluefield-university/; https://www.bluefield.edu/bu-cyberattack-updates/; https://www.bluefield.edu/bu-cyberattack-updates/; https://www.databreaches.net/avos-locker-starts-leaking-student-data-from-bluefield-college-claims-to-still-have-access/; https://socradar.io/cyber-attackers-continue-threatening-education-and-healthcare-organizations/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-5th-2023-targeting-the-public-sector/; https://www.databreaches.net/bluefield-university-cyberattack-affects-employees-students-and-some-students-parents/; https://twitter.com/UK_Daniel_Card/status/1658127311898652675; https://therecord.media/decryptor-released-for-akira-ransomware-avast; https://therecord.media/yamaha-confirms-cyberattack-after-multiple-ransomware-gangs-claim; https://therecord.media/akira-ransomware-early-victims-conti-links; https://www.bleepingcomputer.com/news/security/university-of-sydney-data-breach-impacts-recent-applicants/; https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack; https://therecord.media/stanford-investigating-cyberattack-after-ransomware; https://thehackernews.com/2023/12/remote-encryption-attacks-surge-how-one.html; https://therecord.media/akira-ransomware-attacked-hundreds-millions,2023-05-05,2024-04-19
2202,Unknown actors disrupted the Electronic Public Procurement System (SECOP II) of the National Public Procurement Agency of Colombia 2 May 2023,"Unknown actors disrupted the Electronic Public Procurement System (SECOP II) of the National Public Procurement Agency of Colombia for 34 hours from 2 to 3 May 2023, as disclosed by the responsible agency itself in a public statement.",2023-05-02,2023-05-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,National Public Procurement Agency of Colombia,Colombia,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,15905,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-05-03 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Colombia,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1654203297681514497; https://www.colombiacompra.gov.co/sites/cce_public/files/files_2020/comunicado_caida_del_secop_revisado_-_version_final_.pdf; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-38/,2023-05-05,2024-01-07
2203,Pro-Iranian hacking group ALtahrea Team took down the website of Israel's Airport Authority on 19 April 2022,"The pro-Iranian hacking group ALtahrea Team disrupted the website of Israel's Airport Authority on 19 April 2022, the hacker group announced. The hacker group conducted this operation alongside several others targeting Israel on the same day.",2022-04-19,2022-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,Israel Airports Authority,Israel,ASIA; MENA; MEA,State institutions / political system,Civil service / administration,Altahrea Team,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),1,15904,2023-04-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Altahrea Team,Not available,"Iran, Islamic Republic of",Altahrea Team,"Iran, Islamic Republic of",Non-state-group,https://www.timesofisrael.com/airports-authority-website-targeted-by-pro-iranian-hackers-in-suspected-cyberattack/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.timesofisrael.com/airports-authority-website-targeted-by-pro-iranian-hackers-in-suspected-cyberattack/; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf,2023-05-05,2024-01-07
2208,Trigona ransomware group had access to protected health information of patients of diagnostic imaging service provider Unique Imaging since December 2022 ,"The Trigona ransomware group has had access to protected health information of patients of diagnostic imaging service provider Unique Imaging since December 2022, the ransomware group disclosed on its website. 
The cyber incident aggregating news site DataBreaches attempted to contact both Unique Imaging and the ransomware group on 18 April, after the Trigona ransomware group claimed to have hacked Unique Imaging. Unique Imaging refused to comment on two separate occasions. 
The Trigona ransomware group shared with DataBreaches a sample of scanned PDF data that showed prescriptions, clinical results, other protected patient health information, health insurance cards, images of driver’s licenses, and purchase orders. In addition, the ransomware group was able to prove that they had access to the Power Reader Radiology Information System, which is an electronic health record (EHR) system specific to radiology. The ransomware group also claimed that they spoke with Unique Imaging's CEO on the phone on 27 February. The Trigona ransomware group declared that they were abusing their continuing access to send infected emails impersonating Unique Imaging to Unique Imaging customers and partners. ",2022-12-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,Unique Imaging,United States,NATO; NORTHAM,Critical infrastructure,Health,Trigona Ransomware Group,Not available,Non-state-group,Criminal(s),1,15899,2023-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Trigona Ransomware Group,Not available,Not available,Trigona Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/unwelcome-guest-trigona-ransomware-group-claims-theyve-taken-up-residence-in-unique-imagings-network/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/unwelcome-guest-trigona-ransomware-group-claims-theyve-taken-up-residence-in-unique-imagings-network/; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-trigona,2023-05-05,2024-01-07
2205,Royal Ransomware group claimed to have stolen personal data during Lake Dallas Independent School District hack in April 2023,"The Royal Ransomware group claimed to have stolen a considerable amount of personal data during the Lake Dallas Independent School District hack on 18 April 2023. Based on a notification of the school district to the Texas Attorney General’s Office  from 4 May 2023, 21,982 Texas residents were affected by a breach. Exfiltrated data included personal information such as adresses, social security numbers, driver’s license numbers, government-issued ID numbers, certain financial information (such as account number, credit or debit card number), medical information, and health insurance information. No data has been leaked so far. ",2023-04-18,2023-04-18,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Lake Dallas Independent School District,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Royal Ransomware Group,Not available,Non-state-group,Criminal(s),1,15902,2023-04-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Royal Ransomware Group,Not available,Not available,Royal Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/lake-dallas-independent-school-district-notifies-21982-texans-of-breach/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/lake-dallas-independent-school-district-notifies-21982-texans-of-breach/; https://twitter.com/lorenzofb/status/1654113888021929986; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/; https://twitter.com/InfoSecSherpa/status/1662123534179524609,2023-05-05,2024-01-07
2207,Royal Ransomware group reportedly attacked Clarke County Hospital in Iowa in April 2023 ,The Royal Ransomware group reportedly attacked Clarke County Hospital in Iowa on 20 April 2023 and has started to disclose data via a leak site. The data allegedly comprises personal information and videos of staff and patients. The hospital did not immediately confirm the incident.,2023-04-20,2023-04-20,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,Clarke County Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,Royal Ransomware Group,Not available,Non-state-group,Criminal(s),1,15900,2023-04-20 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Royal Ransomware Group,Not available,Not available,Royal Ransomware Group,Not available,Non-state-group,https://twitter.com/FalconFeedsio/status/1650401688879091713,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/GossiTheDog/status/1654141991838416897; https://twitter.com/FalconFeedsio/status/1650401688879091713,2023-05-05,2024-01-07
2209,Unknown actors disrupted the website of the Swedish Parliament on 2 May 2023,"Unknown actors disrupted the website of the Swedish Parliament on 2 May 2023, a parliamentary spokesperson confirmed the following day. Sweden's Prime Minister Ulf Kristersson was slated to meet Ukrainian President Volodymyr Zelenskiy one day after in Finland's capital alongside fellow Nordic heads of government.",2023-05-02,2023-05-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Swedish Parliament (Riksdag),Sweden,EUROPE; EU(MS); NORTHEU,State institutions / political system,Legislative,Not available,Not available,Not available,,1,15898,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,1,2023-05-03 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Sweden,Spokesperson Swedish Parliament,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Dennis_Kipker/status/1654088390516547585; https://www.reuters.com/world/europe/swedens-parliament-hit-by-cyber-attack-2023-05-03/,2023-05-05,2024-01-07
2210,"North Korean state-sponsored hacking group Kimsuky targeted the staff of consulting firm Korea Risk Group (KRG) and other organizations in the United States, Europe and Asia since December 2022","The North Korean state-sponsored hacking group Kimsuky has targeted personnel at the consulting firm Korea Risk Group (KRG) and other organizations in the United States, Europe and Asia since December 2022, US-based IT security firm SentinelOne reported.
The other organizations included governments, research universities, and think tanks. 
The North Korean hacking group used the ReconShark malware component, a newer variant of BabyShark. 
The goal of the operations was to identify organizations of interest for further compromise.",2022-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Korea Risk Group (KRG) - Not available - Not available - Not available,"Korea, Republic of; Asia (region); Europe (region); United States",ASIA; SCS; NEA -  -  - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Science - State institutions / political system; Science - State institutions / political system; Science, - Government / ministries;  - Government / ministries;  - Government / ministries; ,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,15897,2023-05-04 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,SentinelOne,SentinelOne Labs,United States,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,"; Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/kimsuky-hackers-use-new-recon-tool-to-find-security-gaps/; https://twitter.com/SentinelOne/status/1654125372571779080; https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/; https://twitter.com/cyb3rops/status/1654229569384202243; https://twitter.com/TomHegel/status/1654153276521082882; https://twitter.com/securityaffairs/status/1654896483110354944; https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html; https://twitter.com/securityaffairs/status/1654584114593316865; https://securityaffairs.com/145781/apt/kimsuky-reconshark-recon-tool.html; https://twitter.com/securityaffairs/status/1654468337215184896; https://twitter.com/DarkReading/status/1655592450432352257; https://twitter.com/Dinosn/status/1655580518681804802; https://www.darkreading.com/attacks-breaches/north-korean-apt-uses-malicious-microsoft-onedrive-links-to-drop-new-malware; https://twitter.com/DarkReading/status/1655716963216248835; https://twitter.com/securityaffairs/status/1655500836649291776; https://twitter.com/780thC/status/1661326518146985988; https://twitter.com/SentinelOne/status/1661427710252711936; https://www.govinfosecurity.com/north-korean-apt-group-kimsuky-shifting-attack-tactics-a-22159; https://socradar.io/may-2023-cyberwatch-recap-a-month-in-cybersecurity/; https://www.darkreading.com/edge/why-identity-management-key-stopping-apt-cyberattacks; https://www.bleepingcomputer.com/news/security/us-govt-sanctions-north-koreas-kimsuky-hacking-group/; https://cyberscoop.com/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit/,2023-05-05,2024-01-16
2206,Medusa ransomware group gained access to Crown Princess Mary Cancer Centre in Sydney in May 2023 ,"The Medusa ransomware group gained access to Crown Princess Mary Cancer Centre at Westmead Hospital in Sydney, the hospital discovered on 4 May 2023. 
The group stole a cache of more than 10,000 files, which also contained images and documents revealing medical information of patients of one of the hospital's gynecological oncologists. The ransom demanded to delete the data was put at 100,000 USD.   ",2023-05-04,2023-05-04,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,,Australia,OC,Critical infrastructure,Health,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,15901,2023-05-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/medusa-ransomware-group-starts-leaking-data-from-crown-princess-mary-cancer-centre-threatens-to-leak-more/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/medusa-ransomware-group-starts-leaking-data-from-crown-princess-mary-cancer-centre-threatens-to-leak-more/; https://twitter.com/Cyberknow20/status/1657515616260227072,2023-05-05,2024-01-07
2198,Dominican Republic Authorities allegedly use Pegasus spyware against Journalist Nuria Piera between 2020 and 2021,"State Authorities in the Dominican Republic allegedly used spyware on the mobile devices of the investigative journalist Nuria Piera between 2020 and 2021. A forensic analysis by Amnesty International found evidence for the use of Pegasus, a spyware sold by the Israeli company NSO, on three separate occasions dating back to 7 July 2020. ",2020-07-20,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse; Data theft; Hijacking with Misuse,,Dominican Republic,,Media,,,Dominican Republic,State,,1,15948,2023-05-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,Amnesty International,Not available,United Kingdom,,Dominican Republic,State,,System / ideology; Other; System / ideology; Other,System/ideology; Other; System/ideology; Other,Dominican Republic (anti-corruption); Dominican Republic (anti-corruption); Dominican Republic (anti-corruption); Dominican Republic (anti-corruption),Yes / HIIK intensity; Yes / HIIK intensity,HIIK 1; HIIK 1,0,,Not available,,Not available,Not available,Yes; Yes,,Drive-By Compromise,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity); For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available; Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity); Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none; none,none; none,4,Moderate - high political importance; Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.theguardian.com/world/2023/may/02/nuria-piera-spyware-target-nso-group,2023-05-04,2024-01-08
2200,Russian state-sponsored hacker group Sandworm used WinRAR to wipe the computers of an unspecified Ukrainian state organization,"The Russian state-sponsored hacker group Sandworm used WinRAR to wipe the computers of an unspecified Ukrainian state organization, the Ukrainian Computer Emergency Response Team (CERT) of Ukraine assessed with moderate confidence. 
The hacker group used the BAT script Roarbat to search for specific filetypes and sought to delete them after archiving them with WinRAR. Specific devices disrupted in this vein include server equipment, automated user workstations and data storage systems.
This cyber incident also resembled the attempted destruction of the networks of the Ukrainian National News Agency Ukrinform in January 2023, the Ukrainian CERT added. 

",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15906,2023-04-29 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://cert.gov.ua/article/4501891,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-04-29 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Not available,Data Destruction,Not available,True,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Sovereignty,Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/hackerfantastic/status/1653862895577432068; https://www.govinfosecurity.com/winrar-weaponized-for-attacks-on-ukrainian-public-sector-a-21965; https://www.bleepingcomputer.com/news/security/russian-hackers-use-winrar-to-wipe-ukraine-state-agencys-data/; https://twitter.com/ciaranmartinoxf/status/1653748945649016832; https://twitter.com/SSSCIP/status/1653748600411676672; https://cert.gov.ua/article/4501891; https://twitter.com/securityaffairs/status/1654201825715802148; https://socradar.io/sandworm-attackers-use-winrar-to-wipe-data-from-government-devices/; https://twitter.com/Cyber_O51NT/status/1653924304915148802; https://twitter.com/Dinosn/status/1654014232445198336; https://securityaffairs.com/145731/cyber-warfare-2/sandworm-apt-winrar-destructive-attacks.html; https://twitter.com/securityaffairs/status/1654074007052861440; https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html; https://www.cybersecasia.net/news/apt-activities-from-china-n-korea-iran-and-russia; https://www.hackread.com/winrar-software-update-0-day-vulnerability/,2023-05-04,2024-01-07
2197,Royal Ransomware Group disrupted a number of servers of the City of Dallas on 3 May 2023,"The Royal Ransomware Group disrupted a number of servers of the City of Dallas on 3 May 2023.
The website as well as the computer-assisted dispatch system (CAD) of the Dallas Police Department were disrupted.  
The Royal Ransomware group claimed responsibility for the ransomware attack in their ransom note and threatened to disclose sensitive information.
After a mass shooting at a mall in Allen, Texas, on 6 May, the Dallas police told local outlets that the computer disruption hindered efforts to quickly find information about the suspect, who was believed to be from Dallas. 
On 21 September, the City of Dallas, the Department of Information & Technology Services (ITS) and Risk Management, Security, and Compliance Services released an after-action report (AAR) on the May 2023 ransomware attack on the City of Dallas. The report states that the ransomware group had access to the City of Dallas network since 7 April 2023 and began data exfiltration until it finally encrypted the compromised computers on 3 May 2023. In total, the ransomware group stole 1,169 TB of data, including personal and health information of 30,253 citizens. The city spent USD 8.5 million on computer-based interdiction, mitigation, recovery and restoration. ",2023-04-07,2023-05-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,None - None,United States; United States,NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - State institutions / political system,Civil service / administration - Police,,Not available,Non-state-group,Criminal(s),1,15955,2023-05-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Royal Ransomware Group,Not available,Not available,,Not available,Non-state-group,https://www.cbsnews.com/texas/news/possible-cyber-attack-hampering-dallas-police-operations/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,=< 10 Mio,8500000.0,dollar,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-05-03 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/snlyngaas/status/1653867626253131776; https://twitter.com/InfoSecSherpa/status/1653863721985351680; https://therecord.media/dallas-confirms-ransomware-attack-affecting-police-website; https://www.cbsnews.com/texas/news/possible-cyber-attack-hampering-dallas-police-operations/; https://www.darkreading.com/attacks-breaches/dallas-city-systems-taken-down-by-royal-ransomware; https://twitter.com/DigitalPeaceNow/status/1654221862807937024; https://www.bleepingcomputer.com/news/security/city-of-dallas-hit-by-royal-ransomware-attack-impacting-it-services/; https://www.databreaches.net/city-of-dallas-impacted-by-ransomware-attack/; https://abcnews.go.com/Technology/wireStory/ransomware-attack-affects-dallas-police-court-websites-99063045; https://www.independent.co.uk/news/ransomware-ap-dallas-city-hall-police-department-b2332082.html; https://twitter.com/hackerfantastic/status/1654182688704659456; https://twitter.com/vxunderground/status/1653931052912525313; https://twitter.com/vmyths/status/1653966592886165504; https://securityaffairs.com/145723/cyber-crime/city-of-dallas-ransomware-attack.html; https://www.foxnews.com/us/dallas-police-department-city-hall-hit-ransomware-attack; https://twitter.com/lorenzofb/status/1654107864355536900; https://twitter.com/Dinosn/status/1654099649907638272; https://twitter.com/securityaffairs/status/1654034916139515905; https://twitter.com/Dinosn/status/1653989848779243521; https://twitter.com/GossiTheDog/status/1654141514019209216; https://twitter.com/Dinosn/status/1654688920565690368; https://www.dallascitynews.net/city-of-dallas-statement-on-network-outage; https://www.dallascitynews.net/city-of-dallas-statement-on-network-outage; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-5th-2023-targeting-the-public-sector/; https://twitter.com/BlackBerrySpark/status/1654527636352258048; https://twitter.com/PhillipWylie/status/1654639000613801986; https://twitter.com/DarkReading/status/1654244645294014465; https://twitter.com/PhillipWylie/status/1654320240556212224; https://www.independent.co.uk/news/world/americas/crime/texas-shooting-allen-brownsville-car-crash-b2334946.html; https://twitter.com/CyberScoopNews/status/1655635274167205889; https://twitter.com/DigitalPeaceNow/status/1655580815445639172; https://therecord.media/dallas-ransomware-attack-courts-fire-police; https://www.databreaches.net/city-of-dallas-update-on-ransomware-attack-recovery-efforts/; https://unit42.paloaltonetworks.com/royal-ransomware/; https://twitter.com/ciaranmartinoxf/status/1655528207607648259; https://twitter.com/GossiTheDog/status/1655462994476769280; https://twitter.com/GossiTheDog/status/1655461958768787458; https://cyberscoop.com/ranking-ransomware-gangs-malware/; https://twitter.com/CyberScoopNews/status/1656304058813104129; https://www.independent.co.uk/news/world/americas/crime/tragedy-in-allen-texas-brownsville-dallas-mall-b2336258.html; https://twitter.com/ciaranmartinoxf/status/1656766218831908864; https://twitter.com/ciaranmartinoxf/status/1656511362338627587; https://twitter.com/DigitalPeaceNow/status/1658208128985616384; https://twitter.com/ddd1ms/status/1658203452466405383; https://therecord.media/dallas-ransomware-attack-will-take-weeks-to-recover; https://twitter.com/Dennis_Kipker/status/1658415781363736576; https://twitter.com/LawyerLiz/status/1659672120371150849; https://twitter.com/cybersecboardrm/status/1660678501731631105; https://twitter.com/InfoSecSherpa/status/1659010795898798083; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/; https://twitter.com/InfoSecSherpa/status/1662123534179524609; https://therecord.media/idaho-hospital-diverting-ambulances-after-cyberattack; https://therecord.media/dallas-courts-resume-services-after-ransomware-attack; https://securityaffairs.com/147002/cyber-crime/blacksuit-similar-royal-ransomware.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-2nd-2023-whodunit/; https://www.darkreading.com/ics-ot/city-of-dallas-clawing-back-to-recovery-following-cyber-incident; https://therecord.media/fayetteville-arkansas-dealing-with-debilitating-cyber-incident; https://therecord.media/delaware-county-struggling-cyberattack; https://therecord.media/coastal-mississippi-county-recovering-from-ransomware-attack-digital-hurricane; https://therecord.media/cyberattacks-on-governments-way-up; https://therecord.media/dhs-grants-millions-to-local-governments; https://therecord.media/illinois-hospital-notifies-patients-employees-of-cyber-incident; https://www.bleepingcomputer.com/news/security/dallas-says-royal-ransomware-breached-its-network-using-stolen-account/; https://securityaffairs.com/151264/data-breach/city-of-dallas-royal-ransomware-attack-may.html; https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html; https://therecord.media/dallas-ransomware-gang-report; https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf; https://www.bleepingcomputer.com/news/security/ransomware-isnt-going-away-the-problem-is-only-getting-worse/; https://therecord.media/dallas-county-play-ransomware-incident; https://therecord.media/cisa-fbi-warn-royal-ransomware-gang-rebrands-blacksuit; https://therecord.media/dallas-county-reviewing-stolen-data-ransomware; https://therecord.media/trinidad-and-tobago-government-agency-hit-with-post-christmas-cyberattack; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/; https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline; https://dallasinnovates.com/dallas-guards-against-ai-attacks-on-infrastructure-with-new-cybersecurity-platform/,2023-05-04,2024-01-08
2199,"Earth Longzhi subgroup of the Chinese state-sponsored hacking group APT41 gained access to computer systems of various organizations in Taiwan, Thailand, the Philippines, and Fiji","The Earth Longzhi subgroup of the Chinese state-sponsored hacking group APT41 gained access to computer systems of various organizations in Taiwan, Thailand, the Philippines, and Fiji, according to a technical report of Japanese IT security company Trend Micro.
The targeted organizations concern the government, healthcare, technology, and manufacturing sectors. 
Noteworthy are two techniques in connection with the incident that have been observed for the first time in the wild. The first technique is called stack rumbling and is a type of Denial-of-Service (DoS) and causes a targeted application to crash upon launching. With the second tool, dwm.exe, the hackers managed to register the respective payload with the highest privilege level immediately. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - None - Not available - None,Philippines; Thailand; Taiwan; Fiji,ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS - OC,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Health;  - Government / ministries; Health;  - Government / ministries; Health;  - Government / ministries; Health; ; Government / ministries; Health; ,,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15907,2023-05-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,Japan,,China,"Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en%5Fus/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,4.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/05/chinese-hacker-group-earth-longzhi.html; https://www.trendmicro.com/en%5Fus/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html; https://twitter.com/Dinosn/status/1653817861637304328; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/stepping-ahead-of-risk-trend-micro-2023-midyear-cybersecurity-threat-report; https://www.darkreading.com/attacks-breaches/-apt-attacks-from-earth-estries-hit-govt-tech-with-custom-malware,2023-05-04,2024-01-07
2195,North Korean state-sponsored hacker group ScarCruft used RokRAT malware against unspecified Korean-speaking individuals beginning in July 2022,"North Korean state-sponsored hacker group ScarCruft started using oversized LNK files to deliver RokRAT malware against unspecified Korean-speaking individuals beginning in early July 2022, according to technical reports of Israeli IT security company Check Point Research and South Korean security firm Ahnlab.
In addition to the use of RokRAT, the threat actors deployed GOLDBACKDOOR and the commercial RAT Amadey, in a potential effort to disguise their motivation.",2022-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,End user(s) / specially protected groups,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,15958; 15959,2023-05-01 00:00:00; 2023-04-26 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Check Point Research; AhnLab,Check Point ; ,"Israel; Korea, Republic of",APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067; APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/en/51751/; https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/securityaffairs/status/1653488823953764352; https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html; https://securityaffairs.com/145622/apt/scarcruft-apt-new-infection-chains.html; https://www.darkreading.com/attacks-breaches/north-korean-apt-gets-around-macro-blocking-with-lnk-switch-up; https://twitter.com/Dinosn/status/1653356225919172609; https://twitter.com/780thC/status/1653351282101432325; https://twitter.com/securityaffairs/status/1653327831206703105; https://asec.ahnlab.com/en/51751/; https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/; https://twitter.com/securityaffairs/status/1653837626707681309; https://thehackernews.com/2023/06/n-korean-scarcruft-hackers-exploit.html; https://twitter.com/Dinosn/status/1664209241169707008,2023-05-03,2024-01-08
2194,An unknown actor had access to the personal information of hundreds of T-Mobile customers beginning in late February 2023,"An unknown actor had access to the personal information of hundreds of T-Mobile customers from late February to March 2023. The data breach affected 836 individuals. Information of customers variably included their name, contact information, account number and associated phone numbers, account PIN, social security number, government ID, date of birth, balance due, and the number of lines. Personal financial account information and call records were not affected. The incident marks the second data breach in 2023 affecting the company after threat actors exfiltrated personal information of 37 million active customer accounts in January.",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,T-Mobile,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Telecommunications; Telecommunications,Not available,Not available,Not available,,1,15962,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/securityaffairs/status/1653516390731591686; https://s3.documentcloud.org/documents/23793945/t-mobile-consumer-sample-february-march-data-breach.pdf; https://twitter.com/Dinosn/status/1655445981171687424; https://www.darkreading.com/vulnerabilities-threats/keep-your-organizations-apis-protected-this-holiday-season; https://www.wired.com/story/worst-hacks-2023/; https://securityboulevard.com/2024/01/2024-reflecting-on-a-dynamic-tumultuous-cyber-year/; https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/,2023-05-03,2024-01-08
2196,ALPHV/BlackCat ransomware group gained access to computer systems of US computer hardware manufacturer Western Digital and stole both corporate and customer information as early as 26 March 2023,"The ALPHV/BlackCat ransomware group gained access to the computer systems of US computer hardware manufacturer Western Digital and stole both corporate and customer information at least as of 26 March 2023, Western Digital disclosed on 3 April.
On 13 April, the at that time still unnamed responsible hackers gave TechCrunch an interview about the activities directed against Western Digital. They claimed to have stolen around 10TB of data, including customer information, data stored in PrivateArk and SAP Back Office, and demanded at least an eight-figure ransom. Furthermore, they announced that they were acting for purely financial motives and that if the ransom was not paid, they would be willing to publish the stolen data on the ALPHV/BlackCat ransomware group's website.
Then, on 28 April, ALPHV/BlackCat threatened via their website for the last time that they will disclose the stolen data if Western Digital does not pay the ransom. Cybersecurity analyst Dominic Alvieri reported that the ALPHV/BlackCat disclosed 29 screenshots of emails, documents, videos, and conference calls alleged documenting Western Digital's cyberattack response, in the endeavor to prove that they still had access to Western Digital's computer systems.  ",2023-03-26,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Western Digital,United States,NATO; NORTHAM,Critical infrastructure,Critical Manufacturing,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),2,15957; 15956,2023-04-18 00:00:00; 2023-04-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,BlackCat/ALPHV; Not available,Not available; Not available,Not available; Not available,BlackCat/ALPHV; Not available,Not available; Not available,Non-state-group; Non-state-group,https://techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/; https://twitter.com/AlvieriD/status/1648133899766099974,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-04-03 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/remote-workforce/ransomware-group-trolls-western-digital-threat-hunters-; https://therecord.media/reddit-says-ransomware-post-connected-to-february-incident; https://twitter.com/Cyber_O51NT/status/1653039965276897281; https://twitter.com/Dinosn/status/1653026908492136448; https://www.bleepingcomputer.com/news/security/hackers-leak-images-to-taunt-western-digitals-cyberattack-response/; https://twitter.com/UK_Daniel_Card/status/1652192083833233410; https://twitter.com/vxunderground/status/1652184635139592192; https://twitter.com/Dennis_Kipker/status/1650401289048580098; https://twitter.com/lorenzofb/status/1648326894637416449; https://twitter.com/aselawaid/status/1648223637080768514; https://www.darkreading.com/vulnerabilities-threats/hackers-hold-data-hostage-demanding-8-figure-ransom-payment; https://twitter.com/aselawaid/status/1647791276358782976; https://arstechnica.com/?p=1928711; https://www.hackread.com/western-digital-security-breach-hackers/; https://www.wired.com/story/discord-leak-us-intel-security-roundup/; https://www.malwarebytes.com/blog/news/2023/04/a-week-in-security-april-3-9; https://securityaffairs.com/144578/breaking-news/security-affairs-newsletter-round-414-by-pierluigi-paganini.html; https://www.bleepingcomputer.com/news/technology/western-digital-struggles-to-fix-massive-my-cloud-outage-offers-workaround/; https://www.elmundo.es/tecnologia/2023/04/04/642b75f021efa0fa398b458f.html; https://www.databreaches.net/western-digital-says-hackers-stole-data-in-network-security-breach/; https://therecord.media/western-digital-cyberattack-data-breach; https://securityaffairs.com/144393/hacking/western-digital-security-breach.html; https://thehackernews.com/2023/04/western-digital-hit-by-network-security.html; https://www.govinfosecurity.com/western-digital-discloses-breach-day-after-my-cloud-outage-a-21606; https://twitter.com/AlvieriD/status/1652173436888784896?cxt=HHwWgIC90Ze%5F2e0tAAAA; https://twitter.com/AlvieriD/status/1648133899766099974; https://techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/; https://www.businesswire.com/news/home/20230402005076/en/Western-Digital-Provides-Information-on-Network-Security-Incident; https://www.bleepingcomputer.com/news/security/western-digital-says-hackers-stole-customer-data-in-march-cyberattack/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-5th-2023-targeting-the-public-sector/; https://twitter.com/vxunderground/status/1654869247636688897; https://twitter.com/lorenzofb/status/1655588766218612736; https://twitter.com/DarkReading/status/1655647168508616711; https://twitter.com/securityaffairs/status/1655652442967515136; https://therecord.media/western-digital-stolen-data-hackers; https://www.darkreading.com/attacks-breaches/western-digital-confirms-its-customer-data-lifted-by-blackcat; https://twitter.com/Dinosn/status/1655587287466483716; https://www.westerndigital.com/company/newsroom/press-releases/2023/2023-05-05-western-digital-provides-update-on-network-security-incident; https://thehackernews.com/2023/05/western-digital-confirms-customer-data.html; https://twitter.com/securityaffairs/status/1655564130550525952; https://securityaffairs.com/145922/data-breach/western-digital-data-breach.html; https://securityaffairs.com/147591/data-breach/reddit-files-blackcat-alphv-ransomware.html; https://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/; https://therecord.media/two-new-vulnerabilities-found-in-baseboard-software; https://www.bleepingcomputer.com/news/security/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack/; https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html; https://securityaffairs.com/151748/cyber-crime/mclaren-health-care-blackcat-ransomware.html; https://securityaffairs.com/151732/cyber-crime/alphv-ransomware-motel-one.html; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/blackcat-ransomware-uses-new-munchkin-linux-vm-in-stealthy-attacks/; https://securityaffairs.com/156124/breaking-news/alphv-blackcat-ransomware-group-seizure.html; https://securityaffairs.com/159238/cyber-crime/us-gov-reward-alphv-blackcat-gang.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2023-05-03,2024-01-08
2191,Unknown actors stole cryptocurrencies from individuals with AT&T email addresses,"Unknown actors have been stealing cryptocurrencies from individuals with AT&T email addresses for apparently several months, according to a report by TechCrunch.
TechCrunch was contacted by an anonymous source in early April who claimed that unknown hackers had access to the internal networks of the US telecommunications company AT&T. Through this they could create mail keys for any user. Mail keys are unique credentials that AT&T email users can use to log into their accounts without having to enter their passwords. The hackers then reset passwords of individuals on their cryptocurrency exchanges and transferred funds from compromised accounts. A spokesperson for A&T declared that there ""was no intrusion into any system for this exploit."" Instead, the ""bad actors used an API access"".
The informant told TechCrunch that the hackers have made away with $15 to $20 million. These claims have not been independently verified. One victim confirmed that $134,000 was stolen from their Coinbase account. Another victim announced that they were already attacked several times going back to November 2022. ",2022-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Hijacking with Misuse,Not available - Not available,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - End user(s) / specially protected groups,Telecommunications - ,,Not available,Not available,,1,15968,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,> 10 Mio - 100 Mio,15000000.0,dollar,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/?guccounter=2; https://twitter.com/securityaffairs/status/1652766053066211330; https://securityaffairs.com/145508/hacking/att-email-accounts-hacked.html; https://twitter.com/securityaffairs/status/1653162068009267204,2023-05-02,2024-02-02
2192,Iranian Law enforcement FARAJA used spyware on Iranian individuals from minority groups since March 2020,"The Law Enforcement Command of the Islamic Republic of Iran (FARAJA) allegedly has infected more than 300 deviceswith the spyware ""BouldSpy"" since March 2020, including those belonging to members of minority groups. Devices of affected individuals are suspected to have been compromised through physical access, when victims had been detained, arrested or passed government checkpoints. According to the cybersecurity company Lookout, the android spyware enabled authorities to access personal information and monitor personal communication on compromised devices. Targeted devices belonged to Iranian Kurds, Baluchis, Azeris or possibly members of other minority groups but also individuals possibly involved with illegal trafficking of alcohol, arms, and drugs. Lookout observed most of the spyware activity around late 2022 during the widespread ""women, life, freedom"" protests in Iran. ",2020-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,"Iran, Islamic Republic of",ASIA; MENA; MEA,Social groups; Social groups,Ethnic; Criminal,Law Enforcement Command of the Islamic Republic of Iran (FARAJA),"Iran, Islamic Republic of",State,,1,15967,2023-04-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Lookout,Lookout,United States,Law Enforcement Command of the Islamic Republic of Iran (FARAJA),"Iran, Islamic Republic of",State,https://www.lookout.com/blog/iranian-spyware-bouldspy,System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",201-500,0.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Human rights,Civic / political rights; Other human rights instruments,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html; https://www.lookout.com/blog/iranian-spyware-bouldspy; https://twitter.com/securityaffairs/status/1653516800653492225; https://twitter.com/unix_root/status/1653369364865769474; https://thehackernews.com/2023/05/bouldspy-android-spyware-iranian.html,2023-05-02,2024-01-08
2193,Akira Ransomware Group encrypted the network of Bridge Community and Technical College in West Virginia on 4 April 2023,"Akira Ransomware Group encrypted the network of Bridge Community and Technical College in West Virginia on 4 April 2023, the ransomware group claimed on 1 May 2023. ",2023-04-04,2023-04-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Bridge Community and Technical College,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,Criminal(s),1,15966,2023-05-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Akira Ransomware Group,Not available,Not available,Akira Ransomware Group/Storm-1567,Not available,Non-state-group,https://twitter.com/%5Fbettercyber%5F/status/1653041247089577985,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/BridgeValleyCTC/status/1643266630456074241; https://wvmetronews.com/2023/04/06/bridgevalley-community-and-technical-college-experiences-malware-data-security-incident/; https://twitter.com/%5Fbettercyber%5F/status/1653041247089577985; https://therecord.media/colleges-schools-suffer-from-ransomware-and-cyberattacks; https://therecord.media/decryptor-released-for-akira-ransomware-avast; https://therecord.media/stanford-investigating-cyberattack-after-ransomware,2023-05-02,2024-01-08
2188,Threat actor using the tradecraft of cybercriminal hacker group FIN7 gained access to the backup and replication servers of US IT company Veeam in late March 2023,"A threat actor using the tradecraft of cybercriminal hacker group FIN7 gained access to Internet-facing servers of undisclosed organizations that were running vulnerable versions of a backup and replication software provided by US IT company Veeam. The cybersecurity company WithSecure reported related intrusions detected during 28 and 29 March 2023.
The technical report assessed with low to medium confidence that the threat actor infilgrated the company and operated via a vulnerability in the backup and replication software (CVE-2023-27532). 
To establish a foothold on the servers and execute further malicious activities, the hackers used the DICELOADER backdoor.",2023-03-28,2023-03-29,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Unknown,,Not available,Not available,Not available,,1,15977,2023-04-26 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,WithSecure,,Finland,Not available,Not available,Not available,https://labs.withsecure.com/publications/fin7-target-veeam-servers,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Dinosn/status/1652339315119124480; https://labs.withsecure.com/publications/fin7-target-veeam-servers; https://www.bleepingcomputer.com/news/security/hackers-target-vulnerable-veeam-backup-servers-exposed-online/,2023-05-02,2024-01-08
2190,Unknown actors conducted ransomware attack against Penncrest School District in the US in May 2023,"On 1 May, the Penncrest School District in Pennsylvania disclosed a suspected ransomware attack against their computer system, which was detected during the preceding weekend. The attack led to disruptions in the district's computer system and network, causing outages to internet connectivity, printers, and telephones. ",2023-04-29,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,,Not available,Not available,,1,15972,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/colleges-schools-suffer-from-ransomware-and-cyberattacks; https://www.facebook.com/PENNCRESTSchoolDistrict; https://www.databreaches.net/penncrest-school-district-dealing-with-ransomware-attack/; https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack,2023-05-02,2024-01-08
2189,Unknown actors attacked Hardenhuish School in the UK using ransomware in April 2023,"Hardenhuish School in Chippenham, UK, was hit by a ransomware attack on the weekend of 22-23 April 2023, as confirmed by the victim in a notice to students. Both the perpetrators and the scope of the data that was possibly compromised remain unknown. The incident took offline the school's website and local server, affecting internet access, printers, and internal telephone systems.",2023-04-22,2023-04-23,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,Hardenhuish School,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,15976,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/another-uk-school-hit-by-ransomware-attack/; https://www.wiltshiretimes.co.uk/news/23484633.hardenhuish-school-cyber-attack-update-hackers-demand-ransom/; https://www.gazetteandherald.co.uk/news/23484633.hardenhuish-school-cyber-attack-update-hackers-demand-ransom/,2023-05-02,2024-01-08
2187,LockBit Ransomware Group claimed responsibility for attack against Italian IRCCS MultiMedica research hospital from 21 April 2023,"The LockBit Ransomware Group claimed responsibility for an attack against the Italian IRCCS MultiMedica research hospital based in Mila, that started on April 21, according to Italian newspaper reporting and the leak site of the hacker group. On 26 April, all outpatient activities, emergency room operations, and the collection of reports in the MultiMedica hospitals in Milan and Sesto San Giovanni were suspended. No details about the amount of ransom demanded or potential data breaches have been published. ",2023-04-21,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Ransomware,IRCCS MultiMedica ,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Health,LockBit,Not available,Non-state-group,Criminal(s),1,9559,2023-04-26 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,LockBit,Not available,Not available,LockBit,Not available,Non-state-group,https://thecyberexpress.com/irccs-multimedica-cyberattack-lockbit-attack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,True,Not available,,Not available,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://thecyberexpress.com/irccs-multimedica-cyberattack-lockbit-attack/; https://twitter.com/ecrime_ch/status/1651457189339447296?s=20; https://milano.corriere.it/notizie/cronaca/23_aprile_25/ospedali-multimedica-e-san-giuseppe-secondo-attacco-hacker-nel-giro-di-4-giorni-visite-sospese-pronto-soccorso-in-tilt-be4c8908-5c83-4157-8408-a36ef6c63xlk.shtml; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/,2023-04-28,2024-01-19
2185,"Iranian APT Charming Kitten (aka APT35 / Mint Sandstorm) compromised unspecified victims in the United States and Europe, Turkey and India with ""BellaCiao"" malware","Iranian APT Charming Kitten (aka APT35 / Mint Sandstorm) compromised unspecified victims in the United States and Europe, Turkey and India with malware called ""BellaCiao"" according to a report by Bitdefender from 26 April 2023. The company did not indicate when the potentially still ongoing campaign was launched. Bitdefender describes the previously unreported malware as ""tailored to suit individual targets and exhibit[ing] a higher level of complexity, evidenced by a unique communication approach with its command-and-control (C2) infrastructure.""",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",,Hijacking without Misuse,Not available - Not available - Not available - Not available,Turkey; India; Europe (region); United States,ASIA; NATO; MEA - ASIA; SASIA; SCO -  - NATO; NORTHAM,Not available - Not available - Not available - Not available, -  -  - ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,9557,2023-04-26 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Bitdefender,,Romania,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/Dinosn/status/1651571556043329537; https://twitter.com/securityaffairs/status/1651507974353874945; https://securityaffairs.com/145354/malware/iran-charming-kitten-bellaciao.html; https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/; https://twitter.com/securityaffairs/status/1652407153355792390; https://twitter.com/securityaffairs/status/1651916298278821889; https://twitter.com/RecordedFuture/status/1652720946317254661; https://therecord.media/iran-apt-charming-kitten-bellaciao-malware-us-europe-asia; https://www.darkreading.com/cloud/bellaciao-showcases-iran-threat-groups-modernizing-malware; https://twitter.com/Dennis_Kipker/status/1653331606432563200; https://thehackernews.com/2023/06/iranian-hackers-charming-kitten-utilize.html; https://therecord.media/iran-ta453-apt42-charming-kitten-espionage-nuclear-security-think-tanks; https://www.darkreading.com/edge/why-identity-management-key-stopping-apt-cyberattacks,2023-04-28,2024-01-19
2184,"Russian APT Nomadic Octopus conducted cyber espionage operation ""Paperbug"" against targets from the public and government sector in Tajikistan since 2020","The Russian-speaking and presumably sponsored cyber espionage group Nomadic Octopus (a.k.a. DustSquad) conducted a large scale surveillance operation in Tajikistan, which mainly targeted government officials, telecommunication providers and public infrastructure since 2020. The operation ""Paperbug"" has been uncovered by Swiss cybersecurity company ""PRODAFT"" in April 2023, publishing a partially redacted/censored version for the wider public, but giving information such as the name of the affected telecommunication company only to law enforcement agencies, according to a disclaimer by PRODAFT. The company describes the operation as highly ""non-exclusive"", given the extensive use of public tools, which, however, made attribution more difficult. ",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Tajikistan; Tajikistan,ASIA; CENTAS; CSTO; SCO - ASIA; CENTAS; CSTO; SCO,Critical infrastructure - State institutions / political system; State institutions / political system,Telecommunications - Government / ministries; Civil service / administration,DustSquad/Nomadic Octopus,Russia,"Non-state actor, state-affiliation suggested",,1,9544,2023-04-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,PRODAFT,,Switzerland,DustSquad/Nomadic Octopus,Russia,"Non-state actor, state-affiliation suggested",https://thehackernews.com/2023/04/paperbug-attack-new-politically.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,Not available,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://thehackernews.com/2023/04/paperbug-attack-new-politically.html; https://www.prodaft.com/resource/detail/paperbug-nomadic-octopus-paperbug-campaign; https://securityaffairs.com/145536/apt/nomadic-octopus-targets-tajikistani-carrier.html; https://twitter.com/securityaffairs/status/1653516847130591232,2023-04-28,2023-04-29
2183,Hacker group PLAY ransomware disrupted the computer systems of the US City of Lowell in April 2023,"A cyber attack disrupted the City of Lowell's municipal computer systems on 24 April 2023. 
The City of Lowell's Management Information Systems (MIS) department became aware of a network disruption affecting a variety of systems on the evening of 24 April. Numerous servers, networks, and phones throughout the city were unavailable as the MIS department proactively focused on protecting city data. According to City Manager Tom Golden, the cyberattack had no impact on the availability of emergency lines.
It remains unclear whether the event was a ransomware incident. Initial assessments suggest no data had been compromised.
With this, the Play ransomware group has continued its operations, targeting several US cities and disrupting key systems. The latest victims targeted by the ransomware group include the city of Dallas in Texas.",2023-04-24,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,City of Lowell (US),United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,PLAY,Not available,Non-state-group,Criminal(s),1,10442,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Not available,PLAY,Not available,Not available,PLAY,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.databreaches.net/cyberattack-disrupts-lowell-city-government-shuts-down-computers/; https://www.cbsnews.com/boston/news/cyberattack-lowell-city-government/; https://twitter.com/cahlberg/status/1654226707639836673; https://twitter.com/ido_cohen2/status/1653883592336973825; https://therecord.media/lowell-massachusetts-city-ransomware-attack-play-cybercrime; https://therecord.media/spain-globalcaja-bank-confirms-ransomware-attack; https://therecord.media/play-ransomware-targets-hundreds; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/,2023-04-28,2023-06-07
2181,Unknown actors conducted a cyber attack against US Truman State University on 21 April 2023,"The public Truman State University in Missouri suffered a cyber attack from an unknown source on 21 April 2023. As a result of the attack, online services for students and classes were not available for several days. In-person teaching was unaffected.",2023-04-21,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Truman State University,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,10735,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/UK_Daniel_Card/status/1651327501514289152; https://therecord.media/colleges-schools-suffer-from-ransomware-and-cyberattacks; https://twitter.com/UK_Daniel_Card/status/1651326105188532226; https://therecord.media/truman-state-university-cyberattack-shut-down,2023-04-27,2023-06-18
2179,Pro-Russian Hacking Group Zarya disrupted Canadian gas pipeline on 25 February 2023,"According to leaked US intelligence documents, Zarya, a suspected spin-off of the pro-Russian hacktivist group Killnet, attacked a Canadian gas pipeline in February 2023.  While the activity did not cause any physical damage, Zarya - in communications with Russia's domestic intelligence service FSB from 15 February - claimed that it could increase valve pressure and trigger emergency shutdowns. Canadian Prime Minister Justin Trudeau appeared to confirm the incident, acknowledging reports about the event and stating “that there was no physical damage to any Canadian energy infrastructure following cyberattacks”. The US intelligence assessment reported that the “F.S.B. officers anticipated a successful operation would cause an explosion at the gas distribution station, and were monitoring Canadian news reports for indications of an explosion”. If executed, the activities would have marked a first, as the US intelligence community has not previously linked disruptive operations against Western critical infrastructure to pro-Russian hacking groups. Based on the intelligence report, the threat actors succeeded in compromising a Canadian IP address at the gas pipeline company on 25 February. Signals intelligence collected on the group showed claims of the attack inflicting significant damage to the company’s profits. The actors retained their presence at least until 27 February, awaiting possible further instructions, although the leaked document concluded that the activities were focused on causing “loss of income for Canadians” and not aimed at physical harm.",2023-02-25,2023-02-27,"Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,Not available,Canada,NATO; NORTHAM,Critical infrastructure,Energy,Zarya,Russia,"Non-state actor, state-affiliation suggested",,1,10029,2023-04-09 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,US Department of Defense (Pentagon),Not available,United States,Zarya,Russia,"Non-state actor, state-affiliation suggested",https://securityaffairs.com/145307/cyber-warfare-2/canadian-gas-pipeline-disruptive-attack.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/145307/cyber-warfare-2/canadian-gas-pipeline-disruptive-attack.html; https://www.nytimes.com/explain/2023/russia-ukraine-war-documents-leak#hacking-canada-pipeline; https://twitter.com/securityaffairs/status/1651285112653217797; https://twitter.com/securityaffairs/status/1651222132670562311; https://twitter.com/Cyber_O51NT/status/1651149983352254465; https://twitter.com/securityaffairs/status/1651147146828079104; https://twitter.com/securityaffairs/status/1651510202905001985,2023-04-27,2023-05-25
2180,APT group Evasive Panda hacked members of International NGOs throughout 2020 and 2021,Suspected state-sponsored APT group Evasive Panda targeted several individuals from China and one from Nigeria with their signature malware. Most of the victims were members of an international NGO based in two Chinese mainland provinces. The malware is suspected to have been deployed via official updates to Tencent's QQ messenger application and gave the attackers access to personal data and communication on victim phones.,2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,Not available,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Advocacy / activists (e.g. human rights organizations),Daggerfly/Evasive Panda/Bronze Highland,China,"Non-state actor, state-affiliation suggested",,1,9539,2023-04-26 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,ESET,Slovakia,Daggerfly/Evasive Panda/Bronze Highland,China,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,8.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Dinosn/status/1651331573109891073; https://therecord.media/china-nonprofit-espionage-eset-evasive-panda-tencent-qq; https://www.bleepingcomputer.com/news/security/tencent-qq-users-hacked-in-mysterious-malware-attack-says-eset/; https://twitter.com/Dinosn/status/1651222763837997056; https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html; https://twitter.com/Cyber_O51NT/status/1651189892188377088; https://twitter.com/ESETresearch/status/1651157764817682432; https://twitter.com/780thC/status/1651179716462669833; https://twitter.com/blackorbird/status/1651432595693993985; https://twitter.com/DarkReading/status/1651678450602635288; https://www.darkreading.com/attacks-breaches/china-evasive-panda-hijacks-software-updates-custom-backdoor; https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/; https://www.cybersecasia.net/newsletter/and-you-thought-self-updating-apps-were-always-safe; https://twitter.com/_r_netsec/status/1653855217518276608,2023-04-27,2024-03-08
2182,Alleged Russian false-flag operation Anonymous Sudan disrupted websites of Israeli targets on 26 April 2023,"The alleged Russian false-flag operation group ""Anonymous Sudan"" conducted a DDoS campaign against the websites of Haifa Port, Israel Ports Development company and Prime Minister Benjamin Netanyahu on 26 April. As a result, the websites were temporarily unavailable. Netanyahu`s Facebook account was also reportedly hijacked by the group. ",2023-04-26,2023-04-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Disruption,"Israel Ports Development & Assets Company - Benjamin Netanyahu (Prime Minister, Israel) - Haifa Port",Israel; Israel; Israel,ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA,Critical infrastructure - State institutions / political system - Critical infrastructure,Transportation - Government / ministries - Transportation,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),1,17308,2023-04-26 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Russia,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Law of the sea; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyber_O51NT/status/1651194329032200192; https://www.darkreading.com/attacks-breaches/anonymous-sudan-claims-responsibility-ddos-attacks-israel; https://twitter.com/DarkReading/status/1651699063262158855; https://www.darkreading.com/attacks-breaches/chatgpt-openai-attributes-regular-outages-ddos-attacks,2023-04-27,2024-02-20
2172,"Pioneer Kitten, an Iran-linked hacking group, gained access to a city's local infrastructure that would be used to record the voting results of the US 2020 election","Pioneer Kitten, an Iran-linked hacking group, gained access to a city's local infrastructure ""that would be used to record the voting results of the US 2020 election"", according to Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) and Army Maj. Gen. William Hartman, the chief of the Cyber National Mission Force (CNMF), at the RSA conference 2023. Two US cybersecurity agencies took actions to protect the election and thwarted the hackers. ",2020-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,United States,NATO; NORTHAM,State institutions / political system,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,12076,2023-04-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Cyber National Mission Force (CNMF) and Cybersecurity and Infrastructure Security Agency (CISA),Not available,United States,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; International power,Iran – USA; Iran – USA,Yes / HIIK intensity,,1,2020-01-01 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),,,,,,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/cisa-cnmf-stopped-iranian-hackers-2020-election; https://www.washingtonpost.com/technology/2023/04/24/election-2020-iran-hacking/; https://twitter.com/cahlberg/status/1650646151744622592; https://twitter.com/Cyber_O51NT/status/1650647797157470209; https://www.wired.com/story/minneapolis-public-schools-ransomware-attack/; https://cyberscoop.com/iranian-information-operations-hacking-microsoft-report/; https://twitter.com/Dennis_Kipker/status/1653755404419997696; https://therecord.media/gen-william-hartman-us-cyber-command-nomination-deputy,2023-04-25,2023-08-03
2170,Russian state-sponsored hacking group FROZENBARENTS gained access into the web servers of unspecified organizations and leaked the stolen data via the pro-Russian hacktivist group Cyber Army of Russia,"The Russian state-sponsored hacking group FROZENBARENTS, better known as Sandworm, gained access to the web servers of several unnamed organizations in the energy sector and leaked data stolen from these targets via Telegram and other social media, Google's Threat Analysis Group (TAG) outlined in a report on how Russia's war against Ukraine has shaped the cyber threat landscape during the first quarter of 2023. One online persona, appearing under the name of CyberArmyofRussia and CyberArmyofRussia_Reborn, that engaged in the distribution of stolen material was set up and is directly controlled by FROZENBARENTS, TAG assessed.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft & Doxing; Hijacking with Misuse,Not available,Not available,,Critical infrastructure,Energy,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Cyber Army of Russia",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state-group","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Hacktivist(s)",1,16246; 16246; 16246; 16246,2023-04-19 00:00:00; 2023-04-19 00:00:00; 2023-04-19 00:00:00; 2023-04-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Google's TAG; Google's TAG; Google's TAG; Google's TAG,Google Threat Analysis Group; Google Threat Analysis Group; Google Threat Analysis Group; Google Threat Analysis Group,United States; United States; United States; United States,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Cyber Army of Russia; Cyber Army of Russia",Russia; Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Sovereignty,Conduct of hostilities; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/securityaffairs/status/1649337552556392449; https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/; https://www.bleepingcomputer.com/news/security/google-ukraine-targeted-by-60-percent-of-russian-phishing-attacks-in-2023/,2023-04-24,2024-01-16
2171,Unknown actors gained access to private health information of patients of the Northeast Behavioral Health Care Consortium in Pennsylvania in April 2023,"Unknown actors gained access to private health information of patients of the Northeast Behavioral Health Care Consortium in Pennsylvania, the health care provider discovered on 20 February 2023 and announced on 20 April.
The hackers compromised an employee's email account, gaining access to names, member numbers, Medicaid numbers, diagnoses, detailed incident descriptions and levels of care.",2023-02-20,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Northeast Behavioral Health Care Consortium,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,10177,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1649378658153373697; https://news.yahoo.com/northeast-behavioral-health-care-consortium-001400904.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAIRtbi-IYd0LIp9YZp7sEMzWDSrExSw9bsPWV3u0iUCC49HD-aYLLbLxnhKAxQvncz70ikuMxjMUP4Bb0vc9-GCE7ewGJH_zT-11Br234l4069TmbLmT8igkz6SjtxBHxzVRGY7ghqoC0cHLMHkuFpkG0iV4U7CyeXEueN5FblVa; https://news.yahoo.com/records-more-181-000-patients-000400881.html; https://therecord.media/cyberattacks-on-governments-way-up,2023-04-24,2023-08-04
2169,An unknown actor compromised multiple US university websites as well as the EU's web domain in order to serve Fortnite spam in April 2023,"An unknown actor compromised multiple US university websites as well as the EU's web domain in order to serve Fortnite spam in April 2023. A Brazilian state website was also targeted by the attack. According to reporting news-outlet Bleeping Computer, that was tipped off by threat intelligence analyst Gi7w0rm (twitter handle), the actual attack vector is still unknown. Affected US universities have been Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, among others.

",2023-04-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source),Disruption,"Europa.eu - Stanford University - California Institute of Technology (Caltech) - University of California, Berkeley - Not available - Massachusetts Institute of Technology (MIT) - Northeastern University - University of Massachusetts Amherst (UMass)",EU (institutions); United States; United States; United States; Brazil; United States; United States; United States, - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - SOUTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,International / supranational organization - Critical infrastructure; Education - Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system - Critical infrastructure; Education - Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education, - Research;  - Research;  - Civil service / administration; Research;  - Government / ministries - Research;  - Research;  - Civil service / administration; Research; ,Not available,Not available,Not available,,1,10737,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/university-websites-using-mediawiki-twiki-hacked-to-serve-fortnite-spam/; https://twitter.com/vxunderground/status/1649250080015122433; https://twitter.com/cyb3rops/status/1649456413540843538; https://www.bleepingcomputer.com/news/security/university-websites-using-mediawiki-twiki-hacked-to-serve-fortnite-spam/,2023-04-21,2023-06-18
2167,Chinese APT Othorene (aka Gallium) infiltrated two subsidiaries of Middle Eastern telecom company in Africa and Asia since November 2022,"The Chinese APT Othorene (aka Gallium) infiltrated two subsidiaries of Middle Eastern telecom company in Africa and Asia since November 2022, according to a report by Symantec on April 20, 2023. This activity is seen as a continuation of an intelligence-gathering campaign against telecom companies in the Middle East that was first reported by SentinelOne under the name Operation Tainted Love in March. Othorene (aka Gallium) could be linked to the Chinese state-sponsored group APT41 (aka Blackfly, Grayfly), Symantec stated. ",2022-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,Asia (region); Africa; Middle East (region), -  - ,Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications,UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE,China,"Non-state actor, state-affiliation suggested",,1,9468,2023-04-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE,China,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://thehackernews.com/2023/04/daggerfly-cyberattack-campaign-hits.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot,2023-04-21,2023-04-21
2166,Austrian manufacturer of instruments for laboratories and process analysis technology and automation and robotics solutions was targeted by cyber-attack in April 2023,"The Austrian manufacturer of instruments for laboratories and process analysis technology and automation and robotics solutions Anton Paar was targeted by a cyber-attack in April 2023, according to a government statement on its website. The company websites seemed to be still impaired at the time of reporting on April 20, 2023. On twitter, the account ""ransomwaremap"" listed the incident in its feed, but no further information about the actual attack type has been disclosed so far. ",2023-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption,Anton Paar Group AG,Austria,EUROPE; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,11064,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.kleinezeitung.at/steiermark/graz/6278296/Bestaetigung-im-Netz_Anton-Paar-ist-Opfer-einer-CyberAttacke-geworden,2023-04-21,2023-09-22
2165,Daggerfly APT (aka Evasive Panda / Bronze Highland) targeted African telecommunication organization with MgBot Malware Framework Plugins for intelligence gathering since November 2022,"The Daggerfly APT (aka Evasive Panda / Bronze Highland) targeted African telecommunication organization with MgBot Malware Framework Plugins for intelligence gathering since November 2022, according to a report by threat intelligence company Symantec from April 20, 2023. According to Symantec, the campaign could be still ongoing. First indicators of compromise have been suspicious AnyDesk connections spotted on a Microsoft Exchange mail server in November 2022 on the victim`s network. The spotted WannaMine crypto-mining malware on the same Exchange server is likely not linked to Daggerfly, but expression of the extensive vulnerability of the respective server for exploits such as EternalBlue, Symantec stated in the report. The legitimate AnyDesk executable and the GetCredManCreds were dowlnoaded via the living-off-the-land tools BITSAdmin and PowerShell onto the target system. ",2022-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Africa,,Critical infrastructure,Telecommunications,Daggerfly/Evasive Panda/Bronze Highland,Not available,Unknown - not attributed,,1,9463,2023-04-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,Daggerfly/Evasive Panda/Bronze Highland,Not available,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://twitter.com/Dinosn/status/1649103740530573313; https://www.databreaches.net/daggerfly-cyberattack-campaign-hits-african-telecom-services-providers/; https://twitter.com/780thC/status/1649009788351664128; https://thehackernews.com/2023/04/daggerfly-cyberattack-campaign-hits.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot; https://twitter.com/780thC/status/1649009701542035457; https://twitter.com/cahlberg/status/1649432507991965696; https://therecord.media/middle-east-telecommunications-httpsnoop-malware,2023-04-21,2024-03-08
2164,Pro-Russian hackers targeted website of Europe’s air-traffic control agency Eurocontrol with DDoS attack on 19 April 2023,"Pro-Russian hackers targeted Europe’s air-traffic control agency Eurocontrol with DDoS attacks on19 April 2023. According to the agency, only the website and no air traffic control activities have been affected, due to their isolated networks. However, the more than 2,000 employees had to switch their communication channels as a result of the hack, which affected the Network Manager Operations Center (NMOC) at the Eurocontrol headquarter in Brussels, the Wall Street Journal reported. The pro-Russian hacktivist group Killnet announced potential attacks on Europe's air traffic shortly before the attack, Anonymous Russia called for attacks against Eurocontrol on 19 March via social media, that is why the attack could have been conducted my multiple attackers. ",2023-04-19,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Eurocontrol Network Manager Operations Centre (NMOC),Europe (region),,Critical infrastructure,Transportation,Anonymous Russia; Killnet,Russia; Russia,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,16009; 16009,2023-04-19 00:00:00; 2023-04-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,Killnet; Killnet,Not available; Not available,Russia; Russia,Anonymous Russia; Killnet,Russia; Russia,Non-state-group; Non-state-group,https://t.me/killnet_reservs/6275,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Air law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/alexfrudolph/status/1649108192008257541; https://twitter.com/Cyber_O51NT/status/1649931035902382080; https://twitter.com/securityaffairs/status/1649891766374486022; https://twitter.com/Dinosn/status/1649702619500232707; https://www.ilsole24ore.com/art/allarme-aereo-notte-varie-regioni-esplosione-belgorod-un-ordigno-un-aereo-russo-AEZlq9JD; https://twitter.com/securityaffairs/status/1649505918353113091; https://securityaffairs.com/145114/hacktivism/pro-russia-hackers-ddos-eurocontrol.html; https://twitter.com/cybersecboardrm/status/1649390012515905537; https://twitter.com/ciaranmartinoxf/status/1649283120921714688; https://t.me/killnet_reservs/6275; https://twitter.com/Cyberknow20/status/1648653848993734656; https://www.watson.ch/digital/userinput/746210369-russische-killnet-hacktivisten-legen-angeblich-eurocontrol-server-lahm; https://twitter.com/HiSolutions/status/1654018080077406208; https://twitter.com/CERTEU/status/1654111884507766785,2023-04-21,2024-01-09
2163,International business process outsourcing and professional services company Capita admitted breach of its systems in April 2023,"The UK-based, international business process outsourcing and professional services company Capita admitted a breach of its systems on 3 April 2023, which primarily impacted access to internal Microsoft Office 365 applications. An updated company statement on 20 April told that ""The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted."" Moreover, the company revealed that the incident started at 22 March and was interrupted by it on 31 March. Some limited data exfiltration happened, potentially including customer, supplier and colleague information, according to the company statement.
",2023-03-22,2023-03-31,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Capita ,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,17979,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,10.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,32200000.0,dollar,Not available,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/russian-hackers-exfiltrated-data-from-from-capita-over-a-week-before-outage/; https://twitter.com/SimonZerafa/status/1649114400555401229; https://www.bleepingcomputer.com/news/security/capita-confirms-hackers-stole-data-in-recent-cyberattack/; https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack; https://news.sky.com/story/capita-admits-customer-supplier-or-colleague-data-may-have-been-accessed-by-hackers-12861557; https://twitter.com/AlexMartin/status/1648948910868557825; https://twitter.com/cybereason/status/1649430367378501633; https://twitter.com/LisaForteUK/status/1649348750484045826; https://therecord.media/uk-pensions-regulator-capita-data-breach; https://www.theguardian.com/business/2023/may/03/fca-urges-capita-clients-to-ascertain-if-data-was-compromised-in-cyber-attack; https://www.theguardian.com/business/2023/may/10/cyber-attack-to-cost-outsourcing-firm-capita-up-to-20m; https://twitter.com/ciaranmartinoxf/status/1656188103441121281; https://twitter.com/GossiTheDog/status/1656183736919113728; https://securityaffairs.com/146200/data-breach/capita-warns-customers.html; https://therecord.media/abb-confirms-it-security-incident; https://www.theguardian.com/business/2023/may/12/capita-cyber-attack-uss-pension-fund-members-details-may-have-been-stolen; https://socradar.io/recent-data-breaches-capita-toyota-and-discord/; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://twitter.com/GossiTheDog/status/1660755971335962624; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://www.bleepingcomputer.com/news/security/arms-maker-rheinmetall-confirms-blackbasta-ransomware-attack/; https://twitter.com/VessOnSecurity/status/1661042895749623808; https://therecord.media/capita-data-breaches-information-commissioners-office; https://twitter.com/GossiTheDog/status/1662127092501291008; https://twitter.com/lukOlejnik/status/1664174659665895424; https://therecord.media/raleigh-housing-authority-black-basta-ransomware-group; https://therecord.media/qakbot-cybercrime-botnet-takedown-fbi; https://www.theguardian.com/technology/2023/sep/14/who-is-behind-latest-wave-of-ransomware-attacks; https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/; https://therecord.media/blackbasta-ransom-payments; https://securityaffairs.com/155054/cyber-crime/black-basta-ransomware-activities.html; https://www.bleepingcomputer.com/news/security/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files/; https://www.theregister.com/2024/03/06/capita_says_2023_cyberattack_recovery/?ref=news.risky.biz,2023-04-21,2024-03-14
2168,"US marinette marine shipyard suffered a ransomware attack on April 12, 2023","The US marinette marine shipyard ""Fincantieri Marinette Marine"" suffered a ransomware attack on April 12, 2023. The shipyard builds the US Navy´s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate. According to two sources familiar with the matter, large chunks of data on the shipyard`s network servers were rendered unusable, USNI News reported. The identity of the perpetrators is unknown. At the time of reporting, it was unclear if data has been stolen. ",2023-04-12,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Fincantieri Marinette Marine,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,Not available,Not available,Not available,,1,16385,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,True,,,,,,0,,,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://news.usni.org/2023/04/20/ransomware-attack-hits-marinette-marine-shipyard-results-in-short-term-delay-of-frigate-freedom-lcs-construction; https://twitter.com/ransomwaremap/status/1649290691581804546; https://twitter.com/InfoSecSherpa/status/1649466179956645912; https://therecord.media/fincantieri-shipbuilder-us-navy-wisconsin-ransomware; https://apps.web.maine.gov/online/aeviewer/ME/40/901b3d47-d21e-426e-87dd-e25266b0db96.shtml,2023-04-21,2024-01-22
2161,"Russian state-sponsored hacking group APT28 gained access into unpatched Cisco routers from European, U.S. and Ukrainian targets in 2021","Russian state-sponsored hacking group APT28 gained access into unpatched Cisco routers from a small number of European targets, U.S. government institutions and 250 unspecified Ukrainian targets in 2021, reported the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA) and the US Federal Bureau of Investigation (FBI) in a joint advisory on 18 April 2023.
They exploited the CVE-2017-6742 vulnerability, the post-exploitation framework Empire, and the Jaguar Tooth malware. ",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available - Not available - Not available,Europe (region); Ukraine; United States, - EUROPE; EASTEU - NATO; NORTHAM,Unknown - Unknown - State institutions / political system, -  - Government / ministries,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,9475; 9475; 9475; 9475; 9475; 9475; 9475; 9475,2023-04-18 00:00:00; 2023-04-18 00:00:00; 2023-04-18 00:00:00; 2023-04-18 00:00:00; 2023-04-18 00:00:00; 2023-04-18 00:00:00; 2023-04-18 00:00:00; 2023-04-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); National Security Agency (NSA); National Security Agency (NSA),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.ncsc.gov.uk/news/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108,Territory; International power,System/ideology; Territory; Resources; International power; International power,"EU, USA et. al –  Russia; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://thehackernews.com/2023/04/us-and-uk-warn-of-russian-hackers.html; https://therecord.media/zyxel-wan-vpn-vulnerability-may-2023; https://www.darkreading.com/attacks-breaches/russian-fancy-bear-apt-exploited-unpatched-cisco-routers-to-hack-us-eu-government-agencies; https://twitter.com/securityaffairs/status/1648686991339298817; https://securityaffairs.com/145007/apt/apt28-targets-cisco-networking-equipment.html; https://www.ncsc.gov.uk/news/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers; https://blogs.cisco.com/security/threat-actors-exploiting-snmp-vulnerabilities-in-cisco-routers; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108; https://twitter.com/780thC/status/1648642104300634114; https://twitter.com/securityaffairs/status/1648949061087576064; https://twitter.com/Dinosn/status/1648880185222070272; https://www.malwarebytes.com/blog/news/2023/04/fancy-bear-known-to-be-exploiting-vulnerability-in-cisco-routers; https://socradar.io/apt28-exploits-cisco-vulnerability-to-deploy-malware-in-espionage-campaign/; https://twitter.com/DarkReading/status/1648808770858897418; https://twitter.com/780thC/status/1649365951006093313; https://www.techrepublic.com/article/apt28-cisco-routers-security-vulnerability/; https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/; https://www.govinfosecurity.com/apt28-spear-phishes-ukrainian-critical-energy-facility-a-23013; https://securityaffairs.com/153131/apt/france-anssi-apt28.html,2023-04-20,2023-12-29
2155,Pakistani state-sponsored hacker group Transparent Tribe gained access to Indian government officials' computers using Linux malware Poseidon,"Pakistani state-sponsored hacker group Transparent Tribe gained access to Indian government officials' computers using Linux malware Poseidon, IT security firm Uptycs reported on 17 April 2023.
To do so, they used the Kavach two-factor authentication tool, which Indian government officials use to access their email inboxes, as a cover to deploy the Poseidon malware in the background. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11587,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Uptycs,,United States,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested",https://www.uptycs.com/blog/cyber_espionage_in_india_decoding_apt_36_new_linux_malware,Territory; Resources; International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.uptycs.com/blog/cyber_espionage_in_india_decoding_apt_36_new_linux_malware; https://twitter.com/Dinosn/status/1648694681616674817; https://thehackernews.com/2023/04/pakistani-hackers-use-linux-malware.html; https://twitter.com/DavidAgranovich/status/1653898242390921221,2023-04-19,2023-07-14
2157,Alleged Russian false-flag operation Anonymous Sudan disrupted the website of Israeli Jerusalem Post on 6 April 2023,"Alleged Russian false-flag operation Anonymous Sudan disrupted the website of Israeli Jerusalem Post on 6 April 2023, the hacktivists disclosed themselves on the same day.
This disruption is related to the OPIsrael out of alleged support for the Palestinians, which began on April 05.
On 30 March 2023, Trustwave published a technical report on Anonymous Sudan and concluded that it was a subgroup of the pro-Russian hacktivist group Killnet, thereby further corroborating earlier reporting by TrueSec. ",2023-04-06,2023-04-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Jerusalem Post,Israel,ASIA; MENA; MEA,Media,,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),1,9430,2023-04-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,https://t.me/AnonymousSudan/348,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.techrepublic.com/article/ddos-attack-israel/; https://thecyberexpress.com/jerusalem-post-cyber-attack-anonymous-sudan/; https://t.me/AnonymousSudan/348,2023-04-19,2024-02-12
2156,Unknown actors gained access to the Northern Irish data management company Evide and stole information from their customers,"Unknown actors gained access to the Northern Irish data management company Evide and stole information from their customers, Irish online newspaper The Journal reported on 17 April 2023.
The Minister of State at the Department of Public Expenditure and Reform and at the Department of the Environment, Climate and Communications Ossian Smyth revealed that Evide's affected customers included a number of community and voluntary organizations, as well as four organizations that care for people who have experienced sexual abuse or rape. These included the charity One in Four, which serves adult survivors of childhood sexual abuse. At least 1,000 people were affected at One in Four alone, and a total of 2,000 people's data has been affected so far.",2023-03-30,Not available,"Attack on (inter alia) political target(s), politicized; Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Evide - Not available - Not available - One in Four - Not available,United Kingdom; Not available; Not available; United Kingdom; Not available,EUROPE; NATO; NORTHEU -  -  - EUROPE; NATO; NORTHEU - ,Critical infrastructure - Social groups - Social groups - Social groups - State institutions / political system, - Advocacy / activists (e.g. human rights organizations) -  - Advocacy / activists (e.g. human rights organizations) - Civil service / administration,Not available,Not available,Not available,,1,9434,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.databreaches.net/investigation-underway-into-cyber-attack-affecting-charities-for-sexual-assault-survivors/; https://www.thejournal.ie/investigation-cyber-attack-ireland-charities-6045882-Apr2023/,2023-04-19,2023-08-29
2160,An unspecified subgroup of the Iranian state-sponsored hacking group Mint Sandstorm aka PHOSPHORUS gained access to U.S. transportation and energy companies as well as individuals with ties to security and policy communities beginning in late 2021,"An unspecified subgroup of the Iranian state-sponsored hacking group Mint Sandstorm aka PHOSPHORUS gained access to U.S. transportation and energy companies as well as individuals with ties to security and policy communities beginning in late 2021, reported the IT-company Microsoft on 18 April 2023.
Mint Sandstorm is the new name of PHOSPHORUS under Microsoft's new naming rules. PHOSPHORUS is an Iranian state-sponsored hacker group of the Iranian Revolutionary Guard Corps (IRGC). The unspecified subgroup is characterized by specialization in hacking and data theft of sensitive information from high-value targets.
The Iranian proxy specifically attacked U.S. seaports, energy companies, transit systems, and a major utilities and gas entity. The hacking group's goal was to carry out destructive cyberattacks in retaliation for three cyber attacks that Iran attributed to the United States and Israel. These were a cyberattack on a major Iranian seaport in 2020, the disruption of the Iranian railway in 2021, and the crash of gas station payments in late 2021. They also successfully fished individuals associated with high-value think tanks or universities in Israel, North America, and Europe. 
The hackers used a variety of tactics, techniques, and procedures (TTPs). Strikingly, they exploited recently published vulnerabilities in 2023. For example, Mint Sandstorm began exploiting CVE-2022-47966 in Zoho ManageEngine on January 19, 2023, the same day the POC became public. They later exploited CVE-2022-47986 in Aspera Faspex within five days of the POC being made public on February 2, 2023.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available,United States; United States; Israel; North America; Europe (region),NATO; NORTHAM - NATO; NORTHAM - ASIA; MENA; MEA -  - ,Critical infrastructure - Critical infrastructure - State institutions / political system; Critical infrastructure; Education - Science - Science,Transportation - Energy - Civil service / administration; Research;  -  - ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,10768,2023-04-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/,System / ideology; International power,System/ideology; International power,Iran – USA; Iran – USA,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/; https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-behind-retaliatory-cyberattacks-on-us-orgs/; https://thehackernews.com/2023/04/iranian-government-backed-hackers.html; https://twitter.com/securityaffairs/status/1648625857815011330; https://securityaffairs.com/144996/apt/mint-sandstorm-targeted-us-critical-infrastructure.html; https://twitter.com/Dinosn/status/1648605651797438464; https://twitter.com/securityaffairs/status/1648949114250444800; https://twitter.com/Dinosn/status/1649391852406145024; https://therecord.media/iran-ta453-apt42-charming-kitten-espionage-nuclear-security-think-tanks,2023-04-19,2024-03-08
2159,The Mexican military hacked two Mexican human rights activists with Pegasus spyware beginning in June 2022,"The Mexican military gained access into the cell phones of two prominent Mexican human rights defenders from June 22 to September 29, 2023, the New York Times reported based on 4 anonymous sources with knowledge of the contract situation between the Mexican military and the Israeli NSO Group.
The two human rights defenders are the director, Santiago Aguirre, and the international coordinator, Maria Luisa Aguilar, of Centro PRODH. Centro PRODH is a human rights and legal aid organization. The espionage also correlated with activities of Centro PRODH in relation to human rights violations committed by the Mexican military. ",2022-06-22,2022-09-29,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Hijacking without Misuse,"Jorge Santiago Aguirre Espinosa (Director of Centro PRODH, Mexico) - Maria Luisa Aguilar (International Coordinator of Centro PRODH, Mexico)",Mexico; Mexico, - ,Social groups - Social groups,Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations),Mexican Armed Forces,Mexico,State,,1,9435,2023-04-18 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,The New York Times,Not available,United States,Mexican Armed Forces,Mexico,State,https://www.nytimes.com/2023/04/18/world/americas/pegasus-spyware-mexico.html,National power,National power,Mexico (opposition),Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.nytimes.com/2023/04/18/world/americas/pegasus-spyware-mexico.html; https://www.foxnews.com/world/press-freedom-groups-spyware-again-used-against-mexican-human-rights-activists; https://www.foxnews.com/world/mexican-president-accused-wiretapping-activists-violating-pledge; https://www.washingtonpost.com/world/2023/04/18/mexico-pegasus-spyware-activists-press-freedom-army/11027b68-de09-11ed-a78e-9a7c2418b00c_story.html; https://twitter.com/citizenlab/status/1648282686950195201; https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/; https://www.nytimes.com/2023/04/18/world/americas/pegasus-spyware-mexico.html; https://tarnkappe.info/artikel/it-sicherheit/pegasus-so-kam-der-staatstrojaner-in-2022-auf-dein-iphone-273248.html; https://securityaffairs.com/144981/hacking/nso-group-zero-click-exploits-2022.html; https://thehackernews.com/2023/04/nso-group-used-3-zero-click-iphone.html; https://www.lawfareblog.com/bidens-spyware-order-needed-first-step; https://elpais.com/https:/elpais.com/mexico/2023-05-22/el-ejercito-espio-con-pegasus-a-alejandro-encinas-subsecretario-de-derechos-humanos.html; https://elpais.com/https:/elpais.com/mexico/2023-05-30/lopez-obrador-acusa-a-israel-de-proteger-a-tomas-zeron-y-anuncia-que-enviara-otra-carta-a-netanyahu.html; https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html; https://www.zdnet.com/article/9-top-mobile-security-threats-and-how-you-can-avoid-them/; https://www.eff.org/deeplinks/2023/12/recent-surveillance-revelations-enduring-latin-american-issues-2023-year-review,2023-04-19,2023-07-14
2151,Alleged Russian false-flag group Anonymous Sudan disrupted the websites of unspecified Israeli Banks and the postal service during Iran's Quds day on 14 April 2023,"The alleged Russian false-flag group Anonymous Sudan hits the websites of unspecified Israeli Banks and the postal service with a DDoS attack during Iran's Quds Day on 14 April 2023. 
The attack on the websites led to a temporary service outage. The disruption was limited and regularly activity resumed shortly thereafter.
In a Telegram post, Anonymous Sudan claimed to have stolen sensitive information and to have attacked government agencies in addition to banks. These claims remain unverified. The post by Anonymous Sudan included no mention of the Israel Postal Service.
On 30 March 2023, Trustwave published a technical report on Anonymous Sudan and concluded that it was a subgroup of the pro-Russian hacktivist group Killnet, thereby further corroborating earlier reporting by TrueSec. ",2023-04-14,2023-04-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Israel Postal Company - Not available,Israel; Israel,ASIA; MENA; MEA - ASIA; MENA; MEA,Critical infrastructure - Critical infrastructure,Transportation - Finance,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),1,16012,2023-04-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,https://t.me/AnonymousSudan/453,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyberwarzonecom/status/1647672005414596608; https://t.me/AnonymousSudan/453; https://cyberwarzone.com/israeli-banks-and-postal-service-temporarily-downed-in-cyberattack/; https://www.techrepublic.com/article/ddos-attack-israel/,2023-04-17,2024-01-09
2153,Ransomware gang BlackCat/ALPHV disrupted software and technology consulting company NCR Corporation in April 2023,"The ransomware gang BlackCat/ALPHV disrupted software and technology consulting company NCR Corporation in April 2023, the ransomware group announced on 15 April 2023.
The hackers declared to have carried out a ransomware attack on the firm's data centers, causing an outage in the Aloha point of sale (POS) platform run by NCR. This platform is mainly used by hospitality services, for example to take orders from customers and make payments to employees. The outage has been going on since April 12 leading to disruptions in the business of certain hospitality services.",2023-04-13,2023-04-15,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Not available - NCR Corporation,Not available; United States, - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - ,BlackCat/ALPHV,Not available,Non-state-group,Criminal(s),1,16011,2023-04-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat/ALPHV,Not available,Not available,BlackCat/ALPHV,Not available,Non-state-group,https://twitter.com/AlvieriD/status/1647143921414287360,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-04-14 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/144866/cyber-crime/ncr-blackcat-alphv-ransomware.html; https://www.bleepingcomputer.com/news/security/ncr-suffers-aloha-pos-outage-after-blackcat-ransomware-attack/; https://www.databreaches.net/a-short-lived-blackcat-listing-suggests-ncrs-customers-networks-were-accessed/; https://twitter.com/AlvieriD/status/1647143921414287360; https://therecord.media/payments-giant-ncr-investigating-ransomware; https://www.darkreading.com/ics-ot/aloha-pos-restaurant-software-downed-ransomware-attack; https://status.aloha.ncr.com/incidents/cnl38krr6n6b; https://twitter.com/DarkReading/status/1648353116188753922; https://www.hackread.com/blackcat-group-ncr-ransomware-attack/; https://twitter.com/Dinosn/status/1648546582814498818; https://www.malwarebytes.com/blog/news/2023/04/a-week-in-security-april-17-23; https://securityaffairs.com/147591/data-breach/reddit-files-blackcat-alphv-ransomware.html; https://therecord.media/reddit-says-ransomware-post-connected-to-february-incident; https://therecord.media/blackcat-claims-seiko-cyberattack; https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html; https://securityaffairs.com/151748/cyber-crime/mclaren-health-care-blackcat-ransomware.html; https://securityaffairs.com/151732/cyber-crime/alphv-ransomware-motel-one.html; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://therecord.media/tipalti-alleged-ransomware-attack; https://securityaffairs.com/156124/breaking-news/alphv-blackcat-ransomware-group-seizure.html; https://securityaffairs.com/159238/cyber-crime/us-gov-reward-alphv-blackcat-gang.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2023-04-17,2024-01-09
2154,BianLian ransomware group gained access to the network of the Ophthalmology practice Retina & Vitreous of Texas as early as 1 February 2023,"The ophthalmology practice Retina & Vitreous of Texas reported that unspecified actors gained access to its network and stole information as early as 1 February 2023. According to Retina & Vitreous, exfiltrated data included names and addresses of patients as well as diagnoses and treatment information, insurance carrier information, and insurance subscriber identification numbers.
Approximately 170 GB of files, including protected health information of patients, financial data of the practice, and human resources files were subsequently dumped on the dark web by the ransomware group BianLian. The incident affected 35,766 patients.

",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse; Ransomware,Retina & Vitreous of Texas,United States,NATO; NORTHAM,Critical infrastructure,Health,BianLian Ransomware Group,Not available,Non-state-group,Criminal(s),1,16010,2023-04-14 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,BianLian Ransomware Group,Not available,United States,BianLian Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/retina-vitreous-of-texas-notifies-35766-patients-of-ransomware-attack-but-doesnt-call-it-one/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/retina-vitreous-of-texas-notifies-35766-patients-of-ransomware-attack-but-doesnt-call-it-one/; https://www.prnewswire.com/news-releases/retina--vitreous-of-texas-pllc-provides-notification-of-data-security-incident-301793695.html; https://www.databreaches.net/stopransomware-bianlian-ransomware-group/; https://www.bleepingcomputer.com/news/security/fbi-confirms-bianlian-ransomware-switch-to-extortion-only-attacks/; https://www.darkreading.com/dr-global/ncsc-why-cyber-extortion-attacks-no-longer-require-ransomware,2023-04-17,2024-01-09
2152,Unknown actors disrupted the Cornwall Community Hospital network in Ontario since at least 11 April 2023,"Unknown actors disrupted the network of the Cornwall Community Hospital in the Canadian province Ontario since at least 11 April 2023, the hospital disclosed. The facility announced that scheduled, non-emergency procedures may be delayed as a result of the incident.

",2023-04-11,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Cornwall Community Hospital (CCH),Canada,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,10179,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/144811/cyber-crime/cyberattack-cornwall-community-hospital-ontario.html; https://www.cornwallhospital.ca/en/newsroom?newsid=18557; https://therecord.media/canadian-hospital-treatment-delays-cyberattack-ontario; https://www.databreaches.net/ongoing-issues-at-cornwall-community-hospital-from-cyber-incident/; https://www.databreaches.net/some-cornwall-community-hospital-services-still-impacted-by-cyber-incident/,2023-04-17,2023-05-25
2150,"Allegedly Ukrainian military forces hacked Russia's Federal Customs Service on April 10, 2023, causing disruptions","Allegedly Ukrainian military forces hacked Russia's Federal Customs Service on April 10, 2023, causing disruptions of its IT services. The incident was reported by minor Russian news outlets on April 10 & 11, potentially downplaying the actual impact of the attack by stating that the services have been already restored at that time. According to IT-expert Jeffrey Carr writing in his newsletter about the incident, this claim was mocked in a now inaccessible online-comment by customs-workers on Alta Soft’s website - Alta.ru. Carr further attributed the attack to ""Ukrainian military forces"" but in contrast to his previous disclosures about Ukrainian cyber attacks he did not specifically mention the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO). ",2023-04-10,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by media (without further information on source),Disruption,Russia's Federal Customs Service,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Critical infrastructure,Civil service / administration; ,Ukrainian Military Forces,Ukraine,State,,1,10169,2023-04-13 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by third-party,Jeffrey Carr (US cyber expert/author),Not available,United States,Ukrainian Military Forces,Ukraine,State,https://jeffreycaruso.substack.com/p/russias-federal-customs-service-considered?utm_source=substack&utm_medium=email,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),,none,none,2,Moderate - high political importance,2.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Armed conflict; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://jeffreycaruso.substack.com/p/russias-federal-customs-service-considered?utm_source=substack&utm_medium=email; https://newdaynews.ru/moscow/792062.html?utm_source=substack&utm_medium=email; https://portnews.ru/news/345750/?utm_source=substack&utm_medium=email,2023-04-14,2023-06-13
2149,Russian state-sponsored hacking group NOBELIUM (aka APT29) targeted foreign ministries and diplomatic entities of mostly NATO and EU member states beginning in October 2022,"Russian state-sponsored hacking group NOBELIUM (aka APT29) targeted foreign ministries and diplomatic entities of mostly NATO and EU member states beginning on 24 October 2022, according to a technical report of the Polish Military Counterintelligence Service (SVK) Computer Emergency Response Team (CERT Polska).
To a lesser extent, foreign ministries and diplomatic entities in Africa were also targeted. 
This cyber operation differs from previous ones in terms of the new tools used, which include two downloaders SNOWYAMBER and QUARTERRIG as well as the loader HALFRIG. The two downloaders were used to manually decide whether the network in question was of interest, and then to deploy the two payloads BRUTE RATEL and COBALT STRIKE. HALFRIG, on the other hand, automatically loads COBALT STRIKE onto the respective target. ",2022-10-24,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Not available - Not available,NATO (region); Africa; EU (region), -  - ,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,"Government / ministries; Other (e.g., embassies) - Government / ministries; Other (e.g., embassies) - Government / ministries; Other (e.g., embassies)",Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,1,9410; 9410,2023-04-13 00:00:00; 2023-04-13 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Military Counterintelligence Service of Poland; CERT Polska,Not available; Not available,Poland; Poland,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/144763/apt/apt29-behind-nato-eu-attacks.html; https://www.bleepingcomputer.com/news/security/russian-hackers-linked-to-widespread-attacks-targeting-nato-and-eu/; https://therecord.media/nobelium-apt29-russia-cyber-spying-campaign-targeting-nato-eu; https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services; https://thehackernews.com/2023/04/russia-linked-hackers-launches.html; https://www.darkreading.com/vulnerabilities-threats/russian-intel-services-behind-barrage-espionage-cyberattacks; https://therecord.media/ghostwriter-belarus-hacking-group-targets-poland-disinformation; https://www.darkreading.com/microsoft/microsoft-digital-defense-report-nation-state-threats-and-cyber-mercenaries; https://therecord.media/nobelium-hacking-group-stealing-credentials; https://www.govinfosecurity.com/european-governments-targeted-in-russian-espionage-campaign-a-22698; https://securityaffairs.com/149103/apt/apt29-microsoft-teams-phishing-attacks.html; https://therecord.media/cyber-espionage-campaign-embassies-apt29-cozy-bear; https://therecord.media/hpe-tells-sec-breached-by-cozy-bear; https://www.bleepingcomputer.com/news/security/russian-hackers-shift-to-cloud-attacks-us-and-allies-warn/; https://cyberscoop.com/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments/; https://www.bleepingcomputer.com/news/security/russian-hackers-target-german-political-parties-with-wineloader-malware/; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/,2023-04-14,2024-01-22
2147,The North Korean state-sponsored hacking group Lazarus gained access into the networks of a defence contractor in Africa and stole data using the DeathNote malware beginning in July 2022,"The North Korean state-sponsored hacking group Lazarus gained access into the networks of an unspecified defence contractor in Africa and stole data beginning in July 2022, according to a technical report by Russian IT-company Kaspersky.  
The attack was conducted with the DeathNote malware, which was also used in prior attacks in South Korea and Latin America. One of the peculiarities of this cyber incident is the use of the ServiceMove technique, whereby the hackers leverage the Windows Perception Simulation Service to load arbitrary DLL files.",2022-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Africa,,Critical infrastructure,Defence industry,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,10028,2023-04-12 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,Kaspersky,Russia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securelist.com/the-lazarus-group-deathnote-campaign/109490/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/vulnerabilities-threats/lazarus-group-deathnote-cluster-pivots-defense-sector; https://securelist.com/the-lazarus-group-deathnote-campaign/109490/; https://thehackernews.com/2023/04/lazarus-hacker-group-evolves-tactics.html,2023-04-13,2023-05-22
2146,An unspecified ransomware group has been penetrating the Windows servers of small and medium-sized businesses using a zero-day since at least June 2022,"An unspecified ransomware group has been penetrating the Windows servers of small and medium-sized businesses in the Middle East, North America and Asia using a zero-day elevation-of-privilege vulnerability (CVE-2023-28252) since at least June 2022, according to a technical report by Russian IT-security company Kaspersky.
The small and medium-sized enterprises belonged to retail & wholesale, energy, manufacturing, healthcare, software development and other industries.
The apparent goal of the cybercriminals was to encrypt the networks of the affected companies with the Nokoyawa ransomware, but it is not clear whether they succeeded. What is certain is that the cybercriminals exploited a total of five vulnerabilities, including the 0-day, and managed to gain access to the Windows servers or computer systems of the affected companies, in some cases even using the Pipemagic backdoor before exploiting the vulnerabilities.",2022-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse; Ransomware,Not available - Not available - Not available,Middle East (region); North America; Asia (region), -  - ,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Energy; ; Health - Energy; ; Health - Energy; ; Health,Not available,Not available,Non-state-group,Criminal(s),1,10027,2023-04-11 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,Kaspersky,Russia,Not available,Not available,Non-state-group,https://securelist.com/nokoyawa-ransomware-attacks-with-windows-zero-day/109483/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,,Valid Accounts,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://cyberscoop.com/microsoft-zero-day-patch-tuesday-ransomware/; https://securelist.com/nokoyawa-ransomware-attacks-with-windows-zero-day/109483/; https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/; https://securityaffairs.com/144692/hacking/windows-zero-day-ransomware-attacks.html; https://quointelligence.eu/2023/04/weekly-threat-intelligence-snapshot-week-15/?lang=de,2023-04-12,2023-09-12
2145,Unknown actors carried out a ransomware attack over Easter 2023 against the German shipbuilding company Lürssen,"Unknown actors carried out a ransomware attack over Easter 2023 against the German shipbuilding company Lürssen, a spokesperson of Lürssen confirmed to German magazine ""buten und binnen"". 
It is still unclear who is behind the incident and what the extent of the attack is, but shipyard operations are at a standstill (as of April 12, 2023).",2023-04-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Ransomware,Fr. Lürssen Werft GmbH & Co. KG,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,9359,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Bremen,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.faz.net/aktuell/wirtschaft/luerssen-cyberangriff-auf-bremer-schiffbauer-mit-ransomware-18813208.html; https://www.butenunbinnen.de/nachrichten/luerssen-werft-cyberangriff-bremen-100.html; https://www.darkreading.com/attacks-breaches/super-yacht-specialist-dry-dock-ransomware-attack,2023-04-12,2023-04-13
2143,Ukrainian hacktivist group Cyber Resistance stole information of Russian Lieutnant Colonel Sergey Alexandrovich Morgachev in March 2023,"Ukrainian hacktivist group Cyber Resistance gained access into anonymous social media accounts of Russian Lieutnant Colonel Sergey Alexandrovich Morgachev in March 2023, according to the Ukrainian website InformNapalm through which Cyber Resistance disclosed its hack.
Lieutnant Colonel Sergey Alexandrovich Morgachev is part of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU). The leaked data, such as his CV, indirectly confirm that was the leader of the infamous Russian state-sponsored hacking group APT28 (GRU unit 26165) from August 1999 until August 2022. He was one of 12 Russian citizens indicted by the US Department of Justice for the hack against the Democratic National Committee in 2016 in July 2018. Interestingly, Morgachev was born in Kyiv. Today, he is ""Category 1 Programming Engineer"" at Russia's Special Technological Center, according to the documents. The center was sanctioned by Ukraine, the U.S., the U.K., Canada, Switzerland, Japan and several European Union countries on the grounds of its role in supporting the Russian invasion of Ukraine.
The hacktivist group already published a small amount of the stolen information on InformNapalm, but is making the entire stolen information available upon request. The stolen information included private information such as photos, his address and more, as well as information about his job in the GRU such as the Form 4 and a medical certificate which is required for security clearance.
They also logged into the lieutenant's account on the Public Services Portal of the Russian Federation. ",2023-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft,"Public Services Portal of the Russian Federation - Sergey Alexandrovich Morgachev (Lieutnant Coloner of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU) and the leader of the Russian state-sponsored hacking group APT28, Russia)",Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - State institutions / political system,Civil service / administration - Military,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,Hacktivist(s),1,9360,2023-04-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cyber Resistance aka the Ukrainian Cyber Alliance,Not available,Ukraine,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,https://informnapalm.org/en/hacked-russian-gru-officer/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Medium,11.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.databreaches.net/hacked-russian-gru-officer-wanted-by-the-fbi-leader-of-the-hacker-group-apt-28/; https://informnapalm.org/en/hacked-russian-gru-officer/; https://www.jpost.com/international/article-738980; https://www.hackread.com/ukraine-hackers-breach-apt28-fbi-wanted-hacker/; https://tarnkappe.info/lesetipps/lesetipps-hunderte-von-crack-webseiten-verbreiten-malware-273782.html; https://www.hackread.com/microsoft-outlook-vulnerability-russia-forest-blizzard/,2023-04-12,2023-10-23
2132,An unspecified ransomware group encrypted data of Camden County Police Department in New Jersey on 13 March 2023,"An unspecified ransomware group encrypted data of Camden County Police Department in New Jersey on 13 March 2023, NBC New York first reported on 6 April on basis of anonymous law enforcement officials. 
The Spokesperson of the Camden County Police Department Dan Keashen confirmed the NBC article's remarks. According to the article, the hackers are said to be demanding thousands of dollars to decrypt the data, which includes both criminal investigative files and administrative records. ",2023-03-13,2023-03-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Ransomware,"Camden County Police Department (New Jersey, United States)",United States,NATO; NORTHAM,State institutions / political system,Police,Not available,Not available,Not available,,1,9317,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/camden-county-police-ransomware-new-jersey-philadelphia; https://www.nbcnewyork.com/news/local/ransomware-attack-at-nj-county-police-department-locks-up-criminal-investigative-files/4219341/; https://www.databreaches.net/new-jersey-county-police-department-confirms-ransomware-attack-unrelated-to-attack-on-prosecutors-office/; https://therecord.media/montclair-new-jersey-cyberattack; https://therecord.media/coastal-mississippi-county-recovering-from-ransomware-attack-digital-hurricane,2023-04-11,2023-06-07
2131,Chilean IT company SONDA was targeted by Medusa Locker with ransomware at the end of March 2023,"The Chilean IT company SONDA was targeted by the ransomware group Medusa Locker at the end of March 2023. On March 31, the company stated that it had detected malware on its systems on March 29. However, client services are said to be segmented from the internal networks, moreover, SONDA asked the US-threat intelligence company Mandiant for support. Medusa leaked several internal documents by SONDA as proof of the hack on its leak page, such as an affidavit from SONDA Peru, invoices from the parent company and other files. Medusa demands 10,000.00 $ to expand the deadline to another 24 h and 2,000,000.00 to either delete or download the data. SONDA had time until April 15 to respond to those demands. ",2023-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse; Ransomware,SONDA,Chile,SOUTHAM,Critical infrastructure,,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,9328,2023-04-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://twitter.com/1ZRR4H/status/1643269547162583041,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,Not available,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-35/; https://twitter.com/1ZRR4H/status/1643269547162583041; https://twitter.com/1ZRR4H/status/1643269547162583041; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-38/,2023-04-11,2024-03-28
2129,Unknown actors disrupted the networks of the Culbertson Memorial Hospital in Illinois on 30 March 2023,"Unknown actors disrupted the networks of the Culbertson Memorial Hospital in Illinois, USA on 30 March 2023 at 3 a.m., the hospital itself announced on 07 April 2023. Due to the attack, the hospital was forced to take information systems temporarily offline. 
",2023-03-30,2023-03-30,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption,Culbertson Memorial Hospital,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,10175,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/sarah-d-culbertson-memorial-hospital-working-to-recover-from-cybersecurity-incident/; https://www.wgem.com/2023/04/07/culbertson-memorial-hospital-hit-by-cyber-attack/,2023-04-11,2023-05-25
2134,"Two Iranian APTs, MuddyWater aka MERCURY and DEV-1084, targeted on-premises and cloud environments with destructive attacks masquerading as ransomware since 2022","Two Iranian APTs, MuddyWater aka MERCURY and DEV-1084, targeted on-premises and cloud environments with ""destructive attacks"" masquerading as ransomware since 2022, according to Microsoft. The latter´s report states that initially MERCURY gained access to the target`s networks and then handed over access to DEV-1084, who subsequently carried out ""destructive attacks"". In order to gain initial access, MERCURY likely exploited known vulnerabilities in unpatched applications, then conducted reconnaissance and established persistence in the networks, sometimes for weeks or months, before progressing to the next attack level. DEV-1084 later leveraged highly privileged compromised credentials to perform ""en masse destruction of resources, including server farms, virtual machines, storage accounts, and virtual networks, and send emails to internal and external recipients"", according to Microsoft. Whereas MERCURY (better known as MuddyWater) is known to be a state-sponsored APT affiliated with the Iranian Ministry of Intelligence and Security (MOIS), Microsoft does not assess whether DEV-1084 acts independently from or in cooperation with MERCURY, potentially serving as an ""effects based"" sub team for it, tasked with destructive attacks. DEV-1084 tried to present itself as a criminal actor, interested in extortion, which is deemed to be a red herring according to Microsoft, in order to hide its political background. ",2022-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption; Hijacking with Misuse,Microsoft,United States,NATO; NORTHAM,Critical infrastructure,,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Storm-1084 fka DEV-1084/DarkBit (MOIS),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Unknown - not attributed",,1,11586; 11586; 11586; 11586,2023-04-07 00:00:00; 2023-04-07 00:00:00; 2023-04-07 00:00:00; 2023-04-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft; Microsoft; Microsoft,; ; ; ,United States; United States; United States; United States,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Storm-1084 fka DEV-1084/DarkBit (MOIS); Storm-1084 fka DEV-1084/DarkBit (MOIS),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed",https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/,Unknown,System/ideology; International power,Iran – USA; Iran – USA,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/144606/apt/mercury-apt-destructive-attacks.html; https://www.databreaches.net/iran-based-hackers-caught-carrying-out-destructive-attacks-under-ransomware-guise/; https://thehackernews.com/2023/04/iran-based-hackers-caught-carrying-out.html; https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf; https://quointelligence.eu/2023/04/weekly-threat-intelligence-snapshot-week-15/?lang=de; https://cyberscoop.com/microsoft-iran-is-refining-its-cyber-operations/,2023-04-11,2023-07-14
2136,"Israel`s irrigation systems were targeted by unknown hackers, causing several water monitors to malfunction on April 9, 2023","Israel`s irrigation systems were targeted by unknown hackers, causing several water monitors to malfunction on April 9, 2023. After being hacked, the monitors of the system displayed a message stating ""You have been hacked, Down with Israel"". At least ten farmers could not water their fields, moreover, scheduled watering was stopped. The disruptions were reportedly resolved by Israeli authorities on the same day, but the origins of the hackers remained unknown. The pro-Palestinian group GhostSec could be a suspect, due to its claims to having attacked Israeli critical infrastructures, such as Israeli satellites and water pumps, in the run-up to the incident. One week before the incident happened, Israels National Cyber Organization sent out alerts to the region`s farmers, saying that cyberattacks could be imminent, giving some of them the opportunity to disconnect their irrigation systems`remote control features, in order to prevent potential damage, according to reporting by JPost. ",2023-04-09,2023-04-09,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption,Not available,Israel,ASIA; MENA; MEA,Critical infrastructure,Water,Not available,Not available,Not available,,1,9320,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.hackread.com/israel-cyberattacks-hit-critical-infrastructure/; https://www.darkreading.com/ics-ot/israeli-irrigation-water-controllers-postal-service-breached; https://www.jpost.com/israel-news/article-738790; https://securityaffairs.com/144643/hacking/cyber-attacks-controllers-for-irrigating.html; https://www.techrepublic.com/article/ddos-attack-israel/; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf,2023-04-11,2023-04-11
2138,Taiwanese IT company Micro-Star International (MSI) targeted by ransomware group Money Message in April 2023,"Taiwanese IT company Micro-Star International (MSI) was targeted by ransomware group Money Message in April 2023, according to its leak website. The incident was also confirmed by the Taiwanese stock exchange. Money Message demands a ransom of 4 million Dollar to not leaking MSI´s confidential data. The alleged victim seemed to try to downplay the incident in a press release, stating that the ""affected systems have resumed normal operations with no significant impact on financial businesses"" (quote by Hackread).
Possibly in early May, the ransomware group Money Message then leaked MSI's private code signing keys. In the course of this disclosure, MSI also confirmed that threat actors had access to some of its information systems. ",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Micro-Star International,Taiwan,ASIA; SCS,Critical infrastructure,,Money Message,Not available,Non-state-group,Criminal(s),1,9782,2023-04-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Money Message,Not available,Not available,Money Message,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,Not available,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.hackread.com/money-message-ransomware-msi-data-leak/; https://therecord.media/msi-micro-star-international-ransomware-money-message; https://www.bleepingcomputer.com/news/security/msi-confirms-security-breach-following-ransomware-attack-claims/; https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/; https://securityaffairs.com/144519/cyber-crime/money-message-claims-msi-hack.html; https://securityaffairs.com/144546/data-breach/msi-confirms-security-breach.html; https://emops.twse.com.tw/server-java/t05st01_e; https://www.msi.com/news/detail/MSI-Statement-141688; https://securityaffairs.com/144578/breaking-news/security-affairs-newsletter-round-414-by-pierluigi-paganini.html; https://thehackernews.com/2023/04/taiwanese-pc-company-msi-falls-victim.html; https://twitter.com/securityaffairs/status/1655651958265372706; https://www.bleepingcomputer.com/news/security/intel-investigating-leak-of-intel-boot-guard-private-keys-after-msi-breach/; https://securityaffairs.com/145940/data-breach/msi-data-breach-key-leaked.html; https://twitter.com/hackerfantastic/status/1655601060117987329; https://twitter.com/unix_root/status/1655595185537990657; https://thehackernews.com/2023/05/msi-data-breach-private-code-signing.html; https://www.malwarebytes.com/blog/threat-intelligence/2023/05/ransomware-review-may-2023; https://nakedsecurity.sophos.com/2023/05/09/low-level-motherboard-security-keys-leaked-in-msi-breach-claim-researchers/; https://www.govinfosecurity.com/hackers-leak-private-keys-many-msi-products-at-risk-a-22012; https://www.darkreading.com/attacks-breaches/leak-of-intel-boot-guard-keys-could-have-security-repercussions-for-years; https://nakedsecurity.sophos.com/2023/05/10/bootkit-zero-day-fix-is-this-microsofts-most-cautious-patch-ever/; https://twitter.com/securityaffairs/status/1656423430638403584; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-12th-2023-new-gangs-emerge/; https://twitter.com/Cyber_O51NT/status/1661201080691359745; https://therecord.media/two-new-vulnerabilities-found-in-baseboard-software; https://www.darkreading.com/attacks-breaches/lessons-not-learned-from-software-supply-chain-attacks,2023-04-11,2023-11-06
2139,Medusa ransomware group disrupted the network of the Open University of Cyprus on 27 March 2023,"The Medusa ransomware group disrupted the central services and critical systems of the Open University of Cyprus on 27 March 2023, the university announced in the last week of March. 
The Medusa ransomware group claimed the ransomware attack on 6 April 2023 and gave the University 14 days to pay the demanded €100,000. The sample already released by the ransomware group reportedly includes student lists with personally identifiable information (PII) as well as financial details of research contracts. 
The Medusa ransomware group also tried to hack the University of Cyprus and the Ministry of Defence of Cyprus, but allegedly failed to succeed. ",2023-03-27,2023-03-27,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Ransomware,Open University of Cyprus (OUC),Cyprus,EUROPE; EU(MS); MEA,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,10742,2023-04-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/medusa-ransomware-claims-attack-on-open-university-of-cyprus/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/medusa-ransomware-claims-attack-on-open-university-of-cyprus/; https://www.ouc.ac.cy/index.php/en/news-events/news/2847-cyberattack; https://www.bleepingcomputer.com/news/security/university-of-sydney-data-breach-impacts-recent-applicants/,2023-04-11,2023-06-18
2140,Unknown actors disrupted the Land Registry Portal of Cyprus on 8 March 2023,"Unknown actors disrupted the Land Registry Portal of Cyprus on 8 March 2023.
The Athens morning newspaper Kathimerini reported on 20 March 2023 that the Land Registry Portal has still not recovered from this cyber attack. Kathimerini projected that in four days an average of 136 million euros worth of transactions were put on hold. ",2023-03-08,Not available,"Attack on (inter alia) political target(s), not politicized",,Not available,Disruption,Land Registry Portal,Cyprus,EUROPE; EU(MS); MEA,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,9324,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/medusa-ransomware-claims-attack-on-open-university-of-cyprus/; https://www.kathimerini.com.cy/gr/oikonomiki/epixeiriseis/posa-plirosan-se-xakers-etaireies-stin-kypro; https://www.ouc.ac.cy/index.php/en/news-events/news/2847-cyberattack,2023-04-11,2023-04-11
2142,Pro-Russian NoName057(16) hacktivist group targeted the Finnish parliament and Sanna Marin's websites in the wake of Finland`s NATO accession at the beginning of April 2023,"The pro-Russian NoName057(16) hacktivist group targeted the Finnish parliament, at least one other official website and outgoing Finnish PM Sanna Marin's website in the wake of Finland`s NATO accession at April 4, 2023. The hacktivist group stated the following on its Telegram channel: """"Finland will today become the 31st member state of the Nato military alliance. <...> We are sending Finland to Nato, accompanied by denial of service attacks"". ",2023-04-04,2023-04-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Not available - Official Website of Sanna Marin - Parliament of Finland,Finland; Finland; Finland,EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU,State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Government / ministries - Legislative,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,13639,2023-04-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716/2655; https://t.me/noname05716/2653; https://t.me/noname05716/2656; https://yle.fi/a/74-20025824,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.techrepublic.com/article/ddos-attacks-finland-israel/; https://t.me/noname05716/2655; https://t.me/noname05716/2653; https://t.me/noname05716/2656; https://yle.fi/a/74-20025824; https://www.abc.es/sociedad/violamos-empresas-vendemos-datos-hackers-prorrusos-noname-20230725194555-nt.html; https://therecord.media/finland-russia-supo-statement-pipeline-undersea-cable,2023-04-11,2023-12-20
2137,Pro-Russian hacktivist group Killnet claimed to have targeted NATO online resources with DDoS attacks in April 2023,"The pro-Russian hacktivist group Killnet claimed to have targeted NATO websites and online resources with DDoS attacks in April 2023, according to announcements via its Telegram channel. 
Attempts to disrupt access to online resources allegedly were directed against Allied Command Transformation, the NATO Support and Procurement Agency, and cyber training centers of the alliance. 
The group further announced to have obtained 150 NATO email addresses and corresponding passwords through the NATO School Oberammergau, which the group leaked and declared to have used to set up accounts on a dating portal used by the LGBTQ+ community in Kyiv and Moldova. Killnet also claimed to have breached a not further specified employee database maintained by NATO Communications and Information Agency (NCIA). None of these claims have been directly confirmed by NATO. ",2023-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,NATO School Oberammergau (NSO) - NATO Support and Procurement Agency (NSPA) - Allied Command Transformation (NATO) - NATO Communications and Information Agency (NCI),Germany; Luxembourg; United States; Belgium,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - EUROPE; EU(MS); NATO; WESTEU,International / supranational organization - International / supranational organization - International / supranational organization - International / supranational organization, -  -  - ,Killnet,Russia,Non-state-group,Hacktivist(s),1,11458,2023-04-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://t.me/killnet_reservs/6078; https://t.me/killnet_reservs/6079; https://www.hackread.com/killnet-create-gay-dating-profiles-nato-logins/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Network Denial of Service,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,4.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/killnet-create-gay-dating-profiles-nato-logins/; https://t.me/killnet_reservs/6078; https://t.me/killnet_reservs/6079; https://socradar.io/collective-security-in-cyberspace-with-nato/; https://www.hackread.com/siegedsec-hacktivist-hack-nato-data-leak/,2023-04-11,2024-01-17
2141,"UK Criminal Records Office (ACRO) targeted by ransomware attack since January 17 until March 21, 2023","After the UK Criminal Records Office (ACRO) cited several other reasons for disturbances of its website since January 17, 2023, such as technical issues, or essential website maintenance, it finally confirmed a compromise of its systems in emails to affected persons on April 6. In a rather contradictory statement, ACRO said that there should be no evidence of a data breach, but that some data, including identification and criminal conviction information, had been compromised (source: Hackread). Well-known IT-experts, such as ESET’s Global Security Advisor Jake Moore and Kevin Beaumont, Head of Security Operations Centre at Arcadia Group Ltd, assume that ACRO fall victim to a ransomware attack, according to an article by Hackread. ",2023-01-17,2023-03-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption; Ransomware,Criminal Records Office (ACRO),United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Police,Not available,Not available,Not available,,1,9325,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,Not available,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.hackread.com/uk-criminal-records-office-ransomware-attack/; https://www.bleepingcomputer.com/news/security/uk-criminal-records-office-confirms-cyber-incident-behind-portal-issues/; https://www.standard.co.uk/news/uk/travel-visa-delays-nz-australia-us-acro-cybersecurity-police-certificates-data-breach-b1072351.html; https://twitter.com/ACRO_Police_CST/status/1644014949809651712,2023-04-11,2023-04-11
2126,Pro-Russian hacker group NoName057(16) suspected of having disrupted websites of public German state institutions on 4 April 2023,"The pro-Russian hacker group NoName057(16) is suspected of having disrupted a number of websites of public German state institutions on 4 April 2023. 
Confirmed incidents include the websites of state ministries of Mecklenburg-Western Pomerania and Saxony-Anhalt; the website of the state police of Mecklenburg-Western Pomerania, Lower Saxony, and Brandenburg; the central information platform of Mecklenburg-Western Pomerania; the state portal of Schleswig-Holstein; and unspecified state authorities of Berlin. 
Speakers from several parties called on the state government of Mecklenburg-Western Pomerania to better protect the public administration's IT systems from hacker attacks during a question-and-answer session of Mecklenburg-Western Pomerania's state parliament On 10 May. The state's Interior Minister Christian Pegel (Social Democratic Party, SPD), who is responsible for security, refuted claims that the authorities in the state were falling short of their cybersecurity responsibilities.",2023-04-04,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,State Police of Lower Saxony - State Police of Mecklenburg–Western Pomerania - State Police of Brandenburg - State Portal of Schleswig-Holstein - Not available - Service Portal of Mecklenburg–Western Pomerania (MV-Serviceportal),Germany; Germany; Germany; Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Police - Police - Police - Civil service / administration - Government / ministries - Civil service / administration,NoName057(16),Not available,Non-state-group,Hacktivist(s),2,12078; 12077,2023-04-04 00:00:00; 2023-04-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,NoName057(16); NoName057(16),Not available; Not available,Not available; Not available,NoName057(16); NoName057(16),Not available; Not available,Non-state-group; Non-state-group,https://t.me/noname05716/2651; https://t.me/noname05716/2652; https://t.me/noname05716/2654; https://t.me/noname05716/2684; https://t.me/noname05716/2657; https://t.me/noname05716/2688,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,5,2023-04-04 00:00:00; 2023-05-10 00:00:00; 2023-05-10 00:00:00; 2023-05-10 00:00:00; 2023-05-10 00:00:00,EU member states: Stabilizing measures; EU member states: Legislative reactions; EU member states: Legislative reactions; EU member states: Legislative reactions; State Actors: Stabilizing measures,Statement by subnational executive official; Dissenting statement by sub-national member of parliament; Dissenting statement by sub-national member of parliament; Dissenting statement by sub-national member of parliament; Statement by other ministers (or spokespersons)/members of parliament,Germany; Germany; Germany; Germany; Germany,"Christian Pegel (Minister of the Interior, Construction and Digitalization of the State of Mecklenburg-Western Pomerania, Germany); David Wulff (Secretary General of the Free Democratic Party of Germany (FDP) in and Member of the State Parliament of Mecklenburg-Western Pomerania, Germany); Jens-Holger Schneider (Member of the Mecklenburg-Western Pomerania State Parliament for the Alternative for Germany (AfD), Germany); Ann Christin von Allwörden (Member of the State Parliament of Mecklenburg-Western Pomerania for the Christian Democratic Union of Germany (CDU), Germany); Christian Pegel (Minister of the Interior, Construction and Digitalization of the State of Mecklenburg-Western Pomerania, Germany)",No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.heise.de/news/Weitere-DDoS-Angriffe-auf-offizielle-Landes-Webseiten-8593741.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.faz.net/aktuell/feuilleton/medien/cyberangriff-russischer-hacker-auf-deutsche-bundeslaender-18801576.html; https://www.t-online.de/nachrichten/deutschland/id_100155516/cyberattacken-legen-internetseiten-oeffentlicher-stellen-lahm.html; https://t.me/noname05716/2651; https://t.me/noname05716/2652; https://t.me/noname05716/2654; https://t.me/noname05716/2657; https://t.me/noname05716/2684; https://t.me/noname05716/2688; https://twitter.com/Dennis_Kipker/status/1656641042580480000; https://www.stern.de/gesellschaft/regional/mecklenburg-vorpommern/beratungen--forderung-nach-besserem-schutz-vor-cyberangriffen-in-mv--33453590.html,2023-04-06,2023-08-28
2128,"Transportation company in German city Hanover has been hit by ransomware attack on March 31, 2023","The transportation company in German city Hanover ""Üstra"" has been hit by a ransomware attack on March 31, 2023, forcing the transport association ""Großraumverkehr Hannover (GVH)"" to stop the sales of the new German nationwide train-ticket that is available since April 3 for 49 Euro. Customers could not receive booking confirmations and reach out to the customer service because of the hack, according to German media reports. According to statements by the Lower Saxony State Criminal Police Office (LKA Lower Saxony), the hackers acted quite professionally and are said to be active on a global scale, without having further information on their identities. Moreover, both Üstra and LKA Lower Saxony refused to comment on potential ransom demands.",2023-03-31,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,"Üstra (transportation company Hanover, Germany)",Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,Not available,Not available,Not available,,1,16013,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.spiegel.de/netzwelt/web/ransomware-hacker-legen-ticket-verkauf-des-nahverkehrs-in-hannover-lahm-a-be6ce5e0-57a7-4a3b-a31b-3e008ca919c1,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-04-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Niedersachsen,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.it-daily.net/shortnews/hackerangriff-verkehrsanbieter-stoppt-vorverkauf-von-49-euro-ticket; https://www.spiegel.de/netzwelt/web/ransomware-hacker-legen-ticket-verkauf-des-nahverkehrs-in-hannover-lahm-a-be6ce5e0-57a7-4a3b-a31b-3e008ca919c1; https://twitter.com/Dennis_Kipker/status/1656254226857709568; https://www.uestra.de/unternehmen/presse-medien/pressemitteilungen/details/2023/uestra-und-gvh-informieren-kundinnen-und-kunden-sowie-mitarbeitende-polizei-findet-daten-nach-hacke/,2023-04-06,2024-01-09
2127,"Japanese technology company Fujitsu was hacked in December 2022, leaving customer data at risk","Japanese technology company Fujitsu was hacked in December 2022. The company was informed by the Japanese Police on December 9, that a cyber attack allowed external access to communications sent through a Fujitsu-based email system. Fujitsu apologized and cooperated with the Police investigation, but did not reveal which customer data could have been affected. The company provides IT-services and infrastructures to thousands of Japanese companies. Over the course of March 2023, multiple companies, such as the tech giant Kyocera, the clothing producer Goldwin, real estate developer Sekisui House, and Tokio Marine & Nichido Fire Insurance, disclosed that they have been affected by Fujitsu`s hack, notifying their customers about the potential loss of data. 
On 30 June, 2023, the Japanese Ministry of Internal Affairs and Communications publicly criticized Fujitsu that the company needed eight months to discover the hack. In this context, unnamed government officials also stated that hackers affiliated with the Chinese government are suspected as being responsible for the hack. ",2022-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,Fujitsu K.K.,Japan,ASIA; SCS; NEA,Critical infrastructure,Telecommunications,Not available,China,"Non-state actor, state-affiliation suggested",,1,11242,2023-06-30 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,Unnamed Japanese Government Officials,Not available,Japan,Not available,China,"Non-state actor, state-affiliation suggested",,Territory; Resources; International power,Territory; Resources; International power,China - Japan (East China Sea); China - Japan (East China Sea); China - Japan (East China Sea),Yes / HIIK intensity,HIIK 2,1,2023-06-30 00:00:00,State Actors: Preventive measures,Awareness raising,Japan,Ministry of Internal Affairs and Communications of Japan,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.databreaches.net/japan-braced-for-rise-in-ransomware-attacks-after-data-breach/; https://www.insurancebusinessmag.com/asia/news/breaking-news/japan-braces-for-surge-of-ransomware-attacks-postfujitsu-leak-441968.aspx; https://asia.nikkei.com/Business/Technology/Japan-hits-Fujitsu-with-rare-rebuke-for-poor-cybersecurity,2023-04-06,2024-03-19
2125,The Ukrainian hacking collective Cyber Resistance hacked into the AliExpress account of pro-Russian military blogger Mikhail Luchin,"The Ukrainian hacking collective Cyber Resistance hacked into the AliExpress account of pro-Russian military blogger Mikhail Luchin, as it claimed on April 4, 2023. 
In this account, the pro-Russian blogger raised funds to purchase military drones for the Russian armed forces. The Ukrainian hackers used the funds raised to irrevocably purchase $25,000 worth of sex toys on 25 March 2023.",2023-03-01,2023-03-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,“Misha From Donbas”,Russia,EUROPE; EASTEU; CSTO; SCO,Social groups,Political opposition / dissidents / expats,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,Hacktivist(s),1,10168,2023-04-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Cyber Resistance aka the Ukrainian Cyber Alliance,Not available,Ukraine,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,https://theatlasnews.co/conflict/2023/04/04/ukrainian-hackers-spend-25000-of-russian-funds-on-sex-toys/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,=< 10 Mio,25000.0,dollar,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/ukrainian-hackers-spend-25000-of-russian-funds-on-sex-toys/; https://theatlasnews.co/conflict/2023/04/04/ukrainian-hackers-spend-25000-of-russian-funds-on-sex-toys/; https://t.me/MishaDonbass/609,2023-04-06,2023-05-25
2124,American IRS-authorized site E-File.com tax return software hijacked in order to serve JavaScript malware in March 2023,The American Internal Revenue Service (IRS)-authorized site eFile.com tax return software was hijacked in mid-March 2023 in order to serve JavaScript malware in March 2023 to its users. This compromise happened just before US citizens are about to wrap up their IRS tax returns before the April 18th due date. ,2023-03-17,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking with Misuse,Internal Revenue Service (IRS) e-file,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,,,,1,; 9261,NaT; NaT,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securityaffairs.com/144477/malware/efile-com-compromised-serve-malware.html; https://www.reddit.com/r/Scams/comments/11tx8pj/possible_fake_website_network_error/; https://isc.sans.edu/diary/29708; https://www.malwarebytes.com/blog/news/2023/04/visitors-of-tax-return-e-file-service-may-have-downloaded-malware; https://www.welivesecurity.com/videos/steer-clear-tax-scams-week-security-tony-anscombe/; https://securityaffairs.com/144578/breaking-news/security-affairs-newsletter-round-414-by-pierluigi-paganini.html; https://www.malwarebytes.com/blog/news/2023/04/a-week-in-security-april-3-9,2023-04-06,2023-04-11
2121,"Alleged Russian false-flag operation ""Anonymous Sudan"" disrupted the websites of seven Israeli universities and one IT-security company on 4 April 2023","The websites of seven leading Israeli universities were unavailable for several hours on 4 April 2023 due to a cyberattack by the suspected Russian false-flag operation ""Anonymous Sudan"". The websites of Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, the Weizmann Institute of Science, the Open University of Israel and Reichman University were affected. According to the Jerusalem Post, Anonymous Sudan explained the attack on its Telegram channel by saying, ""(...) Israels education sector has been dropped Because [sic] of what they did in Palestine. (...)"" On the same day, Anonymous Sudan also claimed to have disrupted the website of CheckPoint, a well-known Israeli IT security company. On 30 March 2023, Trustwave published a technical report on Anonymous Sudan and concluded that it was a subgroup of the pro-Russian hacktivist group Killnet, further confirming earlier reports by TrueSec.",2023-04-04,2023-04-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Hebrew University of Jerusalem - CheckPoint - Reichman University - Tel Aviv University - Haifa University - Weizmann Institute of Science - Open University of Israel - Ben-Gurion University of Negev,Israel; Israel; Israel; Israel; Israel; Israel; Israel; Israel,ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA,State institutions / political system; Critical infrastructure; Education - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research;  -  - Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research; ,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,Hacktivist(s),1,10744,2023-04-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous Sudan (Storm-1359) < Killnet,Not available,Not available,Anonymous Sudan (Storm-1359) < Killnet,Russia,Non-state-group,https://t.me/AnonymousSudan/325; https://t.me/AnonymousSudan/333,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.databreaches.net/cyber-attack-downs-major-israeli-university-websites/; https://t.me/AnonymousSudan/325; https://t.me/AnonymousSudan/333; https://www.techrepublic.com/article/ddos-attack-israel/,2023-04-05,2023-12-07
2120,Mantis/Arid Viper targets Palestinian organisations in a cyberespionage campaign from September 2022 to February 2023,"According to a Symantec report from April 4, 2023, the cyberespionage group Mantis (aka Arid Viper, Desert Falcon, APT-C-23) is using updated tools in a hacking campaign targeting unspecified organisations in the Palestinian territories from September 2022 to at least February 2023. The updated versions of the custom backdoors were used to compromise targets and to subsequently steal credentials and exfiltrate the stolen data.",2022-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Palestine,ASIA; MENA; MEA,Unknown,,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Palestine,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,17150,2023-04-04 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,Symantec,United States,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Palestine,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,Non-state actors,,,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks; https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html; https://therecord.media/palestinian-apt-group-cyber-espionage; https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html,2023-04-05,2024-02-15
2123,The 19-year-old hacker Jose Luis Huertas gained access into the Judicial Neutral Point and used it to target other Spanish public institutions since at least November 2022,"The 19-year-old hacker with the pseudonym Alcasec gained access into the Judicial Neutral Point and used it to target other Spanish public institutions since at least November 2022.
The Judicial Neutral Point is a network of services that gives access to the databases of the General Council of the Judiciary (CGPJ). That is why the Spanish Tax Administration Agency (AEAT) was also affected by this cyber incident.  
The aim of the young hacker was to create a database as a consultation service and sales point for illegal information. In this cyber incident, the hacker stole data of 575,000 taxpayers, which included personally identifiable information (PII), account and bank number and more. 
The Spanish National Police, in collaboration with the National Cryptology Centre, then arrested the 19-year-old criminal and handed him over to the National Court on 3 April 2023.
On 1 June, the Spanish Police announced the arrest of another suspect, a 29-year-old man from Cartagena, said to be an expert in anonymization, operational security measures, communications encryption, and multi-identity.",2022-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Spanish Tax Administration Agency (AEAT) - General Council of the Judiciary (CGPJ),Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system,Civil service / administration - Judiciary,"José Luis Huertas (aka ""Alcaseca"", ""Mango"", “chimichuri”)",Spain,Individual hacker(s),,1,11241,2023-04-03 00:00:00,Domestic legal action,Attribution by receiver government / state entity,Spanish National Police (CNP),Not available,Spain,"José Luis Huertas (aka ""Alcaseca"", ""Mango"", “chimichuri”)",Spain,Individual hacker(s),https://policia.es/_es/comunicacion_prensa_detalle.php?ID=15523,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://policia.es/_es/comunicacion_prensa_detalle.php?ID=15523; https://www.bleepingcomputer.com/news/security/spains-most-dangerous-and-elusive-hacker-now-in-police-custody/; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-35/; https://elpais.com/https:/elpais.com/opinion/2023-04-06/si-miras-al-hacker-no-ves-el-agujero.html; https://www.hackread.com/alcasec-hacker-spanish-hackers-arrested/; https://elpais.com/https:/elpais.com/espana/2023-05-23/el-juez-deja-libre-al-hacker-alcasec-que-confeso-el-ciberataque-al-poder-judicial.html,2023-04-05,2024-03-28
2122,"Unspecified actor UAC-0145 gained access into an unknown Ukrainian utility beginning on January 19, 2023","Unspecified actor UAC-0145 gained access into an unknown Ukrainian utility from 19 January to 23 March 2023, according to a report of the Ukrainian CERT dated 3 April 2023. 
The hackers gained access into the network of the utility in question after an unlicensed version of Microsoft Office 2019 was installed. This led to the deployment of the DarkCrystal and DWAgent remote administration tools.",2023-01-19,2023-03-22,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available,Ukraine,EUROPE; EASTEU,Critical infrastructure,,UAC-0145,Not available,Unknown - not attributed,,1,9212,2023-04-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,UAC-0145,Not available,Unknown - not attributed,https://cert.gov.ua/article/4279195?utm_source=substack&utm_medium=email,Unknown,Unknown,,Unknown,,1,2023-04-03 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://cert.gov.ua/article/4279195?utm_source=substack&utm_medium=email,2023-04-05,2024-01-05
2112,"Alleged Russian false-flag operation ""Anonymous Sudan"" stole data from French airline Air France in March 2023","Alleged Russian false-flag hacktivist group Anonymous Sudan stole and published data from French airline Air France in March 2023, the hackers announced themselves via Telegram on 19 March 2023.
The hacktivist group also announced on the same day that it had attacked a number of other French airlines because of cartoons about the Prophet Muhammad. 
On 30 March 2023, Trustwave published a technical report on Anonymous Sudan and concluded that it was a subgroup of the pro-Russian hacktivist group Killnet, thereby further corroborating earlier reporting by TrueSec. In the case of Air France, however, Trustwave assumes a financial motivation, contrary to previous cyber incidents, because they demanded 3000 US dollars for the stolen data. ",2023-03-01,2023-03-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Data theft & Doxing,Air France,France,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,Anonymous Sudan (Storm-1359) < Killnet,Not available,Non-state-group,Hacktivist(s),2,17293; 17294,2023-03-19 00:00:00; 2023-03-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker,Anonymous Sudan (Storm-1359) < Killnet; Trustwave,Not available; ,Not available; United States,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Not available; Not available,Non-state-group; Non-state-group,https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/; https://t.me/AnonymousSudan/274; https://research.checkpoint.com/2023/3rd-april-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/hacktivists-fund-their-operations-using-common-cybercrime-tactics/; https://www.sudouest.fr/sciences-et-technologie/piratage-les-cyberattaques-via-rancongiciels-en-hausse-de-30-en-2023-attention-aux-failles-sur-les-smartphones-en-2024-18836194.php,2023-04-03,2024-02-20
2119,Hacktivist group 9Near is suspected to have stolen personal information of 55 million Thais,"Hacktivist group 9Near is suspected to have stolen personal information of 55 million Thais, the hackers announced via the now-closed BreachForums on 14 March 2023. 
The personal information allegedly included ID card numbers, names, surnames, birthdates, addresses and phone numbers. This information were sought to be available for both full and partial sale, and it was sought to be possible to make search requests for specific individuals. 
The hackers claimed to have stolen the personal information from ""somewhere in the government"". Where, when and how the hackers stole the personal information is still unclear. 
The Minister of Digital Economy and Society (DES), Chaiwut Thanakamanusorn, said on 31 March 2023 that he believes the information gathered by the hackers may have been taken from agencies or companies that have substandard cyber-security systems.
On 02 April, the hacker group called off the upcoming release of the data, reportedly due to a conflict with their sponsor and in order to not make ordinary citizens the subject of political mudslinging.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,Not available,Thailand,ASIA; SEA,Unknown,,9Near,Not available,Non-state-group,Hacktivist(s),1,12079,2023-03-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,9Near,Not available,Not available,9Near,Not available,Non-state-group,https://m.facebook.com/ExWareLabs/posts/599068005597056/,Unknown,Not available,,Not available,,1,2023-03-31 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Thailand," Chaiwut Thanakamanusorn (Minister of Digital Economy and Society, Thailand)",,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.nationthailand.com/thailand/general/40026232?utm_source=substack&utm_medium=email; https://m.facebook.com/ExWareLabs/posts/599068005597056/; https://9near.org/,2023-04-03,2023-08-03
2118,The Vice Society Ransomware group claimed to have disrupted the network of Lewis & Clark College in Portland with ransomware on 3 March 2023,"The Vice Society Ransomware group claimed to have disrupted the network of Lewis & Clark College in Portland with ransomware on 3 March 2023, the school confirmed on 31 March 2023.
On the same day, the Vice Society Ransomware group claimed the ransomware attack and allegedly released a sample of the stolen passports and documents, such as contracts, W-9 forms, insurance documents, and Social Security numbers. 
The school confirmed the ransomware attack on the same day, but said it was still investigating whether and to what extent there was unauthorised access to the network and data theft.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-03-03,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Disruption; Ransomware,Lewis & Clark College,United States,NATO; NORTHAM,Critical infrastructure; Education,Research; ,Vice Society,Not available,Non-state-group,Criminal(s),1,15594,2023-03-31 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Vice Society,Not available,Not available,Vice Society,Not available,Non-state-group,https://therecord.media/lewis-clark-college-ransomware-attack-vice-society,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/lewis-clark-college-ransomware-attack-vice-society; https://twitter.com/lewisandclark/status/1631709954947305472; https://www.lclark.edu/news/march-2023/; https://www.databreaches.net/attacked-by-vice-society-earlier-this-month-lewis-clark-finds-files-with-personal-information-have-now-been-leaked/; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-04-03,2024-03-01
2117,"A fire at Yambur gas pipeline (Elets-1) on March 29, 2023, allegedly caused by hackers from the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO)","A fire at Yambur gas pipeline (Elets-1) on March 29, 2023, was allegedly caused by hackers from the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO), according to Jeffrey Carr. While the fire is confirmed by other news reporting, the actual cause could not be verified to date. Gazprom stated that there had been a depressurisation of the Yamburg-Yelets 1 pipeline, followed by a fire, Tass reported (source: Reuters). Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter and is therefore only based on one source so far. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the twelth piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2023-03-29,2023-03-29,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,Gazprom (Yamburg-Yelets 1 pipeline),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,10173; 10173; 10173; 10173,2023-04-02 00:00:00; 2023-04-02 00:00:00; 2023-04-02 00:00:00; 2023-04-02 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycaruso.substack.com/p/another-gazprom-pipeline-explosion?utm_source=substack&utm_medium=email,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),5,Moderate - high political importance,5.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Armed conflict; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://jeffreycaruso.substack.com/p/another-gazprom-pipeline-explosion?utm_source=substack&utm_medium=email; https://www.reuters.com/world/europe/blast-hit-natural-gas-pipeline-northern-siberia-tass-agency-2023-03-29/,2023-04-03,2024-01-26
2116,Winter Vivern gained access to the email inboxes of unidentified European governments using a Zimbra vulnerability beginning in February 2023,"The Winter Vivern hacking group gained access to the email inboxes of unknown European governments using a known vulnerability in the Zimbra Collaboration (CVE-2022-27926) used to host public-facing webmail portals beginning in February 2023, according to IT security company Proofpoint. 
The technical report named US elected officials and staff as additional targets, without immediately confirming an actual compromise.
Proofpoint also concurred with a report published by SentinelOne in March 2023 characterising Winter Vivern as a hacking group that aligns with Russian and/or Belarusian geopolitical objectives. Proofpoint assesses the likely goal of this cyber operation was to gain access to the email inboxes of military, diplomatic, and governmental organisations across Europe active in support of Ukraine.",2023-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Europe (region),,State institutions / political system,Government / ministries,WinterVivern,Russia; Belarus,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16014; 16014,2023-03-30 00:00:00; 2023-03-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Proofpoint; Proofpoint,,United States; United States,WinterVivern; WinterVivern,Russia; Belarus,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,Not available,,Exploit Public-Facing Application,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html; https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability; https://securityaffairs.com/144263/intelligence/winter-vivern-email-portals-nato.html; https://www.bleepingcomputer.com/news/security/cisa-warns-of-zimbra-bug-exploited-in-attacks-against-nato-countries/; https://securityaffairs.com/144416/hacking/known-exploited-vulnerabilities-catalog-zimbra.html; https://www.techrepublic.com/article/phishing-ta473-us-nato-officials/; https://securityaffairs.com/144578/breaking-news/security-affairs-newsletter-round-414-by-pierluigi-paganini.html; https://thehackernews.com/2023/05/operation-chattygoblin-hackers.html; https://www.proofpoint.com/us/blog/threat-insight/small-and-medium-business-APT-phishing-landscape-in-2023; https://www.bleepingcomputer.com/news/security/zimbra-urges-admins-to-manually-fix-zero-day-exploited-in-attacks/; https://www.bleepingcomputer.com/news/security/zimbra-patches-zero-day-vulnerability-exploited-in-xss-attacks/,2023-04-03,2024-01-09
2115,Ukrainian group Cyber Resistance aka the Ukrainian Cyber Alliance hacked into the Russian Ministry of Defence in order to obtain data from a Russian Colonel,"Ukrainian group Cyber Resistance aka the Ukrainian Cyber Alliance obtained data from a Russian Military Colonel in a hacking operation that also involved a fake photshoot with this wife. The group managed to contact Col. Artoshchenko`s wife and convinced her to participate in a ""patriotic photoshoot"", in which she was asked to wear his uniform. She further convinced 12 other military wives to participate. By doing so, they provided the Ukrainian hackers with enough information to locate their personal details, such as their current home, duty station etc. Afterwards, they hacked into the Russian Ministry of Defence website portal in order to obtain Col. Artoshchenko`s emails and details on his salary. The hackers also leaked private data of his wife, including near-nude photos, via InfoNapalm. ",2023-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,"Ministry of Defence (Russia) - Sergey Atroshchenko (Commander of the 960th Assault Aviation Regiment, Russia)",Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - State institutions / political system,Government / ministries - Military,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,Hacktivist(s),1,10167,2023-03-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,InformNapalm,Not available,Ukraine,Cyber Resistance / Ukrainian Cyber Alliance,Ukraine,Non-state-group,https://informnapalm.org/ua/zlam-75387-960-aviapolku/; https://www.hackread.com/ukrainian-hacktivists-russian-military-wives/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,8.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/ukrainian-hacktivists-russian-military-wives/; https://informnapalm.org/ua/zlam-75387-960-aviapolku/; https://www.databreaches.net/ukrainian-hackers-spend-25000-of-russian-funds-on-sex-toys/; https://www.justsecurity.org/86548/honey-im-hacked-ethical-questions-raised-by-ukrainian-cyber-deception-of-russian-military-wives/; https://www.corriere.it/esteri/diretta-live/24_marzo_04/ucraina-russia-news-guerra-1e5ea1da-d992-11ee-8821-7991a0cc0deb.shtml,2023-04-03,2023-05-25
2113,D#nut Leaks ransomware group stole and leaked sensitive data from US Montgomery General Hospital in March 2023," D#nut Leaks ransomware group claims to have stolen sensitive data from Montgomery General Hospital (MGH), West Virginia. The incident was reported by DataBreaches, which contacted the ransomware group and thereby received further information, such as that the attack happened already in early March 2023. After a back-and-forth-conversation between D#nut Leaks and MGH about the hackers demands, in which MGH tried to negotiate for more time and a reduced amount of ransom, D#nut lost patience and started dumping MGH data on March 31. According to DataBreaches, the dumped data included ""employee-related files with personnel and payroll information for former and current employees, such as Social Security numbers, pay rate, etc., patient files with medical histories, diagnoses, treatment plans, test results, and health insurance billing records with policy information, dates of services, CPT codes, and amounts charged.""",2023-03-01,2023-03-05,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Montgomery General Hospital (MGH),United States,NATO; NORTHAM,Critical infrastructure,Health,D#nut Leaks,Not available,Non-state-group,Criminal(s),1,12034,2023-03-31 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,D#nut Leaks,Not available,Not available,D#nut Leaks,Not available,Non-state-group,https://www.databreaches.net/employee-and-patient-files-from-montgomery-general-hospital-leaked-by-ransomware-group/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,Not available,,,,0,,,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/employee-and-patient-files-from-montgomery-general-hospital-leaked-by-ransomware-group/,2023-04-03,2023-08-02
2114,Unknown actors stole personal information from Canadian TMX Finance Corporate Services beginning in early December 2022,"Unknown actors stole personal information from Canadian TMX Finance Corporate Services beginning in early December 2022, the company itself confirmed in a notification letter dated 30 March 2023. 
According to the letter, the hackers stole personal information from TMX Finance's networks between 3 and 14 February 2023. This personal information includes names, dates of birth, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, social security numbers and/or financial account information, and other information such as phone numbers, addresses, and email addresses. The data breach affects up to nearly 5 million customers.",2022-12-01,2023-02-14,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,TMX Finance,United States,NATO; NORTHAM,Critical infrastructure,Finance,Not available,Not available,Not available,,1,9145,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.govinfosecurity.com/subprime-lender-titlemax-hit-hacking-incident-a-21592; https://www.bleepingcomputer.com/news/security/consumer-lender-tmx-discloses-data-breach-impacting-48-million-people/; https://s3.documentcloud.org/documents/23735720/tmx-finance-sample-copy-of-individual-notice-l01.pdf,2023-04-03,2023-08-14
2111,"In October 2022, a subcontractor of Centers for Medicare and Medicaid Services in US becomes the target of a ransomware attack","On 14 December 2022, Centers for Medicare and Medicaid Services (CMS) announced that its subcontractor Healthcare Management Solutions (HMS) was the target of a ransomware attack on 8 October 2022. In the process, CMS reported that following an investigation on 18 October, it believed with a high degree of confidence that personal information and protected health information of up to 254,000 Medicare beneficiaries had been compromised, including sensitive banking information. House Committee on Oversight and Accountability Chair James Comer and House Committee on Energy and Commerce Chair Cathy McMorris Rodgers requested documents and communications from CMS Administrator Chiquita Brooks-LaSure in a letter on 20 March 2023, as details were reported only with a two-month delay. Congress was not informed until 1 December 2022, according to Comer and Rodgers, although it is required to be notified within seven days of the discovery of a major cyber incident.",2022-10-08,2022-10-08,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,Healthcare Management Solutions (HMS),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,12085,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-03-20 00:00:00,State Actors: Legislative reactions,Parliamentary investigation committee,United States,James Comer (House Committee on Oversight and Accountability Chairman),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/warning-to-seniors-personal-data-of-254k-medicare-beneficiaries-at-risk-after-breach/; https://www.cms.gov/newsroom/press-releases/cms-responding-data-breach-subcontractor; https://fedscoop.com/cms-subcontractor-data-breach/; https://fedscoop.com/cms-subcontractor-breach-timeline/; https://d1dth6e84htgma.cloudfront.net/CMS_Data_Breach_Letter_FINAL_f1fb700429.pdf?updated_at=2023-03-20T15:21:59.023Z,2023-03-31,2023-08-03
2110,"In August 2022, the US city of Fremont County is attacked by an unknown threat actor with the BlackCat Ransomware","On 17 August 2022, the US city of Fremont County in Colorado discovered that it had been attacked by an unknown threat actor with the BlackCat Ransomware between 13 and 17 August 2022. In doing so, certain files and folders on the servers could no longer be accessed and the threat actor had unauthorised access to certain files. The Fremont County Sheriff's Office wrote on 19 September 2022 that the cyber incident resulted in the loss of access to several of the city's systems. Inmate accounting systems for the sheriff's office also could not be restored, resulting in the loss of all account information. By November 2022, the city's systems were 90 per cent restored.",2022-08-13,2023-08-17,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Fremont County,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,,,,1,; 9453,NaT; NaT,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,7.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,,,No response justified (missing state attribution & breach of international law),,https://fremontcountyco.state.co.us/information-updates; https://www.denverpost.com/2022/09/22/wheat-ridge-ransomware-fremont-county-cyber-attack/; https://www.cbsnews.com/colorado/news/ransomware-attacks-hit-wheat-ridge-fremont-counties-everything-was-impacted/; https://www.govtech.com/security/fremont-county-colo-in-recovery-phase-after-cyber-attack; https://www.govtech.com/security/fremont-county-colo-nears-full-capacity-after-cyber-attack; https://crimewatch.net/us/co/fremont/sheriff/180579/post/notice-regarding-inmate-accounts?fbclid=IwAR1ybBZcU-etZNtpxBt62ogOeDgxVp5lJP7Iu5Cw4XS0-5zX7RaNZSRZGkk,2023-03-31,2023-07-20
2109,US city of Wheat Ridge targeted by BlackCat ransomware in August 2022,"The US city of Wheat Ridge in Colorado was attacked by the BlackCat ransomware on 29 August 2022, demanding a US$5 million ransom in the cryptocurrency Monero, which the city refuses to pay. Wheat Ridge spokeswoman Amanda Harrison announced that Eastern European or Russian actors are suspected to be behind the attack. After the attack, the city shut down its phones and email servers to assess the damage, keeping city hall closed for more than a week. ",2022-08-29,2022-08-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,City of Wheat Ridge,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Eastern Europe; Russia,Not available,,1,10026; 10026,2023-09-22 00:00:00; 2023-09-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Media-based attribution,Amanda Harrison (Spokeswoman of Wheat Ridge); Amanda Harrison (Spokeswoman of Wheat Ridge),Not available; Not available,United States; United States,Not available; Not available,Eastern Europe; Russia,Not available; Not available,https://www.cbsnews.com/colorado/news/ransomware-attacks-hit-wheat-ridge-fremont-counties-everything-was-impacted/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.denverpost.com/2022/09/22/wheat-ridge-ransomware-fremont-county-cyber-attack/; https://www.databreaches.net/denver-suburb-wont-cough-up-millions-in-ransomware-attack-that-closed-city-hall/; https://www.cbsnews.com/colorado/news/ransomware-attacks-hit-wheat-ridge-fremont-counties-everything-was-impacted/,2023-03-31,2023-07-14
2108,North Korean state-sponsored hacking group LABYRINTH CHOLLIMA trojanized voice and video conferencing software 3CXDesktopApp in March 2023,"North Korean state-sponsored hacking group LABYRINTH CHOLLIMA, an alleged subgroup of Lazarus, trojanized the voice and video conferencing software 3CXDesktopApp starting on 8 March 2023 at the earlierst, US IT security firm CrowdStrike assessed in a 29 March technical report.
CrowdStrike's assessment was subsequently joined attribution statements from Symantec, Sophos, and Huntress with additional reports from SentinelOne, Palo Alto and CheckPoint Research publishing corroborating analysis of the incident without specifying any state links. SentinelOne named the cyber incident Smooth Operator. 
The suspected goal of the operation was to compromise customers using the 3CXDesktopApp in a supply chain attack. Infected 3CXDesktopApp installer and automated malicious updates contained the ability to deploy a backdoor that then sought to connect to the command-and-control (C2) servers used by the threat actors. In a following phase, an infostealer was installed to select customers of interest for follow-on exploitation. The 3CXDesktopApp is a globally used software with customers across various industries, including the automotive industry, food industry, manufacturing, managed service providers (MSP) and hospitality. Specific victims and details about the impact of the operation have not been disclosed as part of the public reports. 
The IT security community found that the hackers exploited a 10-year-old Windows vulnerability (CVE-2013-3900) to make it appear that legitimate software that had actually been tampered was still legitimate. The scary thing is that the fix for this that was provided at the time, which has to be set manually, is not available anymore if the operating system is upgraded to Windows 11.
The Russian IT security company Kaspersky then identified the backdoor Gopuram as the final payload of this cyber operation, in addition to the infostealing malware. For this reason, they attributed this cyber operation to the North Korean state-sponsored hacker group Lazarus with medium to high confidence. Furthermore, Kaspersky announced that less than ten machines were infected with that backdoor, indicating a high level of targeting. Brazil, Germany, Italy and France are said to be the most affected, as well as cryptocurrency companies in particular. In a security update by Mandiant from April 20, the company identified the prior compromise of Trading Technologies X_TRADER software as the initial access vector for the networks of 3CX, making this a case of a ""double supply-chain-attack"". 
On April 21, 2023, IT security firm Symantec added that one company each from the energy sector in Europe and the United States were affected by this cyber incident. In addition, two companies from the financial trading sector were also affected. ",2023-03-08,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - 3CX - Not available,Brazil; Not available; Germany; Italy; France; Europe (region); Not available; Not available; United States; United States,SOUTHAM -  - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU -  -  -  - NATO; NORTHAM - NATO; NORTHAM,Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown - Unknown - Unknown - Critical infrastructure - Unknown; Unknown - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, -  -  -  -  - Energy - ;  - Finance - ;  - Energy,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,5,12082; 12084; 12080; 12081; 12083,2023-04-03 00:00:00; 2023-03-29 00:00:00; 2023-03-30 00:00:00; 2023-03-29 00:00:00; 2023-03-30 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Kaspersky; CrowdStrike; Symantec; Sophos; Huntress,; ; ; ; ,Russia; United States; United States; United Kingdom; United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Not available; Not available; Not available; Not available","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Not available; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack; https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/; https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats; https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/,Unknown,Unknown,,Unknown,,5,2023-03-30 00:00:00; 2023-03-30 00:00:00; 2023-04-05 00:00:00; 2023-03-30 00:00:00; 2023-03-31 00:00:00,State Actors: Preventive measures; EU member states: Preventive measures; State Actors: Preventive measures; State Actors: Preventive measures; State Actors: Preventive measures,Awareness raising; Awareness raising; Awareness raising; Awareness raising; Awareness raising,United States; Germany; United Kingdom; Canada; Australia,Cybersecurity and Infrastructure Security Agency (CISA); Federal Office for Information Security (BSI); UK National Cyber Security Centre (NCSC); Government of Canada; Australian Cyber Security Centre (ACSC),No,,Supply Chain Compromise; Trusted Relationship,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/144224/hacking/3cx-supply-chain-attack.html; https://www.databreaches.net/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/; https://therecord.media/3cx-supply-chain-malware-attack; https://thehackernews.com/2023/03/3cx-desktop-app-targeted-in-supply.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack; https://cyberscoop.com/3cx-hack-supply-chain-north-korea/; https://www.bleepingcomputer.com/news/security/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/; https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/; https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/; https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/; https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/; https://cyberscoop.com/3cx-supply-chain-attack/; https://www.darkreading.com/endpoint/automatic-officlal-updates-malicious-3cx-enterprises; https://nakedsecurity.sophos.com/2023/03/30/supply-chain-blunder-puts-3cx-telephone-app-users-at-risk/; https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/; https://www.3cx.com/blog/news/desktopapp-security-alert/; https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats; https://blog.checkpoint.com/2023/03/29/3cxdesktop-app-trojanizes-in-a-supply-chain-attack-check-point-customers-remain-protected/; https://www.cybereason.com/blog/cybereason-detects-and-prevents-3cxdesktopapp-supply-chain-attack; https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/; https://therecord.media/3cx-attack-north-korea-lazarus-group; https://www.databreaches.net/3cx-knew-its-app-was-flagged-as-malicious-but-took-no-action-for-7-days/; https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html; https://www.darkreading.com/attacks-breaches/3cx-breach-cyberattackers-second-stage-backdoor; https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/; https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/; https://research.checkpoint.com/2023/3rd-april-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/cryptocurrency-companies-backdoored-in-3cx-supply-chain-attack/; https://www.wired.com/story/3cx-supply-chain-attack-north-korea-cryptocurrency-targets/; https://thehackernews.com/2023/04/cryptocurrency-companies-targeted-in.html; https://securityaffairs.com/144411/apt/3cx-supply-chain-attack-cryptocurrency.html; https://www.schneier.com/blog/archives/2023/04/north-korea-hacking-cryptocurrency-sites-with-3cx-exploit.html; https://nakedsecurity.sophos.com/2023/04/06/s3-ep129-when-spyware-arrives-from-someone-you-trust/; https://securityaffairs.com/144578/breaking-news/security-affairs-newsletter-round-414-by-pierluigi-paganini.html; https://thehackernews.com/2023/04/lazarus-sub-group-labyrinth-chollima.html; https://socradar.io/rise-of-malicious-packages-in-devops/; https://twitter.com/DarkReading/status/1649168283508293632; https://www.darkreading.com/attacks-breaches/3cx-supply-chain-attack-originated-from-breach-at-another-software-company; https://twitter.com/securityaffairs/status/1649162266346962944; https://securityaffairs.com/145073/apt/lazarus-apt-linux-malware-3cx-attack.html; https://twitter.com/SimonZerafa/status/1649138388446900225; https://twitter.com/Mandiant/status/1649100119776673811; https://twitter.com/snlyngaas/status/1649091318050865153; https://twitter.com/CISACyber/status/1649074071156453376; https://twitter.com/randomuserid/status/1649058170763878407; https://twitter.com/Dinosn/status/1649033791107747840; https://twitter.com/lilyhnewman/status/1649029758309605376; https://twitter.com/cyb3rops/status/1649027755009294336; https://twitter.com/TonyaJoRiley/status/1649023521215987712; https://twitter.com/KimZetter/status/1649021974776107009; https://cyberscoop.com/3cx-supply-chain-north-korea/; https://www.bleepingcomputer.com/news/security/3cx-hack-caused-by-trading-software-supply-chain-attack/; https://www.wired.com/story/3cx-supply-chain-attack-times-two/; https://thehackernews.com/2023/04/lazarus-group-adds-linux-malware-to.html; https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise; https://www.govinfosecurity.com/symantec-more-xtrader-supply-chain-attacks-uncovered-a-21734; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain; https://twitter.com/securityaffairs/status/1650216168316076034; https://twitter.com/securityaffairs/status/1649891601769017347; https://securityaffairs.com/145133/breaking-news/north-korea-apt-3cx-critical-infrastructure.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain; https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/; https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html; https://twitter.com/Cyber_O51NT/status/1649573092040282112; https://www.govinfosecurity.com/north-korean-apt-group-now-deploying-linux-malware-variant-a-21737; https://www.bleepingcomputer.com/news/security/critical-infrastructure-also-hit-by-supply-chain-attack-behind-3cx-breach/; https://cyberscoop.com/3cx-x_trader-supply-chain-north-korea/; https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html; https://twitter.com/cybersecboardrm/status/1649400220495626244; https://www.databreaches.net/3cx-breach-was-a-double-supply-chain-compromise/; https://twitter.com/Dinosn/status/1649391658859986948; https://twitter.com/unix_root/status/1649389267565830145; https://twitter.com/securityaffairs/status/1649336791122542592; https://www.darkreading.com/attacks-breaches/2-infrastructure-organizations-further-affected-3cx-breach; https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-april-2023-edition.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2023-threat-report; https://www.cybersecasia.net/news/apt-activities-from-china-n-korea-iran-and-russia; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-10-supply-chain-attacks/; https://www.darkreading.com/attacks-breaches/after-inception-attack-new-due-diligence-requirements-are-needed; https://securityaffairs.com/147677/security/3cx-data-exposed-third-party-to-blame.html; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/stepping-ahead-of-risk-trend-micro-2023-midyear-cybersecurity-threat-report; https://therecord.media/hong-kong-software-supply-chain-attack-carderbee-apt; https://cyberscoop.com/hacking-group-hong-kong-supply-chain-cyberattack/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply-chain-certificate-abuse; https://securityaffairs.com/149790/apt/carderbee-apt-supply-chain-attack.html; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-supply-chain-attacks/; https://socradar.io/chain-reactions-footprints-of-major-supply-chain-attacks/; https://www.mandiant.com/resources/blog/traditional-advice-modern-threats; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://www.bleepingcomputer.com/news/security/3cx-warns-customers-to-disable-sql-database-integrations/; https://www.infoworld.com/article/3712543/protecting-against-software-supply-chain-attacks.html; https://www.etnews.com/20240205000213; https://ascii.jp/elem/000/004/187/4187385/?topnew=3; https://therecord.media/north-korea-cryptocurrency-hacks-un-experts; https://cyberscoop.com/sisense-supply-chain-breach/,2023-03-31,2024-02-29
2104,Black Cat/AlphV ransomware group gained access to file systems of Indian Sun Pharmaceuticals and stole certain data,"The Black Cat/AlphV ransomware group gained access to certain file systems of Indian Sun Pharmaceuticals and stole internal company and personal data, the firm disclosed in incident notification letters on 2 and 26 March 2023. Communications from the fourth largest manufacturer of generic drugs did not immediately clarify whether data on compromised systems was also encrypted.
Black Cat/AlphV claimed responsibility for this ransomware attack on its own website on 24 March 2023. 
",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Sun Pharmaceuticals,India,ASIA; SASIA; SCO,Critical infrastructure,Health,BlackCat,Not available,Non-state-group,Criminal(s),1,16017,2023-03-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BlackCat,Not available,Not available,BlackCat,Not available,Non-state-group,https://therecord.media/sun-pharma-india-ransomware-attack,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/sun-pharma-india-ransomware-attack; https://www.bseindia.com/xml-data/corpfiling/AttachHis/ecd20c38-de31-428d-a943-f32ad46779d7.pdf; https://www.bseindia.com/xml-data/corpfiling/AttachHis/91ff7cd7-b616-435c-b978-595dbd9368cf.pdf; https://therecord.media/clinical-test-data-of-enzio-biochem-stolen; https://www.databreaches.net/why-ransomware-groups-are-targeting-indian-pharma-companies-and-the-healthcare-sector-clearmedi-allegedly-hacked/; https://therecord.media/clorox-production-issues-after-august-cyberattack; https://therecord.media/mgm-resorts-cyberattack-cost-millions; https://therecord.media/hcl-india-ransomware-attack,2023-03-30,2024-01-09
2105,Unknown actors breached computer network in Newton school district in Kansas on 28 March 2023,"Unknown actors breached a computer network part of the school district administration in Newton, Kansas, on 28 March 2023. 
Classes at the schools in the affected districted were cancelled in response to the incident for the following two days, 29 and 30 March 2023, to facilitate a technical investigation of the event. The school district did not provide further details on whether data was compromised or which kind of unauthorized activity was observed on the network concerned.",2023-03-28,2023-03-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Hijacking without Misuse,Newton High School,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,16016,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-03-29 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/ks-newton-schools-closed-after-network-security-breach/; https://www.kfdi.com/2023/03/29/newton-schools-closed-after-network-security-breach/,2023-03-30,2024-01-09
2107,Unknown hacker stole cryptocurrencies worth 197 million USD from Euler Finance,"On 13 March 2023, the UK cryptocurrency lending platform Euler Finance was attacked by an unknown hacker stealing assets worth 197 million USD. The platform subsequently offered a 1 million USD reward for information on the attacker. Chainanalysis reported that on 17 March 100 ETH of the funds stolen in the Euler hack were transferred to a wallet that had previously received funds stolen in the Axie Infinity Ronin Bridge hack traced to the North Korea-backed Lazarus group. It remained unclear whether the Euler hack bore any relation to Lazarus or whether the money transfer was an attempt at misdirection by another group. After a few days, a hacker under the pseudonym ""Jacob"" appeared to speak for the responsible group and proclaimed the intention to repay the money. As of 4 April, the entirety of the 197 million USD had been returned to the ETH protocol.",2023-03-13,2023-03-13,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking without Misuse,Euler Finance,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Finance,Jacob,Not available,Individual hacker(s),,1,16015,2023-03-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Jacob,Not available,Not available,Jacob,Not available,Individual hacker(s),https://etherscan.io/tx/0xf69c53b82273764989cdecf75b6daabb0c0bd30b4e659bca080948126c1f992c; https://etherscan.io/tx/0xf69c53b82273764989cdecf75b6daabb0c0bd30b4e659bca080948126c1f992c; https://www.coindesk.com/tech/2023/03/28/hacker-behind-200m-euler-attack-apologizes-returns-millions-in-ether-dai-to-protocol/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/hacker-returns-200-million-euler-finance/; https://www.bleepingcomputer.com/news/security/hackers-steal-197-million-in-crypto-in-euler-finance-attack/; https://therecord.media/cryptocurrency-heist-de-fi-euler; https://www.wired.com/story/amazon-ring-hacked-ransomware/; https://twitter.com/lorenzofb/status/1635294884772089856; https://twitter.com/eulerfinance/status/1635352413287636992?cxt=HHwWgICzyd-W-LEtAAAA; https://twitter.com/eulerfinance/status/1635218198042918918?cxt=HHwWjIDSibKSu7EtAAAA; https://twitter.com/eulerfinance/status/1635431726364147712?cxt=HHwWgIC2hbCfnLItAAAA; https://twitter.com/eulerfinance/status/1636126837423366145; https://medium.com/@omniscia.io/euler-finance-incident-post-mortem-1ce077c28454; https://twitter.com/Dinosn/status/1635368206927032322; https://twitter.com/LisaForteUK/status/1635352210640080896; https://etherscan.io/tx/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d; https://blog.chainalysis.com/reports/euler-finance-flash-loan-attack/?ref=hackread.com; https://etherscan.io/tx/0xf69c53b82273764989cdecf75b6daabb0c0bd30b4e659bca080948126c1f992c; https://etherscan.io/tx/0xf69c53b82273764989cdecf75b6daabb0c0bd30b4e659bca080948126c1f992c; https://www.coindesk.com/tech/2023/03/28/hacker-behind-200m-euler-attack-apologizes-returns-millions-in-ether-dai-to-protocol/; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023,2023-03-30,2024-01-09
2103,Sophisticated intruder accessed internal information of US telecommunications company Lumen Technologies,"A sophisticated intruder accessed internal information of US telecommunications company Lumen Technologies, the company disclosed on 27 March 2023 as part of investor notification obligations.
The company specified that only a relatively limited amount of data was exfiltrated. ",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Lumen Technologies,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,9284,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://securityaffairs.com/144113/hacking/lumen-suffered-ransomware-attack.html; https://d3ka4b6b7wffw2.cloudfront.net/0000018926/100217360736/4ea1c4d3-54b5-48e9-b56e-d4865d7a8948.pdf,2023-03-29,2023-04-17
2101,Lockbit ransomware group locked certain computer systems and stole personal information from Washington County Sheriff's Office (WCSO) networks on 21 February 2023,"The Lockbit ransomware group locked certain computer systems and stole personal information from the Washington County Sheriff's Office (WCSO) networks on 21 February 2023, Washington County News first reported on the same day. The ransomware group announced the ransomware attack on its website six days later. 
The ransomware attack locked down computer systems related to finance and jail management. Threats by the ransomware group to publish the stolen personal information revealed these also included home addresses, phone numbers, social security numbers, and other personal information of more than 500 employees.
On 21 February, the Washington County sheriff claimed the attackers operated from Russia. 
On 28 March 2023, eight days after the deadline for the ransom payment, Lockbit released the stolen data, which was said to be warrants and employee information. ",2023-02-21,2023-02-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Washington County Sheriff's Office (WCSO),United States,NATO; NORTHAM,State institutions / political system,Police,LockBit,Not available,Non-state-group,Criminal(s),2,9282; 9281,2023-02-27 00:00:00; 2023-02-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by receiver government / state entity,"Lockbit; Kevin Crews (Sheriff of Washington County Sheriff's Office, United States)",Not available; Not available,Not available; United States,LockBit; Not available,Not available; Russia,Non-state-group; Unknown - not attributed,https://washingtoncounty.news/2023/02/21/wcso-under-cyber-attack-tuesday/; https://www.redpacketsecurity.com/lockbit-3-0-ransomware-victim-wcso-us/; https://washingtoncounty.news/2023/03/02/wcso-nearly-recovered-from-cyber-attack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,=< 10 Mio,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/a-listing-on-a-government-victim-disappeared-from-lockbits-site-but-why/; https://www.newsbreak.com/washington-county-fl/2963890438373-hackers-threaten-to-release-washington-county-sheriff-s-office-personal-data; https://washingtoncounty.news/2023/02/21/wcso-under-cyber-attack-tuesday/; https://washingtoncounty.news/2023/03/02/wcso-nearly-recovered-from-cyber-attack/; https://www.redpacketsecurity.com/lockbit-3-0-ransomware-victim-wcso-us/; https://therecord.media/florida-sheriff-data-leak-lockbit-ransomware; https://www.databreaches.net/data-stolen-from-florida-sheriffs-office-leaked-by-lockbit-ransomware-group/; https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/,2023-03-29,2023-06-16
2102,Unknown actors deployed ransomware against the servers of US telecommunications company Lumen Technologies,"Unknown actors deployed ransomware against the servers of US telecommunications company Lumen Technologies, the company detailed in a filing to the Securities and Exchange Commission on 27 March 2023.  
The ransomware attack degraded hosting services for a small number of the company's customers.",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Lumen Technologies,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,9283,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://securityaffairs.com/144113/hacking/lumen-suffered-ransomware-attack.html; https://d3ka4b6b7wffw2.cloudfront.net/0000018926/100217360736/4ea1c4d3-54b5-48e9-b56e-d4865d7a8948.pdf,2023-03-29,2023-04-17
2100,Pro-Russian hacker group NoName057(16) disrupted the website of French National Assembly on 26 March 2023,"The pro-Russian hacker group NoName057(16) claimed to have disrupted the website of the French National Assembly on 26 March 2023. 
In the announcement of their actions on Telegram, the hackers purported to side with popular protests against the President Macron's pension reform adopted in the previous week and baselessly compared the French government's assistance to Ukraine with support to neo-Nazis.
The group also advanced similar claims for the website of the French Senate, without any immediate evidence of impaired access.",2023-03-26,2023-03-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,National Assembly (France),France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Legislative,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,9280,2023-03-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716eng/977; https://t.me/noname05716eng/982,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.politico.eu/article/french-national-assembly-website-russian-cyberattack-hack-kremlin-emmanuel-macron/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication; https://t.me/noname05716eng/977; https://t.me/noname05716eng/982; https://twitter.com/MargauxDuguet/status/1640350530009440257?s=20; https://www.justsecurity.org/87248/in-the-contest-between-democracy-and-autocracy-the-us-must-step-up-assistance-on-cybersecurity/,2023-03-28,2023-07-17
2095,Vice Society ransomware group compromised customer and employee information of Puerto Rico Aqueduct and Sewer Authority (PRASA),"The Vice Society ransomware gang compromised customer and employee information of the Puerto Rico Aqueduct and Sewer Authority (PRASA), the group announced on its website on 24 March.
The public agency, which manages Puerto Rico's water supply, said it enlisted the FBI and CISA for assistance.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",,2023-03-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Puerto Rico Aqueduct and Sewer Authority (PRASA),Puerto Rico,,State institutions / political system,Civil service / administration,Vice Society,Not available,Non-state-group,Criminal(s),2,16023; 16022,2023-03-24 00:00:00; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by receiver government / state entity,Vice Society; Puerto Rico Aqueduct and Sewer Authority (PRASA),Not available; Not available,Not available; Puerto Rico,Vice Society; Not available,Not available; Not available,Non-state-group; Non-state-group,https://therecord.media/fbi-investigating-cyberattack-on-puerto-rico,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,1,2023-03-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-33/; https://twitter.com/securityaffairs/status/1640071486626050056; https://therecord.media/fbi-investigating-cyberattack-on-puerto-rico; https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html; https://securityaffairs.com/144022/hacking/puerto-rico-aqueduct-and-sewer-authority-attack.html; https://twitter.com/InfoSecSherpa/status/1639395717000097794; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-32/; https://www.elvocero.com/gobierno/agencias/hackers-atacan-sistemas-digitales-de-la-autoridad-de-acueductos-y-alcantarillados/article_d9541fdc-c364-11ed-ba37-27850ebee205.html?utm_medium=social&utm_source=twitter&utm_campaign=user-share; https://therecord.media/paris-wastewater-agency-hit-cyberattack; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-03-27,2024-01-09
2096,Pakistani APT group SideCopy gained access to India's Defence Research and Development Organisation (DRDO),"The Pakistan-based APT group SideCopy gained access to India's Defence Research and Development Organisation (DRDO), according to a technical report by US IT security company Cyble. Subordinated to India's Ministry of Defence, DRDO is mandated to research and develop defence applications for the armed forces.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,Defence Research and Development Organisation (DRDO),India,ASIA; SASIA; SCO,State institutions / political system,Civil service / administration,SideCopy,Pakistan,Unknown - not attributed,,2,16021; 16020,2023-03-21 00:00:00; 2023-03-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,"Cyble Research and Intelligence Labs (CRIL); Yogesh Londhe (IT researcher, India)",,United States; India,SideCopy; SideCopy,Pakistan; Not available,Unknown - not attributed; Unknown - not attributed,https://blog.cyble.com/2023/03/21/notorious-sidecopy-apt-group-sets-sights-on-indias-drdo/,International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://blog.cyble.com/2023/03/21/notorious-sidecopy-apt-group-sets-sights-on-indias-drdo/; https://twitter.com/suyog41/status/1633822870601363457; https://twitter.com/cycatz2/status/1639077083103244291; https://thehackernews.com/2023/03/pakistan-origin-sidecopy-linked-to-new.html,2023-03-27,2024-01-09
2097,Earth Preta aka Mustang Panda attacked unknown targets since October 2022 using updated stealth tactics,"Trend Micro reports a new campaign by threat actor Earth Preta (also known as Mustang Panda) in March 2023, which has been using password-protected lure archives through spear phishing emails and Google Drive links since October 2022 to exfiltrate confidential data. This campaign used modified tactics, techniques, and procedures (TTP) to avoid detection.",2022-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Not available,,Not available,,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16019,2023-03-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,Japan,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en_us/research/23/c/earth-preta-updated-stealthy-strategies.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available; Cyber espionage,; Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/03/researchers-uncover-chinese-nation.html; https://twitter.com/switch_d/status/1639228505014558720; https://twitter.com/780thC/status/1639222023309148165; https://www.trendmicro.com/en_us/research/23/c/earth-preta-updated-stealthy-strategies.html; https://twitter.com/Dinosn/status/1639220060802674688; https://securityaffairs.com/144078/apt/earth-preta-infection-chain.html; https://thehackernews.com/2023/03/chinese-redgolf-group-targeting-windows.html; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/annual-trend-micro-email-threats-report; https://www.darkreading.com/vulnerabilities-threats/defending-against-attacks-on-vulnerable-iot-devices,2023-03-27,2024-01-09
2099,South Asian APT group Bitter gained access to networks in the Chinese nuclear energy industry,"The South Asian APT group Bitter gained access to networks in the Chinese nuclear energy industry for espionage purposes, according to Israeli IT security firm Intezer. 
The incident appears to be a continuation of a cyber campaign against the Chinese military as well as energy industries and other commercial targets that became public in 2021. ",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,China,ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure,Energy,BITTER,South Asia (region),Unknown - not attributed,,1,16018,2023-03-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Intezer Analyze,,Israel,BITTER,South Asia (region),Unknown - not attributed,https://www.intezer.com/blog/research/phishing-campaign-targets-nuclear-energy-industry/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyber_O51NT/status/1639432951263023105; https://www.intezer.com/blog/research/phishing-campaign-targets-nuclear-energy-industry/; https://www.antiy.cn/research/notice&report/research_report/20210705.html; https://www.bleepingcomputer.com/news/security/bitter-espionage-hackers-target-chinese-nuclear-energy-orgs/; https://twitter.com/Dinosn/status/1639281117336313856; https://securityaffairs.com/144144/apt/bitter-apt-china-nuclear-sector.html; https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html,2023-03-27,2024-01-09
2093,Unknown actors disrupted the website and WLAN network of Shoreline Community College in Washington beginning on 20 March 2023,"Unknown actors disrupted the website and WLAN network of Shoreline Community College in the state of Washington in a ransomware attack beginning on 20 March 2023, the college disclosed on its website. ",2023-03-20,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Shoreline Community College,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16024,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,1,2023-01-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/shoreline-college-website-hacked-officials-investigating/; https://www.seattletimes.com/education-lab/shoreline-college-website-hacked-officials-investigating/; https://support.shoreline.edu/TDClient/141/Portal/Home/,2023-03-24,2024-01-09
2092,Unknown actors disrupted the networks of the US city of Oak Ridge in Tennessee in March 2023 ,"Unknown actors disrupted the networks of the US city of Oak Ridge in Tennessee with ransomware in March 2023, the city announced via Twitter on 22 March 2023.",,2023-03-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Oak Ridge,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16025,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-03-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/oak-ridge-tennessee-ransomware-attack; https://twitter.com/cityofoakridge/status/1638618684892520448?cxt=HHwWgICxtePAxb0tAAAA; https://www.databreaches.net/oak-ridge-malware-attack-police-investigating-as-city-offices-remain-closed/; https://twitter.com/AlexMartin/status/1639207535541383169; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-24th-2023-clop-overload/; https://research.checkpoint.com/2023/27th-march-threat-intelligence-report/,2023-03-24,2024-01-09
2088,Chinese cyber espionage group executed initial phases of attacks against Middle Eastern telecom providers in 2023,"SentinelLabs and QGroup report initial phases of attacks against Middle Eastern telecommunication providers in 2023, focused on stealing credentials. Upon the successful theft of login information, the observed attackers paused their activities, indicating a multi-phase strategy that separates the use of backdoors and efforts to ensure persistence from the activities to obtain credentials and access. The reporting cybersecurity companies consider it highly likely that these attacks were carried out by a Chinese cyber espionage actor linked to Operation Soft Cell and conclude with moderate certainty that Gallium, one of the threat actors associated with Soft Cell, is involved in the attacks. On April 20, Symantec reported on a continuation of the attack, stating that two subsidiaries of the affected Middle Eastern telecommunication companies in Asia and Africa have been compromised for intelligence gathering purposes by the Chinese APT Othorene (aka Gallium), with potential links to APT41. ",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Middle East (region),,Critical infrastructure,Telecommunications,UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE,China,"Non-state actor, state-affiliation suggested",,1,16027; 16027; 16027; 16027,2023-03-23 00:00:00; 2023-03-23 00:00:00; 2023-03-23 00:00:00; 2023-03-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,SentinelOne; SentinelOne; QGroup; QGroup,; ; ; ,United States; Germany; United States; Germany,UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE; UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE; UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE; UNC 2814/Granite Typhoon fka GALLIUM/SOFTCELL/OTHORENE,China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International telecommunication law; Sovereignty,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/03/operation-soft-cell-chinese-hackers.html; https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/; https://cyberscoop.com/china-cyberespionage-middle-east-telecoms/; https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html; https://twitter.com/securityaffairs/status/1639736657397051393; https://twitter.com/securityaffairs/status/1639373360281931778; https://twitter.com/securityaffairs/status/1639373066898755588; https://securityaffairs.com/143928/apt/operation-soft-cell-china-telecom-providers.html; https://twitter.com/SentinelOne/status/1639285485972647936; https://twitter.com/SentinelOne/status/1639285744765206541; https://twitter.com/SentinelOne/status/1639307520404774912; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot,2023-03-24,2024-01-09
2089,Multiple threat actors infected mobile financial apps using the Android banking malware Nexus since June 2022,"Multiple threat actors infected mobile financial apps using the Android banking malware Nexus since June 2022, Italian IT security firm Cleafy reported on 21 March 2023. 
Following the promotion of the Nexus malware in several underground hacker forums in early January 2023, offering Nexus as a malware-as-a-service (MaaS) package for $3,000 per month, several unidentified threat actors are believed to have picked up the tool.
Nexus contains a list of 450 pre-set targets as well as the possibility to request custom targeting capabilities. These configurations have made it difficult to pinpoint specific targets beyond the general focus on account takeover attacks directed against mobile banking applications and cryptocurrency services. IT researcher 0xrb noted Nexus malware infections in Turkey on 9 March. 
In an indication of their operational base, Nexus developers have barred attacks against targets in Indonesia, Russia, and other countries of the Commonwealth of Independent States.",2022-06-01,Not available,Attack on critical infrastructure target(s),,"Incident disclosed by attacker; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,Not available - Not available,Turkey; Not available,ASIA; NATO; MEA - ,Critical infrastructure - Critical infrastructure,Finance - Finance,Not available,Not available,Not available,,1,16026,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Trusted Relationship,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,201-500,450.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/mobile/new-android-malware-targets-customers-of-450-financial-institutions-worldwide; https://www.cleafy.com/cleafy-labs/nexus-a-new-android-botnet; https://thehackernews.com/2023/03/nexus-new-rising-android-banking-trojan.html; https://securityaffairs.com/143910/malware/nexus-android-banking-trojan.html; https://twitter.com/0xrb/status/1633678981093523458; https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html; https://www.techrepublic.com/article/nexus-android-malware-finance-targets/,2023-03-24,2024-01-09
2087,North Korean state-sponsored hacking group Kimsuky stole emails from South Korean and German research institutes using Chromium-based web browser extensions and Google Play sync feature,"The North Korean state-sponsored hacking group Kimsuky stole emails from experts at South Korean and German research institutes studying the Korean conflict, the German Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service (NIS) announced in a first Joint Cyber Security Advisory. 
Observed attacks were conducted in a two-stage process. First, the hackers used phishing emails to trick their victims into installing malicious Chromium-based web browser extensions, which they used to steal login credentials and emails from compromised users' Google accounts. With the captured login details, the hackers accessed the associated accounts to directly install malicious apps on mobile devices. The Joint Advisory references two recently discovered cyber espionage campaigns, without disclosing additional details. The two agencies assessed the deployed tactics and techniques allow Kimsuky to extend the scope of this espionage activity to target think tanks focused on diplomacy and security globally. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state; Incident disclosed by authorities of victim state",Data theft; Hijacking with Misuse,Not available - Not available,"Germany; Korea, Republic of",EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; NEA,Science - Science, - ,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16028; 16028; 16028; 16028; 16028; 16028; 16028; 16028,2023-03-14 00:00:00; 2023-03-14 00:00:00; 2023-03-14 00:00:00; 2023-03-14 00:00:00; 2023-03-14 00:00:00; 2023-03-14 00:00:00; 2023-03-14 00:00:00; 2023-03-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,National Intelligence Service (NIS); National Intelligence Service (NIS); Federal Office for the Protection of the Constitution (BfV); Federal Office for the Protection of the Constitution (BfV); National Intelligence Service (NIS); National Intelligence Service (NIS); Federal Office for the Protection of the Constitution (BfV); Federal Office for the Protection of the Constitution (BfV),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,"Korea, Republic of; Germany; Korea, Republic of; Germany; Korea, Republic of; Germany; Korea, Republic of; Germany",Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.verfassungsschutz.de/SharedDocs/publikationen/EN/prevention/2023-03-20-joint-cyber-security-advisory.pdf?__blob=publicationFile&v=2,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Unknown,,1,2023-03-20 00:00:00,State Actors: Preventive measures,Awareness raising,Germany, German Bundesamt für Verfassungsschutz (BfV),No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty; Human rights,"Non-state actors; Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/north-korean-hackers-using-chrome-extensions-to-steal-gmail-emails/; https://www.bleepingcomputer.com/news/security/kimsuky-hackers-use-new-recon-tool-to-find-security-gaps/; https://www.verfassungsschutz.de/SharedDocs/publikationen/EN/prevention/2023-03-20-joint-cyber-security-advisory.pdf?__blob=publicationFile&v=2; https://thehackernews.com/2023/03/german-and-south-korean-agencies-warn.html; https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html; https://www.darkreading.com/attacks-breaches/malicious-chatgpt-extensions-add-to-google-chrome-woes; https://www.darkreading.com/threat-intelligence/north-korea-kimsuky-evolves-full-fledged-persistent-threat; https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html; https://www.bleepingcomputer.com/news/security/us-govt-sanctions-north-koreas-kimsuky-hacking-group/,2023-03-23,2024-01-09
2086,Independent Living Systems targeted in data breach affecting over four million people during June-July 2022,"Florida-based Independent Living Systems (ILS), a healthcare services provider, was targeted by unknown actors between 30 June and 5 July 2022, resulting in the theft of potentially sensitive personal data of over 4.2 million individuals, including names, addresses, dates of birth, health insurance information, social security numbers, billing information, and medical records containing details on diagnoses, treatments, prescriptions and other mental and physical health assessments. In its incident notification, ILS does not directly clarify whether the attack involved ransomware but notes the attack rendered certain computer systems inaccessible, a description that could fit a ransomware attack. ILS took action to remedy the impact of the attack and alerted authorities, which confirmed the scope of the breach. The breach was confirmed by ILS in September 2022 and affected customers were notified in March 2023. ",2022-06-30,2022-07-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Independent Living Systems (ILS) - Not available,United States; United States,NATO; NORTHAM - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, - Health,Not available,Not available,Unknown - not attributed,,1,17925,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://securityaffairs.com/143832/data-breach/independent-living-systems-data-breach.html; https://therecord.media/ils-data-breach-patient-information; https://www.cpomagazine.com/cyber-security/massive-data-breach-at-healthcare-provider-ils-compromises-millions-of-patients/; https://apps.web.maine.gov/online/aeviewer/ME/40/aacdb720-e082-4ef6-b7e6-f03280b2c4ec.shtml; https://www.prnewswire.com/news-releases/independent-living-systems-provides-notice-of-data-event-301771989.html; https://www.bleepingcomputer.com/news/security/healthcare-provider-ils-warns-42-million-people-of-data-breach/; https://www.databreaches.net/independent-living-systems-updates-its-breach-disclosure-notifying-more-than-4-2-million-patients/; https://www.govinfosecurity.com/long-term-care-services-firm-says-breach-affects-42-million-a-21448; https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html; https://therecord.media/clinical-test-data-of-enzio-biochem-stolen,2023-03-23,2024-03-13
2085,"New APT group Bad Magic used PowerMagic backdoor to gain access to organizations in Donesk, Lugansk and Crimea regions beginning in 2022","A previously unknown APT group, tracked by Kaspersky under the designation Bad Magic, gained access to agricultural, governmental, and transport organizations in the Ukrainian regions of Donetsk, Lugansk, and the Crimean Peninsula beginning on 28 April 2022 at the earliest, the Russian IT security firm discovered in October 2022 and reported in March 2023. Lures deployed in the campaign referenced pronouncements by representatives of the Russia-backed separatist Donetsk People's Republic in occupied parts of eastern Ukraine.
The hackers used the Powermagic backdoor to burrow into systems in the targeted organizations to deploy a versatile malware framework, Kaspersky named CommonMagic.
Malwarebytes published a technical report on May 10, 2023 on five detected cyber operations of Red Stinger, which is just the name given to Bad Magic by Malwarebytes. The cyber operation they named Cyber Operation 5 corresponds to the present cyber incident reported by Kaspersky. Malwarebytes noted that the aim of the hacking group was to monitor officers and individuals involved in the annexation referendums in Luhansk, Donetsk, Zaporizhzhia and Kherson in late September 2022. In its technical report, Malwarebytes listed five different targets, including workers in the Yasinovataya administration in Donetsk, the Donetsk People's Republic (DPR) administration in the port of Mariupol, an individual holding the advisory position in the Central Election Commission of the Russian Federation, a target related to the Ministry of Transport or its equivalent, and a library in Vinnitsya. ",2022-04-28,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Central Election Commission (CEC; Russia) - Yasinovataya - Mariupol - Not available,Russia; Ukraine; Ukraine; Ukraine,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system; Critical infrastructure; Critical infrastructure,Election infrastructure / related systems - Civil service / administration - Civil service / administration - Civil service / administration; Transportation; Food,Red Stinger / Bad Magic,Not available,Unknown - not attributed,,2,16029; 16030,2023-03-21 00:00:00; 2023-05-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Kaspersky; MalwareBytes,Kaspersky; MalwareBytes,Russia; United States,Red Stinger / Bad Magic; Red Stinger / Bad Magic,Not available; Not available,Unknown - not attributed; Unknown - not attributed,https://securelist.com/bad-magic-apt/109087/; https://admin.eurepoc.eu/articles?status=Inbound&needs_attention=false&search=&publish_end_date=2023-05-11T00%3A00%3A00%2B02%3A00&publish_start_date=2023-05-10T00%3A00%3A00%2B02%3A00&activePage=0,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,2.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/143816/apt/apt-uses-commonmagic-framework.html; https://thehackernews.com/2023/03/new-bad-magic-cyber-threat-disrupt.html; https://www.bleepingcomputer.com/news/security/hackers-use-new-powermagic-and-commonmagic-malware-to-steal-data/; https://securelist.com/bad-magic-apt/109087/; https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html; https://twitter.com/HackRead/status/1639991590310518784; https://www.hackread.com/backdoor-attack-russia-ukraine-phishing/; https://www.wired.com/story/red-stinger-russia-ukraine-apt/; https://twitter.com/WIRED/status/1656238163923197953; https://twitter.com/Arkbird_SOLG/status/1656321799343226881; https://twitter.com/Cyber_O51NT/status/1656313722015727618; https://twitter.com/WIRED/status/1656387266145599488; https://admin.eurepoc.eu/articles?status=Inbound&needs_attention=false&search=&publish_end_date=2023-05-11T00%3A00%3A00%2B02%3A00&publish_start_date=2023-05-10T00%3A00%3A00%2B02%3A00&activePage=0; https://thehackernews.com/2023/05/new-apt-group-red-stinger-targets.html; https://twitter.com/lukOlejnik/status/1656540400612417536; https://twitter.com/Arkbird_SOLG/status/1659910150306557953; https://www.darkreading.com/attacks-breaches/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine; https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html; https://twitter.com/e_kaspersky/status/1659523123111243776; https://securelist.com/cloudwizard-apt/109722/,2023-03-22,2024-04-18
2084,Unattributed actors deployed Qakbot malware via OneNote documents against finance companies and government organizations in several countries since at least November 2022,"Unattributed actors deployed Qakbot malware via OneNote documents against a variety of countries and organizations since at least November 2022, according to a technical report by IT security company Trellix. 
Infections have been detecetd in the United States, India, Turkey, and Thailand. Affected organizations are active in the banking and financial sector, including wealth management firms, Additional targets are government institutions and outsourcing companies.
Trellix did not publicly connect the reported activity to a specific threat actor. The technique leveraged against the targets observed by Trellix, which disguises the Qakbot banking trojan as OneNote files, had first been reported by cybersecurity company Sophos on 6 February 2023, which tied the activity to the threat cluster TA577. ",2022-11-20,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available,Turkey; United States; Thailand; India,ASIA; NATO; MEA - NATO; NORTHAM - ASIA; SEA - ASIA; SASIA; SCO,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Finance;  - Government / ministries; Finance;  - Government / ministries; Finance;  - Government / ministries; Finance; ,Not available,Not available,Not available,,1,16031,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,4.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/03/emotet-rises-again-evades-macro.html; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/qakbot-evolves-to-onenote-malware-distribution.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/; https://www.malwarebytes.com/blog/business/2023/05/tracking-down-a-trojan-an-inside-look-at-threat-hunting-in-a-corporate-network,2023-03-21,2024-01-09
2083,Play ransomware group hit Dutch maritime logistics company Royal Dirkzwager ,"The Play ransomware group stole personal and business-related information from the Dutch maritime logistics company Royal Dirkzwager, as disclosed by the hacking group on its website on 13 March. 
CEO of Royal Dirkzwager, Joan Blaas, announced that he had reported the cyber incident to the Dutch Data Protection Authority and was negotiating with the extortionists. Attackers had gained access to servers holding data on contracts and other confidential personal information.",2023-03-06,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,Royal Dirkzwager,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Transportation,PLAY,Not available,Non-state-group,Criminal(s),1,10024,2023-03-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,PLAY,Not available,Not available,PLAY,Not available,Non-state-group,https://twitter.com/AlvieriD/status/1635331945034047491,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,11.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/143714/cyber-crime/play-ransomware-royal-dirkzwager.html; https://twitter.com/AlvieriD/status/1635331945034047491; https://therecord.media/royal-dirkzwager-ransomware-attack-dutch-shipping; https://dirkzwager.com/nieuws/royal-dirkzwager-victim-of-cyber-attack/,2023-03-21,2023-11-14
2082,Greek authorities suspected of targeting Meta Manager with Predator Spyware in September 2021,"Artemis Seaford, a dual US-Greek Manager from Meta, who lived and worked partly in Greece from 2020 until 2022, was targeted with Predator spyware from September 2021 onwards for at least two months. According to the New York Times, Seaford saw her name on a leaked list of spyware targets in the Greek media and sent her phone to the Canada-based Citizen Lab. The Times obtained the report of the analysis which confirmed the infection of Seaford's phone with the surveillance tool. Seaford filed a lawsuit in Greece against anyone involved in the surveillance order. The forensic analysis conducted by Citizen Lab revealed an SMS containing a malicious link as the infection vector. Sent five hours after an initial SMS confirmation of a Covid vaccination Seaford had booked in September 2021, the text asked her to click on the link ostensibly to verify the request. Two anonymous sources with ""direct knowledge of the case"" stated that Seaford had been wiretapped by the Greek national intelligence service EYP in August 2021, a possible indication of how attackers discovered the opening to package the malicious SMS as an appointment confirmation request. ",2021-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,Artemis Seaford (Meta Manager),United States,NATO; NORTHAM,End user(s) / specially protected groups,,National Intelligence Service Greece (EYP),Greece,State,,1,12988; 12988; 12988; 12988,2023-03-20 00:00:00; 2023-03-20 00:00:00; 2023-03-20 00:00:00; 2023-03-20 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,The New York Times; The New York Times; Unnamed Greek officials; Unnamed Greek officials,Not available; Not available; Not available; Not available,United States; Greece; United States; Greece,National Intelligence Service Greece (EYP); National Intelligence Service Greece (EYP); National Intelligence Service Greece (EYP); National Intelligence Service Greece (EYP),Greece; Greece; Greece; Greece,State; State; State; State,https://www.nytimes.com/2023/03/20/world/europe/greece-spyware-hacking-meta.html,Unknown,Not available,,Not available,,1,2023-03-27 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),United States,The White House,Yes,multiple,Phishing,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Human rights,Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/google-predator-spyware-infected-android-devices-using-zero-days/; https://www.nytimes.com/2023/03/20/world/europe/greece-spyware-hacking-meta.html; https://thehackernews.com/2023/03/president-biden-signs-executive-order.html; https://thehackernews.com/2023/05/predator-android-spyware-researchers.html; https://thehackernews.com/2023/12/multi-million-dollar-predator-spyware.html; https://www.bleepingcomputer.com/news/security/us-announces-visa-ban-on-those-linked-to-commercial-spyware/; https://therecord.media/new-predator-spyware-infrastructure-identified,2023-03-21,2024-03-06
2080,Russian hacktivist group Phoenix compromised Indian health ministry's health management system in 2023,"The Russian hacktivist group Phoenix launched an attack against the Indian Health Ministry's health management information system (HMIS) in 2023, in which the group gained access to HMIS portal and stole hospital, employee, and physician data, the cybersecurity firm CloudSEK reported. The attack occured against the backdrop of a meeting of G20 finance ministers hosted by India in late February, during which several member states sought a condemnation of Russia over its invasion of Ukraine and questions about India's participation in a G7-brokered oil price cap agreement designed to set a price ceiling for Russian oil exports. India's Computer Emergency Response Team has been tasked with investigating the incident.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,Ministry of Health,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Phoenix,Russia,Non-state-group,Hacktivist(s),1,8901,2023-03-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Phoenix,Not available,Russia,Phoenix,Russia,Non-state-group,https://cloudsek.com/threatintelligence/russian-hacktivist-group-phoenix-targets-indias-health-ministry-website,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/website-intrusion-attempt-indias-department-of-health-seeks-help-from-chot-in/; https://cloudsek.com/threatintelligence/russian-hacktivist-group-phoenix-targets-indias-health-ministry-website; https://pipanews.com/website-intrusion-attempt-department-of-health-seeks-help-from-chot-in-pipa-news/,2023-03-20,2023-03-21
2079,"Spanish HLA Grupo Hospitalario hit by data breach leaking 45,000 patients' records","Spanish HLA Grupo Hospitalario, a healthcare company, was hit by a cyber attack on or around 14 March 2023, through a misconfigured web server, which allowed an intruder to steal the data of 45,000 patients and 1,600 doctors (including names, phone numbers, email addresses, and internal communications as well as the national and tax identifiacation numbers of affected healthcare professionals). Some of this data was subsequently leaked on 14 March 2023. The health insurance group Asisa, which owns the hospital network, acknowledged on the next day that it was looking into the reported incident.",2023-03-01,2023-03-14,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,HLA Grupo Hospitalario,Spain,EUROPE; NATO; EU(MS),Critical infrastructure,Health,Not available,Not available,Not available,,1,9278,2023-03-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Not available,Not available,Not available,Not available,Not available,Not available,https://cronicaglobal.elespanol.com/vida/asisa-alerta-seguridad-hla-grupo-hospitalario_783983_102.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-32/; https://euroweeklynews.com/2023/03/16/personal-data-of-50000-users-stolen-in-alleged-cyberattack-on-asisa-network-of-hla-grupo-hospitals-in-spain/; https://cronicaglobal.elespanol.com/vida/asisa-alerta-seguridad-hla-grupo-hospitalario_783983_102.html; https://almeriagold.com/personal-data-of-50000-users-stolen-in-alleged-cyberattack-on-asisa-network-of-hla-grupo-hospitals-in-spain/,2023-03-20,2023-05-25
2077,Medical Group Orlando Family Physicians affected by data breach in 2021,"Medical Group Orlando Family Physicians (OFP) was targeted through a phishing attack by unknown threat actors in April 2021, which enabled the theft of sensitive personal details of 447,426 patients (including health information, health insurance information, Medicare beneficiary numbers, and passport numbers). The attack compromised four employee email accounts, which were all terminated by OFP. Forensic evidence discovered during the investigation of the incident suggests the threat actor(s) intended to commit financial fraud against OFP and did not specifically pursue data on the affected individuals.
In March 2023, a class action lawsuit against Orlando Family Physicians was settled for an undisclosed sum.",2021-04-15,2021-04-15,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft,Orlando Family Physicians,United States,NATO; NORTHAM,Critical infrastructure,Health,,Not available,Unknown - not attributed,,1,17924,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Unknown - not attributed,https://www.businesswire.com/news/home/20210720006100/en/Orlando-Family-Physicians-Experiences-Email-Phishing-Incident,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Account Access Removal; Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/orlando-family-physicians-data-breach-class-action-settlement/; https://www.businesswire.com/news/home/20210720006100/en/Orlando-Family-Physicians-Experiences-Email-Phishing-Incident,2023-03-20,2024-03-13
2074,Russia-linked hacker group Winter Vivern carried out cyber espionage campaigns against government and private-sector targets in Europe and India beginning in 2021,"The Russia-linked hacker group Winter Vivern carried out cyber espionage campaigns against government and private targets in Europe and India beginning in 2021, according to a technical report by threat intelligence company SentinelOne.
SentinelOne researchers leveraged recent observations from the Polish Central Bureau for Combating Cybercrime (CBZC) and Ukraine's CERT, which tracks Winter Vivern as UAC-0114, to discover the activity.
In this cyber espionage operation, the hacking group targeted the governments of Lithuania, India, Slovakia, Poland, and the Vatican. Additional specific targets included a Ukrainian telecommunications company, the foreign ministries of Ukraine and Italy, as well as select individuals within the Indian government.
SentinelOne's report described Winter Vivern as an APT with close ties to the interests of the Belarusian and Russian governments. 
Later, Proofpoint reports that the threat actor used the Zimbra vulnerability CVE-2022-27926 to exploit webmail portals hosted by Zimba. This was intended to gain access to the European institutions' emails. ",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Ministry of Foreign Affairs and International Cooperation (Italy) - Not available - Not available - Not available - Ministry of Foreign Affairs (Ukraine) - Official Website of the I Want to Live Project - Not available - Not available,Lithuania; Italy; Slovakia; India; Holy See (Vatican City State); Ukraine; Ukraine; Ukraine; Poland,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); EASTEU - ASIA; SASIA; SCO - EUROPE - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; NATO; EU(MS); EASTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system,Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Telecommunications;  - Government / ministries,WinterVivern,Russia; Belarus,"Non-state actor, state-affiliation suggested",,1,10021; 10021,2023-03-16 00:00:00; 2023-03-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,SentinelOne; SentinelOne,,United States; United States,WinterVivern; WinterVivern,Russia; Belarus,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise; Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/winter-vivern-hackers-sentinelone-russia-ukraine; https://www.bleepingcomputer.com/news/security/winter-vivern-apt-hackers-use-fake-antivirus-scans-to-install-malware/; https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/; https://thehackernews.com/2023/03/winter-vivern-apt-group-targeting.html; https://www.darkreading.com/threat-intelligence/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation; https://www.bleepingcomputer.com/news/security/winter-vivern-hackers-exploit-zimbra-flaw-to-steal-nato-emails/; https://www.hackread.com/zimbra-email-platform-vulnerability-phishing-scam/; https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html; https://www.techrepublic.com/article/phishing-ta473-us-nato-officials/; https://www.bleepingcomputer.com/news/security/european-govt-email-servers-hacked-using-roundcube-zero-day/; https://www.techrepublic.com/article/winter-vivern-exploits-zero-day-roundcube-webmail/,2023-03-17,2023-11-22
2073,Vice Society suspected to have targeted Wymondham College in the UK with ransomware in March 2023,"Wymondham College, the UK's largest state boarding school, disclosed that it had been hit by a sophisticated cyber attack that may have involved ransomware. As of March 16, 2023, however, the school had not yet received a ransom demand. According to Jonathan Taylor, chief executive of the school's parent company, the cyberattack impacted access to files and resources across the school's IT system. The ransomware group Vice Society, which is responsible for a number of similar attacks on other schools, has been named as a possible suspect for the attack.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Wymondham College,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system; Education,Civil service / administration; ,Vice Society,Not available,Non-state-group,Criminal(s),1,15597,2023-03-16 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,MalwareBytes,Not available,United States,Vice Society,Not available,Non-state-group,https://www.malwarebytes.com/blog/news/2023/03/ransomware-attack-hits-another-school,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.malwarebytes.com/blog/news/2023/03/ransomware-attack-hits-another-school; https://therecord.media/wymondham-college-cyberattack-uk-boarding-school; https://www.malwarebytes.com/blog/news/2023/03/a-week-in-security-march-13-19; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/the-2023-state-of-ransomware-in-education-84-increase-in-known-attacks-over-6-month-period; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-03-17,2023-12-29
2076,Unknown actors compromised networks across various industry sectors and several countries using Trigona ransomware beginning in December 2022,"Unknown actors compromised the networks of at least 15 targets in various industry sectors across several countries using the relatively unknown Trigona ransomware beginning in December 2022, according to a technical reporty by Palo Alto Networks. 
The 15 targets are organisations in the manufacturing, finance, construction, agriculture, marketing, and high-tech industries with a presence in the US, Italy, France, Germany, Australia, and New Zealand. ",2022-12-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse; Ransomware,Not available - Not available - Not available - Not available - Not available - Not available,France; United States; New Zealand; Australia; Italy; Germany,EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - OC - OC - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Finance;  - Finance;  - Finance;  - Finance;  - Finance;  - Finance; ,Not available,Not available,Not available,,1,9275,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact; Inhibit System Recovery; Service Stop,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",11-50,0.0,,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://unit42.paloaltonetworks.com/trigona-ransomware-update/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2023-shifting-to-data-extortion/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-14th-2023-a-focus-on-stolen-data/; https://twitter.com/UK_Daniel_Card/status/1661684478459146245; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://research.checkpoint.com/2023/11th-september-threat-intelligence-report/; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-trigona,2023-03-17,2024-02-28
2075,"Cyberattack on Latitude Financial results in theft of 300,000 customer documents in March 2023","Latitude Financial, an Australian financial lending company, was hit in March 2023 by a cyberattack from unknown actors, which resulted in the theft of over 300,000 customer documents (103,000 identification documents and 225,000 customer records). The attack originated at a third-party vendor contracted by Latitude. While active on Latitude's networks, the intruder was able to obtain an employee's login credentials, further enabling access to two other service providers, from where the identification documents and customer records were stolen.",2023-03-01,2023-03-16,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Latitude Financial - Not available,Australia; Not available,OC - ,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Finance - ,Not available,Not available,Not available,,1,10105,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available; Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,9.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",501-10000,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/latitude-financial-hacked-as-300000-customer-identification-documents-stolen/; https://www.abc.net.au/news/2023-03-16/latitude-hack-300000-identity-documents-stolen/102104424; https://www.news.com.au/finance/business/other-industries/latitude-customers-already-having-their-accounts-hacked-day-after-company-announces-malicious-cyber-attack/news-story/331633f8555c9dd3cc9006498e30d0e7; https://investors.latitudefinancial.com.au/DownloadFile.axd?file=/Report/ComNews/20230316/02644401.pdf&tlga=1111382795.1679040612&adobe_mc=MCMID%3D05814445310871754421376757778548396901%7CMCORGID%3DB6D9B74F57B2FBE97F000101%2540AdobeOrg%7CTS%3D1679040624&_ga=2.261357710.202369688.1679040612-1111382795.1679040612; https://www.bleepingcomputer.com/news/security/latitude-cyberattack-leads-to-data-theft-at-two-service-providers/; https://www.databreaches.net/whats-happening-with-the-latitude-financial-cyber-attack-millions-of-customer-details-stolen-in-one-of-the-largest-known-data-breaches-in-australia/; https://www.govinfosecurity.com/latitude-financial-admits-14m-customer-details-breached-a-21543; https://www.hackread.com/latitude-financial-data-breach/; https://www.bleepingcomputer.com/news/security/latitude-financial-data-breach-now-impacts-14-million-customers/; https://securityaffairs.com/144137/data-breach/latitude-data-breach-14m-individuals.html; https://www.govinfosecurity.com/latitude-financial-attack-costs-company-up-to-au105-million-a-22184; https://www.brisbanetimes.com.au/business/banking-and-finance/latitude-shares-plunge-as-it-reveals-hit-from-cyberattack-20230526-p5dbic.html?ref=rss&utm_medium=rss&utm_source=rss_feed; https://therecord.media/ventia-hit-with-cyberattack-australia; https://thehackernews.com/2023/10/apis-unveiling-silent-killer-of-cyber.html; https://www.techrepublic.com/article/cybersecurity-trends-australia-2024/; https://www.techrepublic.com/article/tesserent-third-party-supply-chain-risk-australia/; https://therecord.media/hackers-breach-australian-court-hearing-database; https://therecord.media/australia-healthcare-saint-vincent-cyberattack; https://www.bleepingcomputer.com/news/security/eagers-automotive-halts-trading-in-response-to-cyberattack/,2023-03-17,2023-05-30
2069,Unnamed APT group exploited Progress Telerik vulnerability to infiltrate US government agency alongside other threat actors beginning in August 2022,"According to the US Cybersecurity and Infrastructure Security Agency (CISA), several threat actors, including one APT group, breached a federal civilian executive branch (FCEB) agency between November 2022 and January 2023. Attackers gained access via an unpatched Microsoft Internet Information Services (IIS) web server by exploiting a known critical vulnerability (CVE-2019-18935) in Progress Telerik's user interface (UI) software, which facilitates remote code execution.
Besides the unnamed APT group, CISA linked active exploitation to XE group, a criminal threat actor of suspected Vietnamese origin. No further details have been revealed about the additional threat actors or their motives. 
Based on CISA's assessment, the affected agency’s vulnerability scanner was equipped to detect CVE-2019-18935 but failed to alert about the vulnerability because the Telerik software was installed in a file path the scanner was not configured to read. No patch is currently available for older versions of Telerik UI for ASP.NET AJAX (builds before R1 2020), which remain vulnerable. In 2020, the NSA had listed the four-year-old vulnerability among the top 25 software flaws for which it tracked active abuse by Chinese state-sponsored hackers.",2022-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Threat Actor 1,Not available,Not available,,1,16062,2023-03-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA),Not available,United States,Threat Actor 1,Not available,Not available,https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a,Unknown,Unknown,,Unknown,,1,2023-03-15 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Cyber espionage; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/application-security/telerik-bug-exploited-steal-federal-agency-data-cisa-warns; https://www.govinfosecurity.com/cisa-alert-4-year-old-software-bug-exploited-at-us-agency-a-21446; https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a; https://thehackernews.com/2023/03/multiple-hacker-groups-exploit-3-year.html; https://cyberscoop.com/cisa-federal-civilian-agency-hacked/; https://www.databreaches.net/threat-actors-exploit-progress-telerik-vulnerability-in-u-s-government-iis-server/; https://securityaffairs.com/143557/hacking/progress-telerik-bug-attacks.html; https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html; https://www.darkreading.com/vulnerabilities-threats/the-problem-of-old-vulnerabilities-and-what-to-do-about-it,2023-03-16,2024-01-10
2070,Unknown actors gained access to the network of AllCare Plus Pharmacy in Massachusetts beginning in April 2022,"Unknown actors gained access to the network of AllCare Plus Pharmacy in Massachusetts between 14 April and 21 June 2022, according to a data breach notification to the Maine Attorney General from 13 March 2023.
The breach, affecting nearly 6,000 customers, gave hackers access to certain accounts containing patient names, addresses, dates of birth, social security numbers, financial information as well as details on prescriptions and treatments.
",2022-04-14,2022-06-21,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,AllCare Plus Pharmacy,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,16058,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/allcare-plus-pharmacy-notifies-5971-patients-of-phishing-incident-last-year/; https://apps.web.maine.gov/online/aeviewer/ME/40/afad8db8-f984-4f0a-b933-5015ef9d7dea.shtml,2023-03-16,2024-01-10
2071,Criminal threat actor XE Group exploited Progress Telerik vulnerability to infiltrate a US government agency alongside other threat actors beginning in August 2021,"According to the US Cybersecurity and Infrastructure Security Agency (CISA), several groups, including the criminal threat actor XE Group, breached a federal civilian executive branch (FCEB) agency between November 2022 and January 2023. Attackers gained access via an unpatched Microsoft Internet Information Services (IIS) web server by exploiting a known critical vulnerability (CVE-2019-18935) in Progress Telerik's user interface (UI) software, which facilitates remote code execution.
Besides XE Group, CISA linked active exploitation to an unnamed APT. In a report from 7 December 2021, Volexity identified XE Group as a collective of cybercriminals originating from Vietnam. No further details have been revealed about the additional threat actors or their motives. 
Based on CISA's assessment, the affected agency’s vulnerability scanner was equipped to detect CVE-2019-18935 but failed to alert about the vulnerability because the Telerik software was installed in a file path the scanner was not configured to read. No patch is currently available for older versions of Telerik UI for ASP.NET AJAX (builds before R1 2020), which remain vulnerable. In 2020, the NSA had listed the four-year-old vulnerability among the top 25 software flaws for which it tracked active abuse by Chinese state-sponsored hackers.",2021-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,XE Group,Vietnam,Non-state-group,Criminal(s),1,16032,2023-03-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA),Not available,United States,XE Group,Vietnam,Non-state-group,https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a; https://www.volexity.com/blog/2021/12/07/xe-group-exposed-8-years-of-hacking-card-skimming-for-profit/,Unknown,Unknown,,Unknown,,1,2023-03-15 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application,Not available,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/application-security/telerik-bug-exploited-steal-federal-agency-data-cisa-warns; https://cyberscoop.com/cisa-federal-civilian-agency-hacked/; https://www.govinfosecurity.com/cisa-alert-4-year-old-software-bug-exploited-at-us-agency-a-21446; https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a; https://www.volexity.com/blog/2021/12/07/xe-group-exposed-8-years-of-hacking-card-skimming-for-profit/; https://thehackernews.com/2023/03/multiple-hacker-groups-exploit-3-year.html; https://www.databreaches.net/threat-actors-exploit-progress-telerik-vulnerability-in-u-s-government-iis-server/; https://securityaffairs.com/143557/hacking/progress-telerik-bug-attacks.html; https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html; https://www.darkreading.com/vulnerabilities-threats/the-problem-of-old-vulnerabilities-and-what-to-do-about-it; https://thehackernews.com/2023/06/unmasking-xe-group-experts-reveal.html,2023-03-16,2024-01-09
2066,Russian state-sponsored hacking group APT28 gained access to the networks of various European targets using a zero-day vulnerability in Microsoft Outlook beginning in mid-April 2022,"The Russian state-sponsored hacking group APT28 gained access to the networks of at least 15 distinct European targets during mid-April to December 2022 using a zero-day vulnerability in Microsoft Outlook (CVE-2023-23397). The vulnerability was first reported by the Ukrainian CERT and subsequently disclosed in a technical report by Microsoft.
The hackers only had to send an email tailored to the vulnerability to escalate access privileges on the targeted system. Exploitation of the vulnerability is possible without a recipient having to open the actual message. 
The affected European targets are governments, military organizations, and entities active in the energy and transport sectors.
Microsoft's public technical report only referred generically to Russia-based hackers. Citing an unpublished account, Bleeping Computer reported that Microsoft had linked the activity to the threat actor APT28, a group that industry and government sources believe is operated by the Russian military intelligence agency GRU.",2022-04-15,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ","Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,Not available,Europe (region),,State institutions / political system; Critical infrastructure; State institutions / political system; Critical infrastructure,Government / ministries; Energy; Military; Transportation,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,16068,2023-03-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Microsoft,,United States,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-zero-day-used-by-russian-hackers-since-april-2022/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,Yes,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,15.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/143486/security/microsoft-patch-tuesday-march-2023.html; https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-zero-day-used-by-russian-hackers-since-april-2022/; https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/; https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2023-patch-tuesday-fixes-2-zero-days-83-flaws/; https://www.govinfosecurity.com/microsoft-fixes-russia-exploited-zero-day-a-21449; https://krebsonsecurity.com/2023/03/microsoft-patch-tuesday-march-2023-edition/; https://www.defenseone.com/threats/2023/03/the-d-brief-march-15-2023/384012/; https://thehackernews.com/2023/03/microsoft-rolls-out-patches-for-80-new.html; https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/; https://www.darkreading.com/application-security/microsoft-outlook-vulnerability-2023-it-bug; https://securityaffairs.com/143798/apt/2022-zero-day-exploitation.html; https://securityaffairs.com/144040/apt/detecting-cve-2023-23397-attacks.html; https://thehackernews.com/2023/03/microsoft-warns-of-stealthy-outlook.html; https://www.bleepingcomputer.com/news/security/microsoft-shares-tips-on-detecting-outlook-zero-day-exploitation/; https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-bypass-for-recently-fixed-outlook-zero-click-bug/; https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/; https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html; https://securityaffairs.com/153131/apt/france-anssi-apt28.html; https://therecord.media/unpatched-microsoft-outlook-email-attacks-fancy-bear; https://www.bleepingcomputer.com/news/microsoft/russian-hackers-exploiting-outlook-bug-to-hijack-exchange-accounts/; https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/; https://www.hackread.com/microsoft-outlook-vulnerability-russia-forest-blizzard/; https://www.bleepingcomputer.com/news/security/russian-military-hackers-target-nato-fast-reaction-corps/; https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/; https://securityaffairs.com/155564/breaking-news/security-affairs-newsletter-round-449-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/worst-hacks-2023/; https://www.01net.com/actualites/hackers-russes-pirate-microsoft-mot-passe-epu-securise.html; https://securityaffairs.com/155420/apt/apt8-exploited-outlook-0day-target-nato.html,2023-03-15,2024-02-13
2067,YoroTrooper targeted European countries and organizations in several cyber espionage campaigns since June 2022,"A newly discovered hacking group named YoroTrooper has been targeting government and energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan, and other countries in the Commonwealth of Independent States (CIS) region, according to a report by Cisco Talos Intelligence Group from 14 March. The threat actor has also been observed compromising accounts of an unspecified EU healthcare agency and the World Intellectual Property Organization (WIPO). Talos further identified compromises at embassies of Azerbaijan, Turkmenistan, and European countries. YoroTrooper likely targets other organizations across Europe as well as Turkish government agencies. Information obtained during the breaches include credentials for multiple applications, browser histories, cookies, system information, and screenshots.",2022-06-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,UZBEKHYDROENERGO - Not available - Government of Belarus - Not available - Embassy of Turkmenistan - Not available - World Intellectual Property Organization (WIPO) - Embassy of Azerbaijan,Uzbekistan; EU (institutions); Belarus; Tajikistan; Not available; Azerbaijan; United Nations; Not available,ASIA; CENTAS; SCO -  - EUROPE; EASTEU; CSTO - ASIA; CENTAS; CSTO; SCO -  - ASIA; CENTAS -  - ,Critical infrastructure - International / supranational organization - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - International / supranational organization - State institutions / political system,"Energy -  - Government / ministries - Government / ministries - Other (e.g., embassies) - Government / ministries -  - Other (e.g., embassies)",YoroTrooper,Kazakhstan,Unknown - not attributed,,2,16066; 16065,2023-10-25 00:00:00; 2023-03-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Cisco Talos Intelligence; Cisco Talos Intelligence,Cisco Talos Intelligence; Cisco Talos ,United States; United States,YoroTrooper; YoroTrooper,Kazakhstan; Not available,Unknown - not attributed; Unknown - not attributed,https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/; https://blog.talosintelligence.com/attributing-yorotrooper/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Cyber espionage; Diplomatic / consular law; Due diligence; Sovereignty; Intellectual property law; International organizations,Non-state actors; ; ; ; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/yoro-trooper-threat-group-europe-healthcare-embassies; https://www.bleepingcomputer.com/news/security/yorotrooper-cyberspies-target-cis-energy-orgs-eu-embassies/; https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/; https://securityaffairs.com/143529/apt/yorotrooper-target-govt-energy-entities.html; https://thehackernews.com/2023/03/yorotrooper-stealing-credentials-and.html; https://www.databreaches.net/new-threat-group-hacked-eu-healthcare-agency-and-embassies-researchers-say/; https://therecord.media/kazakhstan-hackers-target-governments-commonwealth-of-independent-states-yorotrooper-cisco; https://blog.talosintelligence.com/attributing-yorotrooper/,2023-03-15,2024-01-10
2068,Chinese state-sponsored hacking group Tick gained access to an East Asian data loss prevention company and two associated customers beginning in March 2021,"The Chinese state-sponsored hacking group Tick gained access to an East Asian data loss prevention (DLP) software developer and two associated customers during the period of March 2021 to June 2022, the Slovakian IT security company ESET assessed with high confidence. 
The hacking group compromised the unidentified DLP company's internal update servers and from there gained access to the networks of an engineering and a manufacturing company, both customers of of the DLP firm. The hacking group likely pursued espionage objectives, as other customers of the DLP company include both governments and military entities. 
The threat actor used several pieces of malware, including the Netboy backdoor (also known as Invader), the Ghostdown downloader, the previously unknown ShadowPy downloader, and the custom backdoor ReVBShell.
This cyber operation appears to be related to threat activity disclosed in May 2022 by the South Korean cybersecurity company AhnLab, in which South Korean organisations and select individuals were targeted through the same ReVBShell backdoor.",2021-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Not available; Hijacking without Misuse,Not available - Not available - Not available,Eastern Asia (region); Eastern Asia (region); Eastern Asia (region), -  - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  - ,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16063,2023-03-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419)",China,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Supply Chain Compromise; Trusted Relationship,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/; https://asec.ahnlab.com/en/34010/; https://thehackernews.com/2023/03/tick-apt-targeted-high-value-customers.html,2023-03-15,2024-01-10
2065,Unknown advanced threat actor targeted multiple government and government-related targets using a FortiOS vulnerability,"Fortinet reports that a sudden system stop and subsequent startup failure of several FortiGate units belonging to a customer prompted an investigation of attacks aimed at a vulnerability in FortiOS (FG-IR-22-369 / CVE-2022-41328). Due to the complexity of the attack, the company is suspecting an advanced threat actor, without disclosing any further details. Exploitations of the vulnerability focus on governments and large organizations.",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Not available,,Unknown; State institutions / political system,; Government / ministries,Not available,Not available,Not available,,1,8774,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,,Exploit Public-Facing Application,Data Exfiltration; Firmware Corruption; System Shutdown/Reboot,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-used-as-zero-day-to-attack-govt-networks/; https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis; https://www.fortiguard.com/psirt/FG-IR-22-369; https://thehackernews.com/2023/03/fortinet-fortios-flaw-exploited-in.html; https://securityaffairs.com/143458/hacking/attacks-fortinet-fortios.html; https://www.darkreading.com/vulnerabilities-threats/cyberattackers-continue-assault-against-fortinet-devices; https://www.bleepingcomputer.com/news/security/fortinet-zero-day-attacks-linked-to-suspected-chinese-hackers/; https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem; https://www.govinfosecurity.com/chinese-hackers-targeting-security-network-appliances-a-21467; https://securityaffairs.com/143594/apt/china-fortinet-zero-day-attacks.html; https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html; https://thehackernews.com/2023/03/chinese-hackers-exploit-fortinet-zero.html; https://www.darkreading.com/attacks-breaches/attackers-probing-zero-day-vulns-edge-infrastructure; https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-rce-bug-may-have-been-exploited-in-attacks/,2023-03-14,2023-03-20
2064,Unknown hackers breached the Death Registry System of Hawaii in January 2023,"Unknown hackers breached the Electronic Death Registry System (EDRS) of Hawaii in January 2023. On 10 March, officials of Hawaii's Department of Health stated that the families of the affected should remain vigilant about potential misuse of the compromised data. Although death certificates were not accessed, the data contains sensitive personal information, such as names, social security numbers, and information on the cause of death. The attack was orchestrated through the use of a compromised account belonging to a medical certifier that had left their job in 2021. According to cybersecurity firm Mandiant, the account information was sold on the dark web. Although the attacker has not yet been publicly identified, the Hawaii Department of Health disclosed that two IP adresses from Kentucky, USA, and the Netherlands had been tied to suspicious access patterns of the system.",2023-01-20,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,Hawaii State Department of Health,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,,,,1,; 8775,NaT; NaT,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,,Unknown,Not available,,Not available,,1,2023-03-09 00:00:00,State Actors: Preventive measures,Awareness raising,United States,"Department of Health, State of Hawaii (USA)",No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/hawaii-death-records-system-data-breach-notification; https://health.hawaii.gov/news/newsroom/department-of-health-to-send-notifications-regarding-unauthorized-access-to-electronic-death-registry-system/; https://www.hawaiipublicradio.org/local-news/2023-03-10/cyberattack-on-states-electronic-death-registry-affected-about-3-400-records; https://twitter.com/InfoSecSherpa/status/1635356867101876224,2023-03-14,2023-03-21
2063,Cyber-espionage hacking group Dark Pink gained access to networks of Southeast Asian military targets and governments beginning in February 2023,"The cyber-espionage hacking group Dark Pink gained access to networks of Southeast Asian military targets and governments beginning on 1 February 2023, according to a technical report by IT security company EclecticIQ. Spearphishing lures for breaking into the networks were centered on ASEAN relations with European countries.
The report attributed this incident with a high degree of probability to the Dark Pink hacking group based on strong operational overlaps with activity that Group-IB had associated with Dark Pink in January. Building on these previously observed patterns, Dark Pink in the present case deployed an advanced version of the KamiKakaBot malware with improved  detection evasion features. EclecticIQ assessed with low confidence that Dark Pink is operated by a Chinese group. ",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Southeast Asia (region),,State institutions / political system; State institutions / political system,Government / ministries; Military,Dark Pink,China,Unknown - not attributed,,1,8776,2023-03-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,EclecticIQ,,Netherlands,Dark Pink,China,Unknown - not attributed,https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/03/kamikakabot-malware-used-in-latest-dark.html; https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries; https://www.govinfosecurity.com/dark-pink-apt-group-very-likely-back-in-action-a-21426; https://securityaffairs.com/143415/apt/dark-pink-apt-south-asia.html; https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html; https://twitter.com/securityaffairs/status/1635381821646200849; https://thehackernews.com/2023/05/dark-pink-apt-group-leverages.html; https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html,2023-03-14,2023-06-01
2060,Unknown actors disrupted the network of the US Bone & Joint Clinic in Wisconsin on 16 January 2023,"Unknown actors disrupted the network of the US Bone & Joint Clinic in Wisconsin on 16 January 2023, based on the notification letter sent by the clinic to the potentially affected individuals on 7 March 2023.
In the notification letters, the clinic reportedly wrote that personal and personal health information may have been involved, including names, dates of birth, social security numbers, home addresses, phone numbers, health insurance information, and diagnosis and treatment information. It remains unclear whether the incident in question was a ransomware attack. ",2023-01-16,2023-01-16,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,Bone & Joint,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,16069,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bone-joint-clinic-reports-network-disruption-caused-hipaa-breach-of-employee-and-patient-information/; https://www.darkreading.com/vulnerabilities-threats/how-safe-is-your-wearable-device,2023-03-13,2024-01-10
2055,"Unknown actors gained access to Florida Medical Clinic's network and stole over 94,000 files with patient data in January 2023","Unknown actors gained access to Florida Medical Clinic's network and stole 94,000 records with patient information some time before 9 January 2023, according to a data breach notification by the clinic. A small portion of files, an estimated 5%, included medical information, phone number, email address, date of birth, and address. In addition, the hackers obtained the social security numbers of 115 patients.
",2023-01-01,2023-01-09,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Florida Medical Clinic,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,10020,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/another-ransomware-attack-results-in-a-hipaa-breach-florida-medical-center/; https://www.floridamedicalclinic.com/press-release/,2023-03-13,2023-05-22
2053,Healthcare Clinic Santa Chiara in Switzerland hit by ransomware attack in February 2023,"Unknown actors targeted the Clinica Santa Chiara (Locarno, Switzerland) with ransomware during the week of 27 February 2023. The clinic did not pay the ransom and saw a significant portion of its data encrypted. The clinic responded by isolating IT systems to prevent any further damage, also clarifying that no health data had been compromised in the course of the attack. ",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,Clinica Santa Chiara,Switzerland,EUROPE; WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,8722,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Not available,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,No justification under IL,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/Dennis_Kipker/status/1634198361862488064; https://www.redhotcyber.com/post/attacco-informatico-alla-clinica-santa-chiara-di-locarno-i-dati-esfiltrati-non-contengono-dati-sanitari/; https://www.inside-it.ch/tessiner-privatklinik-opfer-eines-cyberangriffs-20230308,2023-03-13,2023-03-27
2056,Vice Society ransomware group attacked Berkeley County School System in February 2023,"The Vice Society ransomware group attacked the Berkeley County School System in West Virginia (USA), on 3 February 2023. Classes had to be suspended for one day to address the incident. Following Berkeley County Schools' refusal to pay the ransom, Vice Society leaked internal data, including employee social security numbers, on 10 March 2023, as reported by DataBreaches.
Published files also included details about behavior intervention plans and functional behavior assessments for certain students that may reveal sensitive information about students, such as diagnoses, medications, or home issues.
In an analysis from August 8, Checkpoint Research suspects a connection between the ransomware groups Vice Society and Rhysida. Checkpoint Research points to the close temporal relationship between the disappearance of Vice Society and the emergence of Rhysida in May 2023, technical similarities between the threat actors and similarities in the areas in which they are active, namely education and health.",2023-02-03,2023-03-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Berkeley County Schools,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Vice Society,Not available,Non-state-group,Criminal(s),1,15598,2023-03-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Vice Society,Not available,Not available,Vice Society,Not available,Non-state-group,https://www.databreaches.net/highly-sensitive-files-from-berkeley-county-schools-dumped-by-ransomware-gang/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/highly-sensitive-files-from-berkeley-county-schools-dumped-by-ransomware-gang/; https://www.databreaches.net/highly-sensitive-files-from-berkeley-county-schools-dumped-by-ransomware-gang/; https://www.berkeleycountyschools.org/cms/lib/WV01000962/Centricity/Domain/1/BCS%20Notice%20of%20Data%20Breach.pdf; https://twitter.com/UK_Daniel_Card/status/1634604262029246464; https://therecord.media/minneapolis-public-schools-still-investigating-what-caused-encryption-event/; https://therecord.media/west-virginia-students-returning-to-class-after-days-long-outage-following-cyberattack/; https://www.smore.com/8qzg2; https://twitter.com/BerkCoSchoolsWV/status/1621526301378240521?ref%5Fsrc=twsrc%5Etfw; https://www.smore.com/5r4gd?utm%5Fsource=twitter&utm%5Fmedium=social&utm%5Fcontent=ap%5Fqs69x4ndda; https://www.smore.com/x7whs?utm%5Fsource=twitter&utm%5Fmedium=social&utm%5Fcontent=ap%5Ffz8zjo13nc; https://www.smore.com/1quse; https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/the-2023-state-of-ransomware-in-education-84-increase-in-known-attacks-over-6-month-period; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023; https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack; https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/,2023-03-13,2023-12-29
2057,Saint-Pierre Hospital in Brussels hit by cyberattack in March 2023,"Unknown attackers launched a cyberattack against the Saint-Pierre Hospital in Brussels on 11 March 2023. In line with the hospital's incident response plan, servers managing electronic patient files were shut down. For the first half of the day, the emergency room was closed and ambulances redirected, to allow staff to maintain operations, while the hospital was running on a paper-based system. The incident further limited access to patient files. By the end of the day, service of the telephone/information systems and the emergency room had been restored.
",2023-03-10,2023-03-11,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,CHU Saint-Pierre,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Health,Not available,Not available,Not available,,1,8716,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/ransomwaremap/status/1634639503259320321; https://www.lesoir.be/500384/article/2023-03-11/retour-la-normale-au-chu-saint-pierre-cible-dune-cyberattaque; https://therecord.media/idaho-hospital-diverting-ambulances-after-cyberattack; https://therecord.media/charleroi-belgium-cpas-cyberattack,2023-03-13,2023-06-01
2061,ZOLL Medical hit by hack-and-leak operation in January 2023,"ZOLL Medical, a healthcare firm, was targeted with a cyberattack from unknown actors on 28 January 2023, with private health information being leaked on or around 2 February 2023, according to DataBreaches. This leak contained data of more than one million patients, including social security numbers, date of birth, and adresses - but also affected personal health information, such as the use or consideration of use of a ZOLL-manufactured wearable defibrillator. ZOLL did not provide further information regarding the type of the attack or whether the company had received any ransom demands. A few weeks after the incident became public, at least seven class action lawsuits were filed against the company, alleging Zoll negligently failed to protect sensitive information of individuals.",2023-01-28,2023-02-02,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,ZOLL Medical,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,8981,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,1,2023-03-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Robert Smith,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/zoll-medical-notifying-1004443-patients-of-data-breach-hipaa/; https://www.govinfosecurity.com/heart-device-maker-says-hack-affected-1-million-patients-a-21425; https://www.govinfosecurity.com/device-maker-zoll-facing-7-lawsuits-in-wake-breach-a-21522; https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/zoll-lawsuit-by-robert-smith-3-15-23.pdf; https://therecord.media/clinical-test-data-of-enzio-biochem-stolen,2023-03-13,2023-03-31
2048,North Korean state-sponsored hacking group UNC2970 targeted US and European media and technology companies since at least June 2022,"The North Korea-linked APT UNC2970 has launched phishing-based espionage campaigns against US and European media and technology companies since at least mid-2022, based on observations by Mandiant from June 2022. Mandiant, with high confidence, identified UNC2970 as UNC577, an activity cluster commonly associated with the Lazarus Group. Also known as Temp.Hermit, UNC577 has been active since at least 2013 and is suspected of sharing malware and tools with other North Korean threat actors.
UNC2970 conducted its phishing campaign via fraudulent job offerings and has more recently utilised LinkedIn to approach victims. During one of the operations tracked by Mandiant targeting security researchers, UNC2970 deployed three new malware families (TOUCHMOVE, SIDESHOW, and TOUCHSHIFT).",2022-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Europe (region); United States, - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,;  - ; ,"TEMP.Hermit/ UNC577 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,8726; 8727,2023-03-09 00:00:00; 2022-11-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Mandiant; Mandiant,Mandiant; ,United States; United States,"TEMP.Hermit/ UNC577 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Lab 110); TEMP.Hermit/ UNC577 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970; https://www.mandiant.com/resources/blog/mapping-dprk-groups-to-government,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970; https://www.mandiant.com/resources/blog/lightshift-and-lightshow; https://www.mandiant.com/resources/blog/mapping-dprk-groups-to-government; https://twitter.com/cybereason/status/1634290029030789149; https://twitter.com/Dinosn/status/1634264331121467415; https://twitter.com/ImposeCost/status/1634030788512477184; https://cyberscoop.com/north-korea-hackers-linkedin-phishing/; https://thehackernews.com/2023/03/north-korean-unc2970-hackers-expands.html; https://twitter.com/obiwan666/status/1634480773813223424; https://twitter.com/jasonnurse/status/1634466599146082305; https://twitter.com/jaysonstreet/status/1634417033818537984; https://www.bleepingcomputer.com/news/security/security-researchers-targeted-with-new-malware-via-job-offers-on-linkedin/; https://twitter.com/randomuserid/status/1634588793842937858; https://www.darkreading.com/application-security/north-korean-hackers-targeting-security-researchers; https://www.govinfosecurity.com/north-korean-hackers-find-value-in-linkedin-a-21424; https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-growing-goldmine-your-linkedin-data-abused-for-cybercrime; https://www.businessinsider.com/housing-is-unaffordable-for-most-middle-income-buyers-2023-6; https://www.bleepingcomputer.com/news/security/google-state-hackers-attack-security-researchers-with-new-zero-day/,2023-03-10,2023-09-11
2051,Unknown actor gained access to unnamed marketing vendor of the North American telecommunications company AT&T and stole personal information of 9 million customers in January 2023,"An unknown actor gained access to an unnamed marketing vendor of the North American telecommunications company AT&T and stole related personal information of approximately 9 million customers in January 2023, AT&T notified its customers in an email that was made public. 
The information accessed is customer proprietary network information, which includes the first names, the wireless account numbers, the wireless phone numbers and email adresses. ",2023-01-01,Not available,Attack on critical infrastructure target(s),,"Incident disclosed by victim; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,AT&T,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,16070,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; International telecommunication law; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/; https://www.databreaches.net/att-notifying-some-wireless-customers-of-vendor-incident/; https://forums.att.com/conversations/att-mail-features/is-this-cpni-email-a-phishing-scam/64066deaac6ccc24bdf19e05; https://twitter.com/securityaffairs/status/1634279363247063040; https://securityaffairs.com/143303/data-breach/att-warns-data-breach.html; https://twitter.com/securityaffairs/status/1634124746467016704; https://twitter.com/Cyber_O51NT/status/1634399176825147395; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html,2023-03-10,2024-01-10
2050,BianLian ransomware group targeted city of Waynesboro stealing government information and police data in January 2023,"The BianLian ransomware group targeted the city of Waynesboro, Virginia (USA), stealing government and police data. The incident potentially matches with malicious activity the city administration was informed about in January 2023. In an online post, BianLian claimed to be in possession of more than 350GB of data including internal police files, such as investigation documentation and personal staff data. Public reporting did not immediately disclose whether attackers also succeeded in encrypting data on target systems. According to the city's manager, the cyberattack has been remediated and protective measures put in place to prevent future attacks.",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,"Waynesboro, Virginia",United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Civil service / administration; Police,BianLian Ransomware Group,Not available,Non-state-group,Criminal(s),1,8724,2023-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BianLian Ransomware Group,Not available,Not available,BianLian Ransomware Group,Not available,Non-state-group,https://twitter.com/BrettCallow/status/1632884957663354880,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available; Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/city-of-waynesboro-targeted-in-cyber-attack/; https://www.scmagazine.com/brief/ransomware/virginia-city-claimed-to-be-attacked-by-bianlian-ransomware; https://www.nbc29.com/2023/03/08/city-waynesboro-targeted-cyber-attack/; https://augustafreepress.com/news/ransomware-group-claims-it-has-infiltrated-waynesboro-city-government-files/; https://twitter.com/BrettCallow/status/1632884957663354880; https://www.databreaches.net/stopransomware-bianlian-ransomware-group/; https://www.bleepingcomputer.com/news/security/fbi-confirms-bianlian-ransomware-switch-to-extortion-only-attacks/,2023-03-10,2023-11-21
2047,Hacker group IntelBroker suspected to have stolen sensitive data from DC Health Link servers in early March 2023,"Unidentified hackers stole sensitive personal information from DC Health Link servers, an organisation that administers the health care plans of members of the US House of Representatives, their staff and families, in early March 2023. As reported by the DailyCaller on 8 March, the US House Chief Administrative Officer disclosed the incident in an email to House members. According to BleepingComputer, data was offered for sale on a hacker forum on 6 March by a user named IntelBroker, who claims it was stolen during a breach of the DC Health Benefit Exchange Authority that manages the DC Health Link health insurance marketplace. A sampling of the stolen files found that the dataset contained sensitive personal information on about 170,000 people, including names, birth dates, home addresses, Social Security numbers and health insurance details. Among them, according to current figures, more than two dozen current or former members of Congress are also said to have been affected.  This led to a congressional hearing. The FBI and the Capitol Police are still investigating the incident. Another hacker calling himself ""Denfur"" also claims that the attack was born out of Russian patriotism, but independent verification is still pending.

",2023-03-01,2023-03-07,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,DC Health Link,United States,NATO; NORTHAM,Critical infrastructure,Health,IntelBroker,Not available,Non-state-group,Hacktivist(s),1,16813,2023-03-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,IntelBroker,Not available,Not available,IntelBroker,Not available,Non-state-group,https://www.bleepingcomputer.com/news/security/fbi-investigates-data-breach-impacting-us-house-members-and-staff/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,2,2024-01-19 00:00:00; 2023-03-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States; United States,U.S. District Court for the Eastern District of Virginia; Federal Bureau of Investigation (FBI),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/fbi-investigates-data-breach-impacting-us-house-members-and-staff/; https://www.databreaches.net/scoop-razer-hacker-tells-databreaches-hes-making-no-attempt-to-extort-razer/; https://twitter.com/henryrodgersdc/status/1633575335869521921; https://www.hackread.com/dc-health-link-hackers-congress-members-details/; https://www.darkreading.com/application-security/us-lawmakers-cyberattacks-physical-harm-dc-health-link-breach; https://cyberscoop.com/dc-health-exchange-breach-congress-defense-official/; https://twitter.com/Dinosn/status/1634156211518992387; https://www.wired.com/story/catholic-priest-doxing-security-roundup/; https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/; https://cyberscoop.com/dc-health-data-posted-online/; https://krebsonsecurity.com/2023/03/feds-charge-ny-man-as-breachforums-boss-pompompurin/; https://www.bleepingcomputer.com/news/security/alleged-breachforums-owner-pompompurin-arrested-on-cybercrime-charges/; https://www.databreaches.net/was-there-a-rush-to-arrest-pompompurin-the-owner-of-breachforums-if-so-why/; https://www.bleepingcomputer.com/news/security/breached-hacking-forum-shuts-down-fears-its-not-safe-from-fbi/; https://www.databreaches.net/at-least-17-members-of-congress-had-sensitive-information-exposed-in-data-breach/; https://cyberscoop.com/dc-health-link-breach-russia-hacker-congress/; https://www.govinfosecurity.com/dc-health-link-facing-lawsuits-in-hack-affecting-congress-a-21496; https://www.databreaches.net/the-breachforums-case-the-hhs-oig-did-what-why/; https://www.wired.com/story/india-activist-manhunt-sikh-activist/; https://twitter.com/aselawaid/status/1639447799896088577; https://cyberscoop.com/breachforums-arrest-cybercrime-underground/; https://thehackernews.com/2023/05/why-things-you-dont-know-about-dark-web.html; https://www.bleepingcomputer.com/news/security/fbi-seizes-breachforums-after-arresting-its-owner-pompompurin-in-march/; https://www.bleepingcomputer.com/news/security/breachforums-database-and-private-chats-for-sale-in-hacker-data-breach/; https://www.hackread.com/breachforums-breached-pii-data-sold-online/; https://cyberscoop.com/washington-dc-board-elections-breach/; https://therecord.media/washington-dc-voter-roles-hackers; https://www.bleepingcomputer.com/news/security/general-electric-investigates-claims-of-cyber-attack-data-theft/; https://cyberscoop.com/jailed-breachforums-creator-admin-sentenced-to-20-years-of-supervised-release/; https://www.bleepingcomputer.com/news/security/hpe-investigates-new-breach-after-data-for-sale-on-hacking-forum/; https://www.govinfosecurity.com/us-state-department-investigating-hacking-claims-a-24769; https://therecord.media/state-department-investigating-reports-of-data-breach-contractor; https://www.bleepingcomputer.com/news/security/us-state-department-investigates-alleged-theft-of-government-data/,2023-03-09,2024-04-04
2045,Medusa ransomware group targeted Minneapolis Public Schools (MPS) in February 2023,"The Medusa ransomware group targeted Minneapolis Public Schools (MPS) in February 2023, according to an almost hour-long video from 7 March in which the group reveals stolen data, such as emails, student grades, building layouts, and payroll information. MPS reported on 1 March it had been able to restore systems and no ransom had been paid. 
Earlier in September 2023, it was also revealed that MPS had begun notifying more than 100,000 people that their personal data may have been exposed.",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Minneapolis Public Schools (MPS),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,12774,2023-03-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://twitter.com/chuksjonia/status/1633150165979725825,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/vxunderground/status/1633150837143883776; https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/; https://twitter.com/chuksjonia/status/1633150165979725825; https://www.databreaches.net/medusa-claims-responsibility-for-minneapolis-public-schools-encryption-event-provides-proof-of-how-much-data-they-accessed/; https://mpls.k12.mn.us/technology_incident_update.html; https://mpls.k12.mn.us/mps_systems_outage_update_and_monday_s_return_to_schools.html; https://mpls.k12.mn.us/mps_systems_outage_update.html; https://www.bleepingcomputer.com/news/security/ransomware-gang-posts-video-of-data-stolen-from-minneapolis-schools/; https://therecord.media/ransomware-minneapolis-public-schools-stolen-data; https://twitter.com/vxunderground/status/1633125378347728896; https://www.databreaches.net/minneapolis-public-schools-systems-restored-no-ransom-paid/; https://therecord.media/minneapolis-public-schools-still-investigating-what-caused-encryption-event/; https://tarnkappe.info/lesetipps/lesetipps-und-wann-klopfen-die-hacker-auch-bei-euch-an-die-tuer-265998.html; https://www.databreaches.net/minneapolis-public-schools-tap-dances-around-telling-parents-and-employees-what-really-happened/; https://twitter.com/ransomwaremap/status/1629415883318730752; https://twitter.com/chuksjonia/status/1633156655742431233; https://twitter.com/nicoleperlroth/status/1633871105701343233; https://www.darkreading.com/threat-intelligence/medusa-gang-video-minneapolis-school-district-ransomed-data; https://twitter.com/cybersecboardrm/status/1634235221687308289; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/; https://twitter.com/ImposeCost/status/1634595846422511618; https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/; https://www.databreaches.net/whats-new-in-ransomware-gang-pressure-tactics-not-as-much-as-you-might-think/; https://www.bleepingcomputer.com/news/security/medusa-ransomware-claims-attack-on-open-university-of-cyprus/; https://twitter.com/Dinosn/status/1651609462703276032; https://www.wired.com/story/minneapolis-public-schools-ransomware-attack/; https://twitter.com/ciaranmartinoxf/status/1654499822877933568; https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack; https://therecord.media/minneapolis-schools-say-data-breach-affected-100000; https://socradar.io/dark-web-profile-medusa-ransomware-medusalocker/; https://therecord.media/philippines-state-health-insurer-struggles-with-ransomware; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/; https://therecord.media/tarrant-county-texas-ransomware-attack-medusa,2023-03-08,2023-09-07
2038,Chinese state-sponsored hacking group Sharp Panda gained access to the networks of a Southeast Asian government using the Soul backdoor beginning in late 2022,"Sharp Panda, a Chinese state-sponsored hacking group, gained access to the networks of a Southeast Asian government using the Soul backdoor beginning in late 2022, according to a technical report by Israeli IT security company Check Point Research.
Early stages of the attack, Check Point found, correspond with activity against Southeast Asian governments identified as Sharp Panda and tied to China with medium to high confidence in 2021; CheckPoint researchers attributed this attack to Sharp Panda in 2022. Some of the organizations targeted with the previously unattributed Soul Framework also showed signs of compromise with APT10 and APT30 tools during the same timeframe. Considering tool sharing practices among Chinese groups, Check Point continues to track Sharp Panda as a separate cluster and suspects the actors behind the Soul Framework to be a Chinese-backed or possibly nation-state group. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Southeast Asia (region),,State institutions / political system,Government / ministries,Sharp Panda,China,"Non-state actor, state-affiliation suggested",,1,8779,2023-03-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,,Israel,Sharp Panda,China,"Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1633125321821286401; https://www.bleepingcomputer.com/news/security/new-malware-variant-has-radio-silence-mode-to-evade-detection/; https://www.hackread.com/sharp-panda-china-soulsearcher-malware/; https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/; https://twitter.com/780thC/status/1633077714352582657; https://twitter.com/Dinosn/status/1633070796636667906; https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html; https://securityaffairs.com/143187/apt/sharp-panda-targets-southeast-asia.html; https://twitter.com/securityaffairs/status/1633970924461465601; https://twitter.com/securityaffairs/status/1634310696409104385; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html,2023-03-08,2023-03-16
2044,US-based Northern Essex Community College was hit by cyber attack in early February 2023,"The US-based Northern Essex Community College was hit by cyber attack in early February 2023. According to a spokesperson, it is unclear if the unauthorized access the college detected around 1 March was part of a ransomware attack, but several systems were no longer working. The spokesperson further claimed that the college does ""not have evidence of any personal data being compromised"". The college suspended classes for two days in response to the incident. ",2023-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Northern Essex Community College (NECC),United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,8754,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/northern-essex-community-college-cyberattack; https://northernessex.cc/2023/03/necc-announcement-mar-5-2023/,2023-03-08,2023-03-31
2043,Website of German defence company Rheinmetall targeted by DDoS attack on 7 March 2022,"The website of the German defence company Rheinmetall was targeted by DDoS attack on 7 March 2022. Apart from a short unavailability of the website, no further impact has been recorded, according to Rheinmetall. German media sources relate this incident and other potential hacker activities against the company to its involvement in weapons delivery to Ukraine. ",2023-03-07,2023-03-07,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption,Rheinmetall,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Defence industry,Not available,Not available,Not available,,1,8755,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.sueddeutsche.de/wirtschaft/rheinmetall-cyberattacke-gegen-ruestungsunternehmen-1.5764561,2023-03-08,2023-05-16
2042,BianLian ransomware group targeted US-based Northeast Surgical Group in January 2022,"BianLian ransomware group targeted US-based Northeast Surgical Group (NESG) in January 2022. After BianLian added an unnamed medical group to their leak site, incident aggregator DataBreaches claimed to have identified it as NESG, though the company did not respond to repeated request for comment. Data from NESG surfaced on BreachForums in early February and BianLian's leak site. NESG addressed the diclosures affecting 15,300 patients on 6 March, in an incident notice on its website. Public reporting remains unclear about whether BianLian only stole and leaked the data or if the group also encrypted data on targeted systems. ",2023-01-08,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Northeast Surgical Group (NESG),United States,NATO; NORTHAM,Critical infrastructure,Health,BianLian Ransomware Group,Not available,Non-state-group,Criminal(s),1,8756,2023-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BianLian Ransomware Group,Not available,Not available,BianLian Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/northeast-surgical-group-notifies-15298-patients-of-a-hipaa-breach-but-doesnt-tell-them-their-information-has-been-dumped/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/northeast-surgical-group-notifies-15298-patients-of-a-hipaa-breach-but-doesnt-tell-them-their-information-has-been-dumped/; https://www.nesg.com/index.php/notice-of-cybersecurity-incident/; https://breached.vc/Thread-Nesk-Medical-organization-USA; https://www.databreaches.net/stopransomware-bianlian-ransomware-group/; https://www.bleepingcomputer.com/news/security/fbi-confirms-bianlian-ransomware-switch-to-extortion-only-attacks/; https://www.darkreading.com/dr-global/ncsc-why-cyber-extortion-attacks-no-longer-require-ransomware,2023-03-08,2023-05-19
2041,Qilin ransomware group targeted elderly care facility in the Netherlands on 17 February 2022,"The Qilin ransomware group targeted Attent Zorg en Behandeling, an elderly care facility in the Netherlands, on 17 February 2022, the affected organization announced on its website. The attacker stole passport information of physicians, nurses, and physiotherapists and later  published them online. According to the facility, a significant portion of the affected systems were restored within three days after the attack, allowing it to resume its telephone service and regain access to systems managing client dossiers, finances, and personnel. ",2022-02-17,2022-02-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Attent Zorg en Behandeling,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,Qilin Ransomware Group,Not available,Non-state-group,Criminal(s),1,8757,2023-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Qilin Ransomware Group,Not available,Not available,Qilin Ransomware Group,Not available,Non-state-group,https://www.security.nl/posting/788375/Ransomwaregroep+publiceert+paspoorten+artsen+Gelderse+oudereninstelling,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyberwarzonecom/status/1633201133819666435; https://cyberwarzone.com/qilin-ransomware-attack-elderly-care-facility-breached-and-confidential-data-leaked-online/; https://www.attentzorgenbehandeling.nl/nieuws/update-ongeautoriseerde-toegang-it-systemen; https://www.rtlnieuws.nl/nieuws/nederland/artikel/5370082/attent-zorg-behandeling-hack-ransomware-paspoorten-datalek; https://www.security.nl/posting/788375/Ransomwaregroep+publiceert+paspoorten+artsen+Gelderse+oudereninstelling; https://thehackernews.com/2023/05/inside-qilin-ransomware-affiliates-take.html,2023-03-08,2024-01-03
2040,Pakistani state-sponsored hacking group Transparent Tribe gained access to the Android mobile phones of 150 targeted people and stole information using the CapraRAT backdoor beginning in July 2022,"The Pakistani hacking group Transparent Tribe, also known as APT36, gained access to the Android mobile phones of 150 targeted people and stole information using the CapraRAT backdoor beginning in July 2022, according to Slovakian IT security company ESET. 
The victims are mainly Pakistani and Indian individuals with political and military connections. Further unspecified individuals, affected by the campaign, are based in Russia, Oman, and Egypt. 
The hacker group used a romance scam to get their targets to install the trojanized messaging apps MeetsApp and MeetUp and then spy on their targets. ",2022-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available,Egypt; Oman; Russia; Pakistan; India,MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA; GULFC - EUROPE; EASTEU; CSTO; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO,Unknown - Unknown - Unknown - Unknown; State institutions / political system - Unknown; State institutions / political system, -  -  - ; Military - ; Military,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,8773,2023-03-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested",https://twitter.com/ESETresearch/status/1633132257228517376; https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing; Trusted Relationship,Not available,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,150.0,1-10,5.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/ESETresearch/status/1633132257228517376; https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/; https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/; https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html; https://twitter.com/IT_SecGuru/status/1633120375985823745; https://www.govinfosecurity.com/transparent-tribe-spread-caprarat-via-fake-messaging-apps-a-21398; https://securitymea.com/2023/03/09/eset-reveals-cyberespionage-honey-trap-campaign-target-officials-in-india-pakistan-and-middle-east/; https://www.welivesecurity.com/videos/apt-hackers-honeytrap-ensnare-targets-week-security-tony-anscombe/; https://twitter.com/DavidAgranovich/status/1653898242390921221,2023-03-08,2023-07-12
2039,"Info stealer ""SYS01 stealer"" targeted critical government infrastructure employees via Facebook Business Accounts since November 2022 ","According to IT vendor Morphisec, the info stealer dubbed ""SYS01 stealer"" targeted critical government infrastructure employees via their Facebook Business Accounts since November 2022. This campaign was first detected in May 2022 but initially attributed to the Ducktailer Operation by ZScaler. The attackers successfully evaded discovery over a period of five months (November 2022 - March 2023). ",2022-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Not available,,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Not available,Not available,Not available,,1,8778,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/securityaffairs/status/1633235970995761153; https://securityaffairs.com/143162/cyber-crime/sys01-stealer-targets-critical-infrastructure.html; https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html; https://blog.morphisec.com/sys01stealer-facebook-info-stealer; https://twitter.com/securityaffairs/status/1633606917569347584; https://www.hackread.com/fake-facebook-profiles-google-ads-sys01-stealer/; https://twitter.com/securityaffairs/status/1633971358760681473; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html; https://www.techrepublic.com/article/sys01-stealer-targets-facebook-business-accounts-chromium-credentials/,2023-03-08,2023-03-16
2046,Pro-Russian hackers targeted website of Canadian TD Bank with DDoS attacks on 26 February 2023,"Pro-Russian hackers targeted the website of the Canadian TD Bank with DDoS attacks on 26 February 2023, according to a statement on Telegram. The website was not available for several hours on that day. Reporting on the incident, Journal de Montreal highlighted Canada's announcement from 24 February of a $32.5 million support package for Ukraine to help secure and stabilise the country as a potential motivation for the attack.",2023-02-26,2023-02-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,TD Bank,Canada,NATO; NORTHAM,Critical infrastructure,Finance,We are Russian Hackers Community,Not available,Non-state-group,Hacktivist(s),2,8730; 8729,2023-02-26 00:00:00; 2023-02-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,"Alexis Rapin (Cybersecurits researcher at RDandurand, Canada); We are Russian Hackers Community",; Not available,Canada; Not available,We are Russian Hackers Community; We are Russian Hackers Community,Not available; Not available,Non-state-group; Non-state-group,https://twitter.com/alexis_rapin/status/1629881585590755331?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1629881585590755331%7Ctwgr%5E1a66aac67bec116ee0ecf8ac677ff84f2a13d4b3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.journaldemontreal.com%2F2023%2F03%2F06%2Fcyberattaque-des-pirates-russes-auraient-attaque-la-banque-td; https://t.me/russianhackerscommunity/266,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyberknow20/status/1633059293430956034; https://t.me/russianhackerscommunity/266; https://twitter.com/alexis_rapin/status/1629881585590755331?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1629881585590755331%7Ctwgr%5E1a66aac67bec116ee0ecf8ac677ff84f2a13d4b3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.journaldemontreal.com%2F2023%2F03%2F06%2Fcyberattaque-des-pirates-russes-auraient-attaque-la-banque-td; https://twitter.com/UK_Daniel_Card/status/1629904352629469189,2023-03-08,2023-03-15
2036,Unknown actors gained access to vulnerable routers used by a municipal government and medium-sized businesses using HiatusRAT since at least June 2022,"Unknown actors gained access to vulnerable routers used by a municipal government and medium-sized businesses using HiatusRAT since at least June 2022, according to technical reports by Black Lotus Labs. 
The affected businesses are consulting firms, IT service providers, and pharmaceutical companies from Latin America, Europe, and North America. Out of more than 4,100 exposed connected routers, at least 100 showed signs of compromise with the possibility of data exfiltration. 
The vulnerable routers are DrayTek Vigor models 2960 and 3900.
In addition to the opportunistic collection of data, the infiltrations were designed to faciliate the creation of a proxy network to stage further attacks. ",2022-06-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available,South America; North America; North America, -  - ,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Civil service / administration; Health;  - Civil service / administration; Health;  - Civil service / administration; Health; ,Not available,Not available,Not available,,1,17923,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/UK_Daniel_Card/status/1632759937741750273; https://twitter.com/Cyber_O51NT/status/1632758899156856833; https://www.bleepingcomputer.com/news/security/new-malware-infects-business-routers-for-data-theft-surveillance/; https://thehackernews.com/2023/03/new-hiatusrat-malware-targets-business.html; http://news.lumen.com/2023-03-06-Black-Lotus-Labs-uncovers-another-new-malware-that-targets-compromised-routers; https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/; https://www.darkreading.com/threat-intelligence/hiatusrat-campaign-draytek-gear-cyber-espionage-proxy-control; https://twitter.com/Dinosn/status/1632969801759961088; https://twitter.com/cybersecboardrm/status/1633195187467063297; https://www.techrepublic.com/article/hiatus-malware-campaign-targets-routers/; https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2023-threat-report; https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html,2023-03-07,2024-03-13
2035,Pro-Russian hacker group NoName057(16) disrupted the websites of an Italian company and state institutions on 6 March 2023,"The pro-Russian hacker group NoName057(16) disrupted the websites of an Italian company and state institutions on 6 March 2023, as disclosed by the hackers themselves.
The affected targets include the Italian telecommunications company TIM, the Carabinieri, the Ministry of Labour and the High Council of the Judiciary. 
The group managed to cause short downtimes of a few minutes and delays for access to some of the sites. The High Council of the Judiciary had announced increased DDoS protections following an earlier wave of disruption attempts on 21 February that had knocked its website offline for several hours. ",2023-03-06,2023-03-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,High Council of the Judiciary - TIM - Ministry of Labour and Social Policies (Italy) - Carabinieri,Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system,Judiciary - Telecommunications - Government / ministries - Military,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,8781,2023-03-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),Not available,Russia,NoName057(16),Russia,Non-state-group,https://t.me/noname05716/2195; https://t.me/noname05716/2196; https://t.me/noname05716/2197; https://t.me/noname05716/2198,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.ilsole24ore.com/art/gli-hacker-filorussi-noname057-hanno-attaccato-la-seconda-volta-l-italia-AEZ8HxyC; https://t.me/noname05716/2195; https://t.me/noname05716/2196; https://t.me/noname05716/2197; https://t.me/noname05716/2198; https://socradar.io/dark-web-profile-noname05716/,2023-03-07,2023-03-16
2023,Unknown actors gained access to Denver Public Schools (DPS) network and stole information beginning on 13 December 2023,"Unknown actors gained access to the network of Denver Public Schools (DPS), the local administration of Colarado's laregest public school district, and stole information beginning on 13 December 2023, according to an incident notification shared by DPS.
The information stolen are names and social security numbers of current and former participants in DPS’s employer-sponsored health plan; employee fingerprints, if on file; bank account numbers or pay card numbers; student identification numbers; driver’s license numbers; passport numbers; and limited health plan enrollment information.",2022-12-13,2023-01-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Denver Public Schools (DPS),United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,Not available,Not available,Not available,,1,16076,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1632085297595834368; https://www.dpsk12.org/notice-of-security-incident/,2023-03-06,2024-01-10
2026,"IT systems and equipment of Rosarito city council, Mexico, illegally accessed in mid-February 2023","TV Azteca reported that the IT systems and devices of the city council in the Mexican city of Rosarito were illegally accessed on 17 February 2023. The hack of the Primo Tapia delegation system is suspected to have infected hundreds of servers with a virus, disrupting the delivery of government services. Users were also unable to make payments for several days. In the wake of the incident, the city government filed a complaint with the Attorney General's Office on 24 February over the hacking of Rosarito city government computer systems.",2023-02-17,2023-02-17,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Ayuntamiento de Rosarito,Mexico,,State institutions / political system,Civil service / administration,,,,,1,; 16075,NaT; NaT,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,; Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.tvaztecabajacalifornia.com/noticias/denuncian-hackeo-al-sistema-informatico-del-ayuntamiento-de-rosarito; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-30/,2023-03-06,2024-01-10
2025,Russian weapons manufacturing company Kalashnikov was targeted in a hack-and-leak operation by the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO),"The Russian Kalashnikov company was hacked by the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO), which exfiltrated terabytes of data, such as ""technical specification of their civilian and military weapons to all of their financial data including off-shore shell companies, bank accounts, and customers (both licit and illicit)"" (quote: Jeffrey Carr on March 15, 2022). Moreover, the leaked data are said to be shared with intelligence agencies from Western allies, such as the US and UK.
Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the third piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,Kalashnikov Group,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Defence industry,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,13569; 13569; 13569; 13569,2022-03-15 00:00:00; 2022-03-15 00:00:00; 2022-03-15 00:00:00; 2022-03-15 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycarr.substack.com/p/kalashnikov-concern-hacked-by-cyber,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,Not available,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://jeffreycarr.substack.com/p/kalashnikov-concern-hacked-by-cyber,2023-03-06,2023-10-11
2024,Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) hacked and stole data from Russia´s State Space Corporation (ROSCOSMOS),"The Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) hacked and accessed the network of Russia´s State Space Corporation (ROSCOSMOS) and obtained sensitive information. Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the second piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. (The ninth article of this kind from April 13 leaked further documents from this hack). He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,Space agency Roscosmos of Russia,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,"Other (e.g., embassies)",Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,13580; 13580; 13580; 13580,2022-03-22 00:00:00; 2022-03-22 00:00:00; 2022-03-22 00:00:00; 2022-03-22 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycarr.substack.com/p/ukraines-defense-intelligence-service,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,Not available,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://jeffreycarr.substack.com/p/ukraines-defense-intelligence-service; https://jeffreycarr.substack.com/p/inside-roscosmos-lunar-sphere-program,2023-03-06,2023-10-11
2019,"Unknown actors targeted Mexican banks with ATM malware ""FiXS"" in 2023","Unknown actors targeted Mexican banks with ATM malware ""FiXS"" in 2023, acording to IT company Metabase Q. During the attacks, which are directed against ATMs that supports CEN XFS, ATMs are instructed to dispense money 30 minutes after the last ATM reboot. According to Metbase Q, the attackers used the external keyboard for communication and Russian metadata was found in the code. 
",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking with Misuse,Not available,Mexico,,Critical infrastructure,Finance,Not available,Not available,Not available,,1,16079,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Dinosn/status/1632343700134064128; https://twitter.com/securityaffairs/status/1632116197780082690; https://twitter.com/securityaffairs/status/1632116197780082690; https://securityaffairs.com/143022/malware/fixs-atm-malware-mexican-banks.html; https://twitter.com/Dinosn/status/1632109649129353216; https://twitter.com/Dinosn/status/1632109649129353216; https://twitter.com/unix_root/status/1632030637178736643; https://twitter.com/unix_root/status/1632030637178736643; https://thehackernews.com/2023/03/new-fixs-atm-malware-targeting-mexican.html; https://www.metabaseq.com/fixs-atms-malware/; https://twitter.com/Dinosn/status/1632343700134064128,2023-03-06,2024-01-10
2022,"Mayor of the Polish city of Sopot, Jacek Karnowski, targeted by Pegasus spyware during 2018-2019 at alleged direction of Poland`s Central Anticorruption Bureau","Jacek Karnowski, the mayor of the Polish city of Sopot, was targeted with Pegasus spyware during 2018-2019, allegedly at the direction of Poland`s Central Anticorruption Bureau, the newspaper Gazeta Wyborcza reported at the beginning of March 2023. Karnowski was supporting the formation of joint opposition lists for the upcoming parliamentary elections at that time. According to information obtained by Gazeta Wyborcza, Poland`s Central Anticorruption Bureau (CBA) logged into Karnowski's phone at least ""a dozen times between November 2018 and March 2019"". No further details about the obtained data has been published so far. ",2018-11-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,Poland,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Civil service / administration,,Poland,State,,2,16077; 16078,2023-03-03 00:00:00; 2023-03-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Receiver attributes attacker,"Wyborcza; Jacek Karnowski (Mayor of Sopot, Poland)",Not available; Not available,Poland; Poland,,Poland; Poland,State; State,"https://wyborcza.pl/7,173236,29523984,polish-opposition-mayor-among-targets-of-pegasus-spyware-exclusive.html; https://www.reuters.com/world/europe/polish-mayor-targeted-by-pegasus-spyware-media-2023-03-03/",National power,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,,Drive-By Compromise,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights,Civic / political rights,Not available,1,2022-12-21 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Europe (region),European Commission,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"https://wyborcza.pl/7,173236,29523984,polish-opposition-mayor-among-targets-of-pegasus-spyware-exclusive.html; https://wyborcza.pl/7,173236,29523984,polish-opposition-mayor-among-targets-of-pegasus-spyware-exclusive.html; https://wyborcza.pl/7,173236,29523984,polish-opposition-mayor-among-targets-of-pegasus-spyware-exclusive.html; https://twitter.com/securityaffairs/status/1631773080199606273; https://twitter.com/securityaffairs/status/1631773080199606273; https://twitter.com/securityaffairs/status/1631773080199606273; https://securityaffairs.com/142991/intelligence/pegasus-spyware-spying-polish-mayor.html; https://www.reuters.com/world/europe/polish-mayor-targeted-by-pegasus-spyware-media-2023-03-03/; https://twitter.com/securityaffairs/status/1632698541268148226; https://netzpolitik.org/2023/pegasus-eu-kommission-prueft-klagen-gegen-mitgliedslaender/; https://netzpolitik.org/2023/pega-untersuchungsausschuss-mit-samthandschuhen-gegen-staatstrojaner/; https://securityaffairs.com/150642/security/known-exploited-vulnerabilities-catalog-apple-flaws.html; https://therecord.media/nso-group-spyware-company-ordered-code-whatsapp; https://netzpolitik.org/2024/klage-gegen-nso-group-staatstrojaner-firma-soll-quellcode-von-pegasus-uebergeben/",2023-03-06,2024-04-15
2020,Ransom House Group conducted a ransomware attack against the Hospital Clínic in Barcelona on 5 March 2023,"According to the Catalan Cybersecurity Agency, the ransomware group called Ransom House perpetrated a ransomware attack against the Hospital Clínic in Barcelona, Spain on 5 March 2023.
General secretary of the hospital chapter of the Spanish labour union CC OO, Àlex Duque, stated that many processes had to be switched over to manual or paper-based procedures. The attack affected operations at the hospital's laboratory and pharmacy. The hospital temporarily redirected ambulances and canceled thousand non-emergency surgeries and radiotherapy appointments. Also mentioned in the government's statement is that the cyber attack affected the emergency services of three medical centres linked to the Clínic de Barcelona, namely CAP Casanova, CAP Borrell and CAP Les Corts. Just under three weeks after the attack, the clinic acknowledged that the confidentiality of patient and employee data could be at risk.",2023-03-02,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Hospital Clinic de Barcelona,Spain,EUROPE; NATO; EU(MS),Critical infrastructure,Health,Ransom House,Not available,Not available,,1,11308,2022-03-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Cybersecurity Agency of Catalonia,Not available,Spain,Ransom House,Not available,Not available,https://apnews.com/article/barcelona-hospital-cyberattack-ransomware-37e0fee33798c56459e63866ca8b449f,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-03-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Spain,Mossos d'Esquadra (ESP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-05/el-hospital-clinic-de-barcelona-victima-de-un-ciberataque-que-afecta-a-las-urgencias-el-laboratorio-y-la-farmacia.html; https://govern.cat/salapremsa/notes-premsa/488242/comunicat; https://twitter.com/securityaffairs/status/1632878280985440257; https://securityaffairs.com/143121/cyber-crime/hospital-clinic-de-barcelona-ransomware.html; https://twitter.com/cybersecboardrm/status/1632839634026635264; https://twitter.com/ransomwaremap/status/1632822747343486977; https://twitter.com/DigitalPeaceNow/status/1632761704479088641; https://therecord.media/barcelona-hospital-ransomware-spain; https://apnews.com/article/barcelona-hospital-cyberattack-ransomware-37e0fee33798c56459e63866ca8b449f; https://www.databreaches.net/es-cyberattack-at-lhospital-clinic-has-affected-laboratory-pharmacy-and-emergency-services/; https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-05/el-hospital-clinic-de-barcelona-victima-de-un-ciberataque-que-afecta-a-las-urgencias-el-laboratorio-y-la-farmacia.html; https://twitter.com/Dinosn/status/1632969620226277379; https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-07/el-hospital-clinic-de-barcelona-48-horas-despues-del-ciberataque-hacemos-las-pruebas-y-lo-escribimos-en-papel.html; https://twitter.com/securityaffairs/status/1633210345396346888; https://www.bleepingcomputer.com/news/security/hospital-cl-nic-de-barcelona-severely-impacted-by-ransomware-attack/; https://twitter.com/dani_stoffers/status/1633056771051749376; https://twitter.com/securityaffairs/status/1633030644539195393; https://twitter.com/cahlberg/status/1632993055820197890; https://twitter.com/secIT_DE/status/1633177845391577089; https://twitter.com/securityaffairs/status/1632878280985440257; https://twitter.com/cybersecboardrm/status/1632839634026635264; https://twitter.com/ransomwaremap/status/1632822747343486977; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/; https://elpais.com/https:/elpais.com/tecnologia/2023-03-12/el-ciberataque-al-hospital-clinic-de-barcelona-desde-dentro-ha-sido-como-hacer-un-viaje-en-el-tiempo.html; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html; https://twitter.com/douglittlejr/status/1633467375050735616; https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-21/el-hospital-clinic-reconoce-ahora-que-el-ciberataque-podria-comprometer-la-confidencialidad-de-los-datos-de-pacientes-y-trabajadores.html; https://twitter.com/AlexMartin/status/1639241047816511501; https://www.databreaches.net/es-clinic-hackers-threaten-to-destroy-information-about-patients-with-infectious-diseases/; https://elpais.com/https:/elpais.com/espana/catalunya/2023-04-08/ciberataque-en-el-clinic-por-que-el-hospital-no-estaba-integrado-en-la-agencia-de-ciberseguridad-si-existia-un-plan-para-ello.html; https://www.darkreading.com/vulnerabilities-threats/how-safe-is-your-wearable-device; https://therecord.media/idaho-hospital-diverting-ambulances-after-cyberattack; https://therecord.media/spain-globalcaja-bank-confirms-ransomware-attack; https://www.abc.es/sociedad/hospital-clinic-jaque-sofisticado-ciberataque-viene-espana-20230306105405-nt.html; https://www.diepresse.com/6259996/hacker-legen-barcelona-wichtigstes-krankenhaus-lahm; https://elpais.com/https:/elpais.com/espana/catalunya/2023-07-04/los-ciberdelincuentes-que-atacaron-el-hospital-clinic-filtran-una-tercera-entrega-de-datos.html; https://www.abc.es/sociedad/chantaje-datos-terapias-ineditas-pacientes-patologias-infecciosas-20230707133405-nt.html; https://elpais.com/https:/elpais.com/espana/catalunya/2023-06-22/la-autoridad-de-proteccion-de-datos-estudia-si-sanciona-al-hospital-clinic-por-la-megafiltracion-de-datos-privados.html; https://elpais.com/https:/elpais.com/economia/negocios/2023-07-22/codigo-rojo-nos-han-hackeado-asi-son-los-ciberataques-empresariales.html; https://therecord.media/cyberattacks-on-governments-way-up; https://www.larazon.es/andalucia/malaga/enrique-rando-experto-ciberseguridad-estaremos-expuestos-gobiernos-hostiles-que-intenten-alterar-servicios-criticos_2024022965ddd7244129260001dc3b7e.html; https://www.consalud.es/autonomias/c-madrid/madrid-ciberseguridad-sistemas-informaticos-sanitarios_141344_102.html; https://www.infobae.com/espana/2024/03/24/los-hospitales-espanoles-tienen-una-cuenta-pendiente-con-la-ciberseguridad-los-datos-medicos-confidenciales-pueden-estar-en-peligro/; https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-06/el-ciberataque-que-sufre-el-hospital-clinic-de-barcelona-procede-del-extranjero.html,2023-03-06,2023-07-14
2028,Russia`s Joint Institute for Nuclear Research (JINR) was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO),"Russia`s Joint Institute for Nuclear Research (JINR) was targeted in hack-and-leak operation by the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO), which exfiltrated terabytes of data from all nine of the labs (source: Jeffrey Carr on March 25, 2022).  Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the fifth piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2022-01-01,2022-03-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,Russia`s Joint Institute for Nuclear Research (JINR),Russia,EUROPE; EASTEU; CSTO; SCO,Science,,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,8319; 8319; 8319; 8319,2022-03-25 00:00:00; 2022-03-25 00:00:00; 2022-03-25 00:00:00; 2022-03-25 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycarr.substack.com/p/russias-factory-of-superheavy-elements,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://jeffreycarr.substack.com/p/russias-factory-of-superheavy-elements,2023-03-06,2023-03-06
2027,Russian VTB bank targeted with a hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO),"Russian VTB bank was hacked by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO), which obtained data such as ""financial records, videoconference calls, schematic diagrams of the bank`s industrial control systems that control electricity, water, heat and drainage"" (quote: Jeffrey Carr on March 18, 2022). Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the fourth piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2022-01-01,2022-03-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,VTB,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Finance,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,8351; 8351,2022-03-18 00:00:00; 2022-03-18 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ,Not available; Not available,Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine,State; State,https://jeffreycarr.substack.com/p/vsb-bank-breached-by-gurmo-cyber,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://jeffreycarr.substack.com/p/vsb-bank-breached-by-gurmo-cyber,2023-03-06,2023-05-04
2017,German University of Applied Sciences Hamburg (HAW Hamburg) was attacked by Vice Society ransomware group in late December 2022,"The German University of Applied Sciences Hamburg (HAW Hamburg) was hit by a ransomware attack at the end of December 2022, the university announced on 3 January 2023. On its website, HAW describes the incident as follows: ""The hackers used decentralised IT systems to manually hack into HAW Hamburg's central IT and security systems via the network. In this way, they also obtained administration rights for the central storage systems and compromised the central data storage. With the administration rights, they then began to encrypt various virtualised platforms and delete stored backups"". On the first weekend of March, the notorious Vice Society ransomware group added the university to its leak site. In the months of September and October 2023, the university announced that various personal data concerning job applications, student participation in lectures and classes as well as grading of papers and certificates were published by the threat actor. On 1 November 2023, necessary mitigation procedures following the attack were concluded.",2022-12-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,"University of Applied Sciences Hamburg (HAW Hamburg, Germany)",Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Vice Society,Russia,Non-state-group,Criminal(s),1,18974,2023-03-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Vice Society,Not available,Not available,Vice Society,Russia,Non-state-group,https://therecord.media/germany-ransomware-haw-hamburg-vice-society,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,1,2023-01-17 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Hamburg,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1632484158713782272; https://therecord.media/germany-ransomware-haw-hamburg-vice-society; https://twitter.com/ransomwaremap/status/1632484158713782272; https://twitter.com/RecordedFuture/status/1632919061616107520; https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023; https://therecord.media/ransomware-attack-kaiserslautern-university-applied-sciences-germany; https://www.haw-hamburg.de/cyberangriff/; https://www.abendblatt.de/hamburg/article237383801/hackerangriff-haw-hamburg-HAW-offenbar-erpresst-landeskriminalamt-ermittelt.html,2023-03-06,2024-04-29
2029,Russian JSC BIFIT was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO),"Russian JSC BIFIT, a financial services company that enables remote banking, was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) (source: Jeffrey Carr on March 28, 2022). Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the sixth piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2022-01-01,2022-03-28,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,JSC BIFIT (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,8317; 8317; 8317; 8317,2022-03-28 00:00:00; 2022-03-28 00:00:00; 2022-03-28 00:00:00; 2022-03-28 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycarr.substack.com/p/jsc-bifit-breached-by-gurmo-hackers,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://jeffreycarr.substack.com/p/jsc-bifit-breached-by-gurmo-hackers,2023-03-06,2023-03-09
2030,"Russian oil depot in Belgorod allegedly target of offensive cyber-sabotage operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) at April 1, 2022","A Russian oil depot in Belgorod, which is owned by Rosneft, was the target of an offensive cyber-sabotage operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) at April 1, 2022, according to the newsletter by Jeffrey Carr on April 5, 2022. After Russian officials accused Ukraine to having attacked the site with helicopters, which was first not explicitly answered and then denied by Ukrainian officials, the article by Carr purports that the fire at the site at April 1 was actually the result of an offensive cyber attack by the Ukrainian GURMO. Whereas Carr stated that no people were injured, Belgorod Governor Vyacheslav Gladkov stated that two workers have been injured due to the incident. Noteworthy, this claimed ""first publicly known example of a computer network attack against an OT [operational technology] system resulting in a kinetic effect during wartime operations"" (quote by Jeffrey Carr) received almost no attention by other cyber security outlets or general media, apart from one CyberNews article. 
Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the seventh piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2022-04-01,2022-04-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,Rosneft,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,8503; 8503; 8503; 8503,2022-04-06 00:00:00; 2022-04-06 00:00:00; 2022-04-06 00:00:00; 2022-04-06 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycarr.substack.com/p/gurmo-hackers-go-kinetic-against,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,True,,,,,,0,,,Minor,3.0,Not available,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),International peace; Armed conflict; Sovereignty; International peace,Prohibition of intervention; ; ; Use of force,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://cybernews.com/cyber-war/ukrainian-hackers-attacked-gazprom-says-expert/; https://www.euronews.com/2022/04/01/russia-claims-ukrainian-helicopters-struck-a-fuel-depot-in-belgorod; https://jeffreycarr.substack.com/p/gurmo-hackers-go-kinetic-against; https://www.rferl.org/a/russia-belgorod-fuel-depot-fire-ukraine/31780891.html,2023-03-06,2024-03-01
2031,"Russian oil concern Gazprom was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine, as potential preparatory act for purported cyber sabotage operation on April 1, 2022","The Russian oil concern Gazprom was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO), as a potential act of preparation for a purported sabotage cyber operation on April 1, 2022. However, it cannot explicitly be confirmed that the data theft from Gazprom is actually linked to the alleged GURMO cyber sabotage operation against a Rosneft energy site in Belgorod on this day that caused a fire, as claimed by Jeffrey Carr on April 6, 2022.
 Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the eighth piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2022-01-01,2022-04-06,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,Gazprom,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Russia,State,,1,8502; 8502; 8502; 8502,2022-04-06 00:00:00; 2022-04-06 00:00:00; 2022-04-06 00:00:00; 2022-04-06 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Russia; Russia; Russia; Russia,State; State; State; State,https://jeffreycarr.substack.com/p/gazprom-loses-over-1tb-of-files-to,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,6.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://jeffreycarr.substack.com/p/gazprom-loses-over-1tb-of-files-to,2023-03-06,2023-03-09
2032,Russian systems integrator company SOFCOM was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO),"Russian systems integrator company SOFCOM (that works with  Russian government and corporate clients to assist them with their IT business requirements) was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO). The company was allegedly already breached after Russia seized Crimea in 2014. Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the tenth piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr (published on May 18, 2022). He further stated in the O`Reilly Media article that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2014-01-01,2022-05-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,SOFCOM (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,8501; 8501; 8501; 8501,2022-05-18 00:00:00; 2022-05-18 00:00:00; 2022-05-18 00:00:00; 2022-05-18 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycarr.substack.com/p/the-mysterious-background-of-geo,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://jeffreycarr.substack.com/p/the-mysterious-background-of-geo,2023-03-06,2023-04-03
2033,"Russia`s Rostelecom's Information and Communications Design Company ""PJSC Giprosvyaz"" was targeted in hack-and-leak operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) ","Russia`s Rostelecom's Information and Communications Design Company ""PJSC Giprosvyaz"" has been hacked by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) ""several years ago"" (source: Jeffrey Carr on June 8, 2022). Part of the obtained data was leaked via Carr`s newsletter in June 2022, which could give GURMO access to meetings held with the support of PJSC between Putin and other world leaders. 
Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the eleventh piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities.",2022-01-01,2022-06-08,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,PJSC Giprosvyaz,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Telecommunications,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,8500; 8500; 8500; 8500,2022-06-08 00:00:00; 2022-06-08 00:00:00; 2022-06-08 00:00:00; 2022-06-08 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author),Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://jeffreycarr.substack.com/p/rostelecoms-information-and-communications,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,7.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://jeffreycarr.substack.com/p/rostelecoms-information-and-communications,2023-03-06,2023-04-03
2034,IT Army of Ukraine targeted Russian energy concern Gazprom in hack-and-leak operation in January 2023,"The IT Army of Ukraine targeted the Russian energy concern Gazprom in a hack-and-leak operation in January 2023, according to a Telegram statement on January 29, 2023. They allegedly gained access to more than 6.000 files of the Gazprom group of companies regarding financial and economic activities. ",2023-01-01,2023-01-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Gazprom,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,8499,2023-01-29 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Armed conflict; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://cybernews.com/news/it-army-of-ukraine-hacked-gazprom/,2023-03-06,2023-03-10
2021,Snatch group claimed to have hit the Police department of US city of Modesto with a ransomware attack in January 2023,"Snatch group claimed to have hit the Police department of US city of Modesto with a ransomware attack from 31 January to 3 February 2023. 
The department admitted on 2 March that the attack might have exposed some people to identity theft, since the attackers obtained social security and driver’s license numbers. ",2023-01-31,2023-02-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,Modesto Police Department,United States,NATO; NORTHAM,State institutions / political system,Police,Snatch Ransomware Group,Not available,Non-state-group,Criminal(s),1,10019,2023-03-28 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,Snatch Ransomware Group,Not available,Not available,Snatch Ransomware Group,Not available,Non-state-group,https://therecord.media/modesto-ransomware-attack-snatch,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/city-of-modesto-to-notify-people-whose-people-information-was-accessed-in-last-months-ransomware-attack/; https://therecord.media/hayward-california-shuts-down-municipal-sites-cyberattack; https://twitter.com/douglittlejr/status/1625298187870167041; https://research.checkpoint.com/2023/13th-february-threat-intelligence-report/; https://therecord.media/city-of-oakland-hit-with-ransomware-attack-but-says-core-functions-are-intact/; https://therecord.media/modesto-ransomware-attack-snatch; https://oag.ca.gov/system/files/Modesto_CA%20Sample.pdf; https://therecord.media/camden-county-police-ransomware-new-jersey-philadelphia; https://www.nbcnewyork.com/news/local/ransomware-attack-at-nj-county-police-department-locks-up-criminal-investigative-files/4219341/; https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit; https://therecord.media/kraft-heinz-reviewing-claims-of-cyberattack-operating-normally; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/,2023-03-06,2023-07-11
2012,Unknown actors disrupted the website of the French town of Chantilly on 28 February 2023,Unknown actors disrupted the website of the French town of Chantilly on 28 February 2023.,2023-02-28,2023-02-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Chantilly,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16082,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1631342876222189568; https://www.oisehebdo.fr/2023/03/02/chantilly-le-site-de-la-ville-victime-dune-cyberattaque/,2023-03-03,2024-01-10
2016,Anonymous-linked group NB65 targeted Russian power construction/engineering company Elektrocentromontazh with hack-and-leak operation in April 2022,"Anonymous-linked group NB65 targeted the Russian power construction/engineering company Elektrocentromontazh with hack-and-leak operation in April 2022. The group leaked the obtained company data on April 27, 2022, via Twitter (1.7 TB archive via DDoSecrets that contains 1.23 millions emails). ",2022-04-01,2022-04-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Elektrocentromontazh (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure; Critical infrastructure,Energy; Critical Manufacturing,NB65,Not available,Non-state-group,Hacktivist(s),1,8161,2022-04-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,NB65,Not available,Not available,NB65,Not available,Non-state-group,https://twitter.com/youranontv/status/1519316487965749249,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/130726/cyber-warfare-2/anonymous-hack-russian-companies.html; https://twitter.com/youranontv/status/1519316487965749249,2023-03-03,2023-03-06
2015,Anonymous-linked group NB65 targeted Russian Petersburg Social Commercial Bank with modified Conti ransomware in April 2022,"Anonymous-linked group NB65 targeted Russian Petersburg Social Commercial Bank (PSCB) with modified Conti ransomware in April 2022. After the group published data they obtained from other Russian ransomware victims on April 4, the group announced their hack of PSCB on April 18 and finally released data on April 26, 2022, via Twitter. ",2022-04-01,2022-04-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Petersburg Social Commercial Bank,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Finance,NB65,Not available,Non-state-group,Hacktivist(s),1,8164,2022-04-18 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,NB65,Not available,Not available,NB65,Not available,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,,,,none,none,0,Moderate - high political importance,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/NatSecGeek/status/1518974038160330753; https://securityaffairs.co/wordpress/130726/cyber-warfare-2/anonymous-hack-russian-companies.html,2023-03-03,2023-03-06
2014,"Sydney woman charged in March 2023 for disrupting communications of Federal Member of Parliament's office by flooding it with 32,000 emails","The Australian Federal Police have announced that a Sydney woman was arrested on 1 March and charged with sending 32,397 emails to the office of a Federal Member of Parliament over a period of 24 hours. The large number of emails disrupted the operation of the IT systems and also prevented the public from contacting the office. On 2 March, she appeared before Penrith Local Court and was charged with unauthorised impairment of electronic communication. The police allege that the sending of the emails was made possible by the use of multiple domains.",2023-02-28,2023-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Not available,Australia,OC,State institutions / political system,Legislative,Not available,Australia,Individual hacker(s),,1,16081,2023-03-02 00:00:00,Domestic legal action,Attribution by receiver government / state entity,Australian Federal Police,Not available,Australia,Not available,Australia,Individual hacker(s),https://www.afp.gov.au/news-media/media-releases/woman-charged-alleged-cyber-attack-against-federal-mp,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,1,2023-03-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Australia,Australian Federal Police,Other,,No response justified (missing state attribution & breach of international law),,https://www.bleepingcomputer.com/news/security/australian-woman-arrested-for-email-bombing-a-government-office/; https://www.afp.gov.au/news-media/media-releases/woman-charged-alleged-cyber-attack-against-federal-mp,2023-03-03,2024-01-10
2013,"Anonymous-linked group GhostSec hacked Russian metro safety systems provider Metrospetstekhnika in April, 2022","Anonymous-linked group GhostSec hacked Russian metro safety systems provider Metrospetstekhnika in April, 2022. The group stated on April 19 via Twitter that they gained access to the following parts of the target system: ""The controls to the smoke system, the AC (TEMP) in each train (labeled car in attached images), battery system, and much more. Found the full building blueprints with the temp control, we have also found the reports on every train and soon we will be publishing all the data.” No report about the announced leak of data could be found. ",2022-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Hijacking without Misuse,Metrospetstekhnika (metro safety systems provider),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Transportation,GhostSec/Ghost Security,Not available,Non-state-group,Hacktivist(s),1,8137,2020-04-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,GhostSec,Not available,Not available,GhostSec/Ghost Security,Not available,Non-state-group,https://twitter.com/YourAnonTV/status/1516549406438445057?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516549406438445057%7Ctwgr%5E19654d56bf9a8ee74909d9f6ed524d97e1652024%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thetechoutlook.com%2Fnews%2Ftechnology%2Fsecurity%2Fghostsec-gains-access-to-metrospetstekhnikas-it-system%2F,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.hstoday.us/featured/anonymous-oprussia-reports-metro-system-hack-counter-disinformation-milestone/; https://twitter.com/YourAnonTV/status/1516549406438445057?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516549406438445057%7Ctwgr%5E19654d56bf9a8ee74909d9f6ed524d97e1652024%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thetechoutlook.com%2Fnews%2Ftechnology%2Fsecurity%2Fghostsec-gains-access-to-metrospetstekhnikas-it-system%2F; https://securityaffairs.co/wordpress/130409/hacktivism/anonymous-hacked-other-russian-organizations.html; https://thehackernews.com/2023/11/us-treasury-targets-russian-money.html,2023-03-03,2023-03-10
2008,Networks of Tennessee State University were temporarily shut down by a ransomware attack at the end of February 2023,"Tennessee State University informed its students on 1 March 2023 that a ransomware attack by an unknown threat actor had been detected two days earlier, which temporarily crippled IT systems. As a result, the university shut down its internet access and campus information systems to contain the malicious activity during the investigation.",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Tennessee State University,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Not available,Not available,Not available,,1,16092,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/tennessee-state-southeastern-louisiana-universities-hit-with-cyberattacks/; https://www.newschannel5.com/news/tennessee-state-university-temporarilyshuts-down-internet-access-after-ransomware-threat; https://www.databreaches.net/tennessee-state-southeastern-louisiana-universities-hit-with-cyberattacks/; https://therecord.media/oak-ridge-tennessee-ransomware-attack; https://therecord.media/colleges-schools-facing-outages-cyberattacks,2023-03-03,2024-01-10
2011,Royal ransomware deployed against unspecified organisations and critical infrastructure targets inside and outside of the US beginning in September 2022,"Royal ransomware was deployed against unspecified organisations and critical infrastructure targets in the US and other regions during September 2022 and January 2023, according to a joint Cyber Security Advisory (CSA) by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). 
Affected organizations included targets critical infrastructure in the critical infrastructure sectors of manufacturing, communications, healthcare and public healthcare (HPH) and education. 
",2022-09-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Not available - Not available,Not available; United States, - NATO; NORTHAM,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Civil service / administration; Health; ; Telecommunications - Civil service / administration; Health; ; Telecommunications,Not available,Not available,Non-state-group,Criminal(s),1,16085; 16085,2023-03-02 00:00:00; 2023-03-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI),Not available; Not available,United States; United States,Not available; Not available,Not available; Not available,Non-state-group; Non-state-group,https://www.cisa.gov/sites/default/files/2023-03/aa23-061a-stopransomware-royal-ransomware.pdf,Unknown,Not available,,Not available,,1,2023-03-02 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application; External Remote Services; Phishing,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/RecordedFuture/status/1631358984568332307; https://www.cisa.gov/sites/default/files/2023-03/aa23-061a-stopransomware-royal-ransomware.pdf; https://www.databreaches.net/cisa-advisory-royal-ransomware/; https://twitter.com/securityaffairs/status/1631776673682141184; https://www.govinfosecurity.com/cisa-warns-that-royal-ransomware-picking-up-steam-a-21368; https://therecord.media/u-s-government-warns-of-royal-ransomware-attacks-against-critical-infrastructure/; https://thehackernews.com/2023/03/us-cybersecurity-agency-raises-alarm.html; https://twitter.com/securityaffairs/status/1631599079758221314; https://securityaffairs.com/142941/malware/cisa-fbi-royal-ransomware-alert.html; https://nakedsecurity.sophos.com/2023/03/03/feds-warn-about-right-royal-ransomware-rampage-that-runs-the-gamut-of-ttps/; https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-increasing-royal-ransomware-attack-risks/; https://twitter.com/securityaffairs/status/1631599079758221314; https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-royal; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/annual-trend-micro-email-threats-report; https://www.bleepingcomputer.com/news/security/fbi-royal-ransomware-asked-350-victims-to-pay-275-million/,2023-03-03,2024-02-28
2009,Unknown actors attacked Southeastern Louisiana University's networks in late February 2023,"On 27 February 2023, Southeastern Louisiana University announced on Twitter that it had recently been hit by a cyberattack. The university had reported network problems on Facebook two days earlier. University communications did not disclose whether the incident in question was related to ransomware. In response to the detected infiltration, the entire campus network was shut down as a precautionary measure, which also prevents the campus police from accessing emails.",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by victim,Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,,Not available,Not available,,1,16091,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-02-27 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Louisiana State Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/tennessee-state-southeastern-louisiana-universities-hit-with-cyberattacks/; https://www.facebook.com/100064643715705/posts/573909751440477/?flite=scwspnss; https://twitter.com/oursoutheastern/status/1630328140022071297; https://twitter.com/oursoutheastern/status/1630328388417122311; https://twitter.com/oursoutheastern/status/1630328702776098816; https://www.facebook.com/100048386175210/posts/744168777205988/?flite=scwspnss; https://www.databreaches.net/southeastern-university-silent-amid-claims-of-data-leak-linked-to-network-breach/; https://therecord.media/colleges-schools-facing-outages-cyberattacks,2023-03-03,2024-01-10
2007,"Clop ransomware group exploited a zero-day vulnerability on Fortra's GoAnywhere MFT Secure File Transfer platform to gain access and, in some cases, steal data from various organisations in early 2023","The Clop ransomware group took advantage of a zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer platform, targeting multiple organisations in early 2023. On April 17, 2023, Fortra published a report on the exploitation of the zero-day remote code execution vulnerability (CVE-2023-0669). Fortra announced that the hackers used the vulnerability to gain access to the user accounts of some GoAnywhere MFTs customer environments from 28 to 30 January 2023 and then, in even fewer cases, to download documents. 

Clop ransomware group claims to have impacted 130 organisations by exploiting this vulnerability, the majority of which have not been publicly named. Community Health Systems (CHS), one of the largest healthcare providers in the United States, was the first victim to publicly disclose it had fallen victim to this type of attack. The healthcare company notified the US Securities and Exchange Commission on 13 February 2023 that its networks had been breached and personal and health information of up to 1 million patients had been compromised. US-based Hatch Bank became the second known victim. According to a data breach notification of the bank, nearly 140,000 social security numbers were stolen by the group on 29 January. Clop ransomware group is also suspected to have compromised Japanese Hitachi Energy using the same vulnerability, gaining access to certain employee data which was confirmed by the company on 17 March. Access to and data theft also occurred in the networks of the City of Toronto as claimed by the ransomware group on its leak site on 23 March 2023. As part of the same notice the group names the UK Pension Fund (PPF) as a victim. Also, as reported by TechCrunch the personal data of employees at the Canadian state-owned investment company Investissement Québec has been stolen by the Clop ransomware gang. Using the same exploit, healthcare provider US Wellness was a victim of a ransomware attack by Clop, as reported in a notification letter to the California Attorney General on 22 March 2023. In this notification letter, US Wellness stated that personal information of its customers, such as names, addresses, dates of birth, member ID numbers, where the service originated, and addresses of the service location, may have been affected. The Clop ransomware group gained access to a limited amount of protected health information of As disclosed in a notification on its website on 7 April 2023, mental and behavioral health provider Brightline was also targeted. The breach, which affected data stored in Brightline's Fortra account and based on initial investigations did not affect Brightline's own network, impacted 783,606 people and included information such as names, addresses, dates of birth, member identification numbers, date of health plan coverage, and/or employer names. Brightline may have been one of the first targets considering that Clop listed it early as one of its victim on its leak site on 16 March 2023. In an unusual turn of events, the Clop ransomware group removed Brightline as a victim from its website, apologized for targeting a healthcare organization and claimed to have deleted all related data on 3 May. These claims cannot be independently verified. 
The Clop ransomware group also gained unauthorized access to Tasmania's Department of Education, Children, and Youth. They stole personal information of Tasmanian students and parents, including Student Assistant Scheme Approvals, from which full names, addresses, dates of birth and bank statements can be extracted. At least 16,000 documents are believed to have been stolen. The cyber incident became a political issue between the Liberal government led by Jeremy Rockliff and the opposition led by the Labour Party even before the Clop Ransomware group released the stolen information on 7 April 2023. The focus here is the verbal exchange between the Minister for Science and Technology Madeleine Ogilvie and the associated Shadow Minister Jen Butler. Even after Ogilvie first disclosed the cyber incident on 31 March 2023, shadow minister Butler criticized the little information disclosed. This went so far that Minister Ogilvie refused the opposition's briefing request and Butler called on the Prime Minister to remove her on 7 April.",2023-01-28,2023-01-30,"Attack on (inter alia) political target(s), politicized; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by media (without further information on source); Incident disclosed by victim; Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption; Hijacking without Misuse; Hijacking with Misuse; Ransomware,"Hatch Bank - Department of Education, Children and Youth (Tasmania, Australia) - Fortra - Investissement Québec - US Wellness - Hitachi Energy - Brightline - Toronto - Community Health Systems (CHS) - Pension Protection Fund (PPF)",United States; Australia; United States; Canada; United States; Japan; United States; Canada; United States; United Kingdom,NATO; NORTHAM - OC - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - ASIA; SCS; NEA - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; NORTHEU,Critical infrastructure - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - State institutions / political system - Critical infrastructure - State institutions / political system,Finance - Government / ministries -  - Finance - Health - Energy - Health - Civil service / administration - Health - Civil service / administration,Clop Ransomware Group,Not available,Non-state-group,Criminal(s),6,12086; 12089; 12087; 12091; 12088; 12090,2023-02-10 00:00:00; 2023-03-02 00:00:00; 2023-03-24 00:00:00; 2023-03-16 00:00:00; 2023-03-23 00:00:00; 2023-02-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Media report (e.g., Reuters makes an attribution statement, without naming further sources); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Media-based attribution; Media-based attribution; Attacker confirms; Attacker confirms; Attacker confirms,Clop; TechCrunch; TechCrunch; Clop; Clop; Clop,Not available; Not available; Not available; Not available; Not available; Not available,Not available; United States; United States; Not available; Not available; Not available,Clop Ransomware Group; Clop Ransomware Group; Clop Ransomware Group; Clop Ransomware Group; Clop Ransomware Group; Clop Ransomware Group,Not available; Not available; Not available; Not available; Not available; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/; https://techcrunch.com/2023/03/02/hatch-bank-breach-fortra-goanywhere-exploit/; https://techcrunch.com/2023/02/15/clop-ransomware-community-health-systems/; https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/; https://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/; https://www.lapresse.ca/affaires/2023-03-16/investissement-quebec-et-rio-tinto/des-pirates-revendiquent-des-attaques.php; https://www.databreaches.net/fortra-told-breached-companies-their-data-was-safe/; https://twitter.com/BrettCallow/status/1644342613326331906; https://www.bleepingcomputer.com/news/security/brightline-data-breach-impacts-783k-pediatric-mental-health-patients/,Unknown,Not available,,Not available,,4,2023-03-11 00:00:00; 2023-03-31 00:00:00; 2023-04-07 00:00:00; 2023-04-06 00:00:00,State Actors: Stabilizing measures; State Actors: Executive reactions; State Actors: Legislative reactions; State Actors: Stabilizing measures,Subnational executive official; Dissenting statement by sub-national executive official; Dissenting statement by sub-national member of parliament; Subnational executive official,Australia; Australia; Australia; Australia,"Madeleine Ogilvie (Minister for Science and Technology; Tasmania); Jen Butler (Shadow Minister for ICT, Science & Technology; Tasmania); Rebecca White (Labor Leader; Tasmania); Madeleine Ogilvie (Minister for Science and Technology; Tasmania)",Yes,One,Exploit Public-Facing Application,Data Exfiltration,,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/zackwhittaker/status/1631346424993521664; https://twitter.com/thegrugq/status/1639245149288136705; https://apps.web.maine.gov/online/aeviewer/ME/40/4cfbf86f-8d04-4296-9195-81b874ba939a.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/4cfbf86f-8d04-4296-9195-81b874ba939a/b9956f3a-4e3c-4917-9feb-440cec96f8e4/document.html; https://www.bleepingcomputer.com/news/security/hatch-bank-discloses-data-breach-after-goanywhere-mft-hack/; https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/; https://techcrunch.com/2023/03/02/hatch-bank-breach-fortra-goanywhere-exploit/; https://twitter.com/securityaffairs/status/1632690443518394368; https://securityaffairs.com/143085/data-breach/hatch-bank-goanywhere-mft-bug.html; https://twitter.com/securityaffairs/status/1633030874852651008; https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-begins-extorting-goanywhere-zero-day-victims/; https://twitter.com/Dinosn/status/1634663713176186880; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html; https://www.malwarebytes.com/blog/news/2023/03/clop-ransomware-is-victimizing-goanywhere-mft-customers; https://www.bleepingcomputer.com/news/security/rubrik-confirms-data-theft-in-goanywhere-zero-day-attack/; https://securityaffairs.com/143512/cyber-crime/rubrik-breached-goanywhere-zero-day-exploitation.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2023-shifting-to-data-extortion/; https://www.schneier.com/blog/archives/2023/03/mass-ransomware-attack.html; https://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra; https://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/; https://www.darkreading.com/attacks-breaches/clop-keeps-racking-up-ransomware-victims-with-goanywhere-flaw-; https://twitter.com/cahlberg/status/1639207960693051392; https://twitter.com/InfoSecSherpa/status/1639058268252422144; https://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/; https://securityaffairs.com/144193/data-breach/crown-resorts-clop-ransomware.html; https://socradar.io/rise-of-malicious-packages-in-devops/; https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/; https://www.fortra.com/blog/summary-investigation-related-cve-2023-0669; https://www.bleepingcomputer.com/news/security/fortra-shares-findings-on-goanywhere-mft-zero-day-attacks/; https://therecord.media/clop-behind-moveit-attacks-microsoft; https://www.techradar.com/news/boots-ba-and-bbc-have-data-stolen-in-cyber-attack; https://www.ppf.co.uk/statement-go-anywhere-cyber-attack; https://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/; https://riskybiznews.substack.com/p/risky-biz-news-romania-to-hack-back?utm_source=substack&utm_medium=email; https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html; https://therecord.media/several-us-federal-agencies-affected-by-moveit-breach; https://www.bleepingcomputer.com/news/security/moveit-transfer-customers-warned-of-new-flaw-as-poc-info-surfaces/; https://krebsonsecurity.com/2023/06/cisa-order-highlights-persistent-risk-at-network-edge/; https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-starts-extorting-moveit-data-theft-victims/; https://www.databreaches.net/commonwealth-health-physician-network-cardiology-notified-181764-patients-of-network-breach/; https://securityaffairs.com/147380/data-breach/intellihartx-data-breach.html; https://www.govinfosecurity.com/another-healthcare-vendor-reports-big-forta-goanywhere-hack-a-22280; https://www.bleepingcomputer.com/news/security/new-moveit-transfer-critical-flaws-found-after-security-audit-patch-now/; https://therecord.media/moveit-announces-new-vulnerability-minnesota-breached; https://www.darkreading.com/attacks-breaches/cl0p-gang-exploit-moveit-flaw-2-years; https://securityaffairs.com/147264/cyber-crime/clop-testing-moveit-transfer-bug-2021.html; https://www.govinfosecurity.com/moveit-discloses-more-vulnerabilities-issues-patch-a-22274; https://www.bleepingcomputer.com/news/security/clop-ransomware-likely-testing-moveit-zero-day-since-2021/; https://cyberscoop.com/cisa-cl0p-ransomwarae-moveit-transfer-attack/; https://securityaffairs.com/147195/cyber-crime/clop-ransomware-moveit-transfer-attacks.html; https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a; https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-moveit-extortion-attacks/; https://www.darkreading.com/application-security/microsoft-links-moveit-attack-cl0p-british-airways-fall; https://www.darkreading.com/application-security/mass-exploitation-0-day-bug-imoveit-file-transfer-underway; https://www.bleepingcomputer.com/news/security/microsoft-links-clop-ransomware-gang-to-moveit-data-theft-attacks/; https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-moveit-bug-used-for-data-theft/; https://www.databreaches.net/hackers-using-moveit-flaw-to-deploy-web-shells-steal-data/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-2nd-2023-whodunit/; https://thehackernews.com/2023/06/moveit-transfer-under-attack-zero-day.html; https://therecord.media/moveit-transfer-tool-zero-day-exploited; https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/; https://securityaffairs.com/146717/hacking/city-of-augusta-cyberattack.html; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-10-supply-chain-attacks/; https://www.databreaches.net/ransomware-attack-on-pharmerica-affected-5-8-million-patients/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-5th-2023-targeting-the-public-sector/; https://www.bleepingcomputer.com/news/security/brightline-data-breach-impacts-783k-pediatric-mental-health-patients/; https://therecord.media/hackers-use-papercut-vulnerabilities-to-deploy-clop-ransomware; https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html; https://www.databreaches.net/the-fortra-goanywhere-breach-also-affected-healthcare-entities-heres-what-we-know-so-far-part-2/; https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html; https://therecord.media/tasmania-data-breach-clop-150000-affected; https://www.malwarebytes.com/blog/threat-intelligence/2023/04/ransomware-review-april-2023; https://www.hellobrightline.com/fortra-data-notice; https://research.checkpoint.com/2023/3rd-april-threat-intelligence-report/; https://research.checkpoint.com/2023/27th-march-threat-intelligence-report/; https://www.channelnewsasia.com/business/crown-resorts-says-ransomware-group-claims-accessing-some-its-files-3376876; https://www.wired.com/story/india-activist-manhunt-sikh-activist/; https://www.databreaches.net/fortra-told-breached-companies-their-data-was-safe/; https://twitter.com/lorenzofb/status/1639372433516900353; https://twitter.com/zackwhittaker/status/1639372041848512515; https://techcrunch.com/2023/03/24/fortra-goanywhere-clop-ransomware/; https://securityaffairs.com/143938/breaking-news/city-of-toronto-clop-ransomware.html; https://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/; https://www.databreaches.net/more-victims-possibly-identify-in-goanywhere-vulnerability-incident/; https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/; https://www.malwarebytes.com/blog/news/2023/03/rubrik-is-latest-clop-ransomware-victim-to-come-forward; https://securityaffairs.com/143640/data-breach/hitachi-energy-data-breach.html; https://www.databreaches.net/hitachi-energy-latest-victim-of-clop-goanywhere-attacks/; https://research.checkpoint.com/2023/20th-march-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-saks-fifth-avenue-retailer-says-mock-data-stolen/; https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/; https://www.cpomagazine.com/cyber-security/massive-data-breach-at-healthcare-provider-ils-compromises-millions-of-patients/; https://www.hitachienergy.com/news/features/2023/03/third-party-cybersecurity-incident; https://www.lapresse.ca/affaires/2023-03-16/investissement-quebec-et-rio-tinto/des-pirates-revendiquent-des-attaques.php; https://www.bleepingcomputer.com/news/security/healthcare-provider-ils-warns-42-million-people-of-data-breach/; https://therecord.media/rubrik-hackers-zero-day-fortra; https://research.checkpoint.com/2023/6th-march-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-3rd-2023-wide-impact-attacks/; https://therecord.media/ibm-aspera-faspex-bug-cisa-known-vulnerability-list/; https://research.checkpoint.com/2023/20th-february-threat-intelligence-report/; https://www.malwarebytes.com/blog/news/2023/02/goanywhere-zero-day-opened-door-to-clop-ransomware; https://techcrunch.com/2023/02/15/clop-ransomware-community-health-systems/; https://www.databreaches.net/healthcare-giant-chs-reports-first-data-breach-in-goanywhere-hacks/; https://securityaffairs.com/142242/data-breach/community-health-systems-data-breach.html; https://www.bleepingcomputer.com/news/security/healthcare-giant-chs-reports-first-data-breach-in-goanywhere-hacks/; https://www.sec.gov/Archives/edgar/data/1108109/000119312523035789/d422693d8k.htm; https://securityaffairs.com/142136/breaking-news/security-affairs-newsletter-round-406-by-pierluigi-paganini.html; https://securityaffairs.com/142130/cyber-crime/clop-ransomware-goanywhere-mft.html; https://securityaffairs.com/142115/hacking/mft-terramaster-intel-driver-flaws-to-its-known-exploited-vulnerabilities-catalog.html; https://twitter.com/BrettCallow/status/1644342613326331906; https://tasmaniantimes.com/2023/04/further-statements-on-data-breach/; https://tasmaniantimes.com/2023/04/further-statements-on-data-breach/; https://tasmaniantimes.com/2023/04/further-statements-on-data-breach/; https://www.abc.net.au/news/2023-03-31/data-breach-third-party-file-transfer-service-tasmania/102173432; https://www.abc.net.au/news/2023-04-07/tasmania-goanywheremft-file-share-data-breach-16k-documents-out/102197658; https://www.malwarebytes.com/blog/threat-intelligence/2023/08/global-ransomware-attacks-at-an-all-time-high-shows-latest-2023-state-of-ransomware-report; https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as-threat-actors-pivot-to-zero-day-exploits; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-supply-chain-attacks/; https://socradar.io/chain-reactions-footprints-of-major-supply-chain-attacks/; https://www.darkreading.com/vulnerabilities-threats/how-to-mitigate-cybersecurity-risks-from-misguided-trust; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023; https://www.wired.com/story/moveit-breach-victims/; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/trellix-2024-threat-predictions.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://www.darkreading.com/risk/meet-your-new-cybersecurity-auditor-your-insurer; https://www.techrepublic.com/article/cisco-talos-year-end-report/; https://www.financialexpress.com/business/digital-transformation-india-records-15-spike-with-2138-weekly-attacks-report-3369635/; https://www.bleepingcomputer.com/news/security/fortra-warns-of-new-critical-goanywhere-mft-auth-bypass-patch-now/; https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/; https://www.malwarebytes.com/blog/cybercrime/2024/02/how-ransomware-changed-in-2023; https://therecord.media/australia-healthcare-saint-vincent-cyberattack; https://www.techrepublic.com/article/cyber-security-trends-uk/,2023-03-03,2024-03-28
2010,Unknown actors stole data from television satellite operator Dish Network on 23 February 2023,"Unknown actors stole data from television satellite operator Dish Network on 23 February 2023, according to a data breach notification issued by the company.
Dish Network said in its statement that it is investigating whether the stolen data contained personal information. 
Neil Jones, director of cybersecurity evagenlism at Egnyte, said the hackers may have had broad access. 
In May 2023 Dish confirmed that 296,851 people had data affected by the incident, and that personal data was accessed, including driver’s license numbers.",2023-02-23,2023-02-23,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,Dish Network Corporation,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,Not available,Not available,Not available,,1,16088,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; International telecommunication law; Sovereignty,Civic / political rights; ; ,Not available,1,2023-03-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,U.S. District Court of Colorado,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/DarkReading/status/1631368024824373286; https://www.sec.gov/ix?doc=/Archives/edgar/data/0001001082/000155837023002254/dish-20230223x8k.htm; https://www.dish.com/statement; https://twitter.com/Malwarebytes/status/1631307625047400450; https://twitter.com/DarkReading/status/1631068377731956740; https://twitter.com/DarkReading/status/1631068377731956740; https://twitter.com/securityaffairs/status/1631245875472224263; https://research.checkpoint.com/2023/6th-march-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-3rd-2023-wide-impact-attacks/; https://research.checkpoint.com/2023/27th-february-threat-intelligence-report/; https://www.darkreading.com/threat-intelligence/dish-blames-ransomware-attack-disruptions-internal-systems-call-center-services; https://securityaffairs.com/142858/data-breach/dish-admitted-ransomware-attack.html; https://www.bleepingcomputer.com/news/security/dish-network-confirms-ransomware-attack-behind-multi-day-outage/; https://twitter.com/vxunderground/status/1629938737214898182; https://www.bleepingcomputer.com/news/security/dish-network-goes-offline-after-likely-cyberattack-employees-cut-off/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-essendant-attack-company-says-network-outage-/; https://www.bleepingcomputer.com/news/security/dish-slapped-with-multiple-lawsuits-after-ransomware-cyber-attack/; https://twitter.com/securityaffairs/status/1660717566925348882; https://twitter.com/lorenzofb/status/1660690346462855185; https://therecord.media/people-affected-by-dish-data-breach; https://securityaffairs.com/146515/cyber-crime/dish-network-disclosed-data-breach.html; https://twitter.com/securityaffairs/status/1660635257777922051; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-19th-2023-a-shifting-landscape/; https://twitter.com/Dinosn/status/1659637336450146309; https://www.bleepingcomputer.com/news/security/dish-network-likely-paid-ransom-after-recent-ransomware-attack/; https://www.techradar.com/news/proton-users-can-now-secure-all-their-family-members-with-one-subscription; https://www.techradar.com/news/dish-ransomware-attack-stole-details-from-thousands-of-employees; https://www.heise.de/news/Hack-des-Satelliten-TV-Anbieters-Dish-betrifft-300-000-Mitarbeiter-9063559.html?wt_mc=rss.red.security.security.rdf.beitrag.beitrag; https://therecord.media/blackbasta-ransom-payments; https://securityaffairs.com/155054/cyber-crime/black-basta-ransomware-activities.html,2023-03-03,2024-01-10
1997,Unknown actors deployed multi-stage RAT Snip3 Crypter against commercial and critical infrastructure targets beginning in January 2022,"Unknown actors deployed the multi-stage remote access trojan (RAT) Snip3 Crypter against commercial and critical infrastructure targets beginning in January 2022, according to a technical report by Zscaler. 
The sectors affected are healthcare; energy, oil and gas; manufacturing; materials; retail; technology; and finance.
The malware in question is marketed under a crypter-as-a-service model, potentially giving multiple actors access to the same core set of tools. The technical report outlines multiple campaigns without further specifying the organizations targeted during individual campaigns or whether the observed activity is suspected to have been conducted by the same threat actor. ",2022-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available,Not available; Not available; Not available; Not available, -  -  - ,Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure,Health - Finance -  - Energy,Not available,Not available,Not available,,1,17922,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/likethecoins/status/1630825591376150528; https://www.zscaler.com/blogs/security-research/snip3-crypter-reveals-new-ttps-over-time,2023-03-02,2024-03-13
2001,Ransomware group Lockbit targeted Washington state's public transportation system provider Pierce Transit in mid-February 2023,"On 14 February 2023, Pierce Transit, a public transportation company servicing parts of Washington state, was the target of a ransomware attack that disrupted some of its systems, as confirmed by a company spokesperson. Transit operations were not affected by the incident. The ransomware group Lockbit claimed responsibility for the attack and said it had stolen a large amount of sensitive data, such as personal customer information and contracts. Pierce Transit stated investigations into which sensitive records had been accessed were still ongoing.",2023-02-14,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,Pierce Transit,United States,NATO; NORTHAM,Critical infrastructure,Transportation,LockBit,Not available,Non-state-group,Criminal(s),1,10018,2023-02-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Non-state-group,https://therecord.media/pierce-transit-washington-ransomware-attack-lockbit/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/pierce-transit-washington-ransomware-attack-lockbit/; https://twitter.com/cahlberg/status/1631018086336692224; https://www.facebook.com/PierceTransit/posts/764533489009723; https://twitter.com/Dinosn/status/1631875832204386306; https://twitter.com/Dinosn/status/1631875832204386306; https://www.malwarebytes.com/blog/news/2023/03/public-transportation-service-pierce-transit-struck-by-lockbit-ransomware; https://research.checkpoint.com/2023/6th-march-threat-intelligence-report/; https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023; https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/,2023-03-02,2023-06-16
1993,Icelandic websites have been targeted in politically motivated DDoS attack in April 2022,"Icelandic websites have been targeted in an apparently politically motivated DDoS attack in April 2022. According to the network administrator of Netheimur, the IT company that hosts the websites of many Icelandic companies, the attacks lasted several days, which is rather unusual. The attack happened against the backdrop of Iceland`s announcement from March to increase its defense budget, with special significant on cyber security. ",2022-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption,Not available,Iceland,EUROPE; NATO; NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,,Not available,Not available,Not available,,1,8026,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),,,,2,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.icelandreview.com/sci-tech/icelandic-websites-under-cyber-attack/; https://www.ruv.is/frettir/innlent/2022-04-14-fjoldi-netarasa-truflar-islenskar-vefsidur,2023-03-02,2023-03-05
1994,"Ukraine`s national postal service was targeted with DDoS attack on April 22, 2022","Ukraine's national postal service was targeted with DDoS attack on April 22, 2022. This happened after the service offered postage stamp showing a Ukrainian soldier that makes a crude gesture to the Russian warship Moskva online for sale. On April 14, Ukraine had sank the ship in the Black Sea. ",2022-04-22,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,National Postal Service of Ukraine,Ukraine,EUROPE; EASTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16520,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.euronews.com/next/2022/04/22/ukraine-s-postal-service-hit-by-cyberattack-after-moskva-warship-stamp-goes-on-sale-online; https://www.swissinfo.ch/eng/reuters/ukraine-s-postal-service-hit-by-cyberattack-after-sales-of-warship-stamp-go-online/47536936,2023-03-02,2024-01-26
1995,"Estonian state websites have been hit by DDoS attacks from April 18. - 21, 2022","Estonian state websites have been hit by DDoS attacks from April 18.-21, 2022, according to RIA Cyber ​​Incident Handling Department (CERT-EE) director Tõnu Tammer, whose agency has also been targeted. Even if no attribution statement has been issued, the attack is probably connected to the war in Ukraine, since Estonia is a strong supporter of the attacked country. ",2022-04-18,2022-04-21,"Attack on (inter alia) political target(s), not politicized",,,Disruption,Not available,Estonia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,,Not available,Not available,Not available,,1,8024,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),,,,2,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://blog.mazebolt.com/list-of-ddos-attacks-april-2022; https://news.err.ee/1608575371/ddos-attacks-on-estonian-state-sites-continued-over-weekend,2023-03-02,2023-03-02
1996,"Estonian Ministry of Foreign Affairs was hit by DDoS attack on May 9, 2022","Estonian Ministry of Foreign Affairs was hit by DDoS attack on May 9, 2022, according to a spokesperson from the ministry. Even if no attribution statement has been issued, the attack is probably connected to the war in Ukraine, since Estonia is a strong supporter of the attacked country. ",2022-05-09,2022-05-09,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,Ministry of Foreign Affairs (Estonia),Estonia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,12092,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-05-09 00:00:00,State Actors: Stabilizing measures,Statement by minister of foreign affairs (or spokesperson),Estonia,Minstry of Foreign Affairs (Estonia),,,,,,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://news.err.ee/1608591475/ddos-cyberattacks-temporarily-disrupt-estonian-foreign-ministry-website; https://www.eesti.ca/no-major-issues-in-estonia-reported-on-may-9th-ddos-cyberattacks-temporarily-disrupt-estonian-foreign-ministry-website/print59237,2023-03-02,2023-08-03
2005,IT Army of Ukraine disrupted the services of the Russian Customs Service for several hours with DDoS attacks on 28 February 2023,"On the morning of 28 February 2023, Alta-Soft - the system used by Russia's Federal Customs Service (FCS) for the electronic declaration of goods - succumbed to DDoS attacks, FCS announced on Telegram. The interference temporarily disrupted the information exchange with customs authorities and the customs clearance of goods. The attack lasted several hours and was gradually remediated by midday. The IT Army of Ukraine claimed responsibility for the attack on Twitter.",2023-02-28,2023-02-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Federal Customs Service,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Police,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,16094,2023-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://twitter.com/ITArmyUKR/status/1630996840316379136?cxt=HHwWgIC9jYS_u6ItAAAA,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Armed conflict; Due diligence; Sovereignty,Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/AnonOpsSE/status/1631014897306816531; https://twitter.com/ITArmyUKR/status/1630996840316379136?cxt=HHwWgIC9jYS_u6ItAAAA; https://t.me/customs_rf/1844; https://www.moscowtimes.ru/2023/02/28/odna-iz-samih-vostrebovannih-sistem-tamozhennogo-oformleniya-gruzov-podverglas-bespretsedentnoi-kiberatake-a35329; https://elpais.com/internacional/2024-02-12/ucrania-asegura-que-rusia-utiliza-la-colaboracion-china-en-sus-ciberataques.html; https://elpais.com/https:/elpais.com/internacional/2024-02-12/ucrania-asegura-que-rusia-utiliza-la-colaboracion-china-en-sus-ciberataques.html,2023-03-02,2024-01-25
2000,Suspected Russian hackers conducted DDoS attack against Polish tax portal in February 2023,"Russian hackers are responsible for a DDoS attack against the Polish government's website used to file taxes online, according to Janusz Cieszyński, Secretary of State for Digitization in the Chancellery of the Prime Minister. On Tuesday 28 February 2023, access for users of this system was temporarily blocked. 
Russia denied any role in the attack, but Cieszynski noted that the Polish government held information that makes Russian involvement very likely. While access was temporarily disrupted, no unauthorized access to taxpayer data has been reported.
",2023-02-28,2023-02-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Official Tax Portal (Poland) ,Poland,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Civil service / administration,Not available,Russia,Not available,,1,15600,2023-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"Janusz Cieszyński (Secretary of State, Government Plenipotentiary for Cyber Security)",Not available,Poland,Not available,Russia,Not available,https://www.polsatnews.pl/wiadomosc/2023-03-01/janusz-cieszynski-w-graffiti/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-03-01 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Poland,"Janusz Cieszynski (Secretary of State, Government Plenipotentiary for Cyber Security, Poland)",No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/DigitalPeaceNow/status/1630952129891368962; https://www.bloomberg.com/news/articles/2023-03-01/poland-points-finger-at-russia-over-ddos-attack-on-nation-s-key-tax-portal?utm_source=google&utm_medium=bd&cmpId=google&leadSource=uverify%20wall; https://www.polsatnews.pl/wiadomosc/2023-03-01/janusz-cieszynski-w-graffiti/; https://therecord.media/poland-blames-russian-hackers-for-cyberattack-on-tax-service-website/; https://twitter.com/lukOlejnik/status/1631190429637963778; https://www.politico.eu/article/french-national-assembly-website-russian-cyberattack-hack-kremlin-emmanuel-macron/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication; https://therecord.media/ddosia-pro-russian-hackers-upgrades; https://www.justsecurity.org/87248/in-the-contest-between-democracy-and-autocracy-the-us-must-step-up-assistance-on-cybersecurity/; https://therecord.media/cyberattacks-on-governments-way-up; https://therecord.media/prorussian-hackers-claim-attacks,2023-03-02,2023-12-29
2004,Ransomware group Lockbit gained access to the network of Indian Infrastructure Leasing & Financial Services (IL&FS) and stole data on 28 February 2023,"The ransomware group Lockbit gained access to the network of the Indian investment firm Infrastructure Leasing & Financial Services (IL&FS) and stole various data on 28 February 2023, according to statements by the hacker group and the threat intelligence company Cyble Research & Intelligence Labs.
The hacker group threatened to release all the stolen information if the ransom was not paid by 10 March. To back this up, the hacker group released 12 data samples. 
In its review of the samples, Cyble identified a confidential memorandum of understanding (MoU) of a foreign bank dated May 2021; passport images of three foreign nationals; a tripartite agreement submitted by IL&FS to an Indian regulatory body in 2010; income tax returns and an excerpt of an audit report from 2021 of an erstwhile IL&FS subsidiary in IT and ITES business; a hypothecation deed for receivables signed by IL&FS with another Indian entity in 2017; an investment termination agreement of a few foreign entities from May 2022; another confidential MoU executed to renew services regarding a foreign government project; a confidential operations and management services agreement involving a foreign company and its Indian subsidiary as a service provider and a foreign investment firm as their customer. 
",2023-02-28,2023-02-28,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Infrastructure Leasing & Financial Services (IL&FS),India,ASIA; SASIA; SCO,Critical infrastructure; Critical infrastructure,Transportation; Finance,LockBit,Not available,Non-state-group,Criminal(s),1,16096,2023-02-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Non-state-group,https://blog.cyble.com/2023/03/01/ransomware-attack-on-ilfs/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyber_O51NT/status/1630826699461107713; https://blog.cyble.com/2023/03/01/ransomware-attack-on-ilfs/; https://twitter.com/ransomwaremap/status/1631156482942156800; https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/,2023-03-02,2024-01-10
2006,Anonymous-linked group NB65 targeted various Russian entities with modified Conti Ransomware in order to hack-and-leak their data in March 2022,"Anonymous-linked group NB65 targeted various Russian entities with modified Conti Ransomware in order to hack-and-leak their data in March 2022. The Data was  (786.2 GB) released on DDoSecrets on April 4, 2022. NB65 allegedly deployed versions of Conti's leaked ransomware in its attacks, according to an NB65 hacker they base their encryptor on a modified version of the first Conti source code. The attacks were attributed to Anonymous and NB65 by Anonymous Twitter, NB65 Twitter, Tom Malka, BleepingComputer, Intezer Analyze, and even Russia Today. NB65 has clearly stated that they intend to hack no other targets except for Russian entities. NB65 declared that any ransom payments would be donated to Ukraine. Affected targets have been the Russian document management operator Tensor, Russian space agency Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster.",2022-03-01,2022-04-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Space agency Roscosmos of Russia - VGTRK - Tensor (Russia),Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - Media - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),"Other (e.g., embassies) -  - ",NB65,Not available,Non-state-group,Hacktivist(s),1,8167,2022-04-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,NB65,Not available,Not available,NB65,Not available,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,True,,,,,,0,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/twitter/status/1512918186462691328; https://ddosecrets.substack.com/p/release-vgtrk-7862-gb?s=r; https://twitter.com/anonymous_link/status/1508382464711925766?s=21&t=Br_0w_853t7JrxNPEuupNw; https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/; https://www.golem.de/news/malware-hackergruppe-greift-russland-mit-conti-ransomware-an-2204-164542.html; https://securityaffairs.co/wordpress/130726/cyber-warfare-2/anonymous-hack-russian-companies.html,2023-03-02,2023-03-05
2002,Unknown actors gained access to the network of the city of Lille in France in February 2023,"Unknown actors gained access to the network of the city of Lille in France in February 2023, the city disclosed during a press conference on 1 March 2023.
The city discovered the unauthorised access during the night of 28 February 2023 and immediately shut down the affected network as a precaution. ",,2023-02-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking without Misuse,Lille,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16099,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-03-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Police nationale,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1630840895019917317; https://www.lavoixdunord.fr/1297134/article/2023-03-01/la-mairie-de-lille-victime-d-une-cyberattaque-des-services-perturbes?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://www.lille.fr/Actualites/Intrusion-dans-les-systemes-d-information-de-la-Ville-de-Lille-le-point-sur-la-situation,2023-03-02,2024-01-10
2003,APT Iron Tiger compromised a gambling company in the Philippines with updated malware in 2022,"Trend Micro reported in March 2023 that the APT Iron Tiger, which is generally identified as a Chinese state-affiliated group, attacked Linux-based systems in a 2022 campaign with an updated version of the SysUpdate malware. One successful attack as part of this campaign targeted a gambling company in the Philippines. A domain name similar to that of the company was registered and used as command and control infrastructure. Trend Micro researchers suspect that the infection vector was a malicious executable styled as an installer for the chat application Youdu and signed with a stolen certificate.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Philippines,ASIA; SCS; SEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16097,2023-03-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,Japan,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/threat-intelligence/linux-support-expands-cyber-spy-groups-arsenal; https://www.bleepingcomputer.com/news/security/iron-tiger-hackers-create-linux-version-of-their-custom-malware/; https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html; https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html; https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/,2023-03-02,2024-01-10
1988,Several Russian Airlines have been targeted with DDoS attacks in May 2022,"Several Russian Airlines say that they have been targeted with DDoS attacks in May 2022. Among the targeted airlines have been Rossiya, Aurora, ALROSA, and others. ",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,Aurora Airline - Rossiya Airline - ALROSA Airline,Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation,Not available,Not available,Not available,,1,8028,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,https://www.rbc.ru/politics/13/05/2022/627e1fbd9a794775c361aad0?from=newsfeed,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securelist.com/ddos-attacks-in-q2-2022/107025/; https://www.rbc.ru/politics/13/05/2022/627e1fbd9a794775c361aad0?from=newsfeed,2023-03-01,2023-05-15
1979,The IT Army of Ukraine targeted the Russian software company 1C in DDoS attack in April 2022,"The IT Army of Ukraine targeted the Russian software company 1C with DDoS attacks in April 2022. According to Russian media articles, the company confirmed that some of its services have not been available from April 21 until at least April 22, 2022. ",2022-04-21,2022-04-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,1C (Russian software company),Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,8080,2022-04-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://twitter.com/cyber_etc/status/1517867670212915200,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),,,,2,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/cyber_etc/status/1517867670212915200; https://www.cnews.ru/news/top/2022-04-22_1s_podverglas_kolossalnoj,2023-03-01,2023-03-05
1975,Unknown actors exfiltrated data and deployed ransomware against US Marshals Service (USMS) computer systems on 17 February 2023,"Unknown actors exfiltrated data and deployed ransomware against US Marshals Service (USMS) computer systems on 17 February 2023. 
USMS spokesperson Drew Wade announced that the affected system contained sensitive law enforcement information, such as returns from legal process, administrative information, and personally identifiable information (PII) pertaining to subjects of USMS investigations, third parties and certain USMS employees. 
A senior law enforcement official confirmed to NBC News, which first reported the incident, that the Witness Security Programme database was not affected. ",2023-02-17,2023-02-17,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,U.S. Marshals Service (USMS),United States,NATO; NORTHAM,State institutions / political system,Police,Not available,Not available,Not available,,1,9406,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,9.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-02-17 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,US Justice Department,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/threat-intelligence/us-marshals-ransomware-hit-major-incident; https://www.nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581; https://twitter.com/CyberScoopNews/status/1630610533715001364; https://twitter.com/securityaffairs/status/1630591974490210304; https://securityaffairs.com/142823/cyber-crime/u-s-marshals-service-suffers-a-ransomware-attack.html; https://twitter.com/lorenzofb/status/1630585945476018178; https://twitter.com/Dinosn/status/1630470251400818688; https://twitter.com/securityaffairs/status/1630701555967045640; https://twitter.com/RecordedFuture/status/1630681565247176708; https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/; https://twitter.com/ImposeCost/status/1630397385456197634; https://twitter.com/snlyngaas/status/1630395432143581185; https://twitter.com/aselawaid/status/1630369754262192130; https://www.bleepingcomputer.com/news/security/us-marshals-service-investigating-ransomware-attack-data-theft/; https://twitter.com/ericgeller/status/1630363090201059329; https://www.hackread.com/us-marshals-service-ransomware-attack/; https://twitter.com/DigitalPeaceNow/status/1630705797964390401; https://twitter.com/DigitalPeaceNow/status/1630705797964390401; https://twitter.com/Malwarebytes/status/1630740638391050240; https://twitter.com/DarkReading/status/1630948918799265792; https://twitter.com/campuscodi/status/1630848522584047617; https://twitter.com/securityaffairs/status/1631246209611358211; https://twitter.com/SentinelOne/status/1631263226913603584; https://www.wired.com/story/lastpass-engineer-breach-security-roundup/; https://www.cybereason.com/blog/variant-payload-prevention-fuzzy-similarity; https://www.malwarebytes.com/blog/news/2023/03/a-week-in-security-feb-27-mar-5; https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023; https://www.bleepingcomputer.com/news/security/hacker-selling-data-allegedly-stolen-in-us-marshals-service-hack/; https://research.checkpoint.com/2023/20th-march-threat-intelligence-report/; https://therecord.media/camden-county-police-ransomware-new-jersey-philadelphia; https://www.nbcnewyork.com/news/local/ransomware-attack-at-nj-county-police-department-locks-up-criminal-investigative-files/4219341/; https://www.databreaches.net/key-u-s-marshals-computers-still-down-10-weeks-after-breach/; https://twitter.com/snlyngaas/status/1653356523777667072; https://twitter.com/Dennis_Kipker/status/1654084481232273409; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/,2023-03-01,2023-05-03
1987,The IT Army of Ukraine hacked Russian Rossgram with fake app and leaked data of users in April 2022,"The IT Army of Ukraine hacked Russian Rossgram (""Russian Instagram"") by faking the app and subsequently leaking user data in April 2022. Rossgram was launched in March 2022. ",2022-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Rossgram,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,8044,2022-04-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://twitter.com/iiyonite/status/1512001395255357443?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1512001395255357443%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129991%2Fhacktivism%2Fanonymous-it-army-of-ukraine-vs-russia.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,,,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/iiyonite/status/1512001395255357443?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1512001395255357443%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129991%2Fhacktivism%2Fanonymous-it-army-of-ukraine-vs-russia.html; https://securityaffairs.co/wordpress/129991/hacktivism/anonymous-it-army-of-ukraine-vs-russia.html,2023-03-01,2023-03-02
1974,China-backed hackers stole more than 30GB of emails and data from ASEAN in February 2022,"According to a cybersecurity alert seen by WIRED, Chinese-linked hackers were able to break into email servers operated by the Association of Southeast Asian Nations (ASEAN) in a cyberespionage campaign in February 2022 and stole more than 10,000 messages making up more than 30GB of data. The alert was reportedly sent to cybersecurity agencies, foreign affairs ministries, and other governmental organizations in all 10 ASEAN member countries and states that the Chinese threat actors used “valid credentials” to compromise email servers linked to ASEAN. ",2022-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,ASEAN,Southeast Asia (region),,International / supranational organization,,Not available,China,"Non-state actor, state-affiliation suggested",,1,16104,2023-02-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by international organization,ASEAN,Not available,Southeast Asia (region),Not available,China,"Non-state actor, state-affiliation suggested",https://www.wired.com/story/china-hack-emails-asean-southeast-asia/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty; International organizations,Non-state actors; ; ,Not available,0,,Not available,,Not available,Not available,Cyber espionage,Non-state actors,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/780thC/status/1630561352640086017; https://www.wired.com/story/china-hack-emails-asean-southeast-asia/; https://twitter.com/adschina/status/1630946926257381376; https://twitter.com/elinanoor/status/1630983849227190296; https://twitter.com/campuscodi/status/1630848522584047617; https://twitter.com/Cyber_O51NT/status/1632646502140219392,2023-03-01,2024-01-10
1977,North Korean state-sponsored hacking group Lazarus gained access to the network of a financial organisation in May 2022,"The North Korean state-sponsored hacking group Lazarus gained access to the network of a financial organisation in May 2022, according to a technical report by South Korean IT company AhnLab. 
The hackers exploited an unpatched vulnerability in a certificate software widely used by public institutions and universities.",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16102,2023-02-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,"Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/ko/48416/?utm_source=substack&utm_medium=email,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://asec.ahnlab.com/ko/48416/?utm_source=substack&utm_medium=email; https://twitter.com/blackorbird/status/1630775508542820352; https://twitter.com/Cyber_O51NT/status/1633126665747582976; https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html; https://securityaffairs.com/143210/hacking/lazarus-apt-0-day.html; https://twitter.com/securityaffairs/status/1634299082796662784; https://twitter.com/securityaffairs/status/1633970783868407808; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html,2023-03-01,2024-01-10
1978,North Korean state-sponsored hacking group Lazarus gained access to two computers at a financial organisation beginning on 21 October 2022,"The North Korean state-sponsored hacking group Lazarus gained access to the network of a financial organisation during 21 October and 18 November 2022, according to a technical report by South Korean IT company AhnLab. The attackers infiltrated at least two machines.
The hacking group exploited a 0-day vulnerability in the certificate software they had used to compromise the same financial organisation earlier in May 2022. ",2022-10-21,2022-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16101,2023-02-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,"Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/ko/48416/?utm_source=substack&utm_medium=email,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Yes,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://asec.ahnlab.com/ko/48416/?utm_source=substack&utm_medium=email; https://twitter.com/Cyber_O51NT/status/1633126665747582976; https://twitter.com/blackorbird/status/1630775508542820352; https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html; https://securityaffairs.com/143210/hacking/lazarus-apt-0-day.html; https://twitter.com/securityaffairs/status/1634299082796662784; https://twitter.com/securityaffairs/status/1633970783868407808; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html; https://thehackernews.com/2023/03/authorities-shut-down-chipmixer.html,2023-03-01,2024-01-10
1973,Pro-Russian hackers hijacked the Twitter account of the US Consulate in Milan in late February 2023,"Pro-Russian hackers hijacked the Twitter account of the US Consulate in Milan on 27 Ferbruary 2023 and posted a string of anti-Ukranian tweets including one where an image of the Ukrainian flag was folded to reveal the banner of Nazi Germany behind it, captioned: ""We all know the truth."" A State Department spokesperson told the Newspaper Newsweek that ""the unauthorized access reflects another attempt by Putin's supporters to wage a disinformation campaign about Russia's brutal war against Ukraine."" ",2023-02-27,2023-02-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking with Misuse,US Consulate in Milan,United States,NATO; NORTHAM,State institutions / political system,"Other (e.g., embassies)",Not available,Ukraine,Non-state-group,Hacktivist(s),2,16105; 16106,2023-02-27 00:00:00; 2023-02-28 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by receiver government / state entity,Not available; US Department of State,Not available; Not available,Ukraine; United States,Not available; Not available,Ukraine; Not available,Non-state-group; Non-state-group,https://www.newsweek.com/us-consulate-hacked-putin-supporters-1784304,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-28 00:00:00,State Actors: Stabilizing measures,Statement by minister of foreign affairs (or spokesperson),United States,US Department of State,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Diplomatic / consular law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/chuksjonia/status/1630677716683857922; https://www.newsweek.com/us-consulate-hacked-putin-supporters-1784304,2023-03-01,2024-03-19
1980,Anonymous targets Russian nuclear energy operator Rosatom and its subsidiaries in Hack-and-Leak Operation in mid-march 2022,"Hacktivist group Anonymous claimed a defacement and hack-and-leak operation against Rosatom. Russia`s nuclear energy operator and its subsidiaries, such as Rosenergoatom in Mid-March 2022. First, they defaced the Rosatom website on March 15, in response to the seizure of Ukraine’s Zaporizhia Nuclear Power Plant by Russian troops. They also obtained company data, which they released in the aftermath of the hack, e.g. internal documents from Rosenergoatom, the Russian nuclear power station operations subsidiary of Rosatom, on March 18, 2022.",2022-03-15,2022-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,Rosatom,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,Anonymous,Not available,Non-state-group,Hacktivist(s),1,8076,2022-03-18 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Anonymous,Not available,Non-state-group,https://twitter.com/_barbby/status/1504689849776828421?s=20&t=0ZpLkITQgZ8Z7RmdRpvSJw,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,,,2,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/_barbby/status/1504689849776828421?s=20&t=0ZpLkITQgZ8Z7RmdRpvSJw; https://www.ukrinform.net/rubric-ato/3431056-anonymous-hacker-group-defaces-rosatoms-website-launches-massive-leak-of-operators-data.html,2023-03-01,2023-05-16
1981,The Russian Beloyarsk Nuclear Power Plant was targeted by the Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) in 2022 with a hack-and-leak operation,"The Russian Beloyarsk Nuclear Power Plant was hacked by the Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) in 2022. Note that this incident was exclusively reported by US cyber security expert and author Jeffrey Carr via his newsletter on March 7, 2022. According to an article he wrote for O`Reilly Media on March 22, 2022, this is the first piece of a coordinated hack-and-leak campaign the GURMO initiated together with Carr. He further stated that he was “working with two offensive cyber operators from GURMO—Main Intelligence Directorate of the Ministry of Defense of Ukraine—for several months trying to help them raise funds to expand development on an OSINT (Open Source Intelligence) platform they had invented and were using to identify and track Russian terrorists in the region.” Part of the cooperation between GURMO and Carr was that he was/is allowed to publish a part of the obtained Russian data to subscribers of his newsletters, while many more documents have been reserved only for his paid subscribers. Such openly committed hack-and-leak-operations by state entities are rather rare, which mostly rely on proxies for such activities. ",2022-01-01,2022-03-07,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,Beloyarsk Nuclear Power Plant,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine,State,,1,8326; 8326; 8326; 8326,2022-03-07 00:00:00; 2022-03-07 00:00:00; 2022-03-07 00:00:00; 2022-03-07 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attribution by third-party; Attribution by third-party,Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ; Jeffrey Carr (US cyber expert/author); Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO) ,Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine,Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ; Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GURMO) ,Ukraine; Ukraine; Ukraine; Ukraine,State; State; State; State,https://www.scmagazine.com/analysis/breach/in-a-first-ukraine-leaks-russian-intellectual-property-as-act-of-war,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,,,,2,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.scmagazine.com/analysis/breach/in-a-first-ukraine-leaks-russian-intellectual-property-as-act-of-war; https://jeffreycarr.substack.com/p/russias-beloyarsk-nuclear-power-plant?s=r,2023-03-01,2023-03-06
1986,The IT Army of Ukraine targeted the Russian company Petrofort in hack-and-leak operation in April 2022,"The IT Army of Ukraine targeted the Russian company Petrofort in hack-and-leak operation in April 2022. While it is unknown when the actual hack took place, obtained data was leaked via Social Media on April 7, 2022. ",2022-04-01,2022-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Petrofort,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,8043,2022-04-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,,,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/129991/hacktivism/anonymous-it-army-of-ukraine-vs-russia.html; https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/,2023-03-01,2023-03-06
1984,The IT Army of Ukraine targeted the Russian company Aerogas in hack-and-leak operation in April 2022,"The IT Army of Ukraine targeted the Russian company Aerogas in hack-and-leak operation in April 2022. Aerogas is specialized in engineering solutions for the oil and gas industry. While it is unknown when the actual hack took place, the obtained data was leaked via Social Media on April 7, 2022. ",2022-04-01,2022-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Aerogas,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Critical Manufacturing,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,8051,2022-04-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,,,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/129991/hacktivism/anonymous-it-army-of-ukraine-vs-russia.html; https://cybernews.com/cyber-war/three-russian-firms-have-over-400-gb-worth-of-emails-leaked/; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/,2023-03-01,2023-03-02
1976,South Asian hacking group APT-C-61 targeted Turkish and Iranian diplomats beginning in 2021,"South Asian hacking group APT-C-61 targeted Turkish and Iranian diplomats beginning in 2021 with espionage operations, according to a technical report by the Threat Intelligence Center of Chinese IT security company Qihoo 360. ",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,"Iran, Islamic Republic of; Turkey",ASIA; MENA; MEA - ASIA; NATO; MEA,State institutions / political system - State institutions / political system,"Other (e.g., embassies) - Other (e.g., embassies)",APT-C-61/ Tengyun Snake,South Asia (region),Unknown - not attributed,,1,16103,2023-02-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Qihoo 360,,China,APT-C-61/ Tengyun Snake,South Asia (region),Unknown - not attributed,https://mp.weixin.qq.com/s/s740Y3HaXBXkS5RJi9LaHQ?utm_source=substack&utm_medium=email,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,2.0,,0.0,euro,None/Negligent,Diplomatic / consular law; Due diligence; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://mp.weixin.qq.com/s/s740Y3HaXBXkS5RJi9LaHQ?utm_source=substack&utm_medium=email,2023-03-01,2024-01-10
1983,The IT Army of Ukraine targeted the Russian company Forest with hack-and-leak operation in April 2022,"The IT Army of Ukraine targeted the Russian company Forest with hack-and-leak operation in April 2022. According to Bloomberg, ""Russian Forest Products Group operates as a forestry company. The Company provides logging and timber processing and sales as well as other logistics services including freight and passenger transport."" While it is unknown when the actual hack took place, the group leaked the obtained data via Social Media on April 7, 2022. ",2022-04-01,2022-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Russian Forest Products Group,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,8054,2022-04-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,,,,1,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/129991/hacktivism/anonymous-it-army-of-ukraine-vs-russia.html; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/,2023-03-01,2024-04-24
1982,The IT Army of Ukraine targeted Russias state portal EGAIS with DDoS attack in May 2022,"The IT Army of Ukraine targeted Russia`s state portal EGAIS with DDoS attack on May 2nd and 3rd, 2022. Alcohol distributors need to register via the state portal EGAIS, that is why the hack caused substantial disruptions within the Russian alcohol sector. ",2022-05-02,2022-05-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Unified State Automated Alcohol Accounting Information System (EGAIS),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Civil service / administration,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,8056,2022-05-02 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://www.privacy.com.sg/cybersecurity/ukraines-it-army-is-disrupting-russias-alcohol-distribution/?utm_source=rss&utm_medium=rss&utm_campaign=ukraines-it-army-is-disrupting-russias-alcohol-distribution,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),,,,2,,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/130992/hacktivism/anonymous-ukraine-it-army-vs-russia.html; https://www.privacy.com.sg/cybersecurity/ukraines-it-army-is-disrupting-russias-alcohol-distribution/?utm_source=rss&utm_medium=rss&utm_campaign=ukraines-it-army-is-disrupting-russias-alcohol-distribution; https://www.hackread.com/ddos-attacks-hacktivist-disrupt-russia-alcohol-supply/; https://www.privacy.com.sg/cybersecurity/ukraines-it-army-is-disrupting-russias-alcohol-distribution/?utm_source=rss&utm_medium=rss&utm_campaign=ukraines-it-army-is-disrupting-russias-alcohol-distribution,2023-03-01,2023-03-02
1971,Service systems of the Rodgau city administration and municipal utilities were shut down due to a cyber attack in February 2023,"On 23 February 2023, the municipal administration of Rodgau, in Hesse, Germany, reported that the service systems of the city administration and the municipal utilities were down due to a cyber attack. Several files could no longer be opened and some computers stopped responding. The entire network was shut down as a precaution. While employee email addresses were temporarily deactivated, essential service functions of the sewage treatment plant, public transport, waste disposal or wastewater disposal were not affected.",2023-02-23,2023-02-23,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Disruption; Hijacking without Misuse,City Administration Rodgau - Municipal Utilities Rodgau,Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Civil service / administration - Energy; Water; Transportation; Waste Water Management,Not available,Not available,Not available,,1,16107,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,Low,9.0,Months,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-02-24 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Polizei Hessen,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://twitter.com/dani_stoffers/status/1629058262418042880; https://www.rodgau.de/index.php?La=1&object=tx,2642.15857.1&kuo=2&sub=0; https://www.hessenschau.de/panorama/stadt-rodgau-meldet-hackerangriff---alle-systeme-ausgefallen-v3,hackerangriff-rodgau-100.html; https://www.op-online.de/region/rodgau/cyberangriff-stadt-rodgau-ausfall-servicesysteme-stadtverwaltung-stadtwerke-hacker-angriff-it-92107552.html; https://www.n-tv.de/regionales/hessen/Neuer-Notfallschrank-mit-Laptops-nach-Cyberangriffen-article24907325.html; https://www.sueddeutsche.de/wirtschaft/kommunen-neuer-notfallschrank-mit-laptops-nach-cyberangriffen-dpa.urn-newsml-dpa-com-20090101-240428-99-841960",2023-02-28,2024-04-30
1969,US domain registrar and webhoster GoDaddy targeted by sophisticated threat actor in yearlong-campaign: December 2022 incident,"According to its 2022 filling of Form 10-K, a summary of financial performance publicly traded companies are required to submit annually in the US, US domain registrar and webhoster GoDaddy was targeted by a ""sophisticated threat actor group"" in a multiple yearlong-campaign, including incidents in March 2020, November 2021 and December 2022.
As part of the December 2022 incident, ""an unauthorized third party gained access to and installed malware on [GoDaddy's] cPanel hosting servers. The malware intermittently redirected random customer websites to malicious sites."" According to GoDaddy, the attackers ""obtained pieces of code related to some services within GoDaddy"" during the overall campaign. ",2022-12-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking with Misuse,GoDaddy,United States,NATO; NORTHAM,Critical infrastructure,Other,Not available,Not available,Not available,,1,17921,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2022-12-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/; https://twitter.com/cybersecboardrm/status/1629537499151204354; https://twitter.com/cybersecboardrm/status/1629356297505193984; https://twitter.com/cybersecboardrm/status/1629137042398388225; https://www.malwarebytes.com/blog/news/2023/02/godaddy-says-its-a-victim-of-multi-year-cyberattack-campaign; https://d18rn0p25nwr6d.cloudfront.net/CIK-0001609711/e4736ddb-b4c7-485b-a8fc-1827691692c9.pdf; https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx; https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption; https://nakedsecurity.sophos.com/2023/02/23/s3-ep123-crypto-company-compromise-kerfuffle-audio-text/; https://research.checkpoint.com/2023/20th-february-threat-intelligence-report/; https://nakedsecurity.sophos.com/2023/02/20/godaddy-admits-crooks-hit-us-with-malware-poisoned-customer-websites/; https://www.hackread.com/hackers-godaddy-source-code-data-breach/; https://twitter.com/securityaffairs/status/1627249122796355586; https://twitter.com/UK_Daniel_Card/status/1627046811247726597; https://twitter.com/securityaffairs/status/1627004095746699264; https://securityaffairs.com/142405/data-breach/godaddy-discloses-data-breach-2.html; https://twitter.com/cybersecboardrm/status/1626997514728529921; https://www.wired.com/story/godaddy-hacked-3-years/; https://twitter.com/Dinosn/status/1626890891397943297; https://twitter.com/aselawaid/status/1626802069096267777; https://twitter.com/Cyber_O51NT/status/1626755712327258113; https://twitter.com/switch_d/status/1626701969686515714; https://www.databreaches.net/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/; https://twitter.com/Dinosn/status/1626644340100501506; https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/; https://www.govinfosecurity.com/godaddy-fingers-hacking-campaign-for-3-year-run-breaches-a-21241; https://www.darkreading.com/risk/what-godaddy-years-long-breach-means-millions-clients,2023-02-28,2024-03-13
1968,US domain registrar and webhoster GoDaddy targeted by sophisticated threat actor in yearlong-campaign: November 2021 incident,"According to its 2022 filling of Form 10-K, a summary of financial performance publicly traded companies are required to submit annually in the US, US domain registrar and webhoster GoDaddy was targeted by a ""sophisticated threat actor group"" in a multiple yearlong-campaign, including incidents in March 2020, November 2021 and December 2022.
As part of the November 2021 incident, ""using a compromised password, an unauthorized third party accessed the provisioning system in [GoDaddy's] legacy code base for Managed WordPress (MWP), which impacted up to 1.2 million active and inactive MWP customers across multiple GoDaddy brands.""",2021-11-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,GoDaddy,United States,NATO; NORTHAM,Critical infrastructure,Other,Not available,Not available,Not available,,1,17920,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2022-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/; https://twitter.com/cybersecboardrm/status/1629537499151204354; https://twitter.com/cybersecboardrm/status/1629356297505193984; https://twitter.com/cybersecboardrm/status/1629137042398388225; https://www.malwarebytes.com/blog/news/2023/02/godaddy-says-its-a-victim-of-multi-year-cyberattack-campaign; https://d18rn0p25nwr6d.cloudfront.net/CIK-0001609711/e4736ddb-b4c7-485b-a8fc-1827691692c9.pdf; https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption; https://nakedsecurity.sophos.com/2023/02/23/s3-ep123-crypto-company-compromise-kerfuffle-audio-text/; https://research.checkpoint.com/2023/20th-february-threat-intelligence-report/; https://nakedsecurity.sophos.com/2023/02/20/godaddy-admits-crooks-hit-us-with-malware-poisoned-customer-websites/; https://www.hackread.com/hackers-godaddy-source-code-data-breach/; https://twitter.com/securityaffairs/status/1627249122796355586; https://twitter.com/UK_Daniel_Card/status/1627046811247726597; https://twitter.com/securityaffairs/status/1627004095746699264; https://securityaffairs.com/142405/data-breach/godaddy-discloses-data-breach-2.html; https://twitter.com/cybersecboardrm/status/1626997514728529921; https://www.wired.com/story/godaddy-hacked-3-years/; https://twitter.com/Dinosn/status/1626890891397943297; https://twitter.com/aselawaid/status/1626802069096267777; https://twitter.com/Cyber_O51NT/status/1626755712327258113; https://twitter.com/switch_d/status/1626701969686515714; https://www.databreaches.net/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/; https://twitter.com/Dinosn/status/1626644340100501506; https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/; https://www.govinfosecurity.com/godaddy-fingers-hacking-campaign-for-3-year-run-breaches-a-21241; https://www.darkreading.com/risk/what-godaddy-years-long-breach-means-millions-clients,2023-02-28,2024-03-13
1967,US domain registrar and webhoster GoDaddy targeted by sophisticated threat actor in yearlong-campaign: March 2020 incident,"According to its 2022 filling of Form 10-K, a summary of financial performance publicly traded companies are required to submit annually in the US, US domain registrar and webhoster GoDaddy was targeted by a ""sophisticated threat actor group"" in a multiple yearlong-campaign, including incidents in March 2020, November 2021 and December 2022.
As part of the March 2020 incident, the attackers compromised 28,000 hosting account login credentials belonging to customers and some GoDaddy employees. ",2020-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,GoDaddy,United States,NATO; NORTHAM,Critical infrastructure,Other,Not available,Not available,Not available,,1,17919,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2022-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/; https://twitter.com/cybersecboardrm/status/1629537499151204354; https://twitter.com/cybersecboardrm/status/1629356297505193984; https://twitter.com/cybersecboardrm/status/1629137042398388225; https://www.malwarebytes.com/blog/news/2023/02/godaddy-says-its-a-victim-of-multi-year-cyberattack-campaign; https://d18rn0p25nwr6d.cloudfront.net/CIK-0001609711/e4736ddb-b4c7-485b-a8fc-1827691692c9.pdf; https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption; https://nakedsecurity.sophos.com/2023/02/23/s3-ep123-crypto-company-compromise-kerfuffle-audio-text/; https://research.checkpoint.com/2023/20th-february-threat-intelligence-report/; https://nakedsecurity.sophos.com/2023/02/20/godaddy-admits-crooks-hit-us-with-malware-poisoned-customer-websites/; https://www.hackread.com/hackers-godaddy-source-code-data-breach/; https://twitter.com/securityaffairs/status/1627249122796355586; https://twitter.com/UK_Daniel_Card/status/1627046811247726597; https://twitter.com/securityaffairs/status/1627004095746699264; https://securityaffairs.com/142405/data-breach/godaddy-discloses-data-breach-2.html; https://twitter.com/cybersecboardrm/status/1626997514728529921; https://www.wired.com/story/godaddy-hacked-3-years/; https://twitter.com/Dinosn/status/1626890891397943297; https://twitter.com/aselawaid/status/1626802069096267777; https://twitter.com/Cyber_O51NT/status/1626755712327258113; https://twitter.com/switch_d/status/1626701969686515714; https://www.databreaches.net/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/; https://twitter.com/Dinosn/status/1626644340100501506; https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/; https://www.govinfosecurity.com/godaddy-fingers-hacking-campaign-for-3-year-run-breaches-a-21241; https://www.darkreading.com/risk/what-godaddy-years-long-breach-means-millions-clients,2023-02-28,2024-03-13
1964,Unknown threat actor targets government entities in the Asia Pacific and North America regions with PureCrypter downloader,"An unknown threat actor targeted government entities in the Asia Pacific and North America regions with the PureCrypter downloader distributed via Discord since February 2023, according to Menlo Security. The actors also delivered several types of malware including Redline Stealer, AgentTesla, Eternity, Blackmoon and Philadelphia ransomware during the campaign. Apart from the successful compromise of at least some targets, Menlo Security disclosed no specific information about impact.",2023-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,North America; Oceania (region); Asia (region), -  - ,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,Not available,Not available,Not available,,1,16113,2023-02-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Menlo Security,,United States,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/securityaffairs/status/1630311332628029454; https://twitter.com/cybersecboardrm/status/1630225878331318280; https://twitter.com/Dinosn/status/1630168682029543425; https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html; https://securityaffairs.com/142749/hacking/purecrypter-deliver-agenttesla.html; https://www.govinfosecurity.com/purecrypter-targets-north-america-apac-government-agencies-a-21318; https://tarnkappe.info/lesetipps/lesetipps-und-wann-klopfen-die-hacker-auch-bei-euch-an-die-tuer-265998.html; https://www.bleepingcomputer.com/news/security/purecrypter-malware-hits-govt-orgs-with-ransomware-info-stealers/; https://www.menlosecurity.com/blog/purecrypter-targets-government-entities-through-discord/; https://www.hackread.com/purecrypter-malware-discord/; https://www.hackread.com/purecrypter-malware-discord/; https://twitter.com/Dinosn/status/1630168682029543425; https://twitter.com/cybersecboardrm/status/1630225878331318280; https://twitter.com/securityaffairs/status/1630311332628029454; https://twitter.com/cybersecboardrm/status/1631650935482077184; https://twitter.com/cybersecboardrm/status/1631650935482077184,2023-02-28,2024-01-10
1965,"South American APT Blind Eagle targeted government, public and critical infrastructure entities in Colombia and unspecificed targets in Ecuador, Chile, and Spain with RATs in 2023","According to the BlackBerry Research & Intelligence Team, the South American APT Blind Eagle (also known as APT-C-36) targeted government, public and critical infrastructure entities in Colombia and further unspecified targets in Ecuador, Chile, and Spain in 2023 with different remote access trojans (RATs). In Colombia, targets included the following sectors: health, public, financial, judiciary, law enforcement, and an agency engaged in internal peace negotiations. Blind Eagle used spearphishing in order to establish access to the target networks to then deployed RATs and exfiltrate information. ",2023-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available,Chile; Spain; Ecuador; Colombia,SOUTHAM - EUROPE; NATO; EU(MS) -  - SOUTHAM,Unknown - Unknown - Unknown - State institutions / political system; Critical infrastructure; State institutions / political system; State institutions / political system; Critical infrastructure, -  -  - Civil service / administration; Health; Judiciary; Police; Finance,Blind Eagle/ APT-C-36,South America,Unknown - not attributed,,1,11161,2023-02-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,BlackBerry Research and Intelligence Team,,United States,Blind Eagle/ APT-C-36,South America,Unknown - not attributed,https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/blind-eagle-apt-c-36-colombia-ecuador/; https://twitter.com/BlackBerrySpark/status/1630254500064755714; https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia; https://twitter.com/RecordedFuture/status/1630588325340803073; https://thehackernews.com/2023/02/apt-c-36-strikes-again-blind-eagle.html; https://twitter.com/Dinosn/status/1630540981966610433; https://twitter.com/BlackBerrySpark/status/1630254500064755714; https://twitter.com/cybersecboardrm/status/1631112513457729539; https://twitter.com/BlackBerrySpark/status/1633214695527292928; https://www.darkreading.com/threat-intelligence/top-cyberattacks-revealed-in-new-threat-intelligence-report,2023-02-28,2023-07-03
1972,"In February 2022, Azerbaijani political activist Abulfaz Gurbanli becomes the victim of a phishing attack","On 15 February 2022, Azerbaijan Internet Watch reported that the political activist Abulfaz Gurbanli lost access to his Gmail and Facebook account through a phishing email after deleting and resetting his device, and could not access it again until 17 February. A few months earlier, a report was released on the dissemination of the Pegasus spy software and listed numbers of activists, including Gurbanli, whose devices had been infected. This caused Gurbanli to reset his device. On 15 February, he was asked for an interview by an alleged journalist from the BBC Azerbaijan Service, who sent him an email with an infected attachment that, when opened, downloaded malware. Through the backdoor which was installed in the context, the hacker was able to access Gurbanli's accounts and delete the content of at least seven community sites where the activist was an administrator. The attack came shortly after the publication of an article by a pro-government media outlet that accused Gurbanli of organising colour revolutions in Azerbaijan. Based on that, this incident is assigned to the domestic conflict between Azerbaijan and the opposition, even though no attribution has been published. ",2022-02-15,2022-02-17,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,Abulfaz Gurbanli,Azerbaijan,ASIA; CENTAS,Social groups,Advocacy / activists (e.g. human rights organizations),Not available,Not available,Not available,,1,11616,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology; National power,System/ideology; National power,Azerbaijan (opposition); Azerbaijan (opposition),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Account Access Removal,Required,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.az-netwatch.org/news/deliberate-targeting-in-pro-government-media-leads-to-targeted-attacks-online-the-case-of-abulfaz-gurbanli/; https://www.qurium.org/alerts/azerbaijan/yet-another-targeted-malware-against-azerbajani-political-activists/,2023-02-28,2024-02-02
1966,Anonymous Sudan hit websites of Danish hospitals with DDoS attacks on 26 February 2023,"Anonymous Sudan hit the websites of nine Danish hospitals with DDoS attacks on 26 February 2023. According to Copenhagen's health authorities. medical care was unaffected and the websites were back online after ""a couple of hours"". Anonymous Sudan is suspected to be part of a Russian information operation that in the past has sought to undermine Sweden's NATO application, according to TrueSec. On 30 March 2023, Trustwave published a technical report on Anonymous Sudan and concluded that it was a subgroup of the pro-Russian hacktivist group Killnet, thereby further corroborating earlier reporting by TrueSec.",2023-02-26,2023-02-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,Not available,Denmark,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Health,Anonymous Sudan (Storm-1359) < Killnet,Sudan,Non-state-group,Hacktivist(s),2,16111; 16112,2023-02-26 00:00:00; 2023-02-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker,Anonymous Sudan (Storm-1359) < Killnet; Truesec,Not available; ,Sudan; Sweden,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Sudan; Russia,Non-state-group; Non-state-group,https://t.me/AnonymousSudan/212,System / ideology; International power,Territory; Resources; International power,Norway et al. – Russia (Arctic); Norway et al. – Russia (Arctic); Norway et al. – Russia (Arctic),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,9.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.databreaches.net/danish-hospitals-hit-by-cyberattack-from-anonymous-sudan/; https://www.truesec.com/hub/blog/what-is-anonymous-sudan; https://twitter.com/cahlberg/status/1630200714474528768; https://therecord.media/danish-hospitals-hit-by-cyberattack-from-anonymous-sudan/; https://t.me/AnonymousSudan/212; https://twitter.com/RegionH/status/1629931458067415041; https://twitter.com/RegionH/status/1629872125212344325; https://twitter.com/cahlberg/status/1630200714474528768; https://twitter.com/CERTEU/status/1631572192667353089; https://research.checkpoint.com/2023/6th-march-threat-intelligence-report/; https://socradar.io/hacktivism-on-the-rise-killnet-anonymous-sudans-cyber-campaign-targets-australia/; https://research.checkpoint.com/2023/3rd-april-threat-intelligence-report/; https://www.techrepublic.com/article/ddos-attack-israel/,2023-02-28,2024-01-10
1956,State-sponsored North Korean hacking group Lazarus deployed newly discovered backdoor WinorDLL64 against unspecified South Korean targets since 2021,"The state-sponsored North Korean hacking group Lazarus deployed the newly discovered backdoor WinorDLL64 agaonst unspecified South Korean targets since 2021, the Slovakian IT security company ESET assessed with low confidence based on the targeted region and an overlap in both behavior and code. The backdoor is deployed as a payload of the Wslink downloader ESET detected in 2021.
",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,Unknown,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16125,2023-02-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/,System / ideology; Territory; International power,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Account Access Removal,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/; https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html; https://securitymea.com/2023/02/28/apt-group-lazarus-likely-using-winordll64-backdoor-to-exfiltrate-data/,2023-02-27,2024-01-10
1958,Three hackers target a variety of Dutch and international organizations with ransomware attacks since March 2021,"On 23 January 2023, the cybercrime team of the Amsterdam police arrested three men, two of them from the Netherlands, for computer intrusion, data theft, extortion, and money laundering. 
The hackers illegally penetrated the networks of various companies and organisations, stole personal information from them, demanded a ransom for it and, in certain cases, published the stolen information despite having received the ransom.  
The affected targets are thousands of Dutch and international organisations, including catering companies, training institutes, webshops for software companies, social media and critical infrastructure. The director of one affected company, Ticketcounter, Sjoerd Bakker, reported his encounter with the hackers and how he dealt with the theft of 1.5 million records of customer data. 
One hacker worked for the Dutch Institute for Vulnerability Disclosure (DIVD), a group of volunteers fighting cybercrime. On 24 February 2023, one day after the police announced the arrest, the DIVD commented on their former member and took immediate action. ",2021-03-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,Not available - Ticketcounter - RDC - Not available - Shell - Not available - Not available,Netherlands; Netherlands; Netherlands; Netherlands; United Kingdom; Not available; Not available,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; NORTHEU -  - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, -  -  -  - Energy -  - ,Pepijn van der Stap; E. Sarikaya; Not available,Netherlands; Netherlands; Not available,Non-state-group; Non-state-group; Non-state-group,Criminal(s); Criminal(s); Criminal(s),2,16121; 16121; 16121; 16121; 16121; 16121; 16122; 16122,2023-01-23 00:00:00; 2023-01-23 00:00:00; 2023-01-23 00:00:00; 2023-01-23 00:00:00; 2023-01-23 00:00:00; 2023-01-23 00:00:00; 2023-02-23 00:00:00; 2023-02-23 00:00:00,"Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Dutch Federal Police (Politie); Dutch Federal Police (Politie); Dutch Federal Police (Politie); Dutch Federal Police (Politie); Dutch Federal Police (Politie); Dutch Federal Police (Politie); Dutch Federal Police (Politie); Dutch Federal Police (Politie),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Netherlands; Netherlands; Netherlands; Netherlands; Netherlands; Netherlands; Netherlands; Netherlands,Pepijn van der Stap; Pepijn van der Stap; E. Sarikaya; E. Sarikaya; Not available; Not available; Not available; Not available,Netherlands; Not available; Netherlands; Not available; Netherlands; Not available; Netherlands; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.politie.nl/nieuws/2023/februari/23/05-drie-mannen-aangehouden-in-onderzoek-naar-grootschalige-internationale-datadiefstal-en-datahandel.html,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,,0.0,,0.0,euro,None/Negligent,Human rights; Due diligence,Civic / political rights; ,Not available,3,2021-03-01 00:00:00; 2023-11-03 00:00:00; 2023-06-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests); Other legal measures on national level (e.g. law enforcement investigations, arrests)",; ; ,Netherlands; Netherlands; Netherlands,Nationale Politie; Rechtbank Amsterdam (District Court); Rechtbank Amsterdam (District Court),Not available,,No response justified (missing state attribution & breach of international law),,https://www.malwarebytes.com/blog/news/2023/02/fear-mongering-data-thieves-that-victimized-thousands-of-businesses-arrested; https://www.divd.nl/2023/02/24/reactie-divd-op-betrokkenheid-van-divd-vrijwilliger-bij-grote-datadiefstal-zaak/; https://www.politie.nl/nieuws/2023/februari/23/05-drie-mannen-aangehouden-in-onderzoek-naar-grootschalige-internationale-datadiefstal-en-datahandel.html; https://www.rtlnieuws.nl/nieuws/nederland/artikel/5367184/ticketcounter-slachtoffer-diefstal-data-chantage-intimidatie; https://www.bleepingcomputer.com/news/security/dutch-police-arrest-three-ransomware-actors-extorting-25-million/; https://www.databreaches.net/nl-three-arrested-in-massive-hacking-data-theft-and-blackmail-probe-one-was-a-whitehat-researcher/; https://nakedsecurity.sophos.com/2023/02/27/dutch-police-arrest-three-cyberextortion-suspects-who-allegedly-earned-millions/; https://securityaffairs.com/142759/cyber-crime/dutch-police-arrested-3-men-extortion-ring.html; https://twitter.com/unix_root/status/1630138922306007042; https://thehackernews.com/2023/02/dutch-police-arrest-3-hackers-involved.html; https://twitter.com/unix_root/status/1630138922306007042; https://twitter.com/cybersecboardrm/status/1630736222011228161; https://nakedsecurity.sophos.com/2023/03/02/s3-ep124-when-so-called-security-apps-go-rogue-audio-text/; https://twitter.com/troyhunt/status/1631382674278596608; https://twitter.com/troyhunt/status/1631557850064617473; https://twitter.com/troyhunt/status/1631557850064617473; https://twitter.com/troyhunt/status/1631557850064617473; https://www.databreaches.net/dutch-hacking-suspects-to-be-in-court-april-20-dutch-police-try-to-warn-others-to-stop-cybercrime/; https://cyberscoop.com/doj-cybercrime-disruption-ransomware/; https://zerosecurity.org/2023/11/dutch-cybersecurity-pro-turned-cybercriminal-four-year-sentence-for-hacking-and-extortion/,2023-02-27,2024-01-10
1957,Pro-Ukrainian hacktivists CH01 defaced 32 Russian websites on 24 February 2023,"On the one-year anniversary of the Russian invasion of Ukraine, the pro-Ukrainian hacker group CH01 defaced at least 32 Russian websites. The websites concerned featured a video of the Kremlin on fire. CH01 had posted the video on Twitter along with a message and the Anonymous collective confirmed in a tweet that the Russian websites were defaced by pro-Ukrainian hackers.",2023-02-24,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,Unknown,,CH01,Not available,Non-state-group,Hacktivist(s),2,16123; 16124; 16124,2023-02-24 00:00:00; 2023-02-25 00:00:00; 2023-02-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms,CH01; Anonymous; Anonymous,Not available; Not available; Not available,Not available; Not available; Not available,CH01; Anonymous; Not available,Not available; Not available; Not available,Non-state-group; Non-state-group; Non-state-group,https://t.me/CHO1CHO1/5; https://t.me/CHO1CHO1/6; https://t.me/CHO1CHO1/16; https://t.me/CHO1CHO1/50; https://t.me/CHO1CHO1/56; https://twitter.com/AnonOpsSE/status/1629565372042039297?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1629565372042039297%7Ctwgr%5E764b19042052f399e7f558acd6308f718b878098%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F142713%2Fhacktivism%2Fch01-defaced-russian-websites.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,32.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://securityaffairs.com/142713/hacktivism/ch01-defaced-russian-websites.html; https://twitter.com/AnonOpsSE/status/1629565372042039297?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1629565372042039297%7Ctwgr%5E764b19042052f399e7f558acd6308f718b878098%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F142713%2Fhacktivism%2Fch01-defaced-russian-websites.html; https://t.me/CHO1CHO1/5; https://t.me/CHO1CHO1/6; https://t.me/CHO1CHO1/16; https://t.me/CHO1CHO1/50; https://t.me/CHO1CHO1/56; https://twitter.com/securityaffairs/status/1630126910712827905; https://twitter.com/Cyber_O51NT/status/1630006248883261441; https://twitter.com/securityaffairs/status/1629922209870274562; https://twitter.com/securityaffairs/status/1629901311322800128; https://www.hackread.com/hackers-deface-russia-websites-ukraine/; https://twitter.com/AnonOpsSE/status/1629565372042039297; https://twitter.com/securityaffairs/status/1629885935734210561; https://twitter.com/Cyberknow20/status/1629219503166083072; https://twitter.com/chuksjonia/status/1629382488781996033; https://twitter.com/securityaffairs/status/1630126910712827905,2023-02-27,2024-01-10
1959,"Unknown actors conducted ransomware attack against CentraState Medical Center stole data of 617,000 patients in December 2022","On 10 February 2023, CentraState Medical Center in New Jersey announced that it had noticed unusual activities on its computer systems on 29 December 2022 and reported this to law enforcement. The facility sustained a ransomware attack, causing it to redirect ambulances and to switch over to paper records. A limited outpatient appointments had to be rescheduled. The investigation revealed that an unknown person obtained a copy of the archived database containing information on 617,000 patients on 29 December 2022. For a subset of patients, attackers gained access to information on treatment plans, diagnoses, visit notes, and prescriptions. Six class action lawsuits were later filed against the hospital for not preventing the attack and also for failing to inform patients about the incident in a timely manner. ",2022-12-29,2022-12-29,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse; Ransomware,CentraState Medical Center,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,16118,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,9.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,1,2023-02-20 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Monmouth County Superior Court,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/6-class-actions-lawyers-across-the-country-move-quickly-after-hospital-data-breach/; https://www.centrastate.com/wp-content/uploads/sites/9/2023/02/Notice-of-Security-Incident.pdf; https://www.hipaajournal.com/centrastate-medical-center-facing-class-action-lawsuit-over-december-2022-ransomware-attack/; https://healthitsecurity.com/news/nj-health-system-diverts-ambulances-amid-it-network-issue,2023-02-27,2024-01-10
1960,Unknown threat actor hit Colombian hospital with ransomware in February 2023,"An unknown actor launched a ransomware attack against a server at the Joaquín Paz Borrero Hospital in the city of Cali, Colombia. 
As a response to this, the Cali District Government implemented an emergency plan to ensure coverage of the Northern Health Network serviced by the affected hospital.
According to the responsible officials, the personal data of the users is not in jeopardy, but the cyber attack affected, inter alia, the planning of appointments via the virtual platform.
The mayor of Cali declared the case had been reported to the public prosecutor's office.",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Joaquín Paz Borrero Hospital,Colombia,SOUTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,16117,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-02-23 00:00:00,State Actors: Stabilizing measures,Subnational executive official,Colombia, Cali District Government (Colombia),No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,1,2023-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Colombia,Office of the Attorney General of Colombia (Fiscalía General de la Nación),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-29/; https://www.cali.gov.co/gobierno/publicaciones/174388/plan-de-contingencia-por-ataque-informatico-a-la-red-de-salud-del-norte/,2023-02-27,2024-01-10
1961,Ransomware group ALPHV gained access to the network of US natural gas and oil company Encino Energy,"The ransomware group ALPHV gained access to the network of the US natural gas and oil company Encino Energy, company spokeswoman Jackie Stewart admitted to Recorded Future.
The spokesperson went on to say that the company's operations had not been affected and the unauthorised access had been remediated. 
On 22 February, ALPHV announced on its leak site that it had stolen 400GB of data from the company and was now releasing it. It is unclear when the unauthorised access and the alleged data theft took place. ",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft; Hijacking with Misuse,Encino Energy,United States,NATO; NORTHAM,Critical infrastructure,Energy,AlphV,Not available,Non-state-group,Criminal(s),1,16116,2023-02-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,AlphV,Not available,Not available,AlphV,Not available,Non-state-group,https://therecord.media/encino-energy-cyberattack-alleged-data-leak-alphv/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/encino-energy-cyberattack-alleged-data-leak-alphv/; https://twitter.com/DarkReading/status/1631368024824373286; https://therecord.media/ohio-archive-org-data-leak-ransomware,2023-02-27,2024-01-10
1962,Unknown actor targeted Chile's National Health Fund (FONASA) with malware in February 2023,"An unknown threat actor used a malicious computer programme to briefly disrupt the website of the Chilean National Health Fund (FONASA) on 17 February 2023. There was also minimal disruption to its branches, which were quickly and fully restored.
It remains unclear whether a recent security alert from the Chilean Government Information Security Incident Response Team (CSIRT), which highlights activity by two national and international threat actors, one of which is the notorious ransomware group BlackCat, also referred to this specific incident.",2023-01-17,2023-01-17,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Chilean National Health Fund (FONASA),Chile,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16115,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-29/; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/; https://www.fonasa.cl/sites/fonasa/noticia/fonasa%5Fsistema%5Foperativo; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/,2023-02-27,2024-01-10
1963,Pro-Russian hacktivist group XakNet Team takes down Ukrainian artillery fire control system Kropiva with DDoS attack,"In May 2022, the pro-Russian hacktivist group XakNet Team announces on Telegram that it has taken down the artillery fire control system using a DDoS attack. The programme was developed by the Ukrainian company Logika and is used by the Ukrainian armed forces to exchange information. The aim of the attack was to limit the capabilities of the Ukrainian army.",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Artillery Fire Control System Kropiva,Ukraine,EUROPE; EASTEU,State institutions / political system,Military,XakNet,Russia,Non-state-group,Hacktivist(s),1,16114,2022-05-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,XakNet,Not available,Russia,XakNet,Russia,Non-state-group,https://t.me/xaknet_team/229,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Armed conflict; Due diligence; Sovereignty; Armed conflict,Conduct of hostilities; ; ; Certain persons,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://t.me/xaknet_team/229; https://t.me/RVvoenkor/13588; https://argumenti.ru/society/2022/05/773512; https://mash.ru/news/151952,2023-02-27,2024-01-10
1951,"Nevada ransomware group targeted nearly 5,000 victims in the US and Europe using the ESXiArgs vulnerability in VMWare servers since February 2023","The Nevada ransomware group targeted early 5,000 victims in the US and Europe using the ESXiArgs vulnerability in VMWare servers since February 2023, according to the Financial Times. 
The hackers specifically targeted servers that remained unpatched after a security updated addressing the software flaw was issued since February 2021. 
The largest number of victims - 2,000 - is in France. Other highly affected countries include the United States, the United Kingdom and Germany.  Specific victims comprise universities in the United States and Hungary, shipping companies and construction firms in Italy, as well as manufacturing companies in Germany. 
The Financial Times reports that actors behind the Nevada Group remain unidentified. Based on its online recruitment campaigns, the group appears to be made up of Russian and Chinese hackers.",2023-02-01,Not available,"Not available; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,None - None - None - None - None - None - None,United Kingdom; France; Europe (region); United States; Italy; Hungary; Germany,EUROPE; NATO; NORTHEU - EUROPE; NATO; EU(MS); WESTEU -  - NATO; NORTHAM - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); WESTEU,Unknown - Unknown; Unknown - Unknown - Unknown; Critical infrastructure; Education - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Education - Unknown; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Unknown; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ;  -  - ; Research;  - Transportation;  - Research;  - ; ; ; ,,Russia; China,Non-state-group,Criminal(s),1,16130; 16130,2023-02-23 00:00:00; 2023-02-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Media-based attribution,Financial Times; Financial Times,Not available; Not available,United Kingdom; United Kingdom,,Russia; China,Non-state-group; Non-state-group,https://www.ft.com/content/ad987139-e8ac-427d-9a07-25e1dd91d76b,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,11.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,501-10000,4468.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-02-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,France,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.databreaches.net/nevada-group-hackers-target-thousands-of-computer-networks/; https://www.ft.com/content/ad987139-e8ac-427d-9a07-25e1dd91d76b; https://www.wired.com/story/apple-google-moveit-security-patches-june-2023-critical-update/; https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as-threat-actors-pivot-to-zero-day-exploits; https://www.computerweekly.com/de/feature/10-der-groessten-Zero-Day-Angriffe-im-Jahr-2023,2023-02-24,2024-01-10
1950,Pro-Russian hacktivists NoName057(16) targeted Poland's Ministry of Defence with DDoS attack on 7 July 2022,"According to a report by IT security company Avast from 6 September 2022, pro-Russian hacktivists NoName057(16) targeted Poland's Ministry of Defence with a DDoS attack on 7 July 2022 using its Bobik malware. No additional third-party reporting on that incident was immediately available. Avast categorizes the attack as ""successful"" in its report without providing further details. ",2022-07-07,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,,Disruption,Ministry of Defence (Poland),Poland,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Government / ministries,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,16131; 16131,2022-09-06 00:00:00; 2022-09-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Avast; Avast,,Czech Republic; United Kingdom,NoName057(16); NoName057(16),Russia; Russia,Non-state-group; Non-state-group,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik; https://socradar.io/dark-web-profile-noname05716/,2023-02-24,2024-01-10
1949,Lehigh Valley Health Network targeted by BlackCat ransomware attack in early February 2023,"On 20 February, the Lehigh Valley Health Network (LVHN) announced that it had been the victim of a ransomware attack. The ransomware group BlackCat was named as the initiator of the attack. The unauthorised activities were detected on 6 February and targeted a system used for patient images for radiation oncology treatment and other sensitive information. However, LVHN states that services have not been disrupted and that it refuses to pay the ransom.",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,Lehigh Valley Health Network ,United States,NATO; NORTHAM,Critical infrastructure,Health,BlackCat,Russia,Non-state-group,Criminal(s),1,16132,2023-02-20 00:00:00,"Attribution given, type unclear",Receiver attributes attacker,"Brian A. Nester (President and CEO of Lehigh Valley Health Network, United States)",Not available,United States,BlackCat,Russia,Non-state-group,https://healthitsecurity.com/news/lehigh-valley-health-network-hit-by-blackcat-ransomware-attack,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,12.0,Weeks (< 4 weeks),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights; Other human rights instruments",Not available,1,2023-03-13 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Lackawanna County Court of Common Pleas,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.malwarebytes.com/blog/news/2023/02/lehigh-valley-health-network-targeted-by-blackcat-ransomware; https://www.databreaches.net/two-california-plastic-surgery-practices-suffer-cyberattacks-and-embarrassing-patient-data-leaks/; https://healthitsecurity.com/news/lehigh-valley-health-network-hit-by-blackcat-ransomware-attack; https://www.lehighvalleylive.com/business/2023/02/lehigh-valley-health-network-victim-of-blackcat-cyberattack.html; https://twitter.com/UK_Daniel_Card/status/1632464968510496776; https://therecord.media/ransomware-lehigh-valley-alphv-black-cat; https://www.govinfosecurity.com/blackcat-leaking-patient-data-photos-stolen-in-attack-a-21381; https://twitter.com/UK_Daniel_Card/status/1632464968510496776; https://twitter.com/InfoSecSherpa/status/1632879934451466240; https://twitter.com/InfoSecSherpa/status/1632879934451466240; https://twitter.com/RecordedFuture/status/1632925831856107520; https://twitter.com/ciaranmartinoxf/status/1633097490332282881; https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023; https://www.databreaches.net/whats-new-in-ransomware-gang-pressure-tactics-not-as-much-as-you-might-think/; https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/; https://www.malwarebytes.com/blog/news/2023/03/breast-cancer-photos-published-by-ransomware-gang; https://www.databreaches.net/lawsuit-filed-against-lehigh-valley-health-network-after-ransomware-gang-leaks-sensitive-patient-data-online/; https://cyberscoop.com/patient-sues-leigh-valley-ransomware/; https://cyberscoop.com/rural-hospital-ransomware/; https://www.wired.com/story/amazon-ring-hacked-ransomware/; https://www.malwarebytes.com/blog/news/2023/03/a-week-in-security-march-13-19; https://therecord.media/sun-pharma-india-ransomware-attack; https://twitter.com/WSJCyber/status/1653424071076397056; https://news.yahoo.com/records-more-181-000-patients-000400881.html; https://www.wired.com/story/what-doctors-wish-you-knew-hipaa-data-security/; https://www.wired.com/story/hospital-ransomware-hhs-digiheals/; https://arstechnica.com/information-technology/2023/08/our-health-care-system-may-soon-receive-a-much-needed-cybersecurity-boost/; https://therecord.media/nearly-three-mil-affected-ransomware-medtech,2023-02-24,2024-01-10
1948,Russian hacking group UAC-0056 gained access to and modified the content of a number of Ukrainian federal and state government websites beginning in December 2021,"The Russian hacking group UAC-0056 (also known as Ember Bear, DEV-0586, or UNC2589) gained access to and modified the content of a number of Ukrainian federal and local government websites during the period of 23 December 2021 to 23 February 2023, according to the Computer Emergency Response Team of Ukraine (CERT-UA) and the State Service of Special Communications and Information Protection of Ukraine (SSSCIP). ",2021-12-23,2023-02-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,Not available,Russia,State,,2,16133; 16134,2023-02-23 00:00:00; 2023-02-23 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,SSSCIP; CERT-UA,Not available; Not available,Ukraine; Ukraine,Not available; UAC-0056/Cadet Blizzard fka DEV-0586/UNC2589,Russia; Not available,State; Unknown - not attributed,https://cert.gov.ua/article/3947787; https://cip.gov.ua/en/news/viyavleno-kiberataku-na-nizku-ukrayinskikh-derzhavnikh-informaciinikh-resursiv,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,1,2023-02-23 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,State Service of Special Communications and Information Protection of Ukraine,No,,Valid Accounts,Defacement,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hackers-backdoored-govt-websites-in-2021/; https://cert.gov.ua/article/3947787; https://cip.gov.ua/en/news/viyavleno-kiberataku-na-nizku-ukrayinskikh-derzhavnikh-informaciinikh-resursiv; https://twitter.com/BushidoToken/status/1628833826507046915; https://twitter.com/_CERT_UA/status/1628826278953467904; https://www.govinfosecurity.com/ukraine-finds-2-year-old-russian-backdoor-a-21306; https://thehackernews.com/2023/02/cisa-sounds-alarm-on-cybersecurity.html; https://securityaffairs.com/142678/cyber-warfare-2/cert-of-ukraine-russia-backdoors.html; https://securityaffairs.com/142698/breaking-news/security-affairs-newsletter-round-408-by-pierluigi-paganini.html; https://twitter.com/lukOlejnik/status/1630085910233579521; https://twitter.com/lukOlejnik/status/1629182195653910528; https://twitter.com/JohnHultquist/status/1629232999542710272; https://twitter.com/M_Miho_JPN/status/1629843445828423681; https://twitter.com/securityaffairs/status/1629528835220811776; https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/; https://www.bleepingcomputer.com/news/security/microsoft-links-data-wiping-attacks-to-new-russian-gru-hacking-group/,2023-02-24,2024-01-10
1947,Unknown actors deployed ransomware against Dole Food Company in February 2023,"Unknown actors deployed ransomware against the world's largest fresh fruit and vegetable supplier, Dole Food Company, in early February 2023, according to a memo by Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, shared with retailers on 10 February. To contain the spread of the ransomware, the company had to stop production plants in North America and cancel food shipments to grocery stores.
",2023-02-01,2023-02-10,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Dole Food Company,United States,NATO; NORTHAM,Critical infrastructure,Food,Not available,Not available,Not available,,1,17918,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Weeks (< 4 weeks),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,1,2023-02-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"https://www.darkreading.com/analytics/cyberattack-dole-causes-temporary-salad-shortage; https://therecord.media/norwegian-giant-tomra-dealing-with-cyberattack; https://edition.cnn.com/2023/02/22/business/dole-cyberattack/index.html; https://www.doleplc.com/news/dole-experiences-cybersecurity-incident; https://www.databreaches.net/cyberattack-on-food-giant-dole-temporarily-shuts-down-north-america-production-company-memo-says/; https://www.bleepingcomputer.com/news/security/fruit-giant-dole-suffers-ransomware-attack-impacting-operations/; https://twitter.com/Dinosn/status/1628822717725024257; https://www.defenseone.com/threats/2023/02/the-d-brief-february-23-2023/383257/; https://twitter.com/VessOnSecurity/status/1628773219971858433; https://twitter.com/RecordedFuture/status/1628774284616163329; https://twitter.com/vmyths/status/1628777975507308544; https://twitter.com/MalwareJake/status/1628540458765889539; https://securityaffairs.com/142726/cyber-crime/dole-food-company-ransomware-attack.html; https://twitter.com/securityaffairs/status/1630311515734638593; https://twitter.com/Dennis_Kipker/status/1630189946647576578; https://twitter.com/Dinosn/status/1630069773940805632; https://twitter.com/securityaffairs/status/1629919883071823872; https://twitter.com/Dinosn/status/1629243726827601922; https://twitter.com/DarkReading/status/1629152179117252609; https://twitter.com/campuscodi/status/1629084763268030467; https://twitter.com/Dennis_Kipker/status/1630189946647576578; https://twitter.com/securityaffairs/status/1630311515734638593; https://twitter.com/ImposeCost/status/1631987155969998848; https://twitter.com/ImposeCost/status/1631987155969998848; https://twitter.com/cyb3rops/status/1631922529068544001; https://twitter.com/cyb3rops/status/1631922529068544001; https://www.cybereason.com/blog/variant-payload-prevention-fuzzy-similarity; https://www.bleepingcomputer.com/news/security/dole-discloses-employee-data-breach-after-ransomware-attack/; https://www.sec.gov/Archives/edgar/data/1857475/000185747523000013/dole-20221231.htm#:~:text=the%20victim%20of%20a%20sophisticated-,ransomware%20attack%20involving%20unauthorized%20access%20to%20employee%20information,-.%20Upon%20detecting%20the%20attack%2C%20we; https://securityaffairs.com/143902/data-breach/dole-food-company-data-breach.html; https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html; https://twitter.com/Dennis_Kipker/status/1639237338051035136; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-24th-2023-clop-overload/; https://www.malwarebytes.com/blog/news/2023/03/food-giant-dole-reveals-more-about-ransomware-attack; https://thehackernews.com/2023/05/how-to-reduce-exposure-on-manufacturing.html; https://twitter.com/aselawaid/status/1660617031828271104; https://therecord.media/kraft-heinz-reviewing-claims-of-cyberattack-operating-normally",2023-02-24,2024-03-13
1946,Pro-Russian groups Killnet and NoName057(16) targeted Lithuanian company and government websites in June 2022,"According to statements by Killnet itself and a report by IT security company Avast from September 2022, the two pro-Russian groups Killnet and NoName057(16) targeted a Lithuanian company and government websites in June 2022. This is perceived as a direct reaction to Lithuania's decision to ban the transit of goods through their territory to the Russian exclave of Kaliningrad due to EU sanctions. Even if Killnet and NoName057(16) target similar actors and thanked one another for their actions via social media, it is unknown if this specific campaign was a joint undertaking. According to Avast, NoName057(16) directed its malware called Bobik already on 18 June towards Lithuanian transportation companies, local railway, and bus transportation companies. The better known Killnet group claimed responsibility for a wave of DDoS attacks from 27 June onwards, mainly directed against state institutions, transport institutions, and media websites. Lithuania's Defence Minister Margiris Abukevicius issued a statement on the attacks via media and Twitter. ",2022-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim; Incident disclosed by IT-security company,Disruption,Not available,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Transportation; ,Killnet,Russia,Non-state-group,Hacktivist(s),2,16136; 16137; 16137,2022-06-27 00:00:00; 2022-09-06 00:00:00; 2022-09-06 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker; IT-security community attributes attacker,Killnet; Avast; Avast,Not available; ; ,Russia; Czech Republic; United Kingdom,Killnet; NoName057(16) ; NoName057(16) ,Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik; https://www.reuters.com/technology/lithuania-hit-by-cyber-attack-government-agency-2022-06-27/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-06-27 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Lithuania,Lithuania´s Defence Minister Margiris Abukevicius,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik; https://twitter.com/Lithuanian_MoD/status/1541438381925826560; https://www.reuters.com/technology/lithuania-hit-by-cyber-attack-government-agency-2022-06-27/; https://www.darkreading.com/threat-intelligence/russian-hacktivist-platform-ddosia-grows-exponentially; https://socradar.io/dark-peep-7-shadows-of-betrayal-and-leadership-in-flux/; https://www.kyivpost.com/post/28885; https://securityaffairs.com/160112/cyber-warfare-2/moldova-warns-of-hybrid-attacks-from-russia.html,2023-02-24,2024-03-01
1945,Pro-Russian hacktivists NoName057(16) targeted the Estonian Central Bank with DDoS attack in June 2022,"On 7 June 2022, the pro-Russian hacktivists NoName057(16) targeted the Estonian Central Bank with DDoS attacks, according to the IT security company Avast in its report from 6 September 2022. ",2022-06-07,2022-06-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,Central Bank of Estonia,Estonia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",NoName057(16),Russia,Non-state-group,Hacktivist(s),1,16138; 16138,2022-09-06 00:00:00; 2022-09-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Avast; Avast,,Czech Republic; United Kingdom,NoName057(16); NoName057(16),Russia; Russia,Non-state-group; Non-state-group,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik; https://twitter.com/EestiPank/status/1534071747208691712; https://socradar.io/dark-web-profile-noname05716/,2023-02-24,2024-01-10
1944,"Pro-Russian hacktivists hacked two radio stations of Ukraine’s largest broadcasters, TAVR Media, on 21 July 2022, spreading false accounts about President Zelensky's health","Pro-Russian hackers targeted two radio stations of Ukraine's largest broadcasters (TAVR Media) on 21 July 2022 to spread false accounts about Ukrainian President Volodymyr Zelensky's health, claiming he had been ""hospitalized and [was] in critical condition"". ",2022-07-21,2022-07-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,TAVR Media,Ukraine,EUROPE; EASTEU,Media,,Not available,Russia,Non-state-group,Hacktivist(s),1,16142,2022-07-21 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Not available,Russia,Non-state-group,https://therecord.media/ukrainian-radio-broadcaster-hacked-to-spread-fake-news-about-zelenskys-health/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/ukrainian-radio-broadcaster-hacked-to-spread-fake-news-about-zelenskys-health/,2023-02-24,2024-01-10
1943,"Pro-Ukrainian hacktivists ""hdr0"" hacked Russian TV broadcasts on 11 September 2022","Pro-Ukrainian hacktivists ""hdr0"" hacked Russian TV broadcasts on 11 September 2022, to compare Russia's attack on Ukraine with 9/11. The attacked TV channels included Channel One Russia (which was targeted by the same group only two days before), Russia-24, and Russia-1. ",2022-09-11,2022-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Russia-1 - Russia-24 - Channel One,Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Media - Media - Media, -  - ,hdr0,Ukraine,Non-state-group,Hacktivist(s),1,16143,2022-09-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,hdr0,Not available,Not available,hdr0,Ukraine,Non-state-group,https://t.me/Hdr0_one/132,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; ; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/pro-ukraine-hackers-claim-hack-on-russian-tv-broadcasts/?web_view=true; https://t.me/Hdr0_one/132,2023-02-24,2024-01-10
1953,Pro-Russian hacktivists NoName057(16) targeted a property bank in Lithuania with DDoS on 11 July 2022,"According to a report by IT security company Avast from 6 September 2022, pro-Russian hacktivists NoName057(16) targeted a property bank in Lithuania with a DDoS attack on 11 July 2022. No additional third-party reporting about this incident was immediately available. Avast categorizes the DDoS as ""successful"" in its report, without further qualifiying this assessment.",2022-07-11,2022-07-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Disruption,Not available,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Finance,NoName057(16),Russia,Non-state-group,Hacktivist(s),1,16126; 16126,2022-09-06 00:00:00; 2022-09-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Avast; Avast,,Czech Republic; United Kingdom,NoName057(16); NoName057(16),Russia; Russia,Non-state-group; Non-state-group,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik; https://www.ilsole24ore.com/art/gli-hacker-filorussi-noname057-hanno-attaccato-la-seconda-volta-l-italia-AEZ8HxyC; https://therecord.media/ddosia-pro-russian-hackers-upgrades,2023-02-24,2024-01-10
1952,Pro-Russian group Killnet claimed DDoS attack against state-controlled energy holding company Ignitis grupė from Lithuania on 8 July 2022,"The pro-Russian group Killnet claimed a DDoS attack against state-controlled energy holding company Ignitis grupė from Lithuania on 8 July 2022. The company issued a statement about the attack the same day via Twitter, saying that no critical infrastructure systems/functions have been affected. According to the company, it resolved the availability challenges to its website after a short period. Margiris Abukevicius, vice minister at the Ministry of National Defence of Lithuania, classified the attack and other DDoS cases as driven by the desire for publicity, without generating an actual impact on the targets. ",2022-07-08,2022-07-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim; Incident disclosed by attacker,Disruption, Ignitis grupė,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Energy,Killnet,Russia,Non-state-group,Hacktivist(s),1,16127,2022-07-08 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://www.bankinfosecurity.com/lithuanian-energy-firm-experiences-ddos-a-19555,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-07-12 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Lithuania,"Margiris Abukevicius, vice minister at the Ministry of National Defense of Lithuania",No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bankinfosecurity.com/lithuanian-energy-firm-experiences-ddos-a-19555; https://www.facebook.com/IgnitisGrupe/posts/pfbid02RNA4PAuMfD9r5xhGMAaZSY6KrydvSpgQqa7PM936YKMaHwiQzAJ15F7fUYaB9Dxhl; https://www.delfi.lt/en/politics/vice-minister-cyber-attacks-are-aimed-at-seeking-publicity-and-raising-tensions.d?id=90707753; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://socradar.io/dark-peep-7-shadows-of-betrayal-and-leadership-in-flux/,2023-02-24,2024-01-10
1939,Unknown actor believed to be operating from New York gained access to an unnamed government network using the Havoc framework,"An unidentified actor believed to be operating from New York gained access to an unnamed government network using the open-source command-and-control framework Havoc, cloud security company Zscaler discovered in January 2023. ",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,State institutions / political system,Government / ministries,Not available,United States,Unknown - not attributed,,1,16149,2023-02-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Zscaler,,United States,Not available,United States,Unknown - not attributed,https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/02/threat-actors-adopt-havoc-framework-for.html; https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace; https://twitter.com/unix_root/status/1628374294488047616; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-february-2023/,2023-02-23,2024-01-10
1940,New threat actor Hydrochasma has been targeting shipping companies and medical laboratories in Asia since at least October 2022,"Symantec reports a campaign against unspecified Asian shipping companies and medical laboratories that is likely aimed at gathering intelligence and has been ongoing since at least October 2022. Related threat activity has not been matched with any previously observed group and is tracked by Symantec as threat actor Hydrochasma. The IT security company suspects that the group has an interest in industries involved in the development of COVID-19 treatments or vaccines. No custom malware was used in the attacks, which relied on open-source and living-off-the-land tools. ",2022-10-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Asia (region),,Critical infrastructure; Science,Transportation; ,Hydrochasma,Not available,Unknown - not attributed,,1,16148,2023-02-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,Hydrochasma,Not available,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Not available,Human rights; Law of the sea; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/shipping-companies-medical-laboratories-asia-covid19-espionage/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering; https://www.bleepingcomputer.com/news/security/hydrochasma-hackers-target-medical-research-labs-shipping-firms/; https://twitter.com/cybersecboardrm/status/1628437046388719618; https://twitter.com/unix_root/status/1628414560343592963; https://thehackernews.com/2023/02/hydrochasma-new-threat-actor-targets.html; https://twitter.com/DarkReading/status/1628888766965219328; https://www.darkreading.com/analytics/hydrochasma-bombards-targets-slew-commodity-malware-tools; https://twitter.com/cahlberg/status/1628572408427819009; https://www.darkreading.com/endpoint/china-blackfly-targets-materials-sector-relentless-quest-ip,2023-02-23,2024-01-10
1942,Suspected Ukrainian hackers disrupted a Russian satellite operator and played fake air raid alerts on several Russian radio stations on 22 February 2023,"Suspected Ukrainian hackers disrupted a Russian satellite operator and played fake air raid alerts on several Russian radio stations on 22 February 2023, as confirmed by the Russian Ministry for Civil Defence, Emergency Situations, and Elimination of Consequences of Natural Disasters. 
The actors behind the disruption reportedly had broken into the servers of the radio stations Relax FM, Avtoradio, Humor FM and Comedy Radio, all belonging to the Russian media group Gazprom Media. 
The Voronezh provincial government declared the attack a provocation by supporters of the Ukrainian government. The Russian Ministry of Emergency Situations confirmed the hack via Telegram. Later, the hacker collective Anonymous claimed responsibility for the attack.",2023-02-22,2023-02-22,Attack on critical infrastructure target(s),,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Telecommunications,Not available,Ukraine,Unknown - not attributed,,2,16144; 16145,2023-02-22 00:00:00; 2023-02-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms,Not available; Anonymous,Not available; Not available,Russia; Not available,Not available; Anonymous,Ukraine; Not available,Unknown - not attributed; Non-state-group,https://www.kommersant.ru/doc/5841058,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,2,2023-02-22 00:00:00; 2023-02-22 00:00:00,State Actors: Stabilizing measures; State Actors: Stabilizing measures,Subnational executive official; Statement by other ministers (or spokespersons)/members of parliament,Russia; Russia,Voronezh provincial government (Russia); Russian Ministry of Emergency Situations ,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/AnonOpsSE/status/1628462541239160833; https://ria.ru/20230222/radio-1853668209.html; https://www.kommersant.ru/doc/5841058; https://www.diepresse.com/6254789/luftalarm-in-russland-durch-hacker-angriff-auf-russische-radiosender-ausgeloest; https://twitter.com/Cyberknow20/status/1628349440032673792; https://www.hackread.com/russia-hacked-radio-station-missile-alerts/; https://twitter.com/YourAnonTV/status/1628710428367790085?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1628710428367790085%7Ctwgr%5Ea600b447e2025af4784437cbaa5c8d2353c8bed2%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.hackread.com%2Frussia-hacked-radio-station-missile-alerts%2F; https://www.lastampa.it/esteri/2023/03/10/video/hacker_irrompono_nella_tv_russa_con_un_falso_allarme_nucleare_ce_un_attacco_andate_nei_rifugi_-12686089/,2023-02-23,2024-01-10
1941,Pro-Russian collective NoName057 conducted DDoS attacks against websites of Italian companies and institutions on 21 February 2023,"The pro-Russian collective NoName057 announced on Telegram on 21 and 22 February 2023 that it has targeted the websites of several Italian companies and institutions with DDoS attacks. Posts cited the visit of Italian Prime Minister Giorgia Meloni to Kyiv that took place during the same time as the reason for the attacks. The targeted websites include those of the Ministry of Foreign Affairs, the Ministry of the Interior, the Carabinieri, the Bper Bank, the A2a Group and the Ministry of Defence. According to Italian news agency Ansa, Italian investigative authorities confirmed the attacks while emphasising that the consequences of the attack were largely mitigated by the defence systems of the targeted organisations.",2023-02-21,2023-02-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,"Esercito Italiano - Dipartimento per l'Amministrazione Generale, per le Politiche del Personale dell'Amministrazione Civile e per le Risorse Strumentali e Finanziarie -  Ministero degli Affari Esteri e della Cooperazione Internazionale - Ministero dell'Interno - BPER Banca - A2A - Ministero della Difesa - Carabinieri",Italy; Italy; Italy; Italy; Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - Critical infrastructure - Critical infrastructure; Critical infrastructure - State institutions / political system - State institutions / political system; State institutions / political system,Military - Government / ministries - Government / ministries; Government / ministries - Government / ministries; Government / ministries - Finance - Energy; Energy - Government / ministries - Military; Military,NoName057(16),Russia,Non-state-group,Hacktivist(s),2,16146; 16147,2023-02-21 00:00:00; 2023-02-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,NoName057(16); NoName057(16),Not available; Not available,Russia; Russia,NoName057(16); NoName057(16),Russia; Russia,Non-state-group; Non-state-group,https://www.ansa.it/sito/notizie/tecnologia/tlc/2023/02/22/attacco-hacker-a-siti-di-aziende-e-istituzioni-italiane-_7f8e8c65-4ba0-44d7-a0cd-e9e62853701d.html; https://t.me/noname05716/2007; https://t.me/noname05716/2009; https://t.me/noname05716/2011; https://t.me/noname05716/2027; https://t.me/noname05716/2028; https://t.me/noname05716/2029; https://t.me/noname05716/2030; https://t.me/noname05716/2032; https://t.me/noname05716/2040,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,8.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-02-21 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Italy,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/securityaffairs/status/1628474923827052549; https://www.ilsole24ore.com/art/attacchi-cyber-italia-russia-reazione-visita-premier-kiev-AEP2mlrC; https://twitter.com/securityaffairs/status/1628471503036600321; https://www.ansa.it/sito/notizie/tecnologia/tlc/2023/02/22/attacco-hacker-a-siti-di-aziende-e-istituzioni-italiane-_7f8e8c65-4ba0-44d7-a0cd-e9e62853701d.html; https://t.me/noname05716/2007; https://t.me/noname05716/2009; https://t.me/noname05716/2011; https://t.me/noname05716/2027; https://t.me/noname05716/2028; https://t.me/noname05716/2029; https://t.me/noname05716/2030; https://t.me/noname05716/2032; https://t.me/noname05716/2040; https://www.ilsole24ore.com/art/chi-sono-cyber-russi-che-hanno-attaccato-italia-e-come-agiscono-AEUc8IsC; https://twitter.com/securityaffairs/status/1628683090422898688; https://twitter.com/securityaffairs/status/1628683229451395072; https://www.ilsole24ore.com/art/gli-hacker-filorussi-noname057-hanno-attaccato-la-seconda-volta-l-italia-AEZ8HxyC; https://socradar.io/dark-web-profile-noname05716/,2023-02-23,2024-03-01
1938,Unnamed hackers gained access to the network of the General Treasury of the Republic of Chile (TGR),"Unnamed hackers gained access to the network of the General Treasury of the Republic of Chile (TGR), according to claims posted by the actors directly on BreachForums on 3 February 2023. In a statement to the independent incident tracker DataBreaches, the actors allege to have stolen 600 GB of data during their breach.",,2023-01-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,General Treasury of the Republic of Chile (TGR),Chile,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,16150,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://breached.vc/Thread-TESORERIA-CL-TGR-CL-CHILE-HACKED-2-0; https://twitter.com/1ZRR4H/status/1620079488867647488; https://twitter.com/tgrchile/status/1620161763399598082,2023-02-22,2024-01-10
1937,Unknown actors gained access to the customer accounts of three major data centres in China and Singapore and leaked the information beginning in September 2021,"Unknown actors gained access to the accounts of several thousand customers of two major data centres in China and Singapore beginning in September 2021, according to a technical report of IT security company Resecurity. Affected customers include financial institutions with a global presence, investment funds, biomedical research companies, technology vendors, e-commerce and online marketplaces, cloud providers, internet service providers (ISP) and content delivery networks (CDN) headquartered in the United States, Canada, Australia, Switzerland, New Zealand, and China. 
Despite this high-profile customer portfolio, the stolen credentials primarily provide access to internal ticketing systems and service requests with limited potential for abuse. 
The data centre operators initiated a password reset, after which the attackers offered the cache of credentials for sale on the dark web in January 2023. In mid-February, the attackers posted the dataset for free. 
Although password changes will have invalidated the leaked login information, published email addresses mays still enable targeted phishing campaigns. 
Resecurity did not name the two data centres affected. Separate media reports identify the operators as ST Telemedia Global Data Centres (STT GDC) in Singapore and GDS in China. In addition to the above-mentioned customers, a US data centre was also affected, which is the customer of one of the two named data centres.  Bloomberg reported business connections between the two, pointing out at the parent company of STT GDC had acquired a 40% stake in GDS in 2014.",2021-09-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,GDS - Not available - Not available - ST Telemedia Global Data Centres - Not available - Not available - Not available,China; India; Not available; Singapore; Not available; Not available; United States,ASIA; SCS; EASIA; NEA; SCO - ASIA; SASIA; SCO -  - ASIA -  -  - NATO; NORTHAM,Critical infrastructure - Unknown - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Other -  -  - Other - Chemicals - Finance - Other,Not available,Asia (region),Unknown - not attributed,,1,16151,2023-02-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Resecurity,,United States,Not available,Asia (region),Unknown - not attributed,https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations; https://www.bloomberg.com/news/features/2023-02-21/hackers-scored-corporate-giants-logins-for-asian-data-centers?leadSource=uverify%20wall,2023-02-22,2024-01-10
1936,Ukrainian hacktivist group Ukrainian IT Army disrupts online live-streams of two Russian TV channels during Russian President Putin's address to Federal Assembly on 21 February 2023,"The Ukrainian hacktivist group Ukrainian IT Army disrupted the websites of two Russian TV channels live-broadcasting Russian President Vladimir Putin's address to the Federal Assembly on 21 February 2023, according to a Telegram post of the group. 
The website of one the outlets, Russian state-owned broadcaster VGTRK, showed a note declaring technical issues. The live-streaming platform Smotrim was temporarily unreachable.",2023-02-21,2023-02-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,VGTRK - Smotrim,Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Media - Media, - ,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,16152,2023-02-21 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://t.me/itarmyofukraine2022/1054,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; International telecommunication law; Armed conflict; Due diligence; Sovereignty,Civic / political rights; ; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/putin-speech-television-ddos-ukraine-it-army/; https://t.me/itarmyofukraine2022/1054; https://tass.ru/obschestvo/17104021; https://twitter.com/AnonOpsSE/status/1628462541239160833,2023-02-22,2024-01-10
1935,Hacker Group PLAY disrupted Oakland city government in California on 8 February 2023,"Hackers’ collective PLAY disrupted Oakland city government in California on 8 February 2023.
This incident was first revealed by local journalist Jaime Omar Yassin before the city government itself confirmed the ransomware attack the following day. 
The disruption affected non-emergency systems such as payment collections and the processing of reports, permits, and licenses. 
On 14 February 2023, Interim City Administrator and Director of the Emergency Operations Center G. Harold Duffey declared a state of emergency. 
According to the hacker collective, the first data is said to have been leaked as early as 04.03.2023.",2023-02-08,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Not available,Non-state-group,Criminal(s),1,16154,2023-03-02 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,PLAY,Not available,Not available,,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,12.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-02-10 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/hayward-california-shuts-down-municipal-sites-cyberattack; https://twitter.com/mruef/status/1627614209394475008; https://www.wired.com/story/godaddy-hacked-3-years/; https://socradar.io/bidencash-leaked-2-1-million-credit-card-information/; https://www.oaklandca.gov/news/2023/city-of-oakland-targeted-by-ransomware-attack-core-services-not-affected; https://twitter.com/hyphy_republic/status/1623799522089664512; https://cao-94612.s3.amazonaws.com/documents/Proclamation_of_Local_Emergency_Due_to_Cybersecurity_Incident_Feb_14.pdf; https://research.checkpoint.com/2023/20th-february-threat-intelligence-report/; https://www.databreaches.net/weeklong-ransomware-attack-on-oakland-government-drags-on/; https://www.malwarebytes.com/blog/news/2023/02/ransomware-pushes-city-of-oakland-into-state-of-emergency; https://twitter.com/cybersecboardrm/status/1626214590723022848; https://twitter.com/RecordedFuture/status/1626206444843581441; https://www.databreaches.net/city-of-oakland-declares-state-of-emergency-after-ransomware-attack/; https://twitter.com/securityaffairs/status/1626138566873980929; https://tarnkappe.info/artikel/cyberangriff/oakland-ruft-notstand-wegen-ransomware-angriff-aus-265537.html; https://securityaffairs.com/142295/cyber-crime/city-of-oakland-emergency-ransomware.html; https://therecord.media/oakland-ransomware-emergency-declared/; https://www.bleepingcomputer.com/news/security/city-of-oakland-declares-state-of-emergency-after-ransomware-attack/; https://twitter.com/cybersecboardrm/status/1625590243259736081; https://twitter.com/DarkReading/status/1625584628852482075; https://www.darkreading.com/attacks-breaches/oakland-city-services-struggles-to-recover-from-ransomware-attack; https://research.checkpoint.com/2023/13th-february-threat-intelligence-report/; https://twitter.com/RecordedFuture/status/1625132689689915393; https://securityaffairs.com/142136/breaking-news/security-affairs-newsletter-round-406-by-pierluigi-paganini.html; https://twitter.com/VessOnSecurity/status/1624312129598750722; https://twitter.com/Dinosn/status/1624275450615812096; https://twitter.com/securityaffairs/status/1624187558849654784; https://securityaffairs.com/142110/cyber-crime/city-of-oakland-ransomware-attack.html; https://www.databreaches.net/city-of-oakland-targeted-by-ransomware-attack-core-services-not-affected/; https://twitter.com/vxunderground/status/1624169071095734296; https://www.bleepingcomputer.com/news/security/city-of-oakland-systems-offline-after-ransomware-attack/; https://twitter.com/cahlberg/status/1624162986515390467; https://therecord.media/city-of-oakland-hit-with-ransomware-attack-but-says-core-functions-are-intact/; https://www.bleepingcomputer.com/news/security/an-overview-of-the-global-impact-of-ransomware-attacks/; https://twitter.com/JohnHultquist/status/1625984954214625282; https://twitter.com/securityaffairs/status/1625956325560647696; https://twitter.com/Dinosn/status/1625895672619708428; https://twitter.com/cybereason/status/1625899133990055950; https://twitter.com/VessOnSecurity/status/1625906637541191691; https://therecord.media/oakland-ransomware-systems-still-down-national-guard/; https://twitter.com/securityaffairs/status/1632474251805458433; https://securityaffairs.com/143037/cyber-crime/play-ransomware-leaks-city-of-oakland.html; https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-city-of-oakland/; https://twitter.com/cahlberg/status/1631999824089300992; https://twitter.com/cahlberg/status/1631999824089300992; https://twitter.com/InfoSecSherpa/status/1631846271387414530; https://twitter.com/cahlberg/status/1631705407050612748; https://twitter.com/cahlberg/status/1631705407050612748; https://twitter.com/cahlberg/status/1631705407050612748; https://therecord.media/oakland-officials-say-ransomware-group-may-release-personal-data-on-saturday/; https://www.bleepingcomputer.com/news/security/play-ransomware-claims-disruptive-attack-on-city-of-oakland/; https://www.databreaches.net/oakland-continues-to-work-on-recovery-from-ransomware-attack-play-claims-responsibility/; https://twitter.com/ido_cohen2/status/1631532578078334976; https://twitter.com/ido_cohen2/status/1631532578078334976; https://twitter.com/ido_cohen2/status/1631532578078334976; https://twitter.com/cybersecboardrm/status/1632790698096295938; https://twitter.com/cybersecboardrm/status/1632757830334775299; https://twitter.com/RecordedFuture/status/1632756964525502467; https://twitter.com/securityaffairs/status/1632698218789183488; https://www.govinfosecurity.com/play-ransomware-partially-leaks-stolen-city-oakland-data-a-21378; https://twitter.com/securityaffairs/status/1632474251805458433; https://twitter.com/Malwarebytes/status/1633176440928862208; https://twitter.com/cybersecboardrm/status/1632790698096295938; https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023; https://twitter.com/jaysonstreet/status/1633706037986615296; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/; https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html; https://twitter.com/Dinosn/status/1633340897378140161; https://securityaffairs.com/143714/cyber-crime/play-ransomware-royal-dirkzwager.html; https://www.databreaches.net/has-oakland-been-hit-with-a-second-ransomware-attack/; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-now-also-claims-city-of-oakland-breach/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-24th-2023-clop-overload/; https://therecord.media/modesto-ransomware-attack-snatch; https://therecord.media/camden-county-police-ransomware-new-jersey-philadelphia; https://cyberscoop.com/play-ransomware-custom-tools-data-gathering/; https://therecord.media/lowell-massachusetts-city-ransomware-attack-play-cybercrime; https://cyberscoop.com/ranking-ransomware-gangs-malware/; https://therecord.media/dallas-ransomware-attack-will-take-weeks-to-recover; https://therecord.media/spain-globalcaja-bank-confirms-ransomware-attack; https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-affiliate-arrested-charged-in-us/; https://therecord.media/fayetteville-arkansas-dealing-with-debilitating-cyber-incident; https://therecord.media/delaware-county-struggling-cyberattack; https://therecord.media/coastal-mississippi-county-recovering-from-ransomware-attack-digital-hurricane; https://thehackernews.com/2023/07/local-governments-targeted-for.html; https://therecord.media/yamaha-confirms-cyberattack-after-multiple-ransomware-gangs-claim; https://therecord.media/cyberattacks-on-governments-way-up; https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-18th-2023-lockbit-on-thin-ice/; https://therecord.media/dallas-ransomware-gang-report; https://therecord.media/dallas-county-play-ransomware-incident; https://therecord.media/huber-heights-ohio-ransomware-attack; https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/; https://therecord.media/play-ransomware-targets-hundreds; https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-300-victims-including-critical-orgs/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2024-secret-decryptors/,2023-02-21,2024-01-10
1934,Anonymous Sudan targeted the websites of several Swedish authorities and companies on 19 February 2023,"On 19 February, the websites of several Swedish authorities and companies were down or not functioning properly due to DDoS attacks, including Kivra, Vattenfall, SOS Alarm and PTS. A group referring to itself as Anonymus Sudan claimed responsibility for the attack. In earlier announcements of attacks against Swedish targets, the group cited a Koran burning during a protest in January 2023 in Stockholm as the reason for its actions. Cybersecurity expert Marcus Murray suspects that Anonymous Sudan acts a a front for the pro-Russian hacker group Killnet.
On 30 March 2023, Trustwave published a technical report on Anonymous Sudan and concluded that it was a subgroup of the pro-Russian hacktivist group Killnet, thereby further corroborating earlier reporting by TrueSec.",2023-02-19,2023-02-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,Vattenfall - Swedish Post and Telecom Authority - Kivra - SOS Alarm,Sweden; Sweden; Sweden; Sweden,EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NORTHEU,Critical infrastructure - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Energy - Civil service / administration -  - Telecommunications; ,Anonymous Sudan (Storm-1359) < Killnet,Sudan,Non-state-group,Hacktivist(s),3,17309; 17311; 17310,2023-02-18 00:00:00; 2023-02-19 00:00:00; 2023-03-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker; IT-security community attributes attacker,Anonymous Sudan (Storm-1359) < Killnet; Marcus Murray; Trustwave,Not available; ; ,Sudan; Sweden; United States,Anonymous Sudan (Storm-1359) < Killnet; Killnet; Anonymous Sudan (Storm-1359) < Killnet,Sudan; Russia; Not available,Non-state-group; Non-state-group; Non-state-group,https://www.svt.se/nyheter/inrikes/efter-hotet-om-hackerattack-flera-webbsajter-nere; https://t.me/AnonymousSudan/162; https://t.me/AnonymousSudan/165; https://t.me/AnonymousSudan/168; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/ransomwaremap/status/1627573346886877185; https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation; https://t.me/AnonymousSudan/188; https://www.svt.se/nyheter/inrikes/efter-hotet-om-hackerattack-flera-webbsajter-nere; https://t.me/AnonymousSudan/162; https://t.me/AnonymousSudan/165; https://t.me/AnonymousSudan/168; https://www.msb.se/sv/aktuellt/nyheter/2023/februari/cert-se-vid-msb-stodjer-verksamheter-i-pagaende-overbelastningsangrepp/; https://twitter.com/campuscodi/status/1628323727480872960; https://twitter.com/CERTEU/status/1631572192667353089; https://socradar.io/hacktivism-on-the-rise-killnet-anonymous-sudans-cyber-campaign-targets-australia/; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/; https://research.checkpoint.com/2023/3rd-april-threat-intelligence-report/; https://www.techrepublic.com/article/ddos-attack-israel/; https://www.japantimes.co.jp/news/2023/05/14/world/russia-hackers/,2023-02-21,2024-02-20
1933,Pro-Western hacker group Against the West (ATW) stole source code and other data from Chinese government agencies and state-owned enterprises since 2021,"A report by Chinese IT security company Qi An Pangu Lab alleges that pro-western hacker group Against the West (ATW) stole source code and other data from over 100 Chinese government agencies and state-owned enterprises since 2021. 
The report focuses on six alleged members of the ATW hacking group, two of which, Swiss hacker maia arson crimew and Polish software engineer Pawel Duda, it mentions by name. ATW is said to operate out of Switzerland, France, Poland, and Canada.
Amplifying reporting by the Global Times, a Chinese state-run media outlet, without providing supporting evidence claims that the group has displayed a willingness to share information with US and European intelligence services and accepted direct taskings. Members of ATW self-identified as former intelligence officers in an interview for DataBreaches in 2022. The nature of reported ATW activity, if accurate, varies widely from vulnerability scanning to the theft of source code that Qi An Pangu Lab concludes could provide insights into software flaws to enable supply-chain attacks against a wider target set.",2021-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - Ministry of Culture and Tourism of the People's Republic of China - Not available - Not available - Hainan Provincial Government - Hainan Provincial Government,; ; ; ; ; China; China; China; China; China, -  -  -  -  - ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS; EASIA; NEA; SCO, -  -  -  -  - State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system - State institutions / political system, -  -  -  -  - Government / ministries - Transportation - Government / ministries - Government / ministries - Government / ministries,Against the West (ATW),Canada; Switzerland; France; Europe (region); North America,Non-state-group,Hacktivist(s),1,16158; 16158; 16158; 16158; 16158,2023-02-18 00:00:00; 2023-02-18 00:00:00; 2023-02-18 00:00:00; 2023-02-18 00:00:00; 2023-02-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Qi An Pangu Lab; Qi An Pangu Lab; Qi An Pangu Lab; Qi An Pangu Lab; Qi An Pangu Lab,; ; ; ; ,China; China; China; China; China,Against the West (ATW); Against the West (ATW); Against the West (ATW); Against the West (ATW); Against the West (ATW),Canada; Switzerland; France; Europe (region); North America,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.pangulab.cn/files/The_ATW_Mystery.pdf,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,100.0,1-10,1.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/AlexMartin/status/1627707832337399810; https://twitter.com/lukOlejnik/status/1627551573348843520; https://www.globaltimes.cn/page/202302/1285744.shtml; https://www.databreaches.net/an-interview-with-againstthewest/; https://therecord.media/against-the-west-hackers-allegedly-identified-pangu-lab/; https://www.pangulab.cn/files/The_ATW_Mystery.pdf; https://twitter.com/Cyber_O51NT/status/1627607710060675072; https://twitter.com/RecordedFuture/status/1627816587196608512; https://www.databreaches.net/chinese-security-researchers-claim-to-have-identified-against-the-west-hackers/,2023-02-21,2024-01-10
1932,LockBit ransomware group claims to have hacked a municipal water utility company in Portugal in January 2023,"The LockBit ransomware group claims to have hacked Águas do Porto, a municipal water utility company in Portugal, in January 2023. The company disclosed the security breach on 30 January noting that the attack disrupted customer services but did not affect water supply and sanitation. LockBit added the company to a list of victims on its Tor leak site, threatening to publish data stolen from the company if ransom demands go answered by 7 March 2023. LockBit had previously compromised Portuguese technology company Divultec, which also services Águas do Porto and obtained credentials of the company. Whether this login information enabled LockBit in its infiltration of the company has not been publicly confirmed.",,2023-01-30,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse; Ransomware,Águas do Porto,Portugal,EUROPE; NATO; EU(MS),Critical infrastructure,Water,LockBit,Not available,Non-state-group,Criminal(s),1,16159,2023-02-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Lockbit,Not available,Not available,LockBit,Not available,Non-state-group,https://cnnportugal.iol.pt/ciberataque/piratas-informaticos-ameacam-publicar-dados-das-aguas-do-porto/20230218/63f0c67d0cf2c84d7fc88481,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),5,Moderate - high political importance,5.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,1,2023-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Portugal,Polícia Judiciária (PJ)/Judiciary Police,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/142477/cyber-crime/lockbit-water-utility-aguas-do-porto.html; https://cnnportugal.iol.pt/ciberataque/piratas-informaticos-ameacam-publicar-dados-das-aguas-do-porto/20230218/63f0c67d0cf2c84d7fc88481; https://www.aguasdoporto.pt/noticias/comunicado-aedp-ataqueinformatico; https://therecord.media/porto-portugal-water-utility-cyberattack-lockbit/; https://securityaffairs.com/142698/breaking-news/security-affairs-newsletter-round-408-by-pierluigi-paganini.html; https://twitter.com/DarkReading/status/1631368024824373286; https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023; https://therecord.media/ransomware-tracker-the-latest-figures; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/; https://therecord.media/ransomware-tracker-the-latest-figures; https://therecord.media/paris-wastewater-agency-hit-cyberattack,2023-02-21,2024-01-11
1928,Moroccan Press Agency hit by DDoS attack,The websites of the Moroccan Press Agency (MAP) were hit by a DDoS attack from unknown actors on 16 February 2023.,2023-02-16,2023-02-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,Agence Marocaine de Presse (MAP),Morocco,AFRICA; NAF; MENA,Media,,Not available,Not available,Not available,,1,8782,2023-02-16 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Agence Marocaine de Presse (MAP),Not available,Morocco,Not available,Not available,Not available,,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,,2023-02-20,2023-03-16
1931,Potential criminal actor gained access to the network of healthcare provider Reventics and stole patient information in December 2022,"A potentially criminal actor gained access to the network of healthcare provider Reventics and stole personally identifiable information (PII) and protected health information (PHI) on or around 15 December 2022, according to the incident notification letter of Reventics. Exfiltrated information included patients' name, date of birth, name and address of the healthcare provider, name of the health plan, numeric codes used to identify services and procedures patients received, and descriptions of these codes.
On 13 February 2023, the ransomware group Royal claimed on its leak site to have stolen patient data from Reventics. Together with the announcement, the group posted a 16 GB of data on its website, noting that the leaked cache only made up a tenth of the patient information the gang alleges to have obtained. Whether the two incidents are related has not been independently ascertained.",2022-12-15,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Reventics,United States,NATO; NORTHAM,Critical infrastructure,Health,Royal Ransomware Group,Not available,Non-state-group,Criminal(s),1,16177,2023-02-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Royal Ransomware Group,Not available,Not available,Royal Ransomware Group,Not available,Non-state-group,https://www.databreaches.net/reventics-notifying-patients-of-ransomware-incident/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty; Human rights,"Civic / political rights; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/reventics-notifying-patients-of-ransomware-incident/; https://reventics.com/images/email-images/notice-of-data-security-incident.png,2023-02-20,2024-01-11
1930,Unknown actors stole patient information from healthcare provider Edgepark Medical Supplies via a third-party vendor in November 2022,"Unknown actors stole patient information from healthcare provider Edgepark Medical Supplies via the third-party vendor Rise Interactive Media & Analytics beginning on 14 November 2022, according to data breach notifications from both affected organizations. Compromised data of affected patients included details on name, email address, phone number, provider information, diagnosis, expected delivery date and health insurance.",2022-11-14,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Edgepark Medical Supplies,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,16176,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,2.0,1-10,1.0,,0.0,euro,Not available,Human rights; Sovereignty; Human rights,"Civic / political rights; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/edgepark-medical-supplies-notifies-patients-of-rise-interactive-media-analytics-data-breach/; https://oag.ca.gov/system/files/Rise%20Edgepark%20Adult%20Notice%20Letter%20%2810959098x7AB84%29.pdf; https://www.riseinteractive.com/getmedia/ac2bb6e3-99be-4d34-811f-8347d2c89630/EdgeparkData.pdf,2023-02-20,2024-01-11
1929,Unknown actor(s) infiltrated the FBI New York Field Office in February 2023,"Unknown actor(s) hacked into the FBI's field office in New York in February 2023, attacking a system used to investigate child exploitation.",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Federal Bureau of Investigation (FBI; United States),United States,NATO; NORTHAM,State institutions / political system,Police,Not available,Not available,Not available,,1,7395,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,1.0,Not available,Not available,1-10,1.0,Not available,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://tarnkappe.info/artikel/it-sicherheit/fbi-gehackt-angriff-auf-aussenstelle-in-new-york-265594.html; https://www.wired.com/story/godaddy-hacked-3-years/; https://www.bleepingcomputer.com/news/security/us-marshals-service-investigating-ransomware-attack-data-theft/; https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/; https://www.hackread.com/us-marshals-service-ransomware-attack/; https://edition.cnn.com/2023/02/17/politics/fbi-cyber-incident-computer-network/index.html; https://www.hackread.com/fbi-hack-network-breach/; https://www.bleepingcomputer.com/news/security/fbi-is-investigating-a-cybersecurity-incident-on-its-network/; https://twitter.com/snlyngaas/status/1626556725942796288; https://cyberscoop.com/fbi-new-york-cyberattack/; https://www.databreaches.net/fbi-says-it-has-contained-cyber-incident-on-bureaus-computer-network/; https://twitter.com/Cyber_O51NT/status/1626834335704969216; https://twitter.com/Dennis_Kipker/status/1626973390224384002; https://www.bleepingcomputer.com/news/security/hacker-selling-data-allegedly-stolen-in-us-marshals-service-hack/,2023-02-20,2023-03-06
1927,Unknown Hackers disrupted the Websites of various German airports on 16 February 2023,"The websites of several German airports were disrupted or no longer accessible on 16 February 2023 due to DDoS attacks.
Affected airports are those of Hanover, Dortmund, Nuremberg, Karlsruhe/Baden-Baden, Düsseldorf, and Erfurt-Weimar. ",2023-02-16,2023-02-16,Not available,,Incident disclosed by media (without further information on source),Disruption,Dortmund Airport - Airport Nürnberg - Airport Erfurt-Weimar - DUS Airport (Düsseldorf) - Baden Airpark - Hannover Airport,Germany; Germany; Germany; Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation - Transportation - Transportation - Transportation,Not available,Not available,Not available,,1,16175,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,,0.0,,0.0,euro,Not available,Air law; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/securityaffairs/status/1626571502362546179; https://securityaffairs.com/142373/breaking-news/german-airports-websites-failures.html; https://twitter.com/RecordedFuture/status/1626638678553464832; https://therecord.media/german-airports-hit-by-ddos-attack-anonymous-russia-claims-responsibility/; https://twitter.com/securityaffairs/status/1627249313620365312; https://twitter.com/securityaffairs/status/1627734553778442240; https://twitter.com/lukOlejnik/status/1627551573348843520; https://www.heise.de/news/Nach-DDoS-Attacke-Grenzterminals-an-kanadischen-Flughaefen-ausgefallen-9312866.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://taz.de/IT-Berater-ueber-Sicherheit-im-Netz/!5983306/,2023-02-17,2024-01-22
1926,Threat cluster WIP26 gained access to and exfiltrated information from Middle Eastern telecommunications service providers,"The unattributed threat cluster WIP26 gained access to and exfiltrated information from the networks of Middle Eastern telecommunications service providers, according to a technical report by threat intelligence company SentinelOne. The targeting of private user information and the focus on select high-value network hosts suggests the activity was conducted for espionage purposes.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Middle East (region),,Critical infrastructure,Telecommunications,WIP26,Not available,Unknown - not attributed,,1,16174,2023-02-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,SentinelOne,,United States,WIP26,Not available,Unknown - not attributed,https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Not available,Cyber espionage; International telecommunication law; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/SentinelOne/status/1626259782402457600; https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/; https://twitter.com/SentinelOne/status/1626219991426289668; https://twitter.com/RecordedFuture/status/1626321741340463105; https://therecord.media/middle-east-telecoms-espionage-sentinelone-microsoft-google-dropbox/; https://twitter.com/TomHegel/status/1626250721631805442; https://twitter.com/cahlberg/status/1626489888693534720; https://www.darkreading.com/cloud/novel-spy-group-telecoms-targeted-cyberattacks; https://www.darkreading.com/attacks-breaches/canadian-telecom-firm-telus-reportedly-investigating-breach; https://twitter.com/Cyber_O51NT/status/1631825500242083841,2023-02-17,2024-01-11
1925,Anonymous Sudan disrupted the website of Scandinavian Airlines (SAS) and leaked customer information on 14 February 2023,"Scandinavian Airlines (SAS) was hacked and its website taken offline by a group referring to itself as Anonymous Sudan. Customers attempting to log in into the airline's app were redirected and shown information from accounts of other passengers. The incident follows a Quran buring by a far-right politician near the Turkish embassy in Stockholm during a protest in January that was funded by a former contributor to the Russian state-funded outlet RT. Anonymous Sudan has since claimed to have conducted a series of denial-of-service attacks against a variety of organizations in Sweden, citing retaliation for the book burning as its motivation. Targets have included the websites of Swedish airports, banks, railways, airlines, media, telecommunication providers, and organizations in the country's health and education sectors. These alleged attempts do not appear to have caused any significant downtime. 
Anonymous Sudan also took responsibility for knocking Sweden's national broadcaster SVT offline on 14 February, around the same time as the attack against SAS.
Marcus Murray, founder of the Swedish cybersecurity firm Trusec, cautioned Anonymous Sudan may be a front for Russian operators, noting that the Quran burning may be an opportunity for Moscow to instigate tension between Sweden and Turkey to hobble Sweden's bid to join NATO. At least one pro-Russian hacker group, UserSec, had promised Anonymous Sudan support on Telegram.  
The IT security company Trustwave published a report on 30 March 2023 and concluded that Anonymous Sudan is very possibly a subgroup of the Russian hacktivist group Killnet.",2023-02-14,2023-02-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Scandinavian Airlines,Sweden,EUROPE; EU(MS); NORTHEU,Critical infrastructure,Transportation,Anonymous Sudan (Storm-1359) < Killnet,Sudan,Non-state-group,Hacktivist(s),2,17312; 17313,2023-02-14 00:00:00; 2023-03-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker,Anonymous Sudan (Storm-1359) < Killnet; Trustwave,Not available; ,Sudan; United States,Anonymous Sudan (Storm-1359) < Killnet; Anonymous Sudan (Storm-1359) < Killnet,Sudan; Not available,Non-state-group; Non-state-group,https://t.me/AnonymousSudan/113; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/,System / ideology,System/ideology,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/; https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation; https://t.me/AnonymousSudan/113; https://www.databreaches.net/airline-sas-network-hit-by-hackers-says-app-was-compromised/; https://www.sasgroup.net/newsroom/press-releases/2023/sas-cyber-attack--update/; https://t.me/user_sec/151; https://www.svt.se/nyheter/inrikes/en-rad-it-attacker-mot-sverige-har-ar-kontot-som-tar-pa-sig-ansvaret; https://www.bleepingcomputer.com/news/security/scandinavian-airlines-says-cyberattack-caused-passenger-data-leak/; https://www.hackread.com/sas-airlines-hit-by-cyber-attack/; https://twitter.com/Dinosn/status/1626457027978338305; https://research.checkpoint.com/2023/20th-february-threat-intelligence-report/; https://twitter.com/lukOlejnik/status/1627551573348843520; https://twitter.com/cybersecboardrm/status/1625792913937428482; https://twitter.com/InfoSecSherpa/status/1625708981141311488; https://twitter.com/CERTEU/status/1631572192667353089; https://socradar.io/hacktivism-on-the-rise-killnet-anonymous-sudans-cyber-campaign-targets-australia/; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/; https://research.checkpoint.com/2023/3rd-april-threat-intelligence-report/; https://www.techrepublic.com/article/ddos-attack-israel/; https://therecord.media/hacker-group-anonymous-sudan-demands-three-million-from-sas; https://www.bleepingcomputer.com/news/security/cisa-issues-ddos-warning-after-attacks-hit-multiple-us-orgs/; https://therecord.media/queretaro-international-airport-mexico-cyberattack; https://www.hackread.com/chatgpt-down-openai-ddos-attacks-outages/,2023-02-16,2024-02-20
1924,Suspected hacktivists al-Toufan claims to have taken down the websites of news site and Bahrain’s International Airport in February 2022,"The suspected hacktivist group al-Toufan (Arabic for ""The Flood"") announced it had hacked the state-owned Bahraini newspaper Akhbar Al Khaleej, which follows a pro-government line in its reporting. The group edited content on the news outlet's website and took down the website of Bahrain's International Airport (BAH) on 14 February. Authorities were able to briefly restore the website after half an hour, before the website was knocked offline again. The attack appeared to mark the 12-year anniversary of protests by Bahrain's Shia majority against the Sunni monarchy, which were parked by anti-autocratic uprisings withing the region during the Arab Spring in 2011. Al-Toufan had previously disrupted official websites during the elections for Bahrain's legislative assembly in November 2022.",2023-02-14,2023-02-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Bahrain International Airport (BAH) - Akhbar Al Khaleej,Bahrain; Bahrain,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC,Critical infrastructure - Media,Transportation - ,al-Toufan < Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/G0059 (IRGC),Bahrain,Non-state-group,Hacktivist(s),1,8253,2023-02-14 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Al-Toufan,Not available,Bahrain,al-Toufan < Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/G0059 (IRGC),Bahrain,Non-state-group,,System / ideology; National power,System/ideology; National power,Bahrain (opposition); Bahrain (opposition),Unknown,,0,,Not available,,Not available,Not available,Not available,,,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.databreaches.net/hackers-take-down-bahrain-airport-website/; https://english.alarabiya.net/News/gulf/2023/02/14/Hackers-target-Bahrain-airport-website; https://apnews.com/article/technology-persian-gulf-tensions-bahrain-9bd1288487bac78362fe4dca0c19a7f4; https://twitter.com/fr0gger_/status/1657974946113667072; https://socradar.io/dark-web-profile-cyber-toufan-al-aqsa/; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/,2023-02-15,2023-03-08
1923,The hacker group WASSONITE deployed AppleSeed backdoor on the nuclear energy sector in East Asia in October 2022,"The hacker group WASSONITE deployed a backdoor named AppleSeed against targets in the nuclear energy sector in East Asia during October 2022, according to a technical report by ICS security company Dragos. ",2022-10-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Eastern Asia (region),,Critical infrastructure,Energy,WASSONITE,Not available,Unknown - not attributed,,1,8252,2023-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Dragos,,United States,WASSONITE,Not available,Unknown - not attributed,https://www.dragos.com/year-in-review/#section-report,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.dragos.com/year-in-review/#section-report,2023-02-15,2023-03-05
1922,The hacker group ERYTHRITE compromised a variety of targets in the United States and Canada since 2021,"The hacker group ERYTHRITE compromised a variety of targets in the United States and Canada reaching back to 2021, according to a technical reporty by ICS security company Dragos.
The targets included over a fifth of Fortune 500 companies, two large electric utilities, an electronic agreement and document signature company, IT service providers and oil and natural gas (ONG) service firms. ",2021-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Canada; United States; United States; Canada; United States; United States; Canada; Canada,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Energy -  - Energy - Energy - Energy - Energy - Energy - ,ERYTHRITE,Not available,Unknown - not attributed,,1,8251,2023-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Dragos,,United States,ERYTHRITE,Not available,Unknown - not attributed,https://www.dragos.com/year-in-review/#section-report,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.dragos.com/year-in-review/#section-report,2023-02-15,2023-03-05
1921,The hacker group KAMACITE compromised a regional power distribution entity (Oblenergo) in Ukraine in June 2022,"The hacker group KAMACITE compromised a regional power distribution entity in Ukraine - or Oblenergo - in June 2022, according to a technical report by ICS security company Dragos.
The same Oblenergo had been targeted in the 2015 sabotage attempt that caused a temporary blackout. Dragos links the June 2022 activity to Sandworm, the same Russian state-sponsored hacker group that disrupted power in 2015. ",2022-06-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Ukraine,EUROPE; EASTEU,Critical infrastructure,Energy,KAMACITE,Not available,Unknown - not attributed,,1,8250,2023-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Dragos,,United States,KAMACITE,Not available,Unknown - not attributed,https://www.dragos.com/year-in-review/#section-report,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.dragos.com/year-in-review/#section-report,2023-02-15,2023-03-05
1920,The hacker group KOSTOVITE compromised an energy firm and its global power generation facilities since at least 2021,"The hacker group KOSTOVITE compromised an energy firm and its global power generation facilities going back to at least 2021, according to assessments by ICS security company Dragos.
The technical report further noted potential links between KOSTOVITE and the Chinese state-sponsored actor APT5 based on patterns in the use of a zero-day exploit against Citrix devices. ",2021-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Critical infrastructure,Energy,KOSTOVITE,Not available,Unknown - not attributed,,1,8249,2023-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Dragos,,United States,KOSTOVITE,Not available,Unknown - not attributed,https://www.dragos.com/year-in-review/#section-report,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.dragos.com/year-in-review/#section-report,2023-02-15,2023-03-05
1918,The hacker group BENTONITE compromised North American oil and natural gas organizations and local governments since 2021,"The hacker group BENTONITE has compromised North American oil and natural gas maritime support organizations and State, Local, Tribal and Territorial government networks since 2021, according to findings by ICS seecurity company Dragos. 
The technical report further noted that BETONITE shared overlaps with Iranian state-sponsored hacking group PHOSPHORUS. ",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Hijacking without Misuse,"Not available - State, Local, Tribal and Territorial (SLTT) Government(s)",North America; North America, - ,Critical infrastructure - State institutions / political system,Energy - Civil service / administration,BENTONITE,Not available,Unknown - not attributed,,1,8247,2023-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Dragos,,United States,BENTONITE,Not available,Unknown - not attributed,https://www.dragos.com/year-in-review/#section-report,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://cyberscoop.com/ransomware-manufacturing-dragos/; https://www.dragos.com/year-in-review/#section-report,2023-02-15,2023-03-05
1917,New threat actor TA866 targeted US and German organizations since October 2022 with WasabiSeed and Screenshotter toolsets,"According to a report by IT security company Proofpoint, a new threat actor dubbed TA866 targeted US and German organizations during October 2022 and February 2023. The group used two toolsets, called WasabiSeed and Screenshotter, to analyze ""victim activity via screenshots before installing a bot and stealer"" on compromised networks. Proofpoint pointed out Russian-language variable names and comments in the code but cautioned that its attribution investigation remains ongoing. ",2022-10-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,United States; Germany,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),;  - ; ,TA866,Not available,Unknown - not attributed,,1,8246,2023-02-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Proofpoint,,United States,TA866,Not available,Unknown - not attributed,https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,7.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,1-10,2.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cybersecboardrm/status/1625541591447240705; https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me; https://www.bleepingcomputer.com/news/security/hacker-develops-new-screenshotter-malware-to-find-high-value-targets/; https://securityaffairs.com/142077/cyber-crime/ta886-group-screenshotter-malware.html; https://securityaffairs.com/142136/breaking-news/security-affairs-newsletter-round-406-by-pierluigi-paganini.html; https://twitter.com/Dinosn/status/1625072653701640192; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-february-2023/; https://thehackernews.com/2023/06/asylum-ambuscade-cybercrime-group-with.html; https://www.darkreading.com/threat-intelligence/asylum-ambuscade-cyberattackers-financial-cyber-espionage,2023-02-15,2023-06-13
1915,Tonga's state-owned telecommunications company was targeted by Medusa ransomware group in February 2023,"Tonga`s state-owned telecommunications company was targeted by ransomware group Medusa in February 2023, according to a company note on Facebook on 14 February 2023. One day earlier, Medusa had claimed responsibility for the attack. According to the company statement, the attack did ""not affect voice and internet service delivery to the customers, however, it may slow down the process of connecting new customers, delivering of bills and managing customers’ enquiries"". In addition, company data was rendered inaccessible as a result of the breach. ",2023-02-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Disruption; Hijacking with Misuse; Ransomware,Tonga Communications Corporation (TCC),Tonga,OC,Critical infrastructure,Telecommunications,Medusa Ransomware Group,Not available,Non-state-group,Criminal(s),1,18377,2023-02-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,Not available,Not available,Medusa Ransomware Group,Not available,Non-state-group,https://twitter.com/AlvieriD/status/1625068962886168577,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cahlberg/status/1625608367371591702; https://therecord.media/tonga-is-the-latest-pacific-island-nation-hit-with-ransomware/; https://www.facebook.com/tcctonga; https://twitter.com/AlvieriD/status/1625068962886168577; https://twitter.com/InfoSecSherpa/status/1625888143705612288; https://twitter.com/DarkReading/status/1631368024824373286; https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023; https://therecord.media/philippines-state-health-insurer-struggles-with-ransomware; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://therecord.media/tarrant-county-texas-ransomware-attack-medusa,2023-02-15,2024-03-28
1914,Unknown actors accessed and stole personal information from Arizona Priority Care (APC) patients in December 2022,"Unknown actors accessed and stole personal information from Arizona Priority Care (APC) patients during 1-2 December 2022, according to a data breach notification by APC.",2022-12-01,2022-12-02,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,AZPC Clinics - Arizona Priority Care (APC) - Arizona Health Advantage,United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health,Not available,Not available,Not available,,1,8243,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/arizona-priority-care-and-azpc-clinics-notify-10978-patients-of-malware-attack/; https://azprioritycare.com/wp-content/uploads/2023/02/APC-HIPAA-Substitute-Notice-to-Individuals-Website-Jan-27-2023-FINAL-4886-8253-3709-LTRHD-v.1-005.pdf,2023-02-15,2023-03-05
1913,"Pepsi Bottling Ventures was breached by unknown actors on December 23, 2022, stealing sensitive personal and financial information","Pepsi Bottling Ventures (PBV) disclosed a breach of its systems traced to 23 December 2022. Unknown actors used malware and remained unnoticed until 10 January 2023, when the company detected the intrusion. PBV confirmed that compromised and exfiltrated information includes ""former and current employees' names, home and email addresses, financial account information, government-issued identification numbers, digital signatures and information related to benefits and employment, including medical information"". ",2022-12-23,2023-01-19,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Pepsi Bottling Ventures (PBV),United States,NATO; NORTHAM,Critical infrastructure,Food,Not available,Not available,Not available,,1,8242,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,9.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cybersecboardrm/status/1625613391036383232; https://twitter.com/Dinosn/status/1625476459014791169; https://s3.documentcloud.org/documents/23608389/consumer-notification-letter-820.pdf; https://www.bleepingcomputer.com/news/security/pepsi-bottling-ventures-suffers-data-breach-after-malware-attack/; https://twitter.com/Dinosn/status/1625096030755647492; https://www.databreaches.net/pepsi-bottling-ventures-suffers-data-breach-after-malware-attack/,2023-02-15,2023-03-05
1912,APT37 uses M2RAT backdoor for intelligence collection purposes on unspecified individuals since 2023,"According to a report by AhnLab Security Emergency response Center (ASEC), APT37, which industry reporting has identified as a state-sponsored group with ties to North Korea, has used an M2RAT backdoor for intelligence collection purposes against unspecified individuals since 2023. The backdoor enables the attackers to conduct keylogging, data theft, remote command execution, and to take screenshots on compromised machines. ",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Not available,,End user(s) / specially protected groups,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,7537,2023-02-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,Japan,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/ko/47622/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Minor,2.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/redeyes-hackers-use-new-malware-to-steal-data-from-windows-phones/; https://asec.ahnlab.com/ko/47622/; https://twitter.com/cybersecboardrm/status/1627352339752398856; https://twitter.com/cybersecboardrm/status/1626663903995256836; https://thehackernews.com/2023/03/scarcrufts-evolving-arsenal-researchers.html,2023-02-15,2023-02-24
1916,US care manager organization Minuteman Senior Services was breached by unknown actors in 2022,"The non-profit organization Minuteman Senior Services (MSS), based in Massachusetts, notified the US Department of Health and Human Services that it was hit by a data breach, affecting more than 500 patients. The organization detected the intrusion on 20 November 2022 and alerted authorities on 27 January 2023. Based on an initial assessment, compromised data included patients' full name, address, date of birth, gender, health insurance information, diagnoses, and service utilization. ",2022-11-21,2022-11-30,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Minuteman Senior Services (MSS),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,8821,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/second-verse-same-as-the-first-minuteman-senior-services-reports-another-breach-of-an-employee-email-account/; https://www.minutemansenior.org/about-us/notice-of-november-data-event,2023-02-15,2023-03-17
1911,Unknown actors deployed GootLoader malware against the healthcare as well as the financial sector in English-speaking countries in December 2022,"Unknown actors deployed GootLoader malware against the healthcare and financial sector entities in English-speaking countries, namely the United States, the United Kingdom and Australia in December 2022, according to analysis by Cybereason. 
The technical report only specifies December 2022 as the timeframe for one incident against an unidentified target. Mandiant deems GootLoader to be proprietary to an activity cluster it tracks as UNC2565.",2022-12-01,Not available,Not available,,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available,Australia; United Kingdom; United States,OC - EUROPE; NATO; NORTHEU - NATO; NORTHAM,Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure,Health; Finance - Health; Finance - Health; Finance,Not available,Not available,Not available,,1,8820,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,4.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,1-10,3.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cybereason/status/1625149353546379268; https://www.cybereason.com/hubfs/THREAT%20ALERT%20GootLoader%20-%20Large%20payload%20leading%20to%20compromise%20(BLOG).pdf; https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations; https://www.wired.com/story/gootloader-malware-ip-block/,2023-02-14,2023-04-26
1910,Purported hacktivist group DarkBit carried out ransomware attack against Israeli Technion University on 12 February 2023,"The self-proclaimed hacktivist group DarkBit carried out a ransomware attack against Technion, the Israel Institute of Technology, on 12 February 2023, according to a ransom note the attackers posted to the university's systems. 
Reviewing technical and non-technical factors in an initial assessment, the Israeli cybersecurity firm Check Point identified connections to an ideological group with potential links to Iran.
The Israeli National Cyber Directorate (INCD) attributed the ransomware attack against Technion to the Iranian state-sponsored hacking group MuddyWater on 7 March 2023. 
On 29 June, Threat Intelligence company Deep Instinct published a report in which it analysed a new C2 (command & control) framework called ""PhonyC2"" used by MuddyWater in this campaign. ",2023-02-12,2023-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by attacker,Disruption; Hijacking with Misuse; Ransomware,Technion – Israel Institute of Technology,Israel,ASIA; MENA; MEA,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,17008; 17007,2023-03-07 00:00:00; 2023-02-12 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms,Israeli National Cyber Directorate (INCD); Storm-1084 fka DEV-1084/DarkBit (MOIS),Not available; Not available,Israel; Not available,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Storm-1084 fka DEV-1084/DarkBit (MOIS),"Iran, Islamic Republic of; Not available","Non-state actor, state-affiliation suggested; Non-state-group",https://t.me/DarkBitChannel/7; https://cyberscoop.com/israel-technion-hack-muddy-water-iran-mois/,Unknown,Unknown,,Unknown,,1,2023-03-09 00:00:00,State Actors: Preventive measures,Awareness raising,Israel,Israel National Cyber Directorate,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cahlberg/status/1625242479531290635; https://t.me/CyberSecurityIL/2693; https://t.me/DarkBitChannel/7; https://www.ynet.co.il/digital/technews/article/sjcqzxups; https://therecord.media/technion-israel-ransomware-darkbit-exams-canceled/; https://cyberscoop.com/new-cybercrime-group-darkbit-israel/; https://twitter.com/VessOnSecurity/status/1625015723213959174; https://www.bleepingcomputer.com/news/security/ransomware-hits-technion-university-to-protest-tech-layoffs-and-israel/; https://research.checkpoint.com/2023/13th-february-threat-intelligence-report/; https://twitter.com/securityaffairs/status/1624884718691835904; https://securityaffairs.com/142160/hacking/israeli-technion-suffered-ransomware-attack.html; https://twitter.com/UK_Daniel_Card/status/1624797022342578176; https://www.databreaches.net/technion-university-hacked-and-locked-previously-unknown-attackers-demand-80-btc/; https://twitter.com/JohnHultquist/status/1624758690694717440; https://twitter.com/ido_cohen2/status/1624739855795208194; https://twitter.com/Dennis_Kipker/status/1625497035163176963; https://twitter.com/securityaffairs/status/1625422748955582464; https://twitter.com/RecordedFuture/status/1625482103860129792; https://twitter.com/BlackBerrySpark/status/1626266417048834050; https://twitter.com/Cyber_O51NT/status/1626747886724874240; https://www.darkreading.com/risk/israeli-technical-university-targeted-darkbit-ransomware; https://blogs.blackberry.com/en/2023/02/darkbit-ransomware-targets-israel; https://twitter.com/ido_cohen2/status/1628494775924973569; https://www.databreaches.net/israel-publicly-blames-iran-for-cyberattack-on-major-university-last-month/; https://cyberscoop.com/israel-technion-hack-muddy-water-iran-mois/; https://twitter.com/CyberScoopNews/status/1633856934360039427; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/; https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/; https://cyberscoop.com/iranian-information-operations-hacking-microsoft-report/; https://twitter.com/fr0gger_/status/1657974946113667072; https://www.darkreading.com/threat-intelligence/top-cyberattacks-revealed-in-new-threat-intelligence-report; https://thehackernews.com/2023/06/from-muddyc3-to-phonyc2-irans.html; https://www.darkreading.com/dr-global/israel-aided-uae-in-defending-against-ddos-attack; https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater ; https://cyberscoop.com/microsoft-iran-is-refining-its-cyber-operations/,2023-02-14,2024-02-08
1909,Previously-unknown group NewsPenguin targeted Pakistani military industry beginning in 2022,"The previously unknown hacking group NewsPenguin was found to be utilizing malware as part of a cyberespionage campaign against the Pakistani military and associated industry. The targeting used references to the Pakistan International Maritime Expo and Conference (PIMEC) that took place during 10-12 February 2023 as a lure, according to a technical report by technology company Blackberry.
The IT company further assessed that it is highly likely that this hacking group operates either at the direction of a state or as a state-linked hacking group.",2022-01-01,2023-01-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",; ; ,Incident disclosed by IT-security company,Data theft,Not available - Not available - Not available,Pakistan; Pakistan; Not available,ASIA; SASIA; SCO - ASIA; SASIA; SCO - ,State institutions / political system - Critical infrastructure - State institutions / political system,Military - Defence industry - Government / ministries,NewsPenguin,Not available,"State; Non-state actor, state-affiliation suggested",,1,7399; 7399,2023-02-09 00:00:00; 2023-02-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team,United States; United States,NewsPenguin; NewsPenguin,Not available; Not available,"State; Non-state actor, state-affiliation suggested",https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Not available,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,Not available,Not available,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/RecordedFuture/status/1625132713152856068; https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool; https://therecord.media/new-hacking-group-targets-pakistans-navy-and-maritime-industry/; https://twitter.com/BlackBerrySpark/status/1625600804374687744; https://twitter.com/BlackBerrySpark/status/1625570642270556169; https://twitter.com/BlackBerrySpark/status/1625872634838675460; https://www.cybersecasia.net/blackberry/bad-news-from-one-firms-snapshot-of-the-q1-threat-landscape; https://www.darkreading.com/threat-intelligence/top-cyberattacks-revealed-in-new-threat-intelligence-report,2023-02-14,2023-12-15
1908,China-based DEV-0147 targeted diplomatic targets in South America,"China-based threat actor DEV-0147 compromised diplomatic targets in South America, according to Microsoft Security Intelligence.
Furthermore, it could be determined that they made use of established hacking tool such as ShadowPad (aka PoisonPlug) and the malicious tool calles QuasarLoader. The threat actor was previously only known for data exfiltration operations in Asia and Europe.",,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,Not available,South America,,State institutions / political system,"Other (e.g., embassies)",DEV-0147,China,Unknown - not attributed,,1,7017,2023-02-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Microsoft,Microsoft Security Intelligence,United States,DEV-0147,China,Unknown - not attributed,https://twitter.com/MsftSecIntel/status/1625181255754039318,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Not available,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,Not available,Not available,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Diplomatic / consular law,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/MsftSecIntel/status/1625181255754039318; https://twitter.com/cybersecboardrm/status/1625616552010588174; https://twitter.com/Cyber_O51NT/status/1625398908863254528; https://twitter.com/Cyber_O51NT/status/1625449293321736193; https://twitter.com/Dinosn/status/1625478450524962819; https://twitter.com/cybersecboardrm/status/1625902994612006930,2023-02-14,2023-03-20
1907,Pro-Russian group Killnet launched DDoS attacks against NATO organizations in February 2023,"Killnet, a pro-Russian hacktivist group, launched a series of DDoS attacks against NATO organizations - including the Special Operations Headquarters (NSHQ) and the Strategic Airlift Capability - beginning on 12 February, confirmed by NATO and based on claims by the hacktivist group. 
The Telegraph reported that the attack affected the 'NATO Restricted Network', which is used to transmit sensitive data, raising speculations about possible implications for NATO's relief efforts in Turkey in response to the earthquake that rocked the border region with Syria earlier in February. NATO Secretary General Jens Stoltenberg clarified on 13 February that classified networks had not been affected.",2023-02-11,2023-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,NATO Special Operations Headquarters - Strategic Airlift Capability,NATO (institutions); NATO (institutions), - ,International / supranational organization - International / supranational organization, - ,Killnet,Russia,Non-state-group,Hacktivist(s),1,13570,2023-02-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://www.telegraph.co.uk/world-news/2023/02/12/russian-killnet-hackers-disrupt-natos-turkey-syria-earthquake/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-13 00:00:00,International organizations: Stabilizing measures,Statement by secretary-general or similar,NATO (region),Jens Stoltenberg (Secretary General of NATO),Not available,,Drive-By Compromise,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,Not available,Not available,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,2.0,Not available,0.0,euro,None/Negligent,Aid and development; Disaster management,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/DarkReading/status/1625225019461607442; https://www.darkreading.com/attacks-breaches/russian-hackers-disrupt-nato-earthquake-relief-operations-; https://twitter.com/Cyber_O51NT/status/1625026789147021314; https://www.ilsole24ore.com/art/ucraina-ultime-notizie-berlusconi-premier-non-avrei-incontrato-zelensky-fi-sostegno-kiev-AEFpqWmC; https://securityaffairs.com/142192/hacking/killnet-targets-nato-websites.html; https://twitter.com/securityaffairs/status/1625142171870416897; https://www.telegraph.co.uk/world-news/2023/02/12/russian-killnet-hackers-disrupt-natos-turkey-syria-earthquake/; https://www.nato.int/cps/en/natohq/opinions_211689.htm; https://twitter.com/securityaffairs/status/1625421476282224643; https://twitter.com/UK_Daniel_Card/status/1627312572440494080; https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/; https://twitter.com/M_Miho_JPN/status/1625867840334233601; https://www.ilsole24ore.com/art/gli-hacker-filorussi-noname057-hanno-attaccato-la-seconda-volta-l-italia-AEZ8HxyC; https://securityaffairs.com/148207/reports/enisa-threat-landscape-report-health-sector.html; https://www.bleepingcomputer.com/news/security/hacktivists-fund-their-operations-using-common-cybercrime-tactics/; https://www.darkreading.com/threat-intelligence/russian-hacktivism-takes-toll-organizations-ukraine-eu-us; https://socradar.io/dark-peep-7-shadows-of-betrayal-and-leadership-in-flux/,2023-02-14,2023-10-11
1906,Unknown actors corrupted patient information the Garrison Women's Health clinic in New Hampshire discovered in December 2022,"Unknown actors corrupted patient information from the Garrison Women's Health clinic in New Hampshire, according to a data incident notification from the clinic. 
The security breach occurred at Global Network Systems, which manages the clinic's IT infrastructure, and affected records created during the period of 28 April and 12 December 2022. 
The clinic was able to restore some of the manipulated information, but physician notes and appointment details of 4,158 patients proved unrecoverable. ",2022-04-28,2022-12-12,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,Garrison Women's Health (GWH),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,8791,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,False,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,12.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/medical-records-for-4158-garrison-womens-health-patients-lost-due-to-attack-on-it-vendor/; https://www.wdhospital.org/application/files/9116/7595/6481/GWH_HIPAA_Substitute_Notice_2.10.2023.pdf,2023-02-13,2023-03-16
1905,Unknown actors used Pegasus software to spy on four Mexican Public Defender's Office officials in 2021,"Unknown hackers spied on four judicial officials working on the controversial Wallace case. 
The Pegasus malware from the Israeli NSO Group was used to infiltrate the victims' mobile phones between May and November 2021, according to the University of Toronto's Citizen Lab. 
According to one of the victims, Salvador Leyva, the former technical secretary of Combating Torture, there seems to be a connection between the infiltration of the six technical devices (mostly phones) and his work as a public defender in the Wallace case, the alleged kidnapping and murder of Hugo Alberto Wallace Miranda in 2005. Salvador Leyva said that Maria Isabel Miranda Torres unlawfully hired a third party to hack their cell phones. ",2021-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,,"Not available - Salvador Leyva (Public Defender's Office, Mexico) - Not available - Not available",Mexico; Mexico; Mexico; Mexico, -  -  - ,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Judiciary - Judiciary - Judiciary - Judiciary,"Not available; Maria Isabel Miranda Torres (Social Activist, Mexico)",Not available; Mexico,Unknown - not attributed; Individual hacker(s),,1,7061; 7061; 7061; 7061; 7061; 7061; 7061; 7061,2023-02-10 00:00:00; 2023-02-10 00:00:00; 2023-02-10 00:00:00; 2023-02-10 00:00:00; 2023-02-10 00:00:00; 2023-02-10 00:00:00; 2023-02-10 00:00:00; 2023-02-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Salvador Leyva (Public Defender's Office, Mexico); Salvador Leyva (Public Defender's Office, Mexico); Salvador Leyva (Public Defender's Office, Mexico); Salvador Leyva (Public Defender's Office, Mexico); Salvador Leyva (Public Defender's Office, Mexico); Salvador Leyva (Public Defender's Office, Mexico); Salvador Leyva (Public Defender's Office, Mexico); Salvador Leyva (Public Defender's Office, Mexico)",Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Mexico; Mexico; Mexico; Mexico; Mexico; Mexico; Mexico; Mexico,"Not available; Not available; Not available; Not available; Maria Isabel Miranda Torres (Social Activist, Mexico); Maria Isabel Miranda Torres (Social Activist, Mexico); Maria Isabel Miranda Torres (Social Activist, Mexico); Maria Isabel Miranda Torres (Social Activist, Mexico)",Not available; Not available; Mexico; Mexico; Not available; Not available; Mexico; Mexico,Unknown - not attributed; Individual hacker(s); Unknown - not attributed; Individual hacker(s); Unknown - not attributed; Individual hacker(s); Unknown - not attributed; Individual hacker(s),https://elpais.com/mexico/2023-02-10/espiados-cuatro-funcionarios-de-la-defensoria-publica-de-mexico-con-el-software-pegasus.html,Other,Not available,,Not available,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,10.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Cyber espionage; Human rights,; Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://elpais.com/mexico/2023-02-10/espiados-cuatro-funcionarios-de-la-defensoria-publica-de-mexico-con-el-software-pegasus.html,2023-02-13,2024-02-02
1904,"Andariel, a subgroup of North Korean APT Lazarus, disrupted US and South Korean healthcare providers and other critical infrastructure with ransomware attacks","North Korean cyber actors disrupted US and South Korean healthcare providers and public health organizations as well as other critical infrastructure operators with ransomware attacks, according to a Joint Cybersecurity Advisory from US and South Korean security agencies. 
John Hultquist, Vice President of Threat Intelligence at cybersecurity firm Mandiant, noted that the company's analysis tied the activity described in the alert to Andariel, a subgroupp of North Korean state-sponsored hacking group Lazarus.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Not available - Not available - Not available - Not available,"Korea, Republic of; Korea, Republic of; United States; United States",ASIA; SCS; NEA - ASIA; SCS; NEA - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure, - Health -  - Health,Not available,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,8792; 8792; 8792; 8792; 8792; 8792; 8792; 8792; 8792; 8792; 8792; 8792; 8793,2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00; 2023-02-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,"Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Security Agency (NSA); National Security Agency (NSA); U.S. Department of Health and Human Services (HHS); U.S. Department of Health and Human Services (HHS); National Intelligence Service (NIS); National Intelligence Service (NIS); Republic of Korea Defense Security Agency (DSA); Republic of Korea Defense Security Agency (DSA); John Hultquist (Vice-President Mandian Threat Intelligence, United States)",Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; ,"United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States","Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://twitter.com/JohnHultquist/status/1623753192814047232; https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA%5FRANSOMWARE%5FATTACKS%5FON%5FCI%5FFUND%5FDPRK%5FACTIVITIES.PDF,Unknown,Not available,,Not available,,1,2023-02-10 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.wired.com/story/north-korea-hacking-us-hospitals/; https://twitter.com/JohnHultquist/status/1623753192814047232; https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA%5FRANSOMWARE%5FATTACKS%5FON%5FCI%5FFUND%5FDPRK%5FACTIVITIES.PDF; https://twitter.com/InfoSecSherpa/status/1624616312877072389; https://twitter.com/cybersecboardrm/status/1624460781973544971; https://twitter.com/Arkbird_SOLG/status/1624563938338693120; https://securityaffairs.com/142136/breaking-news/security-affairs-newsletter-round-406-by-pierluigi-paganini.html; https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://twitter.com/StateCDP/status/1623746020180910080; https://twitter.com/cybersecboardrm/status/1623802230930300929; https://cyberscoop.com/north-korea-ransomware-hospital/; https://twitter.com/ciaranmartinoxf/status/1624381793494351872; https://securityaffairs.com/142115/hacking/mft-terramaster-intel-driver-flaws-to-its-known-exploited-vulnerabilities-catalog.html; https://twitter.com/Dinosn/status/1624286604985610243; https://twitter.com/Cyber_O51NT/status/1624253022389010432; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-10th-2023-clops-back/; https://twitter.com/securityaffairs/status/1624168111426400256; https://securityaffairs.com/142090/breaking-news/north-korea-hackers-ransomware.html; https://twitter.com/CyberScoopNews/status/1624097718472781849; https://twitter.com/ImposeCost/status/1624082760993308672; https://www.bleepingcomputer.com/news/security/north-korean-ransomware-attacks-on-healthcare-fund-govt-operations/; https://twitter.com/mikko/status/1624039678767685638; https://twitter.com/CISAJen/status/1623834199152001024; https://www.darkreading.com/attacks-breaches/healthcare-in-the-crosshairs-of-north-korean-cyber-operations; https://twitter.com/Cyber_O51NT/status/1625126472003342336; https://www.malwarebytes.com/blog/news/2023/02/cisa-issues-alert-with-south-korean-government-about-dprks-ransomware-antics; https://twitter.com/darktracer_int/status/1625407186699698177; https://twitter.com/Arkbird_SOLG/status/1625985689169940480; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-february-2023/; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/,2023-02-13,2023-10-27
1903,Hacktivist group Edalate Ali briefly interrupted broadcast of Iranian President Ebrahim Raisi's speech on the 44th anniversary of the Iranian Revolution on 11 February 2023,Hacktivist group Edalate Ali (Justice of Ali) interrupted a broadcast of Iranian President Ebrahim Raisi's speech on the 44th anniversary of the Iranian Revolution on 11 February 2023. For a short period of about one minute a logo of the group replaced footage of Raisi on the Internet livestream.,2023-02-11,2023-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Islamic Republic of Iran Broadcasting (IRIB),"Iran, Islamic Republic of",ASIA; MENA; MEA,Media,,Edaalate Ali,Not available,Non-state-group,Hacktivist(s),1,7400,2023-02-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Edaalate Ali,Not available,Not available,Edaalate Ali,Not available,Non-state-group,https://twitter.com/EdaalateAli1400/status/1624331120710979584?s=20&t=w5gEkN-uGSjbnpVx0C3yEg,System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/switch_d/status/1624786767529365504; https://edition.cnn.com/2023/02/12/middleeast/hackers-interrupt-iran-leader-revolution-anniversary-intl-hnk/index.html; https://twitter.com/EdaalateAli1400/status/1624331120710979584?s=20&t=w5gEkN-uGSjbnpVx0C3yEg; https://twitter.com/thegrugq/status/1624612974664228866; https://twitter.com/AnonOpsSE/status/1624494266583056387; https://twitter.com/AnonOpsSE/status/1624480411261849600; https://www.lastampa.it/esteri/2023/02/11/video/iran_gli_hacker_interrompono_il_discorso_di_raisi_sulla_tv_di_stato_morte_a_khamenei-12637387/; https://www.rferl.org/a/iran-revolution-anniversary-protests-hackers/32266691.html; https://www.hackread.com/iran-tv-hacked-revolution-day/; https://securityaffairs.com/142172/hacktivism/iranian-state-tv-hacked.html; https://twitter.com/securityaffairs/status/1625021116237459462; https://twitter.com/securityaffairs/status/1625021246130819072; https://twitter.com/securityaffairs/status/1625421549116305410; https://twitter.com/securityaffairs/status/1625422699202740224; https://twitter.com/YourAnonNews/status/1625745317076570113,2023-02-13,2023-03-20
1902,Unknown actors temporarily disrupted access to the website of Estonia's Ministry of Foreign Affairs in a DDoS attack during 19-20 January 2023,"Unknown actors disrupted access to the website of Estonia's Ministry of Foreign Affairs in a DDoS attack for short periods between 19 and 20 January 2023, a spokesperson for the Estonian Information System Authority (RIA) confirmed on 9 February 2023. An earlier, less focused wave of DDoS attacks launched on 15 January against several Estonian government institutions - including the websites of the government, the parliament, the e-government services portal, the ministries of defence, finance, justice, and economic affairs, the central bank, and the health board - failed to produce effects.",2023-01-19,2023-01-20,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,Ministry of Foreign Affairs (Estonia),Estonia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,7403,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2023-02-09 00:00:00,EU member states: Preventive measures,Awareness raising,Estonia,Estonian Information System Authority (RIA) ,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://news.postimees.ee/7709620/cyber-attacks-against-estonian-state-institutions-companies-continued-in-january,2023-02-10,2024-04-12
1901,Cybercriminals gained access to the corporate network of the Swiss Federal Railways (SBB) in February 2023,"Cybercriminals gained access to part of the corporate network of the Swiss Federal Railways (SBB) during the weekend of 4-5 February 2023, according to an internal letter addressed to SBB employees dated 8 February 2023.
",2023-02-04,2023-02-05,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Hijacking without Misuse,Swiss Federal Railways (SBB),Switzerland,EUROPE; WESTEU,Critical infrastructure,Transportation,Not available,Not available,Non-state-group,Criminal(s),1,8237,2023-02-08 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Swiss Federal Railways (SBB),Not available,Switzerland,Not available,Not available,Non-state-group,https://www.watson.ch/digital/schweiz/218657964-cyberangriff-auf-die-sbb-strafanzeige-eingereicht,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",none,2,Moderate - high political importance,2.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/dani_stoffers/status/1623624835489316865; https://www.watson.ch/digital/schweiz/218657964-cyberangriff-auf-die-sbb-strafanzeige-eingereicht,2023-02-10,2024-04-12
1899,Unknown actors gained access to the networks of British engineering company Vesuvius ,"Unknown actors gained access to the networks of British engineering company Vesuvius, requiring it to temporarily shut down operations, according to legally required declarations by the publicly-traded company of inside information that resulted from its ongoing investigations of the incident.",,Not available,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,Vesuvius plc,United Kingdom,EUROPE; NATO; NORTHEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,10002,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,Not available,1-10,1.0,1-10,1.0,=< 10 Mio,4600000.0,dollar,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.databreaches.net/hackers-hit-vesuvius-uk-engineering-company-shuts-down-affected-systems/; https://www.londonstockexchange.com/news-article/VSVS/cyber-security-incident/15824555; https://www.infosecurity-magazine.com/news/uk-metalg-firm-vesuvius-cyberattack/; https://www.insurancejournal.com/news/international/2023/02/06/706216.htm; https://grahamcluley.com/hackers-hit-vesuvius-uk-engineering-company-shuts-down-affected-systems/; https://therecord.media/vesuvius-engineering-uk-steel-cyber-incident-cost; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://securityaffairs.com/146442/hacking/vesuvius-cyber-incident-cost-3-5m.html,2023-02-09,2023-05-19
1898,Russian-speaking hacker group WinterVivern gained access to and stole data from the computer systems of the Polish and Ukrainian governments beginning on 31 January 2023,"Russian-speaking hacker group WinterVivern/UAC-0114 gained access to and stole data from the computer systems of the Polish and Ukrainian governments beginning on 31 January 2023, stated a CERT-UA report with high confidence.
The hacking group managed to take screenshots, search the desktop folder and exfiltrate user data. ",2023-01-31,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Not available,Poland; Ukraine,EUROPE; NATO; EU(MS); EASTEU - EUROPE; EASTEU,State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,WinterVivern,Not available,Unknown - not attributed,,1,8794,2023-02-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,WinterVivern,Not available,Unknown - not attributed,https://scpc.gov.ua/api/docs/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj.pdf,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-08 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,The State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://scpc.gov.ua/api/docs/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj.pdf; https://therecord.media/hackers-used-fake-websites-to-target-state-agencies-in-ukraine-and-poland/; https://twitter.com/dsszzi/status/1623380073553207315; https://twitter.com/RecordedFuture/status/1623676196402733057; https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html,2023-02-09,2023-05-03
1894,"Ransomware attack against South African telco and cloud hosting provider RSAWeb caused a days-long outage beginning on 1 February 2023, ","The South African telecommunication and cloud hosting provider RSAWeb was hit by a ransomware attack on 1 February 2023, causing a days-long outage. According to a letter from RSAWeb CEO Rudy van Staden sent to the company’s clients on 5 February, the attack affected its website, fibre, mobile, hosting, VoIP, and PBX services. Van Staden further claimed that his company was targeted by an “extremely capable and devious threat actor"" and that this attack was ""part of a campaign that has victimized many other businesses both in South Africa and globally.” According to the CEO, the company does not believe that customer or employee data was accessed as part of the attack.
",2023-02-01,2023-02-06,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Not available - Not available - RSAWeb,South Africa; Global (region); South Africa,AFRICA; SSA -  - AFRICA; SSA,Unknown - Unknown - Critical infrastructure, -  - Telecommunications,Not available,Not available,Not available,,1,8235,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/UK_Daniel_Card/status/1622496897612087298; https://mybroadband.co.za/news/security/479051-rsaweb-hit-by-ransomware-attack.html?utm_source=substack&utm_medium=email; https://www.citizen.co.za/lifestyle/technology/rsaweb-outage-global-ransomware-threat/; https://twitter.com/DarkReading/status/1631368024824373286,2023-02-08,2023-03-05
1893,Unknown hackers crippled the IT systems of German pipeline and plant manufacturer Friedrich Vorwerk in a ransomware attack in mid-November 2022,"Unknown hackers crippled the IT systems of German pipeline and equipment manufacturer Friedrich Vorwerk in a ransomware attack in mid-November 2022, a Friedrich Vorwerk company spokeswoman explained to news website heise online.
The company managed to restore the IT systems shortly before Christmas. The disruption affected file and database servers as well as some workstations. ",2022-11-15,Not available,Not available,,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Friedrich Vorwerk Group,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Critical Manufacturing,Not available,Not available,Not available,,1,6764,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/secIT_DE/status/1622950948137205760; https://www.friedrich-vorwerk.de/files/230130-VOR-2022-Q4-DE.pdf; https://twitter.com/Dennis_Kipker/status/1623655021043744770,2023-02-08,2023-05-31
1892,Ross Memorial Hospital in Canada was hit by a suspected ransomware attack in February 2023,"Ross Memorial Hospital in Kawartha Lakes in Ontario, Canada, was hit by a suspected ransomware attack on 5 February 2023 that disabled some diagnostic systems and access to medical files. The hospital initiated 'code grey', defined in Ontario for the loss of a critical system or intervention measures (including in the event of a ransomware attack) that may result in a health and safety risk to those in the hospital. The incident may be related to global ransomware attacks aimed at a vulnerability in VMware ESXi, whis is used in the setup of virtual machines (CVE-2021-21974).",2023-01-01,Not available,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,Ross Memorial Hospital,Canada,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Unknown - not attributed,,1,17917,NaT,Not available,Not available,Not available,Not available,Canada,Not available,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://rmh.org/news-releases/ross-memorial-hospital-issues-code-grey; https://www.govinfosecurity.com/ontario-hospital-among-latest-healthcare-cyberattack-victims-a-21154; https://www.databreaches.net/suspected-ransomware-attack-disables-some-systems-at-ross-memorial-hospital/,2023-02-08,2024-03-13
1891,Iranian state-sponsored hacking group NEPTUNIUM is suspected of stealing personal information from Charlie Hebdo subscribers and defacing its website in January 2023,"The Iranian state-sponsored hacking group Neptunium stole the personal information of subscribers of the French satire magazine Charlie Hebdo and defaced its website in January 2023, Microsoft's Digital Threat Analysis Center (DTAC) assesses with high confidence.
The operation traces back to December 2022, when Charlie Hebdo announced a cartoon contest featuring Iran's Supreme Leader Ali Khamenei as the subject. 
On 4 January 2023, a user by the name Holy Souls claimed to have obtained the personal information of 230,000 Charlie Hebdo subscribers. Samples released togehter with the online post show the full names, phone numbers, financial information, as well as email and home addresses of individuals that Le Monde confirmed as actual subscribers of the magazine. The information could expose readers to harm, digitally and in the real world. News about both the defacement and alleged data theft were pushed in a concerted effort across social media platforms that matches with tactics Microsoft had observed for earlier Iranian-directed influence campaigns. 
Reports that the purported cache of customer details was obtained in a breach of the outlet's database are based on statements by Holy Souls that have not been independently or directly confirmed by Charlie Hebdo.
Microsoft identifies Neptunium as Emennet Pasargad, an Iranian cyber firm that was sanctioned by the US Treasury Department in November 2021 over attempts to interfere in the 2020 US presidential elections. The company had previously been designated under the US sanctions regime in February 2019 as Net Peygard Samavat Company before later rebranding as Emennet Pasargad.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Charlie Hebdo,France,EUROPE; NATO; EU(MS); WESTEU,Media,,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,6766,2023-02-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Defacement,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium/; https://cyberscoop.com/iran-charlie-hebdo-hack/; https://www.jpost.com/international/article-730541; https://www.darkreading.com/attacks-breaches/iran-backed-actor-behind-cyberattack-charlie-hebdo-microsoft-says; https://twitter.com/iblametom/status/1621513502149206023; https://twitter.com/campuscodi/status/1621529797619752962; https://securityaffairs.com/141855/apt/charlie-hebdo-data-leak-iran.html; https://jyllands-posten.dk/international/ECE14953615/microsoft-iranere-stod-bag-hackerangreb-paa-charlie-hebdo/; https://twitter.com/securityaffairs/status/1622219319823241220; https://www.lesechos.fr/tech-medias/medias/microsoft-affirme-que-liran-est-a-lorigine-de-la-cyberattaque-contre-charlie-hebdo-1903746; https://thehackernews.com/2023/02/microsoft-iranian-nation-state-group.html; https://twitter.com/asfakian/status/1622555787158605826; https://twitter.com/fr0gger_/status/1622475455805935621; https://twitter.com/unix_root/status/1622636487169671169; https://twitter.com/780thC/status/1622584638144147457; https://www.lemonde.fr/lmdgft/1/NjE1NjkxNi1mZjNlZmMwMGQ1NGUyMWVlMTBmYzRmZjBjZjAzYjU2YzNkY2JkM2NlYjNhZjIwZTg2ZGIwMTJlYThjODA0OWE3?random=1150217085; https://web.archive.org/web/20230109230217/https://www.youtube.com/watch?v=GKRnCjbMqEM; https://web.archive.org/web/20230109230105/https://breached.vc/Thread-Personal-information-of-230000-customers-of-charliehebdo-fr; https://twitter.com/CERTEU/status/1631572192667353089; https://cyberscoop.com/iranian-information-operations-hacking-microsoft-report/; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf; https://thehackernews.com/2023/05/meta-uncovers-massive-social-media.html; https://www.darkreading.com/application-security/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs,2023-02-07,2023-09-18
1890,Dutch law enforcement agencies gained access to and disrupted the encrypted messaging platform Exclu starting both in 2020 and 2022 ,"The National Public Prosecution Service of the Netherlands oversaw two investigations into the encrypted messaging platform Exclu. The efforts resulted in the arrest of the two owners and managers of the communications service as well as 40 users suspected of reyling on the application for the planning and coordination of crimes. Named 26Samber and 26Lytham, the operations that had been underway since September 2020 and April 2022, respectively, broke into Exclu to monitor communications. The platform has subsequently been dismantled. 
As part of this cross-broder investigation, Dutch investigators collaborated with Eurojust, Europol, and local law enforcement partners in Italy, Sweden, France, and Germany. ",2020-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Exclu,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Social groups,Criminal,Dutch Public Prosecution Service,Netherlands,State,,1,6767,2023-02-03 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Dutch Federal Police (Politie),Not available,Netherlands,Dutch Public Prosecution Service,Netherlands,State,https://www.politie.nl/nieuws/2023/februari/3/politie-leest-opnieuw-mee-met-criminelen.html,Cyber-specific,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,12.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/police-hacked-exclu-secure-message-platform-to-snoop-on-criminals/; https://www.hackread.com/cybercrime-encrypted-messenger-exclu-seized/; https://twitter.com/josephfcox/status/1622617173389676546; https://www.politie.nl/nieuws/2023/februari/3/politie-leest-opnieuw-mee-met-criminelen.html; https://cyberscoop.com/doj-cybercrime-disruption-ransomware/,2023-02-07,2023-07-12
1889,"Ransomware hack on computer servers running VMware ""ESXi"" software in Italy in early February 2023","A global ransomware campaign targeting a known vulnerability in VMware's ESXi servers (CVE-2021-21974) affected Italian water and energy utility company Acea in early February. The incident did not impair the company's operations. The Italian government declared on 6 February that there was no evidence of a state actor carrying out the attack but rather suspected a criminal outfit. In a statement to the press, the Italian National Cybersecurity Agency linked the incident to the BlackBasta ransomware group, which shares connections with the now defunct Conti gang. The French CERT first reported the ransomware wave directed against thousands of servers running VMware virtual machines on 3 February. Most attacks targeted systems in France, the United States, Germany, Canada and other European countries.",2023-02-02,2023-02-05,"Attack on non-political target(s), politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Not available - Acea,Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Not available - Critical infrastructure; Critical infrastructure, - Water; Energy,BlackBasta,Not available,Non-state-group,Criminal(s),2,12104; 12103,2023-02-06 00:00:00; 2023-02-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Agenzia Per La Cybersicurezza Nazionale; Italian Government,Not available; Not available,Italy; Italy,BlackBasta; Not available,Not available; Not available,Non-state-group; Non-state-group,https://www.govinfosecurity.com/blackbasta-blamed-for-global-attacks-on-vmware-esxi-servers-a-21125; https://www.agenzianova.com/en/news/acea-after-the-hacker-attack-the-operation-of-the-computer-systems-was-restored/,Unknown,Unknown,,Unknown,,3,2023-02-06 00:00:00; 2023-02-06 00:00:00; 2023-02-03 00:00:00,EU member states: Stabilizing measures; State Actors: Preventive measures; EU member states: Preventive measures,Statements by heads of state/head of government (or executive official); Awareness raising; Awareness raising,Italy; Italy; France,Italian Government; National Cybersecurity Agency of Italy (ACN); Computer Emergency Response Team of France (CERT France),No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Italy,Agenzia Cybersicurezza Nazionale (ACN),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/vmware-esxiargs-ransomware-attacks/; https://www.govinfosecurity.com/blackbasta-blamed-for-global-attacks-on-vmware-esxi-servers-a-21125; https://twitter.com/DigitalPeaceNow/status/1622715616879673373; https://twitter.com/nicoleperlroth/status/1622706936323133440; https://twitter.com/Dinosn/status/1622640727946559491; https://twitter.com/ciaranmartinoxf/status/1622704218653003777; https://www.ilsole24ore.com/art/attacco-hacker-come-e-stato-effettuato-e-come-difendersi-AEofnciC; https://www.ilsole24ore.com/art/cybersicurezza-vertice-palazzo-chigi-danni-e-strategia-AEC9OXiC; https://www.reuters.com/technology/italys-govt-global-cyber-attack-did-not-come-state-entity-2023-02-06/; https://www.governo.it/en/articolo/meeting-held-palazzo-chigi-global-cyber-attack/21720; https://www.agenzianova.com/en/news/acea-after-the-hacker-attack-the-operation-of-the-computer-systems-was-restored/; https://www.ansa.it/sito/notizie/economia/2023/02/05/agenzia-cyber-massiccio-attacco-hacker-in-corso_453b24d2-5a1b-46f8-9e18-1d070a768b05.html; https://nakedsecurity.sophos.com/2023/02/07/using-vmware-worried-about-esxi-ransomware-check-your-patches-now/; https://twitter.com/snlyngaas/status/1623030388980416512; https://twitter.com/DarkReading/status/1623026319050084366; https://twitter.com/Cyber_O51NT/status/1622777690322501633; https://www.ilsole24ore.com/art/cybersecurity-ecco-perche-falla-sistemi-esxi-e-grave-ed-urgente-difendersi-AEUoPCjC; https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/; https://twitter.com/Arkbird_SOLG/status/1623690733424189442; https://www.databreaches.net/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery/; https://news.postimees.ee/7709620/cyber-attacks-against-estonian-state-institutions-companies-continued-in-january; https://www.ilsole24ore.com/art/l-attacco-hacker-forse-diversivo-che-nasconde-strategia-piu-complessa-AEHHyClC; https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods; https://www.darkreading.com/vulnerabilities-threats/attackers-can-exploit-flaw-in-vmware-esxi-hypervisor-in-multiple-ways; https://www.recordedfuture.com/esxiargs-ransomware-targets-vmware-esxi-openslp-servers; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/; https://socradar.io/dark-web-profile-lockbit-3-0-ransomware/; https://www.wired.com/story/apple-google-moveit-security-patches-june-2023-critical-update/; https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as-threat-actors-pivot-to-zero-day-exploits; https://www.mandiant.com/resources/blog/traditional-advice-modern-threats; https://www.darkreading.com/vulnerabilities-threats/how-to-mitigate-cybersecurity-risks-from-misguided-trust,2023-02-07,2023-11-17
1888,"Unknown hackers accessed and exfiltrated patient data from San Diego health care provider Sharp on January 12, 2023","Unknown hackers accessed and exfiltrated patient data from Sharp Healthcare, the largest health provider in San Diego, on January 12, 2023 over the span of a few hours. According to the incident notification by Sharp, the data breach affected the record of 62,777 patients. Compromised data did not include payment details or clinical information but, based on an initial assessment, is limited to patient names, internal identification numbers/invoice numbers, payment amounts, and the names of the Sharp facilities receiving the payments.",2023-01-12,2023-01-12,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Sharp HealthCare,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,8231,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/sharp-notifies-nearly-63000-patients-of-data-breach-involving-payment-portal/; https://www.sharp.com/notice-to-our-patients.cfm,2023-02-07,2023-03-05
1887,Unknown hackers gained access to the email account of an employee at Southeast Colorado Hospital District (SECHD) on 23 November 2022,"Unknown hackers gained access to the email account of an employee at Southeast Colorado Hospital District (SECHD) in the period of 23 November and 5 December 2022, based on a data security incident notice issued by SECHD. The compromised inbox contained personal data of patients. Among the records affected, the notification lists personal information of patients, such as name, date of birth, social security and driver’s license numbers, but also medical details on diagnoses, treatments, and further health insurance information.",2022-11-23,2022-12-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Southeast Colorado Hospital District (SECHD),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,17916,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/four-more-attacks-on-the-healthcare-sector-weekend-edition/; https://www.sechosp.org/docs/2%5F3%5F2023%5FData.pdf,2023-02-06,2024-03-13
1886,Unknown hackers accessed and exfiltrated data of Regal Medical Group in a ransomware attack beginning on 1 December 2022,"Unknown hackers accessed and exfiltrated some data of Regal Medical Group in a ransomware attack between 1 and 8 December 2022, according to a data breach notification filed by Regal to the California Attorney General's Office. Based on this notification, affected records may have contained personal information of patients, such as name, address, date of birth, social security number, but also medical details on diagnoses, treatments, test results, and prescriptions.",2022-12-01,2022-12-02,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical",United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,17915,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/four-more-attacks-on-the-healthcare-sector-weekend-edition/; https://oag.ca.gov/system/files/Regal%20John%20Doe%20Letter%20Feb%201%202023.pdf; https://twitter.com/Dinosn/status/1624253493371367425; https://twitter.com/cahlberg/status/1624147422019522603; https://therecord.media/ransomware-attack-leads-to-massive-data-breach-from-california-health-network/; https://www.bleepingcomputer.com/news/security/california-medical-group-data-breach-impacts-33-million-patients/; https://www.govinfosecurity.com/california-medical-groups-ransomware-breach-affects-33m-a-21181; https://twitter.com/RecordedFuture/status/1625132730223656960; https://www.govinfosecurity.com/5-lawsuits-filed-in-ransomware-breach-affecting-33-million-a-21287,2023-02-06,2024-03-13
1885,Unknown hackers accessed and exfiltrated data from the network of Californian health clinic Cardiovascular Associates beginning on 28 November 2022,"Unknown hackers accessed and exfiltrated data from the network of the Cardiovascular Associates (CVA) clinic in California during the period of 28 November and 5 December 2022, according to a notification by CVA to the California Attorney General's Office. Based on CVA filings, the breached records may have contained personal information of patients, including passport and driver’s license numbers but also credit/debit card information as well as details about medical treatments and tests or diagnoses.
",2022-11-28,2022-12-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,Cardiovascular Associates (CVA),United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,8230,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/four-more-attacks-on-the-healthcare-sector-weekend-edition/; https://oag.ca.gov/system/files/2023-02-03%20-%20CVA%20Individual%20Notice%20Templates.pdf; https://www.govinfosecurity.com/lawsuit-against-clinic-seeks-long-list-cyber-improvements-a-21480,2023-02-06,2023-03-21
1884,Iranian state-sponsored hacking group APT34 stole information from Middle Eastern governments using new backdoor MrPerfectInstaller in December 2022,"The Iranian state-sponsored hacking group APT34 stole information from Middle Eastern governments using the new backdoor MrPerfectInstaller in December 2022, according to a technical report by IT security firm Trend Micro. 
The hacking group's goal was to steal user credentials for stable access to email accounts to be able to exfiltrate data via government Exchange Servers.",2022-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Middle East (region),,State institutions / political system,Government / ministries,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6777,2023-02-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,Japan,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en%5Fus/research/23/b/new-apt34-malware-targets-the-middle-east.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,2.0,Not available,Not available,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/02/iranian-oilrig-hackers-using-new.html; https://www.trendmicro.com/en%5Fus/research/23/b/new-apt34-malware-targets-the-middle-east.html; https://research.checkpoint.com/2023/6th-february-threat-intelligence-report/,2023-02-06,2023-07-14
1883,"Websites of several clinics in Franconia, Germany, were taken down with DDoS attacks in January 2023","On 31 January 2023, several hospitals in Bavarian Franconia, Germany, were taken down with DDoS attacks. The attacks were confirmed by the Geomed Clinic in Gerolzhofen and the City Hospital in Schwabach. The hospitals' websites were unavailable for several hours. Previously, the pro-Russian hacktivist group Killnet had called for attacks on the websites of a total of seven Bavarian hospitals, including those in Schwabach and Gerolzhofen. Responsibility for the attacks has not been independently confirmed.",2023-01-31,2023-01-31,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Geomed Klinik - Stadtkrankenhaus Schwabach,Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure,Health - Health,Not available,Not available,Not available,,1,8229,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"https://twitter.com/VessOnSecurity/status/1622019679974744067; https://www.br.de/nachrichten/netzwelt/hacker-angriffe-auf-mehrere-kliniken-in-franken,TUcc0Xs; https://twitter.com/ransomwaremap/status/1622624728585306118",2023-02-06,2023-03-05
1882,Chinese state-sponsored hacking group Mustang Panda deployed PlugX backdoor against the network of an unnamed European organization in December 2022,"The Chinese state-sponsored hacking group Mustang Panda deployed the PlugX backdoor against the network of an unnamed European organization in December 2022, according to Dutch cybersecurity firm EclecticIQ. ",2022-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Europe (region),,Unknown,,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",,1,7028,2023-02-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,EclecticIQ,,Netherlands,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://decoded.avast.io/threatresearch/avast-q4-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2022-threat-report; https://twitter.com/780thC/status/1621464181152141312; https://twitter.com/Cyber_O51NT/status/1621313406367309825; https://twitter.com/Arkbird_SOLG/status/1621533338832871425; https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware; https://twitter.com/RecordedFuture/status/1626633928327954434; https://twitter.com/SteffenHeyde/status/1632990915873652743; https://www.cybersecasia.net/news/apt-activities-from-china-n-korea-iran-and-russia,2023-02-06,2023-03-27
1881,Unknown attackers disrupted IT systems at Tallahassee Memorial HealthCare (TMH) in Florida on 2 February 2023,"Unknown attackers disrupted IT systems at the regional hospital Tallahassee Memorial HealthCare (TMH) in Florida in a suspected ransomware attack on 2 February 2023. Operating under IT downtime protocols, the facility canceled non-emergency treatments and outpatient procedures. To ensure care delivery, TMH limited admission to the most critically injured patients (level 1 trauma) in its immediate service are and has otherwise been redirecting emergency medical services.
",2023-02-02,2023-02-02,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Tallahassee Memorial HealthCare,United States,NATO; NORTHAM,Critical infrastructure,Health,Not available,Not available,Not available,,1,8228,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cahlberg/status/1624147422019522603; https://therecord.media/ransomware-attack-leads-to-massive-data-breach-from-california-health-network/; https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-february-6-12; https://twitter.com/TonyaJoRiley/status/1625152474507083778; https://therecord.media/tallahassee-hospital-diverting-patients-canceling-non-emergency-surgeries-after-cyberattack/; https://www.bleepingcomputer.com/news/security/florida-hospital-takes-it-systems-offline-after-cyberattack/; https://www.databreaches.net/fl-tallahassee-memorial-hospital-victim-of-suspected-ransomware-attack/; https://twitter.com/vxunderground/status/1621565325975212033; https://securityaffairs.com/141792/hacking/tallahassee-memorial-healthcare-cyberattack.html; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html; https://twitter.com/securityaffairs/status/1622172170922123264; https://www.tmh.org/news/2023/tallahassee-memorial-managing-it-security-issue; https://floridapolitics.com/archives/585686-tallahassee-memorial-hospital-victim-of-suspected-ransomware-attack/; https://www.tmh.org/news/2023/february-4-update-tmh-managing-it-security-issue; https://www.tmh.org/news/2023/tallahassee-memorial-making-progress-managing-it-security-event; https://research.checkpoint.com/2023/6th-february-threat-intelligence-report/; https://www.malwarebytes.com/blog/news/2023/02/florida-hospital-takes-entire-it-systems-offline-after-ransomware-attack; https://twitter.com/AlexMartin/status/1639241047816511501; https://securityaffairs.com/144811/cyber-crime/cyberattack-cornwall-community-hospital-ontario.html; https://therecord.media/idaho-hospital-diverting-ambulances-after-cyberattack; https://therecord.media/safford-arizona-hospital-st-louis-call-a-ride-cyberattacks; https://www.techrepublic.com/article/top-cybersecurity-threats/; https://www.wusf.org/health-news-florida/2024-02-17/hospital-cyberattacks-are-likely-to-increase-and-put-lives-at-risk-experts-warn; https://therecord.media/st-cloud-hit-with-ransomware-florida-string,2023-02-06,2023-03-28
1880,North Korean state-sponsored hacking group Lazarus gained access to research facilities and stole information beginning in August 2022,"The North Korean state-sponsored hacking group Lazarus gained access to public as well as private research institutions focused on health and energy and stole 100 GB of information for espionage purposes during the period of 22 August and 11 November 2022, the Finnish cybersecurity firm WithSecure concludes with high-confidence. 
The hacking group gained initial access to unpatched Zimbra servers via two associated vulnerabilities (CVE-2022-27925 and CVE-2022-37042). 
This cyber incident, along with two other cyber incidents from 2022 (Stonefly and Tale of Three RATs), is part of a large cyber campaign to gather sensitive information from targets in highly-specialized sectors.",2022-08-22,2022-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,Not available; India, - ASIA; SASIA; SCO,Science - Science, - ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,7029,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,WithSecure,,Finland,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/cybersecboardrm/status/1623853882366390272; https://www.bleepingcomputer.com/news/security/north-korean-hackers-stole-research-data-in-two-month-long-breach/; https://www.darkreading.com/ics-ot/lazarus-group-rises-again-gather-intelligence-energy-healthcare-firms; https://thehackernews.com/2023/02/north-korean-hackers-exploit-unpatched.html; https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/; https://twitter.com/780thC/status/1621114433886994433; https://twitter.com/switch_d/status/1621205282641612800; https://twitter.com/AnonOpsSE/status/1621181567145050112; https://twitter.com/Dinosn/status/1621218340671733761; https://twitter.com/UK_Daniel_Card/status/1621206214158712834; https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf; https://www.databreaches.net/north-korean-hackers-stole-research-data-in-two-month-long-breach/; https://twitter.com/LawyerLiz/status/1621304384972902405; https://twitter.com/RecordedFuture/status/1621646796219883520; https://www.darkreading.com/remote-workforce/dprk-using-unpatched-zimbra-devices-to-spy-on-researchers-; https://www.darkreading.com/endpoint/lazarus-scarcruft-north-korean-apts-shift-tactics-thrive; https://www.darkreading.com/endpoint/zimbra-zero-day-demands-urgent-manual-update; https://www.darkreading.com/attacks-breaches/apts-swarm-zimbra-zero-day-to-steal-government-info-worldwide,2023-02-03,2024-01-04
1878,The hacker group POLONIUM penetrated the network of an Israeli company in Serbia using a modified version of the backdoor CreepyDrive starting in mid-September 2022,"The hacker group POLONIUM penetrated the network of an Israeli company in Serbia using a modified version of the backdoor CreepyDrive during the period of mid-September to late-November 2022, according to a technical report by the Slovak IT security firm ESET. ",2022-09-15,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Plaid Rain fka POLONIUM/UNC4453/Aqua Dev 1/Greatrift,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11583,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,Plaid Rain fka POLONIUM/UNC4453/Aqua Dev 1/Greatrift,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,Not available,1-10,1.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/; https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/,2023-02-02,2023-07-14
1877,Chinese hacker group Goblin Panda infiltrated an EU government's network with the TurboSlate backdoor in November 2022,"Chinese hacker group Goblin Panda infiltrated the network of a government organization within the European Union with the TurboSlate backdoor in November 2022, based on the findings of Slovak IT security firm ESET with medium confidence. ",2022-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,EU (region),,State institutions / political system,Government / ministries,Goblin Panda,China,Unknown - not attributed,,1,7038,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,Goblin Panda,China,Unknown - not attributed,https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,Not available,1-10,1.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/; https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/,2023-02-02,2023-04-20
1879,Iranian state-sponsored hacking group MuddyWater targeted unspecified targets in Egypt and Saudi Arabia using the remote access tool SimpleHelp,"The Iranian state-sponsored hacking group MuddyWater targeted unspecified targets in Egypt and Saudi Arabia using the remote access tool SimpleHelp, according to findings by Slovak IT security firm ESET.
The hacker group used the SimpleHelp connections of a compromised managed service provider (MSP) to gain access to further victims and blend in with routine traffic between the MSP and its clients.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Egypt; Saudi Arabia,MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA; GULFC,Unknown - Unknown, - ,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7033,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/,System / ideology; International power,System/ideology; International power,Iran – Saudi Arabia; Iran – Saudi Arabia,Unknown,,0,,Not available,,Not available,Not available,No,,External Remote Services; Trusted Relationship,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,Not available,Not available,0.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/; https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/; https://thehackernews.com/2023/04/iranian-hackers-using-simplehelp-remote.html; https://twitter.com/Dinosn/status/1648275021448597504; https://www.welivesecurity.com/2023/05/02/apt-groups-muddying-waters-msps/; https://research.checkpoint.com/2023/irans-most-advanced-cyber-attack-yet/,2023-02-02,2023-12-20
1876,Russian state-sponsored hacking group Sandworm used NikoWiper against an energy-sector company in Ukraine in October 2022,"The Slovakian IT security firm ESET has reported the usage of a new wiper strain called NikoWiper by the Russia-affiliated group Sandworm in an attack targeting a Ukrainian energy-sector company in October 2022. No details on the impact of the wiper have been reported.
ESET's technical report additionally mentions that this cyberattack coincided with Russian forces firing missiles on energy facilities. ",2022-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Critical infrastructure,Energy,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,1,6740,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,ESET,Slovakia,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html; https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/; https://twitter.com/CSIS_Tech/status/1620542650834382849; https://twitter.com/unix_root/status/1620413840981647360; https://twitter.com/Cyber_O51NT/status/1620571509596229632; https://twitter.com/cybersecboardrm/status/1620441387551391750; https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/; https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://twitter.com/Cyber_O51NT/status/1629280661474508801; https://twitter.com/780thC/status/1629087842516320256; https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html; https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/; https://www.cybersecasia.net/news/apt-activities-from-china-n-korea-iran-and-russia; https://www.govinfosecurity.com/ukraine-fends-off-sandworm-battlefield-espionage-ploy-a-22772,2023-02-01,2024-01-29
1871,Unknown attackers disrupted the network of the British Redcar and Cleveland Borough in a ransomware attack on 8 February 2020,"Unknown attackers disrupted the network of the local administration in Redcar and Cleveland, a borough in nothern England in a ransomware attack on 8 February 2020, according to the associated council. 
The leader of the Redcar and Cleveland Borough Council Mary Lanigan was invited to a hearing by the British Parliament's National Security Strategy Committee on 30 January 2023, about the ransomware attack at the time. There, she reported that the instructions of the central government and its competent authorities to refrain from openly addressing the attack caused complications for the incident response.",2020-02-08,2023-02-08,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Redcar and Cleveland Borough,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Civil service / administration,Not available,Not available,Unknown - not attributed,,1,12105,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,1,2023-01-30 00:00:00,State Actors: Legislative reactions,Parliamentary investigation committee,United Kingdom,Joint Committee on the National Security Strategy (British Parliament),No,,Phishing,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,13.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,11650000.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/AlexMartin/status/1620108100387897344; https://twitter.com/AlexMartin/status/1620099954256797698; https://www.bbc.com/news/uk-england-tees-53662187; https://www.theguardian.com/technology/2020/feb/27/redcar-and-cleveland-council-hit-by-cyber-attack; https://parliamentlive.tv/event/index/1d2be5c5-a7ee-41c0-9033-6cec717e80d1; https://twitter.com/Dennis_Kipker/status/1620840628417626113; https://committees.parliament.uk/oralevidence/12620/default/; https://twitter.com/DrAndrewDwyer/status/1622615153861591041; https://therecord.media/st-helens-council-suspected-ransomware-attack-england,2023-01-31,2023-08-25
1868,Pro-Russian hacktivist group Killnet disrupted at least 14 hospitals in the United States in January 2023,"The pro-Russian hacktivist group Killnet is suspected to be responsible for disrupting at least 14 hospitals in the United States using DDoS attacks in late January, according to national adviser for cybersecurity and risk at the American Hospital Association (AHA) John Riggi.",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Buena Vista Regional Medical Center - Abrazo Health - Anaheim Regional Medical Center - Michigan Medicine - Atlanticare - Huntsville Hospital - Jefferson Health - Duke University Hospital - Heart of the Rockies Regional Medical Center - Cedars-Sinai Medical Center - Atrium Health - Hollywood Presbyterian Medical Center - University of Pittsburgh Medical Center - Stanford Health Care,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health - Health,Killnet,Russia,Non-state-group,Hacktivist(s),3,6741; 6741; 6741; 6741; 6741; 6741; 6742; 6743,2023-01-30 00:00:00; 2023-01-30 00:00:00; 2023-01-30 00:00:00; 2023-01-30 00:00:00; 2023-01-30 00:00:00; 2023-01-30 00:00:00; 2023-01-28 00:00:00; 2023-01-30 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attacker confirms; Attacker confirms," US Department of Health and Human Services; John Riggi (National Advisor for Cybersecurity and Risk of American Hospital Association, United States); Health Sector Cyber Security Coordination Center (HC3);  US Department of Health and Human Services; John Riggi (National Advisor for Cybersecurity and Risk of American Hospital Association, United States); Health Sector Cyber Security Coordination Center (HC3); Killnet; Killnet",Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United States; United States; United States; United States; United States; Russia; Russia,Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.govinfosecurity.com/hhs-aha-warn-surge-in-russian-ddos-attacks-on-hospitals-a-21050; https://www.aha.org/system/files/media/file/2023/01/hc3-tlp-clear-analyst-note-pro-russian-hacktivist-group-killnet-threat-to-hph-sector-1-30-23.pdf; https://t.me/killnet_reservs/4977; https://t.me/killnet_reservs/5028,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-07 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/HackRead/status/1623358394613567488; https://www.govinfosecurity.com/hhs-aha-warn-surge-in-russian-ddos-attacks-on-hospitals-a-21050; https://www.aha.org/system/files/media/file/2023/01/hc3-tlp-clear-analyst-note-pro-russian-hacktivist-group-killnet-threat-to-hph-sector-1-30-23.pdf; https://t.me/killnet_reservs/4977; https://therecord.media/ddos-denmark-us-russia-killnet/; https://securityaffairs.com/141598/hacktivism/killnet-ddos-us-healthcare.html; https://www.databreaches.net/hc3-analyst-note-pro-russian-hacktivist-group-killnet-threat-to-hph-sector-2/; https://twitter.com/BlackBerrySpark/status/1620537202382983173; https://twitter.com/Dennis_Kipker/status/1620499064684154882; https://twitter.com/securityaffairs/status/1620335610887278593; https://twitter.com/Cyber_O51NT/status/1620564963072032769; https://twitter.com/alexfrudolph/status/1620269739888218113; https://twitter.com/M_Miho_JPN/status/1620334652186836993; https://twitter.com/DigitalPeaceNow/status/1620546530875957248; https://t.me/killnet_reservs/5028; https://www.darkreading.com/ics-ot/killnet-pro-russia-hacktivist-group-support-influence-grows; https://twitter.com/cahlberg/status/1620591103572590592; https://twitter.com/780thC/status/1621104394350784513; https://therecord.media/tallahassee-hospital-diverting-patients-canceling-non-emergency-surgeries-after-cyberattack/; https://twitter.com/RecordedFuture/status/1621646458259750912; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html; https://research.checkpoint.com/2023/6th-february-threat-intelligence-report/; https://therecord.media/ddos-hospitals-cisa-killnet-limited-effects/; https://twitter.com/RecordedFuture/status/1623069165891342336; https://twitter.com/RecordedFuture/status/1623519318150463489; https://blog.cloudflare.com/uptick-in-healthcare-organizations-experiencing-targeted-ddos-attacks/; https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://twitter.com/cahlberg/status/1624843345741635585; https://www.malwarebytes.com/blog/news/2023/02/killnet-group-targets-us-and-european-hospitals-with-ddos-attacks; https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-february-6-12; https://twitter.com/RecordedFuture/status/1625132464359280642; https://www.telegraph.co.uk/world-news/2023/02/12/russian-killnet-hackers-disrupt-natos-turkey-syria-earthquake/; https://twitter.com/BlackBerrySpark/status/1625963191988625410; https://therecord.media/killnet-ddos-hospitals-healthcare-russia; https://www.microsoft.com/en-us/security/blog/2023/03/17/killnet-and-affiliate-hacktivist-groups-targeting-healthcare-with-ddos-attacks/; https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation; https://www.securitymiddleeastmag.com/online-exclusive-rise-of-the-botnets/,2023-01-31,2023-03-02
1867,Pro-Russian hacktivist group Killnet disrupted several hospital websites in Europe in January 2023,"The pro-Russian hacktivist group Killnet is suspected to be responsible for disrupting the information page of the University Medical Center of Groningen (UMCG) in the Netherlands, with DDoS attacks during 28-30 January 2023 according to Z-Cert, an expertise center for cybersecurity in healthcare. In addition, the websites of other European hospitals were also affected by DDoS attacks.",2023-01-28,2023-01-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Not available - Not available - University Medical Center Groningen - Not available - Not available,Poland; Germany; Netherlands; Northern Europe; United Kingdom,EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU -  - EUROPE; NATO; NORTHEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health - Health - Health,Killnet,Russia,Non-state-group,Hacktivist(s),3,6744; 6745; 6746,2023-01-30 00:00:00; 2023-01-23 00:00:00; 2023-02-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms; Attribution by receiver government / state entity,Z-Cert; Killnet; Dutch National Cybersecurity Centre (NCSC),; Not available; Not available,Netherlands; Russia; Netherlands,Killnet; Killnet; Killnet,Russia; Russia; Not available,Non-state-group; Non-state-group; Non-state-group,https://www.volkskrant.nl/nieuws-achtergrond/ziekenhuis-groningen-geraakt-door-pro-russische-hackers-geen-vitale-systemen-getroffen~b7becbaa/; https://t.me/killnet_reservs/4977; https://www.euronews.com/2023/02/01/european-hospitals-targeted-by-pro-russian-hackers,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-01 00:00:00,EU member states: Preventive measures,Awareness raising,Netherlands,Nationaal Cyber Security Centrum (NCSC) of the Netherlands,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://blog.cloudflare.com/uptick-in-healthcare-organizations-experiencing-targeted-ddos-attacks/; https://www.nrc.nl/nieuws/2023/01/30/website-gronings-ziekenhuis-crasht-door-aanval-pro-russische-hackersgroep-a4155683; https://www.volkskrant.nl/nieuws-achtergrond/ziekenhuis-groningen-geraakt-door-pro-russische-hackers-geen-vitale-systemen-getroffen~b7becbaa/; https://t.me/killnet_reservs/4977; https://twitter.com/Dennis_Kipker/status/1620499064684154882; https://securityaffairs.com/141695/cyber-warfare-2/killnet-hit-dutch-european-hospitals.html; https://www.darkreading.com/ics-ot/killnet-pro-russia-hacktivist-group-support-influence-grows; https://twitter.com/CERTEU/status/1620743978286223360; https://twitter.com/securityaffairs/status/1620886916915941376; https://www.securityweek.com/dutch-european-hospitals-hit-by-pro-russian-hackers/; https://therecord.media/passion-botnet-customizable-pro-russia-hackers/; https://twitter.com/securityaffairs/status/1621617739721752579; https://twitter.com/securityaffairs/status/1621511156430143490; https://twitter.com/RecordedFuture/status/1621646458259750912; https://www.ncsc.nl/actueel/nieuws/2023/februari/1/nederlandse-ziekenhuizen-getroffen-door-ddos-aanvallen; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html; https://twitter.com/cahlberg/status/1621670609032806400; https://www.euronews.com/2023/02/01/european-hospitals-targeted-by-pro-russian-hackers; https://therecord.media/ddos-hospitals-cisa-killnet-limited-effects/; https://twitter.com/RecordedFuture/status/1623069165891342336; https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://twitter.com/cahlberg/status/1624843345741635585; https://www.malwarebytes.com/blog/news/2023/02/killnet-group-targets-us-and-european-hospitals-with-ddos-attacks; https://twitter.com/RecordedFuture/status/1625132464359280642; https://therecord.media/killnet-ddos-hospitals-healthcare-russia; https://www.microsoft.com/en-us/security/blog/2023/03/17/killnet-and-affiliate-hacktivist-groups-targeting-healthcare-with-ddos-attacks/,2023-01-31,2023-06-18
1865,Russian state-sponsored hacking group Sandworm deployed new wiper SwiftSlicer against an unspecified target in Ukraine,"On 25 January 2023, Slovakian IT security firm ESET discovered a new wiper, named SwiftSlicer, in the network of a Ukrainian organization. The company attributed the destructive malware to the Russian state-sponsored hacking group Sandworm. No details on the impact of the wiper or the known target have been reported. ",2023-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Unknown,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,1,9738,2023-01-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,ESET,,Slovakia,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://twitter.com/ESETresearch/status/1618960022150729728,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/attacks-breaches/russia-sandworm-apt-swarm-wiper-attacks-ukraine; https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://www.nrc.nl/nieuws/2023/02/26/zelfs-rusland-houdt-grote-cyberaanvallen-maar-eventjes-vol-a4158110; https://twitter.com/Cyber_O51NT/status/1629280661474508801; https://twitter.com/780thC/status/1629087842516320256; https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html; https://www.cybersecasia.net/news/apt-activities-from-china-n-korea-iran-and-russia; https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/; https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/; https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/; https://twitter.com/CyberScoopNews/status/1619100786092539906; https://twitter.com/LisaForteUK/status/1619077445264769024; https://twitter.com/ESETresearch/status/1618960022150729728; https://twitter.com/CyberScoopNews/status/1619044030154940417; https://twitter.com/TomHegel/status/1619029756682579968; https://twitter.com/RecordedFuture/status/1619109632882135040; https://twitter.com/CyberScoopNews/status/1619019403890233349; https://twitter.com/ericgeller/status/1618972354264330241; https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html; https://securityaffairs.com/141473/apt/sandworm-targets-ukraine-swiftslicer.html; https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html; https://twitter.com/AnonOpsSE/status/1619250900689731585; https://twitter.com/Cyber_O51NT/status/1619272958786273280; https://twitter.com/780thC/status/1620022717566324741; https://twitter.com/DarkReading/status/1620190750095933440; https://twitter.com/securityaffairs/status/1620174289751384064; https://twitter.com/securityaffairs/status/1620012597360857088; https://twitter.com/BlackBerrySpark/status/1620537202382983173; https://twitter.com/CSIS_Tech/status/1620542650834382849; https://twitter.com/DarkReading/status/1620558295672012807; https://twitter.com/Cyber_O51NT/status/1620571509596229632; https://twitter.com/Dennis_Kipker/status/1620838241174982656,2023-01-30,2023-05-09
1864,Iran-based TA453 targeted a variety of targets in the UK and other regions with spearphishing campaign,"The UK National Cyber Security Centre warned of a successful spearphishing campaign by the Iran-based actor TA453 against a wide range of sectors including academia, defence and government organisations, NGOs, think-tanks, politicians, journalists and activists in the UK and other regions. The campaign used open-source resources such as social media and professional networking platforms to establish trust with targets. In serveral cases, TA453 also sent a malicious link disguised as a Zoom invitation to targets. In at least one instance, the attackers set up a Zoom call with the target and shared a malicious URL in the chat.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available,United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom,EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU,State institutions / political system - Critical infrastructure - Science - Social groups - Media,Government / ministries - Defence industry -  - Advocacy / activists (e.g. human rights organizations) - ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7044,2022-01-26 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,United Kingdom’s National Cyber Security Centre (NCSC),Not available,United Kingdom,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest,Unknown,Unknown,,Unknown,,1,2023-01-26 00:00:00,State Actors: Preventive measures,Awareness raising,United Kingdom,UK National Cyber Security Centre (NCSC),No,,Phishing; Valid Accounts,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/british-cyber-agency-issues-warning-over-russian-and-iranian-espionage-campaigns/; https://securityaffairs.com/141393/apt/ncsc-warns-seaborgium-ta453-attacks.html; https://www.databreaches.net/ncsc-russian-and-iranian-hackers-targeting-uk-politicians-journalists/; https://www.rferl.org/a/britain-russia-hacking-group/32240999.html; https://twitter.com/BushidoToken/status/1618552720834846724; https://twitter.com/NCSC/status/1618539942170472449; https://twitter.com/RecordedFuture/status/1618612424923549696; https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest; https://thehackernews.com/2023/01/british-cyber-agency-warns-of-russian.html; https://twitter.com/Dennis_Kipker/status/1618933708815499265; https://twitter.com/unix_root/status/1618956739944013829; https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html; https://www.microsoft.com/en-us/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/; https://www.wired.com/story/iran-cyber-army-protests-disinformation/,2023-01-27,2023-06-14
1863,Pro-Russian hacktivists group Killnet disrupted the websites of German private and state entitites on 25 January 2023,"#GermanyRIP: The pro-Russian hacktivists group Killnet disrupted websites of German private sector entities, including banks and airports, as well as state organizations in reaction to the German government's decision to send Leopard 2 main battle tanks to Ukraine, according to the Telegram posts of the hackers themselves. 
According to the German Federal Office for Information Security, which monitors information security, the attack caused some minor outages, but was otherwise of limited impact. Both Killnet and German security authorities named the specific targets of this DDoS attack. A complete list of the organizations experiencing disruptions as a result of the attack has not yet been shared publicly.
IT company Cado Security published a summary of DDoS attacks on January 25, 2023, the day they occurred. This report states that Killnet and other hacktivist groups, even as far as Anonymous Sudan, claimed DDoS attacks on behalf of GermanyRIP. Cado Security was also unable to say anything about the extent to which these were successful. 
In Baden-Württemberg's state parliament, the Social Democratic Party of Germany (SPD) and the Free Democratic Part (FDP) parliamentary groups put questions to Interior Minister Thomas Strobl after it became known that the state police website was also affected by the DDoS attacks. SPD MP Sascha Binder wanted to know exactly which areas were affected and the extent of the disruption. The spokesman for digitization of the FDP/DVP parliamentary group, Daniel Karrais, demanded that the Minister of the Interior put all cybersecurity measures against external and internal threats to the test.",2023-01-25,2023-01-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",; ; ; ,Incident disclosed by attacker; Incident disclosed by attacker,Disruption,State Police of Baden-Württemberg - Not available - Not available,Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system,Police - Finance; Transportation - Government / ministries; Police,Killnet,Russia,Non-state-group,Hacktivist(s),1,12106,2023-01-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://t.me/killnet_k_hacker/246; https://t.me/killnet_k_hacker/247; https://t.me/killnet_k_hacker/248; https://t.me/killnet_k_hacker/249; https://t.me/killnet_k_hacker/258,System / ideology; National power; Territory; Resources,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-01-26 00:00:00,State Actors: Legislative reactions,Dissenting statement by sub-national member of parliament,Germany,"Sascha Binder (Member of State Parliament of Baden-Württemberg, Germany)",No,,Not available,Network Denial of Service,,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/AlexMartin/status/1618241194135523328; https://twitter.com/JanLemnitzer/status/1618335682732388354; https://www.sueddeutsche.de/politik/hacker-angriff-russland-1.5739287; https://twitter.com/Cyber_O51NT/status/1618430237473398786; https://twitter.com/DarkReading/status/1618708034687049733; https://www.reuters.com/world/europe/russian-hacktivists-briefly-knock-german-websites-offline-2023-01-25/; https://t.me/killnet_k_hacker/246; https://t.me/killnet_k_hacker/247; https://t.me/killnet_k_hacker/248; https://t.me/killnet_k_hacker/249; https://t.me/killnet_k_hacker/258; https://www.govinfosecurity.com/russian-nuisance-hacking-group-killnet-targets-germany-a-21039; https://twitter.com/campuscodi/status/1618917036448694272; https://twitter.com/LisaForteUK/status/1619077445264769024; https://www.welt.de/politik/deutschland/article243475517/Laut-Medienbericht-Erneut-Cyberangriff-auf-Internetangebot-des-Bundestags.html; https://twitter.com/Dennis_Kipker/status/1618931074318622720; https://securityaffairs.com/141513/hacktivism/killnet-targets-germany.html; https://www.cadosecurity.com/leopard-tank-announcement-prompts-cyber-retaliation/; https://www.govinfosecurity.com/hhs-aha-warn-surge-in-russian-ddos-attacks-on-hospitals-a-21050; https://twitter.com/Cyber_O51NT/status/1619928084945440769; https://twitter.com/stefan_hessel/status/1619991033777119233; https://www.nrc.nl/nieuws/2023/01/30/website-gronings-ziekenhuis-crasht-door-aanval-pro-russische-hackersgroep-a4155683; https://therecord.media/ddos-denmark-us-russia-killnet/; https://twitter.com/Cyber_O51NT/status/1620564963072032769; https://twitter.com/Dennis_Kipker/status/1621187722210689025; https://www.swr.de/swraktuell/baden-wuerttemberg/hacker-angriff-polizei-bw-100.html; https://therecord.media/passion-botnet-customizable-pro-russia-hackers/; https://twitter.com/securityaffairs/status/1621617739721752579; https://twitter.com/securityaffairs/status/1621511156430143490; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html; https://twitter.com/cahlberg/status/1621670609032806400; https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://twitter.com/securityaffairs/status/1627734553778442240; https://www.darkreading.com/ics-ot/german-government-airports-banks-hit-killnet-ddos-attacks; https://www.darkreading.com/ics-ot/ddos-ransomware-itop-business-concern-edge-networks,2023-01-27,2024-03-01
1862,Russia-based SEABORGIUM targeted a variety of targets in the UK and other regions with spear-phishing campaign,"The UK National Cyber Security Centre warned of a successful spear-phishing campaign by Russia-based SEABORGIUM against a wide range of sectors including academia, defence and government organisations, NGOs, think-tanks, politicians, journalists, and activists in the UK and other regions. The campaign used open-source resources such as social media and professional networking platforms to conduct reconnaissance on targets. 
On 7 December 2023, the UK government sanctioned two Russian individuals for their participation in the campaign, followed by similar US and EU responses.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available,United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,Media - Science - Social groups - Critical infrastructure - State institutions / political system, -  - Advocacy / activists (e.g. human rights organizations) - Defence industry - Government / ministries,"Star Blizzard fka SEABORGIUM/Callisto Group/TA446/COLDRIVER/TAG:53/Blue Charlie/Reuse Team (FSB Centre 18, Unit 64829)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,15072,2022-01-26 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,United Kingdom’s National Cyber Security Centre (NCSC),Not available,United Kingdom,"Star Blizzard fka SEABORGIUM/Callisto Group/TA446/COLDRIVER/TAG:53/Blue Charlie/Reuse Team (FSB Centre 18, Unit 64829)",Russia,"Non-state actor, state-affiliation suggested",https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest,Unknown,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,1,2023-01-26 00:00:00,State Actors: Preventive measures,Awareness raising,United Kingdom,UK National Cyber Security Centre (NCSC),No,,Phishing; Valid Accounts,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/lorenzofb/status/1623425549874888706; https://www.jpost.com/international/article-730929; https://www.govinfosecurity.com/russian-hackers-suspected-accessing-email-british-mp-a-21155; https://twitter.com/StewartMcDonald/status/1623224020949778432; https://www.bbc.com/news/uk-politics-64562832; https://therecord.media/british-cyber-agency-issues-warning-over-russian-and-iranian-espionage-campaigns/; https://securityaffairs.com/141393/apt/ncsc-warns-seaborgium-ta453-attacks.html; https://www.databreaches.net/ncsc-russian-and-iranian-hackers-targeting-uk-politicians-journalists/; https://www.rferl.org/a/britain-russia-hacking-group/32240999.html; https://twitter.com/BushidoToken/status/1618552720834846724; https://twitter.com/NCSC/status/1618539942170472449; https://twitter.com/RecordedFuture/status/1618612424923549696; https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest; https://thehackernews.com/2023/01/british-cyber-agency-warns-of-russian.html; https://twitter.com/Dennis_Kipker/status/1618933708815499265; https://twitter.com/unix_root/status/1618956739944013829; https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html; https://www.microsoft.com/en-us/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/; https://twitter.com/BushidoToken/status/1623619447003947009; https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection; https://english.elpais.com/international/2023-12-07/the-uk-government-blames-russian-intelligence-for-prolonged-efforts-to-meddle-in-british-politics.html; https://www.reddit.com/r/redditsecurity/comments/e74nml/suspected_campaign_from_russia_on_reddit/?rdt=61417; https://securityaffairs.com/155564/breaking-news/security-affairs-newsletter-round-449-by-pierluigi-paganini-international-edition.html; https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes; https://home.treasury.gov/news/press-releases/jy1962; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-december-2023/,2023-01-27,2024-02-14
1861,FBI infiltrated and dismantled ransomware group Hive beginning in July 2022,"In a press conference on 26 January 2023, US Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy US Attorney General Lisa Monaco announced that US law enforcement had infiltrated the ransomware group Hive beginning in July 2022 and had now dismantled it. 
The investigation into the group's operations is still ongoing, yet officials at the joint press event announced that the intervention managed to stop Hive from extorting over $130 million from over 300 victims by securing encryption keys.
The US Department of Justice, in cooperation with the German Federal Criminal Police, the Dutch National High Tech Crime Unit and other law enforcement agencies from a total of 13 countries, seized the ransomware outfit's websites and a variety of associated servers.
Against this backdrop, the US State Department reiterated that it is offering a reward of up to 10 million USD for information linking Hive to a foreign government under its Rewards for Justice program regarding foreign malicious cyber activity against US critical infrastructure, which was first announced in July 2021.",2022-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,Hive (Ransomware Group),Not available,,Social groups,Criminal,Not available,United States,State,,1,12107; 12107; 12107,2023-01-26 00:00:00; 2023-01-26 00:00:00; 2023-01-26 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attacker confirms; Attacker confirms; Attacker confirms,"Merrick Garland (Attorney General, United States); Christopher Wray (Director of the Federal Bureau of Investigation, United States); Lisa Monaco (Deputy Attorney General, United States)",Not available; Not available; Not available,United States; United States; United States,Not available; Not available; Not available,United States; United States; United States,State; State; State,https://twitter.com/TheJusticeDept/status/1618693732743651363; https://twitter.com/FBI/status/1618637314972086272; https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant,Cyber-specific,Not available,,Not available,,1,2023-01-26 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,United States,Merrick B. Garland (Attorney General; USA),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,Not available,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.malwarebytes.com/blog/business/2023/02/ransomware-in-february-2023; https://socradar.io/why-ransomware-groups-switch-to-rust-programming-language/; https://twitter.com/Dennis_Kipker/status/1623655370613825537; https://twitter.com/Dinosn/status/1624253493371367425; https://www.malwarebytes.com/blog/news/2023/01/hive-ransomware-infrastructure-taken-down; https://telecom.economictimes.indiatimes.com/news/us-infiltrates-big-ransomware-gang-we-hacked-the-hackers/97362416; https://www.darkreading.com/vulnerabilities-threats/hive-ransomware-gang-loses-honeycomb; https://www.darkreading.com/ics-ot/the-doj-disruption-of-the-hive-ransomware-group-is-a-short-lived-win; https://twitter.com/DarkReading/status/1630603955670507521; https://twitter.com/DigitalPeaceNow/status/1630705797964390401; https://twitter.com/DigitalPeaceNow/status/1630705797964390401; https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy; https://www.darkreading.com/threat-intelligence/police-raid-alleged-core-members-of-doppelpaymer-ransomware-gang; https://cyberscoop.com/doppelpaymer-ransomware-gang-europol-raid/; https://twitter.com/nicoleperlroth/status/1633871105701343233; https://securityaffairs.com/141374/cyber-crime/hive-ransomware-leak-site-seized.html; https://cyberscoop.com/fbi-europol-hive-ransomware-group/; https://therecord.media/we-hacked-the-hackers-doj-fbi-take-down-hive-ransomware-after-spending-months-inside-gang-systems/; https://www.databreaches.net/hive-ransomwares-infrastructure-seized-law-enforcement-hacked-the-hackers/; https://www.databreaches.net/developing-hives-leak-site-seized/; https://thehackernews.com/2023/01/hive-ransomware-infrastructure-seized.html; https://twitter.com/CyberScoopNews/status/1618665069457408002; https://twitter.com/vxunderground/status/1618735957905399809; https://twitter.com/iblametom/status/1618636574576762888; https://twitter.com/securityaffairs/status/1618691549747093504; https://twitter.com/securityaffairs/status/1618654659140554760; https://twitter.com/ryanaraine/status/1618645526689513474; https://twitter.com/TheJusticeDept/status/1618693732743651363; https://twitter.com/TheJusticeDept/status/1618642033475723266; https://twitter.com/vxunderground/status/1618637541728743425; https://twitter.com/iblametom/status/1618633273160372225; https://twitter.com/snlyngaas/status/1618625807299272704; https://twitter.com/CryptoInsane/status/1618716691873284097; https://twitter.com/JaneFrankland/status/1618751567775125504; https://twitter.com/Cyberknow20/status/1618705284826034179; https://twitter.com/switch_d/status/1618718766061297685; https://twitter.com/darktracer_int/status/1618620256901271552; https://twitter.com/ido_cohen2/status/1618601828786274308; https://twitter.com/Bing_Chris/status/1618644695126794242; https://twitter.com/zackwhittaker/status/1618644680492855309; https://twitter.com/snlyngaas/status/1618632775598497792; https://twitter.com/InfoSecSherpa/status/1618667345756704769; https://twitter.com/chuksjonia/status/1618637845698342913; https://twitter.com/cahlberg/status/1618748557875634176; https://twitter.com/WSJCyber/status/1618658354905096192; https://twitter.com/jeffstone500/status/1618640814317662214; https://twitter.com/SentinelOne/status/1618687307586093056; https://twitter.com/unix_root/status/1618666829752242187; https://twitter.com/snlyngaas/status/1618655560118976513; https://twitter.com/lukOlejnik/status/1618656989583921153; https://www.diepresse.com/6243466/strafverfolgern-gelingt-schlag-gegen-hackergruppe-hive; https://www.sueddeutsche.de/wirtschaft/hacker-hive-polizei-ransomware-1.5739999; https://tarnkappe.info/artikel/cyberangriff/hive-ransomware-group-hacker-netzwerk-zerschlagen-264221.html; https://jyllands-posten.dk/international/usa/ECE14903518/usa-nedlaegger-hjemmeside-brugt-til-afpresning-for-700-millioner-kroner/; https://twitter.com/Dinosn/status/1618694222714109952; https://www.reuters.com/world/us/announcement-posted-hive-ransomware-groups-site-says-it-has-been-seized-by-fbi-2023-01-26/; https://twitter.com/FBI/status/1618637314972086272; https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant; https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-disruption-hive-ransomware-variant; https://www.justice.gov/opa/speech/attorney-general-merrick-b-garland-delivers-remarks-disruption-hive-ransomware-variant; https://www.europol.europa.eu/media-press/newsroom/news/cybercriminals-stung-hive-infrastructure-shut-down; https://twitter.com/RFJ_USA/status/1618658902626779136; https://therecord.media/ransomware-experts-laud-hive-takedown-but-question-impact-without-arrests/; https://www.techrepublic.com/article/fbi-takes-down-hive-ransomware-group/; https://nakedsecurity.sophos.com/2023/01/27/hive-ransomware-servers-shut-down-at-last-says-fbi/; https://twitter.com/aselawaid/status/1618782536469221377; https://twitter.com/AlexMartin/status/1618970835422961665; https://www.lawfareblog.com/justice-department-thwarts-hive-ransomware-scheme; https://twitter.com/securityaffairs/status/1618904278625849346; https://www.hackread.com/hive-ransomware-gang-disrupted-site-seized/; https://twitter.com/Cyber_O51NT/status/1618800047839391744; https://twitter.com/CyberScoopNews/status/1618796790815547393; https://twitter.com/hackerfantastic/status/1619120472154836993; https://twitter.com/HackRead/status/1618943365508386817; https://twitter.com/_r_netsec/status/1619035786942488577; https://twitter.com/LisaForteUK/status/1618964276512710660; https://twitter.com/cahlberg/status/1619122051033497600; https://twitter.com/UK_Daniel_Card/status/1618866236716355585; https://twitter.com/NSA_CSDirector/status/1618778557853077507; https://twitter.com/RecordedFuture/status/1619109684421742592; https://twitter.com/TonyaJoRiley/status/1618962048750346241; https://twitter.com/CyberScoopNews/status/1618976249514463232; https://twitter.com/cahlberg/status/1619084779382788096; https://twitter.com/TheJusticeDept/status/1619074452481777677; https://twitter.com/SentinelOne/status/1619002761974091778; https://www.abc.es/internacional/fbi-hive-ciberchantajistas-hackers-20230127091246-nt.html; https://www.elmundo.es/tecnologia/2023/01/26/63d2fcbffc6c83ea348b4584.html; https://securityaffairs.com/141491/cyber-crime/crooks-mimicking-lockbit-gang.html; https://www.wired.com/story/meduza-russia-outlaw-security-roundup/; https://twitter.com/chuksjonia/status/1619124899099951104; https://twitter.com/RecordedFuture/status/1619347106841624576; https://twitter.com/Cyberknow20/status/1619124446987706370; https://twitter.com/mruef/status/1619742440092467202; https://www.cybersecasia.net/news/fbi-seizes-servers-of-the-notorious-hive-ransomware-threat-group; https://twitter.com/WSJCyber/status/1620129094628171788; https://twitter.com/nicoleperlroth/status/1620088484966064128; https://twitter.com/snlyngaas/status/1620414277818679296; https://twitter.com/DigitalPeaceNow/status/1620546530875957248; https://twitter.com/DigitalPeaceNow/status/1620806681134354432; https://cyberscoop.com/russian-ransomware-ryuk-guilty/; https://www.databreaches.net/more-lawsuits-filed-over-knox-college-ransomware-attack/; https://socradar.io/whats-next-for-cybercrime-ecosystem-after-genesis-market-takedown/; https://therecord.media/doj-lisa-monaco-urges-cisos-to-work-with-gov-uber-sentencing; https://cyberscoop.com/doj-cybercrime-disruption-ransomware/; https://socradar.io/dark-web-profile-blackbyte-ransomware/; https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2023-threat-report; https://www.darkreading.com/ics-ot/2-years-after-colonial-pipeline-attack-us-critical-infrastructure-remains-as-vulnerable-to-ransomware; https://twitter.com/securityaffairs/status/1658585005969293314; https://therecord.media/hive-ransomware-decryptors-fbi-bryan-smith-interview-click-here; https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://cyberscoop.com/cynthia-kaiser-fbi-ransomware-hive/; https://www.darkreading.com/vulnerabilities-threats/how-to-mitigate-cybersecurity-risks-from-misguided-trust; https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/; https://cyberscoop.com/police-seize-ragnar-locker-leak-site/; https://thehackernews.com/2023/10/europol-dismantles-ragnar-locker.html; https://www.bleepingcomputer.com/news/security/police-dismantle-ransomware-group-behind-attacks-in-71-countries/; https://therecord.media/russian-with-hive-ties-arrested-france; https://cyberscoop.com/fbi-seizes-alphv-leak-website-hours-later-ransomware-gang-claims-it-unseized-it/; https://www.bleepingcomputer.com/news/security/how-the-fbi-seized-blackcat-alphv-ransomwares-servers/; https://therecord.media/fbi-warrant-reveals-confidential-source-helped-alphv-ransomware-takedown; https://therecord.media/doj-to-increase-cybercrime-efforts; https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/; https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-tips-on-hive-ransomware-leadership/; https://therecord.media/us-offers-10-million-dollar-reward-for-hive-ransomware-info; https://securityaffairs.com/158871/cyber-crime/10m-reward-hive-ransomware-group.html; https://www.khgames.co.kr/news/articleView.html?idxno=224468; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html; https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/; https://www.it-daily.net/it-sicherheit/cybercrime/ransomware-zahlungen-auf-rekordhoch; https://www.datanet.co.kr/news/articleView.html?idxno=192269; https://www.ejanews.co.kr/news/articleView.html?idxno=322146,2023-01-27,2023-10-23
1860,Unknown actors gained access to networks of at least two organizations of the US Federal Civilian Executive Branch through the malicious use of legitimate remote monitoring and management software in mid-June and mid-September 2022,"The US Cybersecurity and Infrastructure Security Agency (CISA) warned of the malicious use of legitimate remote monitoring and management (RMM) software in January 2023. The alert notes the deployment of RMM tools by unknown actors against networks of at least two unnamed organizations within the US federal civilian executive branch (FCEB) in mid-June 2022 and mid-September 2022. Both incidents were initiated by phishing emails that faciliated the download of RMM software. With active access to compromised systems, the attackers convinced the recipients to check their bank accounts, providing the attackers with an opportunity to fabricate fake account summaries. These manipulated summaries showed made-up refunds to make victims believe they had been reimbursed too much money.
Victims were requested to ""correct"" this and pay the difference to the attackers. CISA pointed to the scam observed in these two incidents as indications of potential financial motives, while noting that the access developed as part of the campaign could also be used for other malicious purposes.",2022-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Not available,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Non-state-group,Criminal(s),1,7046,2023-01-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA),Not available,United States,Not available,Not available,Non-state-group,https://www.cisa.gov/uscert/ncas/alerts/aa23-025a,Unknown,Not available,,Not available,,1,2023-01-25 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Phishing,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,2.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/cisa-says-federal-agencies-attacked-in-refund-scam-through-remote-management-software/; https://www.cisa.gov/uscert/ncas/alerts/aa23-025a; https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html; https://cyberscoop.com/cisa-federal-agency-refund-scam-remote-software/; https://twitter.com/campuscodi/status/1618917036448694272; https://twitter.com/SentinelOne/status/1619002761974091778,2023-01-26,2023-03-02
1859,Swiss security researcher Maia Arson Crimew obtained a copy of the US No Fly List via an unprotected server of US airline CommuteAir in January 2023,"Swiss security researcher Maia Arson Crimew identified an unprotected Jenkins server operated by the US airline CommuteAir during the week of 9 January, according to a blog post on her website. Project files stored on this development server contained login information to Amazon Web Services (AWS) infrastructure used by the airline. On the AWS servers, Crimew discovered records that an airliine representative confirmed were a 2019 copy of the US No Fly List, containing more than 1.5 million entries.
The No Fly List, maintained by the Terrorist Screening Center (TSC) within the FBI, includes individuals prohibited from traveling on commercial flights within, into or out of the United States. 
The Swiss hacker made data from the No Fly List available to journalists upon request via the whistleblower platform DDoS Secrets.
Republican Congressman Dan Bishop, a member of the House Committee on Homeland Security, demanded an enquiry into why the copy of the No Fly List was not better protected. ",2023-01-09,2023-01-15,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,CommuteAir,United States,NATO; NORTHAM,Critical infrastructure,Transportation,Maia Arson Crimew,Switzerland,Individual hacker(s),,1,12108,2023-01-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Maia Arson Crimew,Not available,Switzerland,Maia Arson Crimew,Switzerland,Individual hacker(s),https://maia.crimew.gay/posts/how-to-hack-an-airline/,Unknown,Unknown,,Unknown,,1,2023-01-21 00:00:00,State Actors: Legislative reactions,Dissenting statement by member of parliament,United States,"Dan Bishop (Republican Congressman, USA)",No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Air law,Civic / political rights; ,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,US Transportation Security Administration (TSA),Not available,,Not available,,https://www.nrc.nl/nieuws/2023/01/24/tientallen-nederlanders-staan-op-no-flylist-van-de-fbi-onder-wie-laura-h-en-tanja-nijmeijer-a4155161; https://therecord.media/congressman-coming-for-answers-after-no-fly-list-hack/; https://securityaffairs.com/141230/data-breach/no-fly-list-on-unsecured-server.html; https://twitter.com/securityaffairs/status/1617965634897448961; https://twitter.com/securityaffairs/status/1617803102740176898; https://twitter.com/securityaffairs/status/1617801612034199555; https://maia.crimew.gay/posts/how-to-hack-an-airline/; https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/; https://portswigger.net/daily-swig/deserialized-web-security-roundup-catastrophic-cyber-events-another-t-mobile-breach-more-lastpass-problems; https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html; https://therecord.media/no-fly-list-breach-tsa-domestic-airlines-warning/; https://www.hackread.com/video-marketing-software-animker-data-leak/; https://www.hackread.com/breachforums-breached-pii-data-sold-online/,2023-01-26,2023-08-03
1858,Hacker group Kasablanka targeted various Russian state institutions from September to December 2022,"The Kasablanka group targeted various Russian state institutions - including the Ministry of Foreign Communications of the Astrakhan Region and the Federal Agency for the Commonwealth of Independent States Affairs, Compatriots Living Abroad, and International Humanitarian Cooperation (Rossotrudnichestvo) - from September to December 2022, the Chinese IT security firm Qi-Anxin concludes with medium confidence.
This attribution finding is based on the use of Loda RAT malware, which is deemed to be custom-built. Considering possibilities to reverse-engineer the tool, Qi-Anxin did not rule out an attempted false-flag operation. ",2022-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,"Ministry of Public Administration, Information Technology and Communications of Astrakhan Region - Federal Agency for the Commonwealth of Independent States Affairs, Compatriots Living Abroad, and International Humanitarian Cooperation (Rossotrudnichestvo) - Not available",Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration - Government / ministries,Kasablanka Group,Not available,Unknown - not attributed,,1,7048,2023-01-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Qi An Xin Technology Group,,China,Kasablanka Group,Not available,Unknown - not attributed,https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,3.0,No system interference/disruption,Not available,1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Arkbird_SOLG/status/1615443145524666385; https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/,2023-01-24,2023-02-15
1855,Criminal hackers breached the networks of Canadian power generation and distribution company Qulliq Energy Corporation (QEC) beginning on 15 January 2023 ,"Criminal hackers are suspected to have breached the networks of Canadian power generation and distribution company Qulliq Energy Corporation (QEC) beginning on 15 January 2023. The incident disrupted computer systems on the administrative side, including the ability to process credit card payments. Operations related to energy supply remained unaffected. Investigations into whether information was stolen are ungoing. P.J. Akeeagok, the premier of the affected Canadian province of Nunavut, characterized the attack as criminal and authorized technical government support. ",2023-01-15,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Qulliq Energy Corporation (QEC),Canada,NATO; NORTHAM,,,Not available,Not available,Non-state-group,Criminal(s),1,12112,2023-01-19 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,"P.J. Akeeagok (Premier of Nunavut, Canada)",Not available,Canada,Not available,Not available,Non-state-group,https://gov.nu.ca/executive-and-intergovernmental-affairs/news/premier-comments-qec-cyber-security-incident,Unknown,Not available,,Not available,,1,2023-01-19 00:00:00,State Actors: Stabilizing measures,Subnational executive official,Canada,P.J. Akeeagok (Premier of Nunavut; Canada),No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,,Not available,1,2023-01-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Royal Canadian Mounted Police (RCMP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/dragos-ransomware-report-2022-ics-ot-lockbit/; https://therecord.media/cyberattack-on-nunavut-energy-supplier-limits-company-operations/; https://gov.nu.ca/executive-and-intergovernmental-affairs/news/premier-comments-qec-cyber-security-incident; https://gov.nu.ca/news/qulliq-energy-corporation-impacted-cybersecurity-incident; https://www.databreaches.net/ca-qulliq-energy-stops-short-of-labelling-cyberattack-another-nunavut-ransomware-incident/; https://therecord.media/encino-energy-cyberattack-alleged-data-leak-alphv/,2023-01-23,2023-10-26
1854,APT-C-23 believed to be associated with Palestinian terrorist organization Hamas penetrated computers and mobile devices of senior Israeli officials since July 2021,"APT-C-23, one of the two main subgroups of Hamas' cyber warfare division, managed to trick senior members of Israeli law enforcement, defense, and emergency service organization into downloading malware onto their computers or mobile devices using sexually charged fake Facebook profiles, IT security firm Cybereason confirms with moderate-high confidence. 
The goal of the Arabic-speaking hacking group was to gather sensitive information. To do so, they used two previously unknown malware packages, Barb(ie) Downloader and BardWire Backdoor. ",2021-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Israel; Israel,ASIA; MENA; MEA - ASIA; MENA; MEA, - State institutions / political system; State institutions / political system; State institutions / political system, - Government / ministries; Military; Police,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Palestine,Non-state-group,Terrorist(s),1,17162,2022-04-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cybereason,,United States,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Palestine,Non-state-group,https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials,System / ideology; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 4,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials,2023-01-20,2024-02-15
1853,The pro-Russian group Killnet disrupted both state and private targets in Czech Republic in April 2022,"Czechia Apocalypse: The pro-Russian hacktivist group Killnet disrupted both state and private targets in the Czech Republic from April 18 to 19, 2022, according to messages on the hacktivist group's own Telegram channel.
The hacktivist group called Operation Czechia Apocalypse on April 19, 2022, and listed several Czech targets, including the lower house of the Czech Parliament, the railroad company, the Commercial Bank, the telecommunications company O2, and four airports Karlovy-Vary, Pardubice, Ostrava, and Brno-Turany. The disruption of all the above targets could not be confirmed. 
In a press conference after a cabinet meeting, the Czech Interior Minister said on April 20, 2022, that this was an attack against the Czech Republic, its state and private institutions. He attributed the attack to unspecified Russian hackers. ",2022-04-19,2022-04-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,Czech Railways - Leoš Janáček Airport Ostrava (OSR) - Pardubice Airport (PED) - Not available - National Cyber and Information Security Agency (NUKIB) - Karlovy Vary Airport (KLV),Czech Republic; Czech Republic; Czech Republic; Czech Republic; Czech Republic; Czech Republic,EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - State institutions / political system - State institutions / political system - Critical infrastructure,Transportation - Transportation - Transportation - Civil service / administration - Civil service / administration - Transportation,Killnet,Russia,Non-state-group,Hacktivist(s),2,12121; 12120,2022-04-20 00:00:00; 2022-04-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms,"Vit Rakusan (Minister of the Interior, Czech Republic); Killnet",Not available; Not available,Czech Republic; Russia,Killnet; Killnet,Russia; Russia,Non-state-group; Non-state-group,https://www.expats.cz/czech-news/article/pro-russian-hackers-target-czech-websites-in-a-series-of-attacks; https://t.me/killnet_reservs/643,System / ideology,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,1,2022-04-20 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Czech Republic,"Vit Rakusan (Minister of the Interior, Czech Republic)",No,,Not available,Endpoint Denial of Service,Not available,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,6.0,,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Sovereignty,,No response justified (missing state attribution & breach of international law),,https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/; https://socradar.io/dark-peep-7-shadows-of-betrayal-and-leadership-in-flux/; https://www.expats.cz/czech-news/article/pro-russian-hackers-target-czech-websites-in-a-series-of-attacks; https://twitter.com/ceskedrahy_/status/1516678546944626695?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516678546944626695%7Ctwgr%5E6c61ea021af5bb5e3b1ac676ea989220320c7e48%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.bankinfosecurity.com%2Fpro-russian-killnet-group-in-ddos-attacks-on-czech-entities-a-18949; https://twitter.com/NUKIB_CZ/status/1516865189244809223?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516865189244809223%7Ctwgr%5E6c61ea021af5bb5e3b1ac676ea989220320c7e48%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.bankinfosecurity.com%2Fpro-russian-killnet-group-in-ddos-attacks-on-czech-entities-a-18949; https://twitter.com/NUKIB_CZ/status/1516622293392314374?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516622293392314374%7Ctwgr%5E9543e61d6ba2e40643beebe01fc0a95acb498f50%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.expats.cz%2Fczech-news%2Farticle%2Fpro-russian-hackers-target-czech-websites-in-a-series-of-attacks; https://twitter.com/PolicieCZ/status/1516784568954724356?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516784568954724356%7Ctwgr%5E9543e61d6ba2e40643beebe01fc0a95acb498f50%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.expats.cz%2Fczech-news%2Farticle%2Fpro-russian-hackers-target-czech-websites-in-a-series-of-attacks; https://t.me/killnet_reservs/643,2023-01-19,2023-08-03
1852,Elements of Kazakhstan's intelligence services are suspected of having hacked the website of news outlet Ulysmedia.kz to publish private information on 18 January 2023,"Elements of Kazakhstan's intelligence services are suspected of having hacked the website of the independent Kazakh news organization Ulysmedia and to have published personal information on 18 January 2023, according to the editor-in-chief of the news agency Samal Ibrayeva. Personal data of Ibrayeva and private pictures of her and her family were posted on the website of the news outlet. The incident led Ulysmedia to suspend its website. In an interview with Azattyk, the Kazakh branch of Radio Free Europe/ Radio Liberty, Ibrayeva expressed doubt that the activities could have occured ""without the participation of the special services"", noting the lack of any response by the National Security Committee of the Republic of Kazakhstan (NSC) to threats and attacks against journalists of Ulysmedia and other Kazakh outlets over the last six months.",2023-01-18,2023-01-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption; Hijacking with Misuse,"Samal Ibrayeva (Editor-in-chief of Ulysmedia, Kazakhstan) - Ulysmedia",Kazakhstan; Kazakhstan,ASIA; CSTO; SCO - ASIA; CSTO; SCO,Media - Media, - ,National Security Committee of the Republic of Kazahkstan (NSC),Kazakhstan,State,,1,12119,2023-01-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,"Samal Ibrayeva (Editor-in-chief of Ulysmedia, Kazakhstan)",Not available,Kazakhstan,National Security Committee of the Republic of Kazahkstan (NSC),Kazakhstan,State,https://www.azattyq.org/a/32228814.html,System / ideology; National power,System/ideology; National power,Kazakhstan (opposition); Kazakhstan (opposition),Unknown,,3,2023-01-20 00:00:00; 2023-01-20 00:00:00; 2023-01-20 00:00:00,State Actors: Executive reactions; State Actors: Executive reactions; State Actors: Executive reactions,Dissenting statement by executive official; Dissenting statement by executive official; Dissenting statement by executive official,EU (region); United Kingdom; United States,Delegation of the European Union to the Republic of Kazakhstan ; British Embassy Astana; U.S. Embassy to Kazakhstan,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,Civic / political rights,Not available,0,,Not available,,Not available,Not available,Human rights,Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.rferl.org/a/kazakhstan-editor-meat-box-children-intimidation/32261983.html; https://www.rferl.org/a/kazakh-website-ylysmedia-hacked-ibraeva/32229461.html; https://www.azattyq.org/a/32228814.html; https://www.rferl.org/a/kazakhstan-attacks-journalists-united-states-britain-european-union/32232741.html,2023-01-19,2023-08-03
1851,Russian state-sponsored hacker group Sandworm sought to sabotage the Ukrainian National News Agency Ukrinform using CaddyWiper on 17 January 2023,"The Russian state-sponsored hacker group Sandworm, which is linked to the military intelligence service GRU, sought to disrupt the Ukrainian National News Agency Ukrinform using CaddyWiper on 17 January 2023, according to the Ukrainian Computer Emergency Response Team (CERT-UA). The incident caused ""certain destructive effects"" on the network but fell short of interfering with the news agency's operational processes. For a brief period, the attack appears to have disrupted a Ukrainian government press briefing on the threat of Russian cyberattacks on 17 January 2023, which resumed shortly. On 27 January 2023, the CERT-UA announces that a total of five samples of malware have been found on the network. In addition to CaddyWiper, the malware samples are ZeroWipe, SDelete, AwfulShred and BidSwipe.",2023-01-17,2023-01-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Disruption; Hijacking with Misuse,National News Agency of Ukraine (Ukrinform),Ukraine,EUROPE; EASTEU,Media,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,1,9739,2023-01-18 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://cip.gov.ua/ua/news/ukrinform-mogli-atakuvati-khakeri-z-ugrupuvannya-sandworm-pov-yazanogo-z-rosiiskim-gru-poperedni-dani-doslidzhennya-cert-ua,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Armed conflict; Sovereignty,Civic / political rights; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/ukraine-links-data-wiping-attack-on-news-agency-to-russian-hackers/; https://cip.gov.ua/en/news/kiberataka-ne-zmogla-zupiniti-robotu-informaciinogo-agentstva-ukrinform; https://cip.gov.ua/ua/news/ukrinform-mogli-atakuvati-khakeri-z-ugrupuvannya-sandworm-pov-yazanogo-z-rosiiskim-gru-poperedni-dani-doslidzhennya-cert-ua; https://twitter.com/DigitalPeaceNow/status/1615453594458939393; https://twitter.com/dsszzi/status/1615986288745652238; https://twitter.com/VessOnSecurity/status/1615995338543833089; https://twitter.com/snlyngaas/status/1615886353216180224; https://twitter.com/BushidoToken/status/1616437713900544000; https://twitter.com/campuscodi/status/1616502495139999747; https://twitter.com/nicoleperlroth/status/1616804670856388608; https://www.youtube.com/watch?v=j_Afg77IjaU; https://t.me/UkraineMediaCenterKyiv/4223; https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/; https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/; https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/; https://twitter.com/CyberScoopNews/status/1619044030154940417; https://twitter.com/RecordedFuture/status/1619109632882135040; https://twitter.com/CyberScoopNews/status/1619019403890233349; https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html; https://twitter.com/M_Miho_JPN/status/1619590150522294272; https://cert.gov.ua/article/3718487; https://research.checkpoint.com/2023/30th-january-threat-intelligence-report/; https://securityaffairs.com/141561/cyber-warfare-2/sandworm-apt-uses-5-wipers.html; https://twitter.com/securityaffairs/status/1620071040285310977; https://twitter.com/DarkReading/status/1620558295672012807; https://twitter.com/Cyber_O51NT/status/1620571509596229632; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html; https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-january-30-february-5; https://www.darkreading.com/attacks-breaches/russia-sandworm-apt-swarm-wiper-attacks-ukraine; https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hackers-backdoored-govt-websites-in-2021/; https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months; https://twitter.com/Cyber_O51NT/status/1629280661474508801; https://twitter.com/780thC/status/1629087842516320256; https://blogs.microsoft.com/on-the-issues/2023/03/15/russia-ukraine-cyberwarfare-threat-intelligence-center/; https://www.rferl.org/a/russian-hackers-ukraine-cyberattacks-microsoft/32319995.html; https://www.jpost.com/international/article-734447; https://cyberscoop.com/russian-hackers-ukraine-cyberattacks/; https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html; https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/; https://www.darkreading.com/microsoft/microsoft-digital-defense-report-key-cybercrime-trends; https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html; https://www.cybersecasia.net/news/apt-activities-from-china-n-korea-iran-and-russia; https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/; https://securityaffairs.com/152617/apt/sandworm-ukraine-telecommunication-service.html; https://securityaffairs.com/156958/cyber-warfare-2/sandworm-inside-kyivstar-for-months.html,2023-01-19,2023-05-09
1850,Chinese APT Playful Taurus likely spied on Iranian Government Institutions in mid-to-late 2022,"Chinese APT Playful Taurus (aka APT15) was observed by Unit42 to be the likely attacker behind cyber espionage against Iranian government institutions, including the foreign ministry, and a natural resource organization. The operations is suspected to be part of a cyber espionage campaign against Iran, which intensified during July and December 2022, with initial infiltrations reaching back further.",2022-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,Not available - Not available - Ministry of Foreign Affairs (Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of",ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA,Unknown - State institutions / political system - State institutions / political system, - Government / ministries - Government / ministries,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,8796,2023-01-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,United States,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,"Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/playful-taurus/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/; https://thehackernews.com/2023/01/iranian-government-entities-under.html; https://unit42.paloaltonetworks.com/playful-taurus/; https://twitter.com/780thC/status/1615799936846598149; https://twitter.com/ericgeller/status/1615721331428917249; https://twitter.com/campuscodi/status/1616502495139999747; https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html,2023-01-19,2023-06-22
1847,North Korean Threat Actor Lazarus Targeted South Korean Chemical Sector In 2022 as part of Operation Dream Job continuation dubbed Pompilus,"According to Symantec, the North Korean APT group Lazarus has conducted a cyberespionage operation that targets the chemical sector in South Korea. It is assessed as a continuation of the group's Operation Dream Job Campaign, which first began in August 2020 and continued to evolve over the next few years. The Operation Dream Job is known for utilizing inauthentic job offers containing malicious links or attachments that install malware for cyberespionage purposes. The attack starts with a malicious HTM file which is copied to a DLL file (called scskapplink.dll) and then ""injected into the legitimate system management software INISAFE Web EX Client."" Google research identified two North Korean campaigns that exploited zero-day vulnerabilities (CVE-2022-0609), one of which was Operation Dream Job (the other being Operation AppleJeus). Symantec found evidence that supported this fact and that this activity, dubbed ""Pompilus"", is a continuation of this hacking campaign based on file hashes, file names, and tools that were observed in previous Dream Job campaigns. Further investigation by Symantec revealed that the Lazarus group's tactics have evolved to include sophisticated methods for maintaining persistence and evading detection in the targeted networks. The cyberespionage campaign is part of a broader effort by the Lazarus group to gather sensitive information and intellectual property from the chemical sector, likely to advance North Korea's strategic and economic objectives in this field. 
",2022-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Chemicals,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,,1,16700,2022-04-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical,System / ideology; Territory,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage,,Not available,0,,Not available,,Not available,Not available,Cyber espionage,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cybereason/status/1634290029030789149; https://twitter.com/Dinosn/status/1634264331121467415; https://cyberscoop.com/north-korea-hackers-linkedin-phishing/; https://twitter.com/jasonnurse/status/1634466599146082305; https://www.govinfosecurity.com/north-korean-hackers-find-value-in-linkedin-a-21424; https://www.mandiant.com/resources/blog/zero-days-exploited-2022; https://www.govinfosecurity.com/north-korean-apt-group-now-deploying-linux-malware-variant-a-21737; https://twitter.com/M_Miho_JPN/status/1649411660757495808; https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html; https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical; https://www.darkreading.com/ics-ot/lazarus-group-rises-again-gather-intelligence-energy-healthcare-firms; https://therecord.media/north-korean-hackers-target-employees-of-news-outlets-software-vendors-and-more-through-chrome-vulnerability/; https://therecord.media/chemical-sector-targeted-by-north-korea-linked-hacking-group-researchers-say/; https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/; https://www.darkreading.com/attacks-breaches/linkedin-suffers-significant-wave-of-account-hacks; https://therecord.media/north-korean-govt-hackers-spain; https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/; https://thehackernews.com/2023/11/north-korean-hackers-pose-as-job.html; https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/; https://www.cctvnews.co.kr/news/articleView.html?idxno=236830,2023-01-18,2024-02-01
1849,Unspecified Russian hackers gained limited access to Ukraine's Delta military software in August 2022,"Unspecified Russian hackers gained limited access to Ukraine's Delta military software in August 2022, according to Ukrainian journalist Yuriy Butusov and an unknown developer of that same military software. 
The statements of the two sources contradict each other except for the attack period in August. Ukrainian journalist Yuriy Butusov says on November 1, 2022, the Russians managed to penetrate the combat software twice, without specifying who is meant. Two people who had access to the software installed a virus in their devices, so the Russians gained access for a short period of 13 minutes. 
The anonymous developer of the combat software Delta states in an interview for The Record on December 20, 2022 that Russian attackers mimicked Delta's website, which a user fell for and logged in to. What happened after that is not said, but ultimately the hackers managed to gain limited access to information in the Delta combat software in this version as well.",2022-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,Delta,Ukraine,EUROPE; EASTEU,State institutions / political system,Military,Not available,Russia,Unknown - not attributed,,2,7488; 7487,2022-12-20 00:00:00; 2022-11-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by third-party,"Not available; Yuriy Butusov (Journalist and War Correspondent, Ukraine)",Not available; Not available,Ukraine; Ukraine,Not available; Not available,Russia; Ukraine,Unknown - not attributed; Unknown - not attributed,https://therecord.media/military-operations-software-in-ukraine-was-breached-by-russian-hackers/; https://english.nv.ua/nation/butusov-says-russian-claims-that-ukraine-s-delta-military-information-network-was-hacked-are-false-50280822.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/military-operations-software-in-ukraine-was-breached-by-russian-hackers/; https://english.nv.ua/nation/butusov-says-russian-claims-that-ukraine-s-delta-military-information-network-was-hacked-are-false-50280822.html,2023-01-18,2023-06-15
1843,Unknown attackers disrupted the technological platform SICA of Venezuelan National Superintendence of Agri-Food Management (SUNAGRO) in January 2023,"Unknown attackers disrupted the technological platform SICA (Sistema Integral De Control Agroalimentario) which monitors the production chain of agricultural produce and is operated by the Venezuelan National Superintendence of Agri-Food Management (SUNAGRO), during 11-13 January 2023, according to SUNAGRO. ",2023-01-11,2023-01-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,National Superintendence of Agri-Food Management (SUNAGRO),Venezuela,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,8816,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-23/; https://twitter.com/SunagroOficial/status/1613248963238322177?ref%5Fsrc=twsrc%5Etfw; https://twitter.com/SunagroSucre/status/1613731262962753541,2023-01-16,2023-03-17
1842,Pro-Russian hacker group NoName057(16) targeted websites of Czech presidential candidates with DDoS attacks in January 2023,"In January 2023, the websites of candidates Petr Pavel and Tomáš Zima running for the 2023 Czech presidential elections were targeted with DDoS attacks. Zima's website was first attacked on 11 January and again on 13 January. On the latter date, expanded to Pavel's website. The pro-Russian hacker group NoName057(16) claimed responsibility for the attacks on Telegram. The websites of the non-profit organisation Hlídač státu and the Czech Ministry of Foreign Affairs were also targeted, although the latter unsuccessfully. The group initiated a DDoS collaborator payment program, paying people for launching DDoS-attacks. ",2023-01-11,2023-01-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Petr Pavel - Hlídač státu - Tomáš Zima,Czech Republic; Czech Republic; Czech Republic,EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU,State institutions / political system - Social groups - State institutions / political system,Election infrastructure / related systems - Advocacy / activists (e.g. human rights organizations) - Election infrastructure / related systems,NoName057(16),Russia,Non-state-group,Hacktivist(s),5,12126; 12122; 12124; 12125; 12123,2023-01-13 00:00:00; 2023-01-11 00:00:00; 2023-01-13 00:00:00; 2023-01-12 00:00:00; 2023-01-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms; Attacker confirms; Attacker confirms; IT-security community attributes attacker,"Marek Vala (National Cyber and Information Security Agency, Czech Republic); NoName057(16); NoName057(16); NoName057(16); Pavel Klimes (Avast Threat Labs, Czech Republic)",Not available; Not available; Not available; Not available; ,Czech Republic; Not available; Not available; Not available; Czech Republic,NoName057(16); NoName057(16) ; NoName057(16) ; NoName057(16) ; NoName057(16),Russia; Not available; Not available; Not available; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://domaci.hn.cz/c1-67159580-hackersky-utok-tesne-pred-volbami-weby-pavla-a-zimy-napadla-ruska-skupina; https://t.me/noname05716/1478; https://t.me/noname05716/1469; https://t.me/noname05716/1494; https://t.me/noname05716/1492; https://t.me/noname05716/1489,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-01-13 00:00:00,EU member states: Stabilizing measures,Statements by foreign ministers (or spokesperson),Czech Republic,Mariana Wernerová (Spokeswoman of the Czech Foreign Ministry),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/780thC/status/1613507889649303552; https://twitter.com/RecordedFuture/status/1613610743483465743; https://www.securityweek.com/pro-russian-group-ddos-ing-governments-critical-infrastructure-ukraine-nato-countries; https://twitter.com/SentinelOne/status/1613927507429924866; https://twitter.com/securityaffairs/status/1613911726193270786; https://twitter.com/TomHegel/status/1613989241263898624; https://twitter.com/cahlberg/status/1613833812311425027; https://domaci.hn.cz/c1-67159580-hackersky-utok-tesne-pred-volbami-weby-pavla-a-zimy-napadla-ruska-skupina; https://t.me/noname05716/1478; https://t.me/noname05716/1469; https://t.me/noname05716/1494; https://t.me/noname05716/1492; https://t.me/noname05716/1489; https://www.hackread.com/github-disables-pages-ddos-noname05716/; https://twitter.com/SentinelOne/status/1615437803495497728; https://research.checkpoint.com/2023/23rd-january-threat-intelligence-report/; https://decoded.avast.io/threatresearch/avast-q4-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2022-threat-report; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/; https://socradar.io/dark-web-profile-noname05716/; https://therecord.media/prorussian-hackers-claim-attacks; https://therecord.media/noname-hacking-group-targets-ukraine-and-allies,2023-01-16,2023-12-07
1836,Chinese threat actors exploited FortiOS vulnerability to use BOLDMOVE backdoor to penetrate an European government and African managed service provider (MSP) since October 2022,"A Chinese threat actor with ties to the Chinese state compromised a European government network and an African managed service provider using a previously undisclosed vulnerability in the operating system of Fortinet's security solutions (CVE-2022-42475), including firewall and VPN products, according to the vendor and IT-company Mandiant. 
Fortinet publicly reported the vulnerability on 12 December 2022, noting that the vulnerability allows for the remote execution of commands and had been exploited in the wild.
On January 19, 2023, IT security firm Mandiant picked up and completed the cyber incident by Fortinet, which had already been disclosed in rudimentary form. In it, Mandiant attributes this cyber incident with low confidence to Chinese threat actors with ties to the People's Republic of China. Specifically, it is said to be a continuation of Chinese cyber espionage. 
For exploitation, the hackers used the Linux variant of the BOLDMOVE backdoor, tailored to the given FortiOS vulnerability. ",2022-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available,Africa; Europe (region), - ,Critical infrastructure - State institutions / political system,Telecommunications - Government / ministries,Not available,China,State,,1,8819,2023-01-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,China,Not available,China,State,https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,One,External Remote Services,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Cyber espionage,State actors,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/endpoint/exploit-code-released-critical-fortinet-rce-bug; https://www.bleepingcomputer.com/news/security/fortinet-govt-networks-targeted-with-now-patched-ssl-vpn-zero-day/; https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd; https://www.fortiguard.com/psirt/FG-IR-22-398; https://thehackernews.com/2023/01/fortios-flaw-exploited-as-zero-day-in.html; https://securityaffairs.com/140721/hacking/fortinet-ssl-vpn-cve-2022-42475-attacks.html; https://therecord.media/fortinet-warns-of-hackers-targeting-governments-through-vpn-vulnerability/; https://twitter.com/Cyber_O51NT/status/1613704607791972353; https://twitter.com/securityaffairs/status/1613917509161308162; https://twitter.com/securityaffairs/status/1613775747428093952; https://twitter.com/securityaffairs/status/1615651911528779777; https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw; https://twitter.com/JohnHultquist/status/1616129443919020055; https://twitter.com/780thC/status/1616163230400790528; https://twitter.com/Mandiant/status/1616128859711193141; https://twitter.com/_marklech_/status/1616095757664411649; https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html; https://www.bleepingcomputer.com/news/security/new-boldmove-linux-malware-used-to-backdoor-fortinet-devices/; https://securityaffairs.com/141052/hacking/fortios-ssl-vpn-zero-day.html; https://www.securityweek.com/chinese-hackers-exploited-fortinet-vpn-vulnerability-zero-day; https://www.govinfosecurity.com/fortinet-vpn-flaw-shows-pitfalls-security-appliances-a-20990; https://www.databreaches.net/chinese-north-korean-hackers-continue-exploiting-zero-day-vulnerabilities/; https://twitter.com/Dinosn/status/1616351247237545986; https://twitter.com/securityaffairs/status/1616386978014023680; https://twitter.com/cybersecboardrm/status/1616427887413940225; https://twitter.com/Dinosn/status/1616324056235610112; https://twitter.com/campuscodi/status/1616502495139999747; https://therecord.media/suspected-chinese-hackers-exploit-vulnerability-in-fortinet-devices/; https://www.hackread.com/backdoor-fortios-chinese-0-day/; https://twitter.com/nicoleperlroth/status/1616806144357310464; https://twitter.com/daveaitel/status/1616793080908201990; https://twitter.com/thegrugq/status/1616779906142318592; https://twitter.com/SteffenHeyde/status/1616863120089022464; https://twitter.com/nicoleperlroth/status/1616810970302615552; https://research.checkpoint.com/2023/23rd-january-threat-intelligence-report/; https://twitter.com/cahlberg/status/1617286816830492672; https://twitter.com/HackRead/status/1617099879498522625; https://twitter.com/securityaffairs/status/1617111134435442688; https://twitter.com/cahlberg/status/1616966637143343104; https://socradar.io/malicious-actors-in-dark-web-december-2022-ransomware-landscape/; https://www.mandiant.com/resources/blog/zero-days-exploited-2022; https://securityaffairs.com/143798/apt/2022-zero-day-exploitation.html; https://www.darkreading.com/attacks-breaches/attackers-probing-zero-day-vulns-edge-infrastructure; https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns; https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/,2023-01-13,2024-03-11
1835,"Denmark`s central bank and seven other private banks have been targeted with a DDoS attack on January 10, 2023 by pro-Russian hacktivist group NoName057(16)","According to Denmark`s central bank, its systems have been targeted by a DDoS attack on January 10, 2023. Apart from a short disruption of the bank`s website, no critical services or consumer data have been affected, according to a spokesperson. Additionally, seven other private banks from Denmark, such as Jyske Bank and Sydbank, were also affected. Only two days after the attack, the IT company SentinelOne states that the attack was carried out by the pro-Russian hacktivist group NoName057(16) that also claimed responsibility itself before. ",2023-01-10,2023-01-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,National Bank (Denmark) - Skjern Bank - Sydbank - Jyske Bank - Ringkjøbing Landbobank - Sparekassen Sjælland-Fyn - Djurslands Bank - Kreditbanken (Denmark),Denmark; Denmark; Denmark; Denmark; Denmark; Denmark; Denmark; Denmark,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,"Other (e.g., embassies); Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance",NoName057(16) ,Not available,Non-state-group,Hacktivist(s),2,6647; 6648,2023-01-12 00:00:00; 2023-01-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,SentinelOne; NoName057(16),; Not available,United States; Not available,NoName057(16) ; NoName057(16),Not available; Not available,Non-state-group; Non-state-group,https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-01-31 00:00:00,State Actors: Preventive measures,Awareness raising,Denmark,Centre for Cyber Security (CFCS) Denmark,No,,Not available,Network Denial of Service,,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,8.0,,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://news.postimees.ee/7709620/cyber-attacks-against-estonian-state-institutions-companies-continued-in-january; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/; https://www.kyivpost.com/post/28885; https://twitter.com/nicoleperlroth/status/1612870760514871298; https://politiken.dk/indland/art9159659/Ingen-grund-til-frygt-hos-bankkunder-efter-cyberangreb; https://politiken.dk/indland/art9159018/Syv-banker-var-ramt-af-nedbrud-efter-hackerangreb; https://www.reuters.com/technology/denmarks-central-bank-website-hit-by-cyberattack-2023-01-10/; https://www.cyberscoop.com/russia-hacktivist-noname-github-ddos/; https://therecord.media/pro-russia-hackers-use-telegram-github-to-attack-czech-presidential-election/; https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/; https://twitter.com/SentinelOne/status/1613927507429924866; https://twitter.com/TomHegel/status/1613989241263898624; https://www.bankinfosecurity.com/danish-banks-targets-pro-russian-ddos-hacking-group-a-20902; https://www.hackread.com/github-disables-pages-ddos-noname05716/; https://twitter.com/SentinelOne/status/1615437803495497728; https://therecord.media/ddos-denmark-us-russia-killnet/; https://twitter.com/Cybersikkerhed/status/1620377909860143104?ref%5Fsrc=twsrc%5Etfw; https://twitter.com/cahlberg/status/1620591103572590592,2023-01-12,2023-08-28
1834,Dark Pink APT targeted state and corporate organizations in the Asia-Pacific and Europe since mid-2021,"In an eponymous cyber-operation, a newly-discovered APT group named Dark Pink was observed by Group-IB Global to have launched a series of successful malware and spearphishing campaigns against government, military, and corporate entities predominantly based in the Asia-Pacific (APAC) region. Initial attacks date back to at least June 2022, with some indications that the group may have been active as early as May 2021. 
The group likely operates out of the APAC region. Group-IB analysis acknowledges earlier reporting by Chinese cybersecurity researchers at the Anheng Information Shadows Hunting Lab from early January 2023, which tracked overlapping TTPs in a similar target space under the label Saaiwc Group. According to Singapore-headquartered Group-IB Global, which split from its Russia-based parent company in July 2022 to maintain international business accounts in light of sanctions against Russia and the company itself, Dark Pink's objectives are primarily corporate espionage and data theft.
The APT group Dark Pink has been attacking various state and non-state targets in Europe and Asia since February 2022. An update to a report by the cyber security company Group-IB, which for the first time publicly disclosed the new threat actor in January 2023, reveals new details of the sophisticated operations conducted by the group. Although the dutch cyber security company EclecticIQ attributes the group with low confidence to China, the Group-IB does not connect the group to any state actors. Among the newly identified targets is an educational institution in Belgium, a military body in Thailand and government targets in Brunei and Indonesia. ",2021-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft & Doxing; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Bosnia and Herzegovina; Vietnam; Malaysia; Brunei; Belgium; Thailand; Vietnam; Philippines; Indonesia; Cambodia,EUROPE; BALKANS; WBALKANS - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS - EUROPE; EU(MS); NATO; WESTEU - ASIA; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SEA,State institutions / political system - Social groups - State institutions / political system - State institutions / political system - Education - State institutions / political system - Social groups - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Religious - Military - Government / ministries -  - Military - Other social groups - Military - Government / ministries - Government / ministries,Dark Pink,Not available,Unknown - not attributed,,2,10461; 10462,2023-01-11 00:00:00; 2023-05-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Group-IB; Group-IB,Group-IB; Group-IB,Singapore; Singapore,Dark Pink; Dark Pink,Not available; Not available,Unknown - not attributed; Unknown - not attributed,https://blog.group-ib.com/dark-pink-apt; https://www.group-ib.com/blog/dark-pink-episode-2/?utm_medium=social&utm_source=twitter&utm_campaign=dark-pink-part-2,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,7.0,1-10,6.0,Not available,0.0,euro,Not available,Human rights; Sovereignty; Aid and development,"Economic, social and cultural rights; ; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/; https://thehackernews.com/2023/01/dark-pink-apt-group-targets-governments.html; https://www.bleepingcomputer.com/news/security/new-dark-pink-apt-group-targets-govt-and-military-with-custom-malware/; https://www.cyberscoop.com/dark-pink-hacking-campaign-southeast-asia/; https://blog.group-ib.com/dark-pink-apt; https://ti.dbappsecurity.com.cn/blog/articles/2023/01/06/saaiwcgroup/; https://blog.group-ib.com/dark-pink-apt; https://www.securityweek.com/sophisticated-dark-pink-apt-targets-government-military-organizations; https://www.hackread.com/espionage-meets-color-dark-pink-apt-group/; https://twitter.com/Dinosn/status/1613417183639371779; https://twitter.com/cahlberg/status/1613604530968461333; https://twitter.com/CyberScoopNews/status/1615151628037890048; https://twitter.com/Cyber_O51NT/status/1634223241752645637; https://thehackernews.com/2023/03/kamikakabot-malware-used-in-latest-dark.html; https://securityaffairs.com/143415/apt/dark-pink-apt-south-asia.html; https://www.govinfosecurity.com/dark-pink-apt-group-very-likely-back-in-action-a-21426; https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/annual-trend-micro-email-threats-report; https://www.group-ib.com/blog/dark-pink-episode-2/?utm_medium=social&utm_source=twitter&utm_campaign=dark-pink-part-2; https://twitter.com/Dennis_Kipker/status/1664267625093042179; https://twitter.com/cahlberg/status/1663968356968349702; https://twitter.com/TonyaJoRiley/status/1663911413465731075; https://twitter.com/CyberScoopNews/status/1663899815829176321; https://twitter.com/Cyber_O51NT/status/1663880591627149313; https://twitter.com/Dennis_Kipker/status/1664253942035804165,2023-01-12,2023-06-08
1830,Unknown actors gained limited access to the communication channels of Petrópolis City Hall in Brazil on 27 December 2022,"Unknown actors hijacked the communication channels of the city hall of Petrópolis and gained limited access on 27 December 2022, as reported by the city hall. Officials clarified that the data accessed by the cybercriminals is in the public domain and that no sensitive data was affected. The municipal government filed a police report with the police station for the ""Suppression of Computer Crimes"". ",2022-12-27,2022-12-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Petrópolis City Hall,Brazil,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Non-state-group,Criminal(s),1,6322,2023-01-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Department of Technology (DETEC) of Municipal Government of Petropolis,Not available,Brazil,Not available,Not available,Non-state-group,https://www.securityreport.com.br/destaques/prefeitura-de-petropolis-sofre-ataque-cibernetico/#.Y70wGhWZPD6,Not available,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1610582254266322950; https://www.facebook.com/petropolis.pmp/photos/a.109536130434945/1003713331017216/; https://www.securityreport.com.br/destaques/prefeitura-de-petropolis-sofre-ataque-cibernetico/#.Y70wGhWZPD6; https://www.petropolis.rj.gov.br/pmp/index.php/imprensa/noticias/item/19687-a-prefeitura-informa-que-foi-alvo-de-um-ataque-hacker-nesta-ter%C3%A7a-feira-27-12.html,2023-01-10,2023-02-02
1829,Anonymous Cuba disrupted the websites of at least seven faculties at the University of Havana on 1 January 2023,"Anonymous Cuba disrupted the websites of at least seven departments at the University of Havana, on 1 January 2023, according to a Twitter post of the hacktivist collective. 
The hackers inserted photos on the websites showing violent scenes of security forces cracking down on protestors, alongside a caricature published by the exile newspaper Diario de Cuba, anti-regime slogans, and demands for political prisoners to be released.",2023-01-01,2023-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,Faculty of Geography - University of Havana - Faculty of Accounting and Finance - University of Havana - Faculty of Physics - University of Havana - Faculty of Tourism - University of Havana - Faculty of Psychology - University of Havana - Faculty of Economics - University of Havana - Faculty of Arts and Letters - University of Havana,Cuba; Cuba; Cuba; Cuba; Cuba; Cuba; Cuba, -  -  -  -  -  - ,State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education - State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research;  - Civil service / administration; Research; ,Anonymous Cuba,Cuba,Non-state-group,Hacktivist(s),1,10752; 10752,2023-01-02 00:00:00; 2023-01-02 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,Anonymous Cuba; Anonymous Cuba,Not available; Not available,Cuba; Cuba,Anonymous Cuba; Anonymous Cuba,Cuba; Cuba,Non-state-group; Non-state-group,https://twitter.com/LARESISTENCIAC2/status/1609701763095093250,System / ideology,System/ideology; National power,Cuba (social protests); Cuba (social protests),Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-22/; https://diariodecuba.com/cuba/1672663402%5F44364.html; https://twitter.com/LARESISTENCIAC2/status/1609701763095093250,2023-01-09,2023-06-30
1828,"UNC4210, a suspected cluster of Russian APT Turla, targeted Ukrainian organizations with ANDROMEDA malware starting in December 2021","Threat intelligence company Mandiant reported attacks by a possible team of Russian APT Turla, tracked as cluster UNC4210, targeting Ukrainian organizations. In December 2021, the operation began with the insertion of a USB stick at an organization in Ukraine that had ANDROMEDA malware installed. The threat actors had taken over expired command and control domains of ANDROMEDA, a trojan widely in use by criminal groups at the beginning of the 2010s, to deploy their custom tools to carefully selected victims. In September 2022, after months of inactivity, a self-extracting WinRAR archive containing the JavaScript-based reconnaissance utility KOPILUWAK was executed at least seven times between 6 and 8 September. On 8 September, the QUIETCANARY backdoor was downloaded twice on a host and used 15 minutes later by the threat actor to compress, stage, and exfiltrate data. Only files created after 1 January 2021 were exfiltrated in this process.",2021-12-01,2022-09-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Unknown,,UNC4210 < Turla/Waterbug/Venomous Bear/Snake/Uroburos,Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6761,2023-01-05 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,UNC4210 < Turla/Waterbug/Venomous Bear/Snake/Uroburos,Russia,"Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/blog/turla-galaxy-opportunity,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Data Exfiltration; System Shutdown/Reboot,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.wired.com/story/russia-turla-fsb-usb-infection/; https://www.mandiant.com/resources/blog/turla-galaxy-opportunity; https://twitter.com/BushidoToken/status/1611110012985741313; https://twitter.com/Mandiant/status/1611062487788490769; https://www.darkreading.com/attacks-breaches/russia-turla-apt-hijacks-andromeda-usb-infections; https://www.cyberscoop.com/ukraine-turla-russia-cyberattacks/; https://www.securityweek.com/russian-turla-cyberspies-leveraged-other-hackers-usb-delivered-malware; https://twitter.com/Cyber_O51NT/status/1611169304720068608; https://twitter.com/780thC/status/1611314916698296320; https://twitter.com/craiu/status/1611265494039805952; https://twitter.com/CyberScoopNews/status/1611397116731052033; https://twitter.com/CyberScoopNews/status/1611383589316317185; https://thehackernews.com/2023/01/russian-turla-hackers-hijack-decade-old.html; https://twitter.com/M_Miho_JPN/status/1611634615713947649; https://www.wired.com/story/turla-history-russia-fsb-hackers/; https://www.databreaches.net/the-underground-history-of-russias-most-ingenious-hacker-group/; https://socradar.io/apt-profile-turla/,2023-01-09,2023-05-23
1826,Ransomware attack disrupts Italian municipality of Sarno via contractor on 27 December 2022,"A ransomware attack disrupted the computer systems of the town hall of the Italian municipality of Sarno on 27 December. 
The attack was directed against the servers of technology provider Advanced System, which manages the town hall systems and is supporting more than 1000 Italian municipalities in the collection of taxes and asset revenue management. ",2022-12-27,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Advanced Systems (Italy) - Municipality of Sarno (Italy),Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system, - Civil service / administration,Phobos,Not available,Non-state-group,Criminal(s),1,6652,2022-12-29 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Red Hot Cyber,Not available,Italy,Phobos,Not available,Non-state-group,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,Days (< 7 days),Not available,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/securityaffairs/status/1608606338229362690; https://www.salernotoday.it/cronaca/hacker-comune-sarno-28-dicembre-2022.html; https://www.redhotcyber.com/post/lazienda-italiana-advanced-system-colpita-dal-ransomware-lo-avverte-lazienda-con-un-comunicato-stampa/,2023-01-02,2023-04-28
1827,APT41 gains access to the systems of a German company from the financial sector in March 2021 by exploiting ProxyLogon,"The Chinese APT41, which is considered state-sponsored, exploited the ""ProxyLogon"" vulnerability chain to gain access to the system of an unnamed German company from the financial sector in March 2021. After a year of inactivity, the group penetrated the system again in March 2022. Although this vulnerability had been patched in the meantime, the backdoor had not been removed prior to this, which made a new intrusion possible. Ransom notes were found on some of the company's servers. However, an encryption of the data could be prevented by Microsoft Defender for Endpoint (MDE).",2021-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Finance,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6651,2022-12-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,DCSO,,Germany,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1,2023-01-02,2024-02-26
1825,Suspected cyberattack against the public administration and utilities of the German city of Potsdam December 2022,"The local administration of the city of Potsdam took its servers offline on 29 December, in response to suspicious activity on its networks. As a result of the precautionary measure, authorities can currently not handle email communications via the usual channels and the software to process citizen requests, such as passport applications, cannot be accessed.
On the day after, Potsdam's municipal utilities also decided to shut down outbound Internet connections and email communications to investigate and mitigate a possible cyberattack. No ransom demands were received.",2022-12-29,Not available,"Attack on (inter alia) political target(s), politicized",,,Hijacking without Misuse,Municipal Administration of Potsdam (Germany),Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,12130,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,2,2022-12-30 00:00:00; 2023-01-06 00:00:00,EU: Legislative reactions; EU member states: Legislative reactions,Stabilizing statement by member of parliament; Dissenting statement by member of parliament,Germany; Germany,Matti Karsteldt (Digital policy spokesman FDP Brandenburg; Germany); Christian Haase (Member of the German Parliament; CDU),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/SteffenHeyde/status/1608607060182331395; https://www.heise.de/news/Verdacht-auf-Cyberangriff-Potsdamer-Verwaltung-ist-schon-wieder-offline-7444608.html; https://www.spiegel.de/netzwelt/web/hackerangriff-auch-die-stadtwerke-potsdam-schalten-internetdienste-ab-a-349ee521-df3b-499d-8f86-066f5c7f3c1e; https://www.spiegel.de/netzwelt/potsdam-schaltet-nach-moeglicher-cyberattacke-seine-internetserver-ab-a-5703d9d1-dff1-4a63-9c5d-6a0005ee632d; https://twitter.com/Dennis_Kipker/status/1610272615704440832; https://twitter.com/Dennis_Kipker/status/1615762770049499142; https://twitter.com/secIT_DE/status/1617232779145785344; https://kpv.de/blog/christian-haase-mdb-kommunen-brauchen-bessere-unterstuetzung-bei-der-abwehr-von-cyberattacken/; https://twitter.com/Dennis_Kipker/status/1623655370613825537,2023-01-02,2023-08-03
1824,LockBit launched ransomware attack against the Port of Lisbon Administration on Christmas Day 2022,"<<<Only relevant in case of politicization, since the incident was reported in 2022>>>   The ransomware gang LockBit claimed to have deployed its ransomware suite against the Administration of the Port of Lisbon on 25 December. The port authority acknowledged an incident, stating that the port's operations remained unaffected. Portugal's National Cybersecurity Center and the Judicial Police are monitoring the situation. A week after the initial attack, the port's website continued to be offline. LockBit purported to have stolen a range of data, including financial reports, audits, budgets, contracts, cargo and ship logs, crew details, personally identifiable information of customers, and other internal documents and email communication. The group shared a sample from this trove, the authenticity of which has not been independently verified, and announced to release all files obtained on 18 January unless its ransom demand of over $1,5 Million is not met. ",2022-12-25,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Ransomware,Port of Lisbon Administration,Portugal,EUROPE; NATO; EU(MS),Critical infrastructure,Transportation,LockBit,Russia,Non-state-group,Criminal(s),1,11575,2022-12-25 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Lockbit,Not available,,LockBit,Russia,Non-state-group,https://twitter.com/RecordedFuture/status/1608637018892042241,Unknown,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/securityaffairs/status/1627792579977744389; https://therecord.media/porto-portugal-water-utility-cyberattack-lockbit/; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-royal-dominate-the-ransomware-scene-ransomware-in-q4-2022; https://twitter.com/Cyberknow20/status/1608378016069193729; https://twitter.com/InfoSecSherpa/status/1608585688005361664; https://twitter.com/cahlberg/status/1608576192873115648; https://securityaffairs.com/140137/cyber-crime/lockbit-group-port-of-lisbon.html; https://twitter.com/securityaffairs/status/1608824451373895680; https://twitter.com/Cyber_O51NT/status/1608967638109286400; https://twitter.com/cahlberg/status/1608648682991386627; https://twitter.com/RecordedFuture/status/1608637018892042241; https://twitter.com/securityaffairs/status/1609236738333102080; https://twitter.com/Dinosn/status/1609085524299640838; https://twitter.com/VessOnSecurity/status/1609100631062548481; https://twitter.com/ransomwaremap/status/1610247831444688896; https://twitter.com/SteffenHeyde/status/1610226392012320771; https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023; https://www.darkreading.com/threat-intelligence/top-cyberattacks-revealed-in-new-threat-intelligence-report; https://www.databreaches.net/understanding-ransomware-threat-actors-lockbit/; https://www.barrietoday.com/police-beat/bradford-man-connected-to-cyber-extortion-ring-pleads-guilty-8283922,2023-01-02,2023-07-14
1823,Anonymous-linked group AgainstTheWest hacks Russian energy company Gazprom and leaks its database in March 2022,"On 4 March 2022, Anonymous announced on Twitter that the Anonymous-linked hacker group AgainstTheWest had hacked the Russian majority state-owned energy company Gazprom and leaked its database. The data published on ""anonfiles"" includes details about the company's source code and WellPro projects.  ",2022-03-01,2022-03-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Gazprom,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,Anonymous,Not available,Non-state-group,Hacktivist(s),1,8097,2022-03-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Not available,Non-state-group,https://twitter.com/YourAnonTV/status/1499874976362635268?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499874976362635268%7Ctwgr%5E2cb2af4b73fa6ab681843f8d116ec91a7d8db853%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thecybersecuritytimes.com%2Fatw-hackers-linked-to-anonymous-breached-into-russian-energy-giant%2F,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/YourAnonTV/status/1499874976362635268?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499874976362635268%7Ctwgr%5E2cb2af4b73fa6ab681843f8d116ec91a7d8db853%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thecybersecuritytimes.com%2Fatw-hackers-linked-to-anonymous-breached-into-russian-energy-giant%2F; https://www.thecybersecuritytimes.com/atw-hackers-linked-to-anonymous-breached-into-russian-energy-giant/,2022-12-30,2023-03-02
1822,Anonymous declares war on the pro-Russian hacker group Killnet and leaks their user database in May 2022,"On 23 May 2022, the hacker collective Anonymous announced on Twitter that it had hacked and published Killnet's user database of email addresses and passwords in order to disrupt their activities, as part of Anonymous #OpRussia. Just two days earlier, Anonymous declared war on Killnet in a tweet and also announced that Killnet's official website (killnet.ru) had been taken offline. The motive is believed to be the jointly published alert by the cybersecurity authorities of the UK, the US, Canada, New Zealand and Australia, against attacks on organisations outside Ukraine by pro-Russian hackers. Killnet was among the groups named in the advisory. ",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Killnet,Russia,EUROPE; EASTEU; CSTO; SCO,Social groups,Hacktivist,Anonymous,Not available,Non-state-group,Hacktivist(s),1,8201,2022-05-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Not available,Non-state-group,https://twitter.com/AnonOpsSE/status/1528631617023102976; https://twitter.com/YourAnonTV/status/1528775651079094275?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1528775651079094275%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fain.ua%2F2022%2F05%2F25%2Fanonymous-oprylyudnyly-dani-prokremlivskyh-hakeriv-killnet%2F,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://www.cisa.gov/uscert/ncas/alerts/aa22-110a; https://twitter.com/YourAnonOne/status/1528048043647434752; https://twitter.com/AnonOpsSE/status/1528631617023102976; https://twitter.com/YourAnonTV/status/1528775651079094275?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1528775651079094275%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fain.ua%2F2022%2F05%2F25%2Fanonymous-oprylyudnyly-dani-prokremlivskyh-hakeriv-killnet%2F; https://twitter.com/YourAnonOne/status/1528048327295631361; https://www.hackread.com/anonymous-cyber-warfare-pro-russia-hacker-group-killnet/; https://metro.co.uk/2022/05/23/anonymous-declares-cyber-war-against-pro-russian-hacker-group-killnet-16691642/; https://www.secureblink.com/cyber-security-news/anonymous-broke-out-a-cyberattack-against-pro-russian-group-killnet,2022-12-30,2023-03-03
1821,"Pro-Russian group Killnet targets US government website South Abington Township on December 27, 2022","The pro russian hacktivist group Killnet targets US government website South Abington Township on December 27 2022. Killnet posted on their Telegram channel a screenshot of the hacked website, which was no longer accessible and read: ""Your President Vladimir Putin! Your story is Russia, your fear is KILLNET!""",2022-12-27,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,South Abington Township,United States,NATO; NORTHAM,State institutions / political system,,Killnet,Russia,Non-state-group,Hacktivist(s),1,9156,2022-12-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/; https://twitter.com/Cyberknow20/status/1608006296426676225; https://tgstat.com/ru/channel/@killnet_reservs/4593,2022-12-30,2023-04-03
1818,Ukrainian IT Army disrupted Alfa Bank and Raiffeisenbank in Russia in November 2022,"The Ukrainian hacktivist group IT Army disrupted the Alfa Bank and Raiffeisenbank in Russia on 7 November, according to their announcement on Twitter that day. 
Forbes Russia reported on the same day that customers of these two banks were not able to access their portfolios. 
On November 3, the same hacker group announced that they had stolen data from the Russian Central Bank. ",2022-11-07,2022-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Alfa Bank - Raiffeisenbank,Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure,Finance - Finance,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,6659,2022-11-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://t.me/itarmyofukraine2022/855,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Service Stop,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Not available,0.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govinfosecurity.com/army-ukraine-targets-russian-banks-a-20443; https://t.me/itarmyofukraine2022/855; https://www.forbes.ru/investicii/480812-v-rabote-prilozenij-dla-investorov-rajffajzenbanka-i-al-fa-banka-proizosli-sboi; https://therecord.media/ukrainian-hackers-hit-russian-scientific-center,2022-12-29,2024-01-26
1820,Pro-Russian group Killnet takes down Italian airports' websites with DDoS attacks in May 2022,"On 20 May 2022, the websites of six Italian airports were taken down with DDoS attacks. On Telegram, the pro-Russian hacker collective Killnet took responsibility for the attacks and justified them with the political actions of the Italian government. ",,Not available,,,,,None - None - None - None - None - None,Italy; Italy; Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation - Transportation - Transportation - Transportation,,,,,1,17914,NaT,,,,Not available,,,,,https://t.me/killnet_reservs/1411,,,,,,0,,,,,,,,,,,False,,,,,,0,,,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://t.me/killnet_reservs/1411; https://www.cybertechwiz.com/killnet-takes-down-milan-airport-websites/; https://www.archyworldys.com/russian-hackers-attacked-the-linate-malpensa-and-orio-al-serio-websites/; https://www.milanotoday.it/attualita/attacco-hacker-linate-malpensa.html; https://milano.repubblica.it/cronaca/2022/05/21/news/attacco_hacker_di_nuovo_operativi_siti_linate_malpensa_orio_al_serio_killnet-350527552/; https://milano.repubblica.it/cronaca/2022/05/20/news/attacco_hacker_linate_malpensa_orio_al_serio_killnet-350429486/; https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/,2022-12-29,2024-03-13
1817,Hacktivist group Anonymous defaces the websites of China's Ministry of Emergency Management and Mino Space in October 2022,"According to Taiwan News, on 29 October 2022, the hacktivist group Anonymous defaced the websites of China's Ministry of Emergency Management and Mino Space, a private commercial satellite company based in Beijing. The hack can be traced back to the deletion of activity on the Wikipedia entry about Anonymous member Cyber Anakin by alleged Chinese operatives in late September. Cyber Anakin had previously hacked government websites, agricultural management systems, coal mine safety interfaces, nuclear power plant interfaces, and satellite interfaces as part of ""Operation Wrath of Anakin: No Time to Die"". The extensive entries on the hacktivist were reduced to a few paragraphs in October, citing alleged POV violations, failed verifications and unreliable sources.",2022-10-29,2022-10-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Mino Space - Ministry of Emergency Management (China),China; China,ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure - State institutions / political system,Space - Government / ministries,Anonymous,Not available,Non-state-group,Hacktivist(s),1,6660,2022-10-29 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Not available,Non-state-group,https://web.archive.org/web/20221029025947/http://120.52.31.152:8000/file/049f1bc0-117f-430d-9184-fb8f53e7519c.pdf,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://intrusiontruth.wordpress.com/2022/12/24/no-limits-relationship-chinas-state-hackers-scoop-up-intelligence-on-ukraine-and-russia/; https://www.taiwannews.com.tw/en/news/4703442; https://web.archive.org/web/20221029025947/http://120.52.31.152:8000/file/049f1bc0-117f-430d-9184-fb8f53e7519c.pdf; https://www.itworldcanada.com/post/anonymous-hacks-chinas-emergency-management-website; https://www.taipeitimes.com/News/taiwan/archives/2022/11/02/2003788129; https://web.archive.org/web/20221029024120/http://120.52.31.152:8000/file/b0d66768-0140-4060-9a2d-b4cd37db7ef3.png; https://web.archive.org/web/20221029024204/http://120.52.31.152:8000/file/e1c0337d-ddc9-4729-b3ea-d92a72a8b399.png; https://web.archive.org/web/20221029024536/http://120.52.31.152:8000/file/66e7706b-e7b1-450d-99df-57f901e10f6d.png; https://web.archive.org/web/20221029024250/http://120.52.31.152:8000/file/1c0cc1ac-b7f7-4d0b-8a8c-c387ec99038d.png; https://web.archive.org/web/20221029024701/http://120.52.31.152:8000/file/70b600c6-6c52-4d20-a832-c55ef3eac4ab.png; https://web.archive.org/web/20221029051732/https://urlscan.io/result/bc8aa3fc-02f8-4e16-bbb9-aa663c366af3/compare,2022-12-29,2023-02-08
1819,Russian hacktivist group Digital Revolution breached documents from a contractor for the Russian FSB in 2019 and leaked them in 2020,"In March 2020, BBC Russia reports on the publication of a dozen documents from a Russian Federal Security Service (FSB) contractor by the hacktivist group Digital Revolution. The documents revealed the FSB's effort to obtain an Internet of Things (IoT) botnet system called Fronton. The documents were breached as early as April 2019, according to Digital Revolution. This system can be used to carry out DDoS attacks. The cyber intelligence firm Nisos reports in 2022 that the system can also be used to coordinate and disseminate disinformation in social media. ",2019-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Digital Revolution,Russia,Non-state-group,Hacktivist(s),1,6658,2020-03-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Digital Revolution,Not available,Russia,Digital Revolution,Russia,Non-state-group,https://www.bbc.com/russian/news-51951933,System / ideology; National power; Cyber-specific,System/ideology; National power,Russia (opposition); Russia (opposition),Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.bbc.com/russian/news-51951933; https://www.cyberscoop.com/fronton-ddos-coordinated-inauthentic-behavior-fsb/; https://www.nisos.com/blog/fronton-botnet-report/; https://meduza.io/en/feature/2020/03/19/russia-s-internet-knockout-punch; https://www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/; https://therecord.media/treasury-department-hits-russian-disinformation-operators-with-sanctions/,2022-12-29,2024-04-18
1816,Financially-motivated hacker group BlueNoroff compromised a company employee in the United Arab Emirates beginning in September 2022,"Financially-motivated hacker group BlueNoroff compromised an employee in the sales department of a home financing company with likely Japan connections in the United Arab Emirates beginning on 2 September 2022, according to IT security company Kaspersky. 
BlueNoroff is known to be a subgroup of the notorious state-sponsored hacking group Lazarus. 
What stands out in this cyber incident is the circumvention of the Mark-of-the-Web flag by using different file types. 
Kaspersky claims with low confidence that the hacker group is interested in Japanese-related targets due to the Japanese spoofing websites and file names. ",2022-09-02,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,United Arab Emirates,ASIA; MENA; MEA; GULFC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Blue Noroff/APT38/Stardust Chollima/G0082/Sapphire Sleet fka COPERNICUM/Genie Spider < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6661,2022-12-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,"Blue Noroff/APT38/Stardust Chollima/G0082/Sapphire Sleet fka COPERNICUM/Genie Spider < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securelist.com/bluenoroff-methods-bypass-motw/108383/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,Not available,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2022/12/bluenoroff-apt-hackers-using-new-ways.html; https://securelist.com/bluenoroff-methods-bypass-motw/108383/; https://www.securityweek.com/north-korean-hackers-created-70-fake-bank-venture-capital-firm-domains; https://twitter.com/Dinosn/status/1608173665547583488; https://twitter.com/obiwan666/status/1608181359079743488; https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html,2022-12-28,2023-12-21
1813,Hacker group PLAY carried out a ransomware attack on the Belgian city of Antwerp on 6 December 2022,"The hacker group PLAY carried out a ransomware attack on the Belgian city of Antwerp on 6 December 2022, as first reported by Het Laatste Nieuws. 
The impact and nature of this ransomware attack is still unclear. An initial media report by HLN on the morning of 6 December said that the ransomware attack on 5-6 December crippled a number of municipal services by hacking into servers of IT service provider Digipolis. 
On 6 December, the vice minister-president of the Flemish government and Flemish minister for Living Together and Domestic Administration Bart Somers declared that he ""now wants to release 1.25 million euros for emergency incidents such as these in Antwerp"". 
On 11 December, the hacker group PLAY added the city of Antwerp to its list of victims on its website. They claim to have stolen 557 gigabytes of data, including personal information, passports and more, and announced that they will release this data on 19 December if the ransom demand is not paid. 
The following day, ITdaily reports that data belonging to the city of Antwerp was encrypted, disrupting a number of city services including libraries, museums and schools. 
On 19 December and before, the mayor of Antwerp, Bart de Wever, confirmed at a press conference that about 500 gigabytes of data had been stolen. However, he also says that the disruption to the city of Antwerp was not due to the hacker group, but to the city's security measures. The person in charge of the city of Antwerp even reveals that the stolen data is not personal information, as claimed by the hacker group, but login data and documents related to the city's staff and construction projects. ",2022-12-05,2022-12-06,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Ransomware,City of Antwerp,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Civil service / administration,PLAY,Not available,Non-state-group,Criminal(s),1,12131,2022-12-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,PLAY,Not available,Not available,PLAY,Not available,Non-state-group,https://twitter.com/BrettCallow/status/1602139287155347456,Unknown,Not available,,Not available,,1,2022-12-06 00:00:00,EU member states: Stabilizing measures,Statement by subnational executive official,Belgium,"Bart Somers (Vice minister-president of the Flemish government and Flemish minister for Living Together and Domestic Administration, Belgium)",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,Human rights,,Not available,1,2022-12-06 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Belgium,"Kristof Aerts (Official at the Public Prosecutor's office in Antwerp, Belgium)",Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/; https://twitter.com/ransomwaremap/status/1600121283064184832; https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-belgium-city-of-antwerp/; https://therecord.media/play-ransomware-group-claims-responsibility-for-antwerp-attack-as-second-belgian-city-confirms-new-incident/; https://www.malwarebytes.com/blog/news/2022/12/play-ransomware-attacks-government-agencies-and-their-providers; https://therecord.media/antwerp-denies-negotiating-ransomware-payment-as-city-disappears-from-leak-site/; https://twitter.com/cahlberg/status/1604885201544282113; https://www.malwarebytes.com/blog/news/2022/12/play-ransomware-group-claims-to-have-stolen-h-hotel-data; https://www.vrt.be/vrtnws/nl/2022/12/12/nieuwe-cyberaanval/; https://bartsomers.be/nieuws/bart-somers-wil-war-room-voor-lokale-besturen-die-slachtoffer-zijn-van-cyberaanvallen/?lid=6249; https://twitter.com/BartSomers/status/1602317525336850432?ref_src=twsrc%5Etfw; https://www.vrt.be/vrtnws/fr/2022/12/12/apres-anvers-c_est-au-tour-de-la-ville-de-diest-detre-visee-par/; https://bartsomers.be/nieuws/bart-somers-roept-lokale-besturen-op-om-cyber-audit-te-laten-doen/?lid=6249; https://m.standaard.be/cnt/dmf20221206_93860773; https://m.standaard.be/cnt/dmf20221206_93860773; https://www.gva.be/cnt/dmf20221218_93646922; https://www.vrt.be/vrtnws/nl/2022/12/19/bart-de-wever-over-hacking-antwerpse-stadsdiensten-tot-nu-geen/; https://itdaily.be/nieuws/security/cyberaanval-antwerpen-opgeeist-557-gb-aan-data-gestolen/; https://twitter.com/BrettCallow/status/1602139287155347456; https://twitter.com/alexandradarch/status/1600220828892770304; https://www.hln.be/antwerpen/rusthuizen-schakelen-over-op-pen-en-papier-na-massale-cyberaanval-op-antwerpse-stadsdiensten~a24d88fa/; https://www.bleepingcomputer.com/news/security/rackspace-confirms-play-ransomware-was-behind-recent-cyberattack/; https://therecord.media/play-ransomware-group-claims-attack-on-arnold-clark-one-of-britains-largest-car-dealerships/; https://twitter.com/BushidoToken/status/1624763921054703618; https://www.malwarebytes.com/blog/news/2023/06/play-ransomware-gang-compromises-spanish-bank-threatens-to-leak-files; https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomwares-dark-web-extortion-sites-seized-by-police/; https://therecord.media/play-ransomware-targets-hundreds; https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-300-victims-including-critical-orgs/; https://www.lalibre.be/belgique/judiciaire/2024/01/17/le-parquet-danvers-ouvre-une-enquete-contre-des-journalistes-fact-checkers-apres-une-operation-de-sensibilisation-sur-la-cybersecurite-A37LAXT4VFFXRI52KEQN5U3W2Q/,2022-12-27,2024-01-17
1814,Iranian hacker group Moses Staff hacked and controlled dozens of Israeli CCTV cameras since 2021,"Iranian hacker group Moses Staff hacked and controlled dozens of Israeli CCTV cameras to monitor senior Israeli officials since 2021, according to an investigative report of Israeli broadcaster Kan. 
The hacker group uploaded footage of Israel's Rafael defense contractor factory in Haifa, of the cities Jerusalem and Tel Aviv and of a terror attack in Jerusalem on 24 November 2022. ",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Not available,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Moses Staff/Marigold Sandstorm fka DEV-0500/Cobalt Sapling (IRGC),"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),2,11573; 11574,2022-12-19 00:00:00; 2022-11-24 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Attacker confirms,Israeli Public Broadcasting Corporation (IPBC); Moses Staff,Not available; Not available,"Israel; Iran, Islamic Republic of",Moses Staff/Marigold Sandstorm fka DEV-0500/Cobalt Sapling (IRGC); Moses Staff/Marigold Sandstorm fka DEV-0500/Cobalt Sapling (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,https://t.me/moses_staff_se_15/209; https://www.timesofisrael.com/report-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act/; https://twitter.com/kann_news/status/1604906102084505601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1604906102084505601%7Ctwgr%5E3258288abd4410203c842f7e69bd61c23d20ccf3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.timesofisrael.com%2Freport-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act%2F,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,11-50,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/HackRead/status/1596247056234020867; https://www.timesofisrael.com/liveblog_entry/iranians-hacked-major-israeli-security-organization-to-get-footage-of-jerusalem-attack/; https://t.me/moses_staff_se_15/209; https://www.hackread.com/moses-staff-hackers-jerusalem-footage/; https://twitter.com/Cyber_O51NT/status/1605529844749463553; https://securityaffairs.co/wordpress/139934/hacking/iranian-group-hacked-israeli-cctv-cameras.html; https://www.haaretz.com/israel-news/security-aviation/2022-12-23/ty-article-magazine/.premium/revealed-the-israeli-firm-selling-dystopian-hacking-capabilities/00000185-0bc6-d26d-a1b7-dbd739100000; https://twitter.com/securityaffairs/status/1606392422665265170; https://twitter.com/securityaffairs/status/1606292867248332800; https://www.timesofisrael.com/report-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act/; https://twitter.com/kann_news/status/1604906102084505601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1604906102084505601%7Ctwgr%5E3258288abd4410203c842f7e69bd61c23d20ccf3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.timesofisrael.com%2Freport-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act%2F; https://www.haaretz.com/israel-news/security-aviation/2022-12-26/ty-article-magazine/this-dystopian-cyber-firm-could-have-saved-mossad-assassins-from-exposure/00000185-0bc6-d26d-a1b7-dbd739100000; https://www.haaretz.com/israel-news/security-aviation/2022-12-26/ty-article-magazine/.premium/this-dystopian-cyber-firm-could-have-saved-mossad-assassins-from-exposure/00000185-0bc6-d26d-a1b7-dbd739100000; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf,2022-12-27,2023-07-14
1815,Hacker group STEPPY#KAVACH infected targets associated with the Indian government beginning in 2021,"Hacker group STEPPY#KAVACH infected targets associated with the Indian government to exfiltrate Kavach files beginning in 2021, according to IT security company Securonix.
Kavach is an authentication system used by Indian government officials. 
The hacker group STEPPY#KAVACH shows many commonalities with the Pakistani hacker group SideCopy and the Pakistani state-sponsored hacker group Transparent Tribe.",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,STEPPY#KAVACH,Not available,Unknown - not attributed,,1,6208,2022-12-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Securonix,,United States,STEPPY#KAVACH,Not available,Unknown - not attributed,https://www.securonix.com/blog/new-steppykavach-attack-campaign/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,Not available,Not available,0.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2022/12/researchers-warn-of-kavach-2fa-phishing.html; https://www.securonix.com/blog/new-steppykavach-attack-campaign/,2022-12-27,2023-02-09
1808,"The hacker group Raspberry Robin and the malware of the same name gained access to networks of Latin American, European and Australian telecommunications companies and governments in September 2022","The hacker group Raspberry Robin and the malware of the same name gained access to networks of Latin American, European and Australian telecommunications companies and governments in September 2022, according to Trend Micro.
What is special about this cyber incident is that the malware is obfuscated behind many layers and triggers a fake payload once the malware is detected. 
The motivation of the hacking group ranges from data theft to cyber espionage. ",2022-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,Australia; Europe (region); South America,OC -  - ,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,Raspberry Robin,Not available,Unknown - not attributed,,1,6199,2022-12-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,Japan,Raspberry Robin,Not available,Unknown - not attributed,https://www.trendmicro.com/en%5Fus/research/22/l/raspberry-robin-malware-targets-telecom-governments.html,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Hardware Additions,Data Exfiltration,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,11-20,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/raspberry-robin-worm-drops-fake-malware-to-confuse-researchers/; https://thehackernews.com/2022/12/raspberry-robin-worm-strikes-again.html; https://www.trendmicro.com/en%5Fus/research/22/l/raspberry-robin-malware-targets-telecom-governments.html; https://securityaffairs.co/wordpress/139964/breaking-news/raspberry-robin-targets-telecom-governments.html; https://twitter.com/securityaffairs/status/1606655598140997632; https://twitter.com/Dinosn/status/1606708841235750912; https://securityaffairs.co/wordpress/139988/breaking-news/security-affairs-newsletter-round-399-by-pierluigi-paganini.html; https://www.darkreading.com/threat-intelligence/raspberry-robin-worm-highly-complex-upgrade; https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html; https://therecord.media/financial-institutions-in-portugal-and-spain-targeted-by-new-raspberry-robin-malware/; https://twitter.com/BushidoToken/status/1653693699224748032; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023; https://www.bleepingcomputer.com/news/security/cisa-warns-of-microsoft-streaming-bug-exploited-in-malware-attacks/,2022-12-22,2023-05-04
1809,Multiple threat actors accessed the networks of the Foreign Affairs Office of an ASEAN member and exported data,"Multiple threat actors accessed the networks of the Foreign Affairs Office of an ASEAN member and exported data from the mailboxes of targeted officials. According to a report by Elastic Security Labs, the actors used a backdoor Elastic named ""SiestaGraph"" in the still ongoing operation. ",2022-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Foreign Affairs Office (ASEAN member country),Not available,,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,6787; 6787,2022-12-16 00:00:00; 2022-12-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Elastic Security Labs; Elastic Security Labs,,Netherlands; United States,Not available; Not available,Not available; Not available,Not available; Not available,https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry?utm_source=substack&utm_medium=email,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Cyber espionage,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry?utm_source=substack&utm_medium=email; https://twitter.com/SentinelOne/status/1626259782402457600; https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/; https://therecord.media/middle-east-telecoms-espionage-sentinelone-microsoft-google-dropbox/,2022-12-22,2023-06-16
1807,Hacking group UAC-0142 compromised Ukrainian battle management system Delta in December 2022,"An unidentified hacking group compromised the real-time battle management system Delta used by Ukraine's armed forces for situational awareness about enemy activity and defensive manoeuvres.
A spokesperson for the Defense Technology Innovation and Development Center of the Ukrainian Ministry of Defense, which developed the platform in collaboration with the Ministry of Digital Transformation and international partners, confirmed the breach to The Record.
The Ukrainian CERT had previously warned about suspicious activity directed against Delta users, tracked as threat cluster UAC-0142. The intruding group sought to use two tools designed for data theft, FateGrab and StealDeal, with no public indication of success. The attack coincided with a presentation of Delta at the NATO headquarters during the same week, on 13 and 14 December in Brussels. The spokesperson of the Innovation Department noted the incident had been detained in the preparation stage. ",2022-12-15,2022-12-15,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Delta,Ukraine,EUROPE; EASTEU,State institutions / political system,Military,UAC-0142,Not available,Unknown - not attributed,,1,12132,2022-12-18 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,UAC-0142,Not available,Unknown - not attributed,https://cert.gov.ua/article/3349703,Unknown,Unknown,,Unknown,,1,2022-12-20 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Not available,Defense Technology Innovation and Development Center of the Ukrainian Ministry of Defense,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/ukraine-military-tablets-sandworm-hacking-attempt; https://twitter.com/3xp0rtblog/status/1604899693389090827; https://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html; https://www.securityweek.com/ukraines-delta-military-intelligence-program-targeted-hackers; https://therecord.media/military-operations-software-in-ukraine-was-breached-by-russian-hackers/; https://cert.gov.ua/article/3349703; https://twitter.com/securityaffairs/status/1605339909983608832; https://twitter.com/Cyber_O51NT/status/1605025954736136192; https://thehackernews.com/2022/12/ukraines-delta-military-system-users.html; https://twitter.com/switch_d/status/1605553669767938048,2022-12-21,2023-08-03
1805,Russian state-sponsored hacker group Fancy Bear gained access to a US satellite communications provider in early 2022,"Russian state-sponsored hacker group Fancy Bear gained access to a US satellite communications provider in early 2022, according to a presentation by Cybersecurity and Infrastructure Security Agency's (CISA) incident response analyst MJ Emanuel at the CYBERWARCON cybersecurity conference on 10 November 2022. 
The hacker group seemingly exploited a 2018 vulnerability in an unpatched Virtual Private Network (VPN).",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Telecommunications; Space,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11566,2022-11-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"MJ Emanuel (Cybersecurity and Infrastructure Security Agency (CISA), United States)",Not available,United States,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://www.cyberscoop.com/apt28-fancy-bear-satellite/,International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,External Remote Services,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Space law; International telecommunication law; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.cyberscoop.com/apt28-fancy-bear-satellite/; https://twitter.com/DigitalPeaceNow/status/1603770675646398465; https://twitter.com/CyberScoopNews/status/1603803185986125831; https://twitter.com/piret_ccdcoe/status/1603823359661416453; https://twitter.com/BushidoToken/status/1603770828331556864; https://twitter.com/switch_d/status/1604147528731181057; https://twitter.com/Cyber_O51NT/status/1604326436315099136; https://twitter.com/noelle_cowling/status/1604364091480498177; https://twitter.com/CyberScoopNews/status/1604890252505919489; https://twitter.com/CyberScoopNews/status/1604858927216488449; https://twitter.com/CyberScoopNews/status/1607809246074179584; https://cyberscoop.com/solarium-commission-space-systems-critical-infrastructure/; https://twitter.com/BushidoToken/status/1649697884542062592; https://www.defenseone.com/technology/2023/05/space-force-will-look-how-hack-targets-space/386755/,2022-12-19,2024-04-23
1804,Ukrainian IT Army hacked the website of Russian mercenary Wagner group and claimed to have stolen data in September 2022,"According to a Telegram post by Mykhailo Fedorov, Ukrainian Minister of Digital Transformation, the IT Army of Ukraine hacked the website of Wagner Private Military Company (PMC) on September 19, 2022 and stole personal data of the mercenaries that were employed by the company, which is owned by Russian oligarch Yevgenii Prigozhyn. The IT Army reposted the Telegram post by Fedorov on their own Telegram channel. The IT Army of Ukraine are a group of hacktivists that hack Russian targets in defense of Ukraine in the Ukraine-Russia War. The announcement of this cyberattack followed the online video of someone appearing to be Prigozhyn recruiting Russian prisoners to work as mercenaries. During the cyberattack, the hacktivists supposedly defaced the Wagner website with graphic images of dead soldiers and a message that stated: [English Translation] “All of your personal site data is with us. Welcome to the Ukraine. We are waiting for you 😈,”. Documentation of the defacement was offered in the IT Army Telegram post which included a link to a web archive of the Wagner website. The Wagner Group is a private military contractor contracted by the Russian Ministry of Defense and operates in Ukraine as mercenary soldiers for Russia. The data stolen in the attack hadn't been posted online as of September 21, 2022.",2022-09-19,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft; Disruption,Wagner Private Military Company (PMC; Russia),Russia,EUROPE; EASTEU; CSTO; SCO,Other,,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,7495; 7495,2022-09-19 00:00:00; 2022-09-19 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,IT Army of Ukraine; Mykhailo Fedorov (Minister of Digital Transformation of Ukraine),Not available; Not available,Ukraine; Ukraine,IT Army of Ukraine; IT Army of Ukraine,Ukraine; Ukraine,Non-state-group; Non-state-group,https://t.me/zedigital/2445,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Defacement,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,Not available,Not available,2,Moderate - high political importance,2.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,,,Sovereignty,,Not available,,https://t.me/itarmyofukraine2022/693; https://www.pravda.com.ua/eng/news/2022/09/19/7368185/; https://news.yahoo.com/ukrainian-army-hacks-russia-wagner-075200053.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAMbULQIV5_HAHXZ30qW-myGMI5ipDO0f23aYLpNyg7W8O45BhWOQcem-MGUweaiWoJJ-xRSMwkUt3dQT-sMConWiA_pQjU4Elgyt0wsSNi2_-P5QsVFGU8JB-GRXJkPl6q2mndCgAiiJsuLOCMKiJrIqIHQSubqvpD84RD6_kln9; https://www.vice.com/en/article/4ax459/pro-ukraine-hacktivists-claim-to-have-hacked-notorious-russian-mercenary-group; https://www.ibtimes.com/ukrainian-it-army-hacks-russias-wagner-mercenary-site-gathers-all-personal-data-mercenaries-3614551; https://www.scmagazine.com/brief/threat-intelligence/russian-mercenary-group-allegedly-hacked-by-pro-ukraine-hackers; https://t.me/zedigital/2445,2022-12-16,2023-06-30
1802,Threat activity group UNC4166 gained access to and stole information from Ukrainian government networks beginning in mid-July 2022,"The threat activity group UNC4166 gained access to and stole information from Ukrainian government networks from 13 July 2022 to at least 28 November 2022, according to a technical report by threat intelligence company Mandiant. 
UNC4166 distributed trojanized Windows 10 installers via torrent sites in a supply-chain attack. 
Mandiant has not yet associated UNC4166 with a specific threat actor or sponsor but notes overlaps in the victimology with GRU-affiliated groups that conducted wiper attacks following Russia's invasion of Ukraine. ",2022-07-13,2022-11-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,UNC4166,Not available,Unknown - not attributed,,1,5613,2022-12-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,UNC4166,Not available,Unknown - not attributed,https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Supply Chain Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html; https://www.bleepingcomputer.com/news/security/ukrainian-govt-networks-breached-via-trojanized-windows-10-installers/; https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government; https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government; https://twitter.com/JohnHultquist/status/1603411638736101377; https://twitter.com/ericgeller/status/1603464919050952704; https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html; https://therecord.media/new-supply-chain-attack-targeted-ukrainian-government-networks/; https://twitter.com/RecordedFuture/status/1603820762963525634; https://twitter.com/M_Miho_JPN/status/1604143678888751104; https://www.schneier.com/blog/archives/2022/12/trojaned-windows-installer-targets-ukraine.html,2022-12-16,2023-03-02
1800,Chinese-speaking hacker group MirrorFace gained access to and stole information of Japanese political entities beginning in June 2022,"The Chinese-speaking hacker group MirrorFace gained access to and stole documents and emails from Japanese political entities for espionage purposes in late June and July 2022, according to a technical report by IT security company ESET. 
MirrorFace targeted members of a specific political party through spearphishing in the run-up to the elections for the House of Councillors, the upper chamber of Japan's parliament, that took place on 10 July 2022. 
MirrorFace deployed the group's proprietary LODEINFO backdoor and the previously unknown credential stealer MirrorStealer. Code overlaps with LODEINFO had previously led Kaspersky to attribute related intrusions to APT10 with high confidence. In its assessment, ESET acknowledges these potential links but continuous to track the group as a separate activity cluster.",2022-06-29,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Japan,ASIA; SCS; NEA,State institutions / political system,Political parties,MirrorFace,China,Unknown - not attributed,,1,11564,2022-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,MirrorFace,China,Unknown - not attributed,https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/,International power,Territory; Resources; International power,China - Japan (East China Sea); China - Japan (East China Sea); China - Japan (East China Sea),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration; Data Encrypted for Impact,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,,0.0,euro,Not available,Cyber espionage,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/; https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/; https://twitter.com/ESETresearch/status/1602983166498770944; https://twitter.com/ESETresearch/status/1602983170751750144; https://www.bleepingcomputer.com/news/security/hackers-target-japanese-politicians-with-new-mirrorstealer-malware/; https://securityaffairs.co/wordpress/139698/apt/mirrorface-apt-group-targets-japan.html; https://thehackernews.com/2022/12/researchers-uncover-mirrorface-cyber.html; https://www.securityweek.com/chinese-cyberspies-targeted-japanese-political-entities-ahead-elections; https://twitter.com/securityaffairs/status/1603468611770847253; https://www.darkreading.com/attacks-breaches/chinese-apt-group-mirrorface-interferes-japanese-elections; https://www.welivesecurity.com/videos/mirrorface-aims-high-value-targets-japan-week-security-tony-anscombe/; https://twitter.com/DarkReading/status/1603827006625415185; https://twitter.com/Dinosn/status/1603799083675779073; https://twitter.com/securityaffairs/status/1604075791926665218; https://securitymea.com/2023/02/09/eset-threat-reports-on-russian-invasions-impact-on-digital-threats/; https://thehackernews.com/2024/01/lodeinfo-fileless-malware-evolves-with.html,2022-12-15,2023-07-14
1801,Unnamed subcluster of Iranian state-sponsored hacker group TA453 compromised a close affiliate of former US National Security Advisor John Bolton with KORG malware,"An unnamed subcluster of Iranian state-sponsored hacker group TA453 compromised a close affiliate of former US National Security Advisor John Bolton with KORG malware, according to a technical report by Proofpoint. 
Proofpoint had previously linked TA453 activities to strategic interests of the Intelligence Organization of the Islamic Revolutionary Guard Corps (IRGC-IO). In its analysis, Proofpoint identifies an evolution in the group's focus on phishing academics, researchers, diplomats, dissidents, journalists, and human rights advocates towards support for kinetic operations. Impersonating or spoofing trusted connections, the group has sought to initiate real world meetings as a setup for kidnapping attempts. In view of this nexus to on-the-ground operations, Proofpoint assesses with medium confidence TA453 may be assisting other state entities, including Iran's Quds Force, the IRGC branch responsible for covert operations. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,United States,NATO; NORTHAM,Unknown,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State",,1,11565; 11565; 11565; 11565,2022-12-14 00:00:00; 2022-12-14 00:00:00; 2022-12-14 00:00:00; 2022-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Proofpoint; Proofpoint; Proofpoint; Proofpoint,; ; ; ,United States; United States; United States; United States,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Islamic Revolutionary Guard Corps (IRGC); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations,System / ideology; International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/iran-linked-cyberspies-expand-targeting-to-medical-researchers-travel-agencies/; https://www.cyberscoop.com/iran-ta453-charming-kitten-phosphorus-hacking-bolton/; https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations; https://twitter.com/DigitalPeaceNow/status/1603045899411722241; https://www.databreaches.net/iran-linked-charming-kitten-espionage-gang-bares-claws-to-pollies-power-orgs/,2022-12-15,2023-07-14
1795,Subgroup of Iranian government-sponsored COBALT MIRAGE compromised a local US government network using Drokbk malware in February 2022,"A subgroup of Iranian government-sponsored COBALT MIRAGE (Nemesis Kitten/ DEV-0270) compromised a local US government network using two Log4j vulnerabilities (CVE-2021-44228; CVE-2021-45046) on the target organization's VMware Horizon server and deployed Drokbk malware in February 2022, according to a technical report by IT security company Secureworks. 
The activities are linked to a sub-team Secureworks tracks as Cluster B linked to COBALT MIRAGE (DEV-0270), which itself operates as a suspected subgroup of Phosphorus (APT35/ Charming Kitten). 
What is special about DRokbk malware is that it uses GitHub as a Dead Drop Resolver in order to determine the necessary C2 server. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,"Cluster B < COBALT MIRAGE/ Nemesis Kitten/ TunnelVision/ UNC2448/ DEV-0270 < Phosphorus/ APT35/ Charming Kitten (Iranian Revolutionary Guard Corps, Najee Technology/ Afkar System)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,11563; 11562,2022-12-09 00:00:00; 2022-03-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Secureworks; eSentire,,United States; Canada,"Cluster B < COBALT MIRAGE/ Nemesis Kitten/ TunnelVision/ UNC2448/ DEV-0270 < Phosphorus/ APT35/ Charming Kitten (Iranian Revolutionary Guard Corps, Najee Technology/ Afkar System); Cluster B < COBALT MIRAGE/ Nemesis Kitten/ TunnelVision/ UNC2448/ DEV-0270 < Phosphorus/ APT35/ Charming Kitten (Iranian Revolutionary Guard Corps, Najee Technology/ Afkar System)","Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Unknown - not attributed",https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver,Unknown,System/ideology; International power,Iran – USA; Iran – USA,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/local-governments-allegedly-targeted-with-iranian-drokbk-malware-through-log4j-vulnerability/; https://www.darkreading.com/threat-intelligence/iranian-apt-targets-us-drokbk-spyware-github; https://thehackernews.com/2022/12/researchers-uncover-new-drokbk-malware.html; https://twitter.com/unix_root/status/1601212317747662849; https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver; https://www.esentire.com/blog/exploitation-of-vmware-horizon-servers-by-tunnelvision-threat-actor; https://www.secureworks.com/blog/cobalt-mirage-conducts-ransomware-operations-in-us,2022-12-14,2024-01-18
1794,The Argentinian National Institute of Statistics and Censuses (INDEC) was disrupted by a virus on 5 December 2022,"The Argentinian National Institute of Statistics and Censuses (INDEC) was disrupted by a virus which affected the hosting server and the user validation system on 5 December 2022, according to the Institute. ",2022-12-05,2022-12-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,National Institute of Statistics and Censuses (INDEC; Argentina),Argentina,SOUTHAM,State institutions / political system,Civil service / administration,Not available,Not available,Not available,,1,6790,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://tsnnecochea.com.ar/generales/hackeos-historicos-en-argentina-127653.html; https://tsnnecochea.com.ar/generales/hackeos-historicos-en-argentina-127653.html; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-19/; https://www.infobae.com/economia/2022/12/05/un-virus-hizo-caer-a-la-pagina-del-indec/; https://twitter.com/INDECArgentina/status/1599752968294658048,2022-12-14,2023-02-09
1793,Cyber-criminals used PLAY ransomware to disrupt the Congress of the Mexican state Jalisco in December 2022,"Cyber-criminals used PLAY ransomware to disrupt the Congress of the Mexican state Jalisco from 2 to 4 December 2022. 
The president of the board of directors said during a press conference on 6 December that a group of cyber-criminals was responsible for hacking 14 of the 17 servers of the Congress. 
Secretary General of the Congress Tomás Figueroa claimed the criminals had also attacked other government agencies. ",2022-12-02,2022-12-04,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Congress of the State of Jalisco (Mexico),Mexico,,State institutions / political system,Legislative,Not available,Not available,Non-state-group,Criminal(s),1,12133,2022-12-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"Mirelle Montes Agredano (President of the Board of Directors and Member of the Congress of Jalisco, Mexico)",Not available,Mexico,Not available,Not available,Non-state-group,https://www.infobae.com/america/mexico/2022/12/07/hackers-atacaron-los-servidores-del-instituto-de-estadistica-y-el-congreso-de-jalisco/,Unknown,Not available,,Not available,,1,2022-12-06 00:00:00,State Actors: Stabilizing measures,Subnational executive official,Mexico,"Tomás Figueroa (Secretary General of the Congress of Jalisco, MEX)",No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-19/; https://twitter.com/ransomwaremap/status/1600943634982977537; https://mesaderedaccion.com/noticias/congreso-de-jalisco-sufre-ataque-cibernetico/; https://www.infobae.com/america/mexico/2022/12/07/hackers-atacaron-los-servidores-del-instituto-de-estadistica-y-el-congreso-de-jalisco/; https://twitter.com/LegislativoJal/status/1600165485223432194?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1600165485223432194%7Ctwgr%5E8563dc602a412f1e035ff9c8fae56f16007ed140%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.infobae.com%2Famerica%2Fmexico%2F2022%2F12%2F07%2Fhackers-atacaron-los-servidores-del-instituto-de-estadistica-y-el-congreso-de-jalisco%2F; https://www.congresojal.gob.mx/boletines/vulneran-servidores-del-poder-legislativo,2022-12-14,2023-08-03
1797,Anonymous and IT Army of Ukraine target Russian Banks in September 2022,"Anonymous and the IT Army of Ukraine claim that they targeted several Russian banks in a wave of cyber attacks in September 2022, including: Central Bank of Russia, MKBan, Gazprombank, Moscow Credit Bank, Sovkombank.  During the attack, bank customers were unable to send and receive payments, access their personal accounts, access mobile banking, or withdraw ATM funds. The pro-Ukrainian hacktivist group, IT Army of Ukraine, claimed to leak stolen documents from Central Bank of Russia (2.6 GB) on November 3, 2022 which contained 27,000 files. It cannot plausibly be assessed whether the leaked files have been obtained during the attacks in September. ",2022-08-29,2022-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Credit Bank of Moscow - MKBank - Sovkombank - Gazprombank - Central Bank of Russia,Russia; Russia; Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - State institutions / political system; Critical infrastructure,"Finance - Finance - Finance - Finance - Other (e.g., embassies); Finance",Anonymous; IT Army of Ukraine,Not available; Ukraine,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,7500; 7500; 7500; 7500; 7500; 7500; 7500; 7500,2022-09-10 00:00:00; 2022-09-10 00:00:00; 2022-09-10 00:00:00; 2022-09-10 00:00:00; 2022-09-10 00:00:00; 2022-09-10 00:00:00; 2022-09-10 00:00:00; 2022-09-10 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Anonymous; Anonymous; Anonymous; Anonymous; IT Army of Ukraine; IT Army of Ukraine; IT Army of Ukraine; IT Army of Ukraine,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ,Anonymous; Anonymous; IT Army of Ukraine; IT Army of Ukraine; Anonymous; Anonymous; IT Army of Ukraine; IT Army of Ukraine,Not available; Ukraine; Not available; Ukraine; Not available; Ukraine; Not available; Ukraine,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://therecord.media/ukrainian-hacktivists-claim-to-leak-trove-of-documents-from-russias-central-bank/; https://www.fonetech.cz/hackeri-z-anonymous-sestrelili-dalsi-dve-ruske-banky-lide-nemohou-vybirat-z-bankomatu-ani-posilat-platby/; https://twitter.com/Anonymous_Link/status/1568542301554630656,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Russia,Not available,No,,Not available,Network Denial of Service,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,No justification under IL,,Not available,Not available,Sovereignty,,No response justified (missing state attribution & breach of international law),,https://therecord.media/ukrainian-hacktivists-claim-to-leak-trove-of-documents-from-russias-central-bank/; https://www.fonetech.cz/hackeri-z-anonymous-sestrelili-dalsi-dve-ruske-banky-lide-nemohou-vybirat-z-bankomatu-ani-posilat-platby/; https://twitter.com/Anonymous_Link/status/1568542301554630656; https://twitter.com/NewAnon0ps/status/1569072038865772544; https://euromaidanpress.com/2022/09/12/ukraines-it-army-paralized-2400-russian-resources-in-2-weeks/; https://www.pravda.com.ua/eng/news/2022/09/12/7367111/; https://odessa-journal.com/digital-attacks-from-the-it-army-more-than-2400-paralyzed-online-resources-in-2-weeks/,2022-12-14,2023-05-16
1791,Cyber-espionage group Cloud Atlas gained acess to various sectors across countries in Eastern Europe beginning in March 2022,"Cyber-espionage group Cloud Atlas gained acess to various sectors in various countries in Eastern Europe beginning in March 2022, according to technical reports of Check Point Research and Russia-based Positive Technologies. (The US Treasury Department sanctioned Positive Technology on 21 April 2021 over the company's alleged support to the FSB.) 
From March to April 2022, Cloud Atlas targeted the pro-Russian breakaway state Transnistrian Moldavian Republic.
Starting in June 2022, Cloud Atlas targeted the transportation and military radio-electronics sector in Belarus; the government, energy and metal industries sector in Russia as well as unspecified targets on the Crimean Peninsula and the oblasts of Donetsk and Luhansk in Ukraine. 
Against this backdrop, the threat intelligence reports link the activities to the increase in tensions between Russia and Ukraine in the run-up and following Russia's large-scale invasion of Ukraine on 24 February 2022.",2022-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available,"Belarus; Ukraine; Moldova, Republic of; Russia",EUROPE; EASTEU; CSTO - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU; CSTO; SCO, - Unknown - Unknown - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  - Government / ministries; ,Inception Framework/Cloud Atlas/Blue Odin/G0100,Not available,Unknown - not attributed,,2,6792; 6793,2022-12-09 00:00:00; 2022-12-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Check Point Research; Positive Technologies,,Israel; Russia,Inception Framework/Cloud Atlas/Blue Odin/G0100; Inception Framework/Cloud Atlas/Blue Odin/G0100,Not available; Not available,Unknown - not attributed; Unknown - not attributed,https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/; https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html; https://therecord.media/cloud-atlas-targets-russian-orgs-war-phishing; https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/; https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/; https://therecord.media/cyber-espionage-group-cloud-atlas-targets-russia-and-its-supporters/,2022-12-13,2023-12-22
1792,Ransomware hacker group Daixin Team stole personal information of about 5 million customers and all employees of Malaysian airline AirAsia on 12 November 2022,"The ransomware group Daixin Team stole personal information of about 5 million customers and all employees of Malaysian airline AirAsia on 12 November 2022, according to statements of the hacker group made on the news website DataBreaches. 
On 10 December 2022, Malaysia's Communications and Digital Minister Fahmi Fadzil announced that investigations into the incident had begun on 1 December 2022. The hacking group announced plans to publish the data obtained in the hack alongside information about AirAsia's network architecture and backdoors the group set up. In unusual outspokenness, a suspected member, identifying as a spokesperson of Daixin, pointed out that time and labor needed to navigate the airline's convoluted network structure led the group to cut its attack plans short. The same individual highlighted precautionary steps taken by the group to avoid the accidental encryption of systems involved in managing flights.",2022-11-12,2022-11-12,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Hijacking with Misuse; Ransomware,AirAsia Bhd.,Malaysia,ASIA; SCS; SEA,,,Daixin Team,Not available,Unknown - not attributed,,1,12134,2022-11-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Daixin Team,Not available,Not available,Daixin Team,Not available,Unknown - not attributed,https://www.databreaches.net/airasia-victim-of-ransomware-attack-passenger-and-employee-data-acquired/,Unknown,Not available,,Not available,,1,2022-12-10 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Malaysia,Fahmi Fadzil (Communications and Digital Minister; MYS),No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.dailysecu.com/news/articleView.html?idxno=154039; https://www.thestar.com.my/news/nation/2022/12/10/airasia-ransomware-attack-probe-ongoing-to-find-source-and-impact-of-compromised-data-says-fahmi; https://www.databreaches.net/airasia-victim-of-ransomware-attack-passenger-and-employee-data-acquired/; https://www.bursamalaysia.com/market_information/announcements/company_announcement/announcement_details?ann_id=3309520,2022-12-13,2023-10-26
1790,Cyber-espionage group Cloud Atlas gained acess to various sectors in Europe and Southeast Asia beginning in May 2019,"Cyber-espionage group Cloud Atlas gained acess into various sectors - ministries, diplomatic entitities, industrial targets, research entities - in various regions - Europe, Eastern Europe, Southeast Asia - for espionage purposes beginning in May 2019, according to technical reports of Check Point Research and Russia-based Positive Technologies. (The US Treasury Department sanctioned Positive Technology on 21 April 2021 over the company's alleged support to the FSB.) 
At the end of 2021, Cloud Atlas targeted especially government, diplomatic, research and industrial entities in Russia and Belarus as well as unspecified targets on the Crimean Peninsula and in Luhansk and Donetzk. 
Against this backdrop, the threat intelligence reports link the activities to the increase in tensions between Russia and Ukraine in the run-up and following Russia's large-scale invasion of Ukraine on 24 February 2022.",2019-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available,Ukraine; Southeast Asia (region); Europe (region); Russia; Eastern Europe; Belarus,EUROPE; EASTEU -  -  - EUROPE; EASTEU; CSTO; SCO -  - EUROPE; EASTEU; CSTO,Unknown - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; State institutions / political system - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; State institutions / political system," - Government / ministries; ; Other (e.g., embassies) - Government / ministries; ; Other (e.g., embassies) - Government / ministries; ; ; Other (e.g., embassies) - Government / ministries; ; Other (e.g., embassies) - Government / ministries; ; ; Other (e.g., embassies)",Inception Framework/Cloud Atlas/Blue Odin/G0100,Not available,Unknown - not attributed,,2,6794; 6795,2022-12-09 00:00:00; 2022-12-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Check Point Research; Positive Technologies,,Israel; Russia,Inception Framework/Cloud Atlas/Blue Odin/G0100; Inception Framework/Cloud Atlas/Blue Odin/G0100,Not available; Not available,Unknown - not attributed; Unknown - not attributed,https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/; https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/; https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/; https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html; https://therecord.media/cloud-atlas-targets-russian-orgs-war-phishing,2022-12-13,2023-03-28
1788,The Danish Ministry of Defence was hit by a DDoS attack on 8 December 2022,"The Danish Ministry of Defence was hit by a DDoS attack on 8 December 2022, according to the ministry itself. ",2022-12-08,2022-12-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Ministry of Defence (Denmark),Denmark,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,12135,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,2,2022-12-08 00:00:00; 2023-01-31 00:00:00,EU member states: Stabilizing measures; State Actors: Preventive measures,Statement by other ministers (or spokespersons)/members of parliament; Awareness raising,Denmark; Denmark,Ministry of Defence (DNK); Centre for Cyber Security (CFCS) Denmark,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/ransomwaremap/status/1601141787292499968; https://twitter.com/Forsvarsmin/status/1600914431860510899?t=YhOI458cT3r8vHMCLjW9BQ&s=19; https://politiken.dk/indland/art9119800/Hackere-fik-ingen-data-med-sig-i-cyberangreb-mod-Forsvaret; https://twitter.com/thegrugq/status/1610655629705871362; https://twitter.com/JanLemnitzer/status/1610653324021211137; https://politiken.dk/indland/art9150902/Cyberangreb-p%C3%A5-Forsvarets-Efterretningstjeneste-opdaget-efter-fire-minutter.-Stoppet-efter-11-timer; https://therecord.media/ddos-denmark-us-russia-killnet/; https://twitter.com/Cybersikkerhed/status/1620377909860143104?ref%5Fsrc=twsrc%5Etfw; https://twitter.com/cahlberg/status/1620591103572590592,2022-12-13,2023-12-09
1789,A suspected individual hacker published the membership database of the Dutch party Forum for Democracy on 30 November 2022,"A suspected individual hacker published the membership database of the Dutch right-wing party Forum for Democracy (FvD) on 30 November 2022, according to a statement by the party. 
The FvD stated that the hacker intercepted and manipulated the communication between the ForumApp and the FvD membership database. 
A loophole in access rights allowed the suspect to pull and subsequently publish the party's entire membership records. The leak disclosed the private data nearly 93,000 current and former members of the party, including names, home addresses, phone numbers, and bank details.",2022-11-30,2022-11-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Forum for Democracy (FvD; Netherlands),Netherlands,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Political parties,Not available,Netherlands,Individual hacker(s),,1,5914,2022-12-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Forum for Democracy (FvD),Not available,Netherlands,Not available,Netherlands,Individual hacker(s),https://fvd.nl/nieuws/fvd-doet-aangifte-wegens-hacking,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,1,2022-12-09 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Netherlands,Forum voor Democratie (FVD),Not available,,,,https://www.nrc.nl/nieuws/2022/12/09/verdachte-hacken-fvd-app-meldt-zich-bij-de-politie-a4150982; https://fvd.nl/nieuws/fvd-doet-aangifte-wegens-hacking; https://www.rtlnieuws.nl/nieuws/nederland/artikel/5350214/forumapp-lek-privegegevens-leden-op-straat,2022-12-13,2023-03-13
1785,Anonymous defaced the Russian locomotive manufacturing website in May 2022,"The hacktivist group Anonymous defaced a Russian locomotive manufacturing website with a picture of a dead Ukrainian child on May 13, 2022. Additionally, the message ""While many Russian children have fun, others in Ukraine are killed by Putin"" was displayed on the website.",2022-05-13,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,locomotive.org,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Not available,Non-state-group,Hacktivist(s),1,8200,2022-05-13 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Not available,Non-state-group,https://web.archive.org/web/20220513113705/http://www.locomotive.org.ru/catalog.php?id=3&type=1,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://twitter.com/Anonymous_Link/status/1526129754734215168; https://www.thetechoutlook.com/news/technology/security/anonymous-collective-defaced-russian-locomotive-manufacturing-website-with-ukrainian-children-corpse/; https://web.archive.org/web/20220513113705/http://www.locomotive.org.ru/catalog.php?id=3&type=1; https://twitter.com/Anonymous_Link/status/1525077145013219328?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1525077145013219328%7Ctwgr%5E4d30c90147b06648fe92299d2362639f523005f4%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thetechoutlook.com%2Fnews%2Ftechnology%2Fsecurity%2Fanonymous-collective-defaced-russian-locomotive-manufacturing-website-with-ukrainian-children-corpse%2F,2022-12-10,2023-03-03
1786,City council of Ukrainian city Lviv is attacked in May 2022 and data was stolen and published,"On 13 May 2022, the internet networks and services of the Lviv City Council were attacked. This was announced by the city's mayor, Andriy Sadowyj, one day after the cyberattack on Facebook. He suspected Russian actors behind the attack and pointed out that only a small amount of services and computers had been disabled, but most of them had already been restored. Later, Deputy Mayor Andriy Moskalenko announced that parts of the city's working data had been stolen and published on ""enemy"" Telegram channels.


",2022-05-13,2022-05-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption,Lviv City Council,Ukraine,EUROPE; EASTEU,State institutions / political system,Civil service / administration,Not available,Russia,Not available,,2,6799; 6800,2022-05-14 00:00:00; 2022-05-15 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Andriy Sadowyj (Mayor of Lviv, UKR); Andriy Moskalenko (Deputy Mayor of Lviv, UKR)",Not available; Not available,Ukraine; Ukraine,Not available; Not available,Russia; Russia,Not available; Not available,https://www.facebook.com/andriy.sadovyi/posts/572784957542945; https://www.facebook.com/andriy.moskalenko/posts/7327235234013340,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,9.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.facebook.com/andriy.sadovyi/posts/572784957542945; https://www.facebook.com/andriy.moskalenko/posts/7327235234013340; https://city-adm.lviv.ua/news/society/security/291547-khakery-namahalys-zlamaty-internet-merezhi-ta-servisy-merii-lvova; https://city-adm.lviv.ua/news/government/291555-naslidky-kiberataky-na-lviv-vykradeno-chastynu-danykh; https://www.radiosvoboda.org/a/news-lviv-kiberataka-meriya/31851752.html; https://imi.org.ua/en/news/work-data-partially-stolen-in-a-cyber-attack-on-the-lviv-city-council-website-i45579,2022-12-10,2023-02-09
1782,Chinese threat actor Twisted Panda targets Russian Defense Data with backdoor SPINNER since July 2021,"According to the Israeli-American cybersecurity firm Check Point, Chinese hackers attempted in a ""sophisticate attack"" to steal Russian defense data in a cyber espionage campaign in 2022, using a backdoor called SPINNER. The capabilities of the bad actors are ""usually reserved for state-backed intelligence services"" and utilized methods, codes, and social engineering techniques associated with previously seen Chinese-affiliated threat actors. The attack involved malicious emails, supposedly from Russia’s Ministry of Health, were sent to researchers at several Russian military research and development institutions on March 23, 2022. The subject of the email offered appealing information about US-sanctioned persons, yet the emails actually originated from Chinese state-sponsored hackers. And the emails also contained an infected document. The geopolitical relationship between Russia and China was described by Check Point as complicated since ""China appeared to view Russia as a legitimate target for the theft of sensitive military technological information."" The cyber espionage campaign especially targeted research institutes that belong to Rostec Corporation (Ростех) and were associated with research that developed technologies for airborne satellite communications, radar, and electronic warfare. The cyber espionage campaign supposedly began in July 2021, before Russia invaded the Ukraine. The narratives associated with the Ukraine-Russia War were exploited in the espionage campaign emails. Check Point attributed this activity to an unnamed Chinese threat group with connections to state-supported APT10 and Mustang Panda. ",2021-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Hijacking without Misuse,Rostec,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Science,"Other (e.g., embassies); ",Twisted Panda,China,"Non-state actor, state-affiliation suggested",,1,7504,2022-05-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,Check Point ,Israel,Twisted Panda,China,"Non-state actor, state-affiliation suggested",https://www.nytimes.com/2022/05/19/world/asia/china-hackers-russia.html,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,,,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",Not available,Not available,1,Moderate - high political importance,1.0,Not available,0.0,Not available,Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage,,Not available,0,,Not available,,,,Cyber espionage,,Not available,,https://www.nytimes.com/2022/05/19/world/asia/china-hackers-russia.html; https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/; https://intrusiontruth.wordpress.com/2022/12/24/no-limits-relationship-chinas-state-hackers-scoop-up-intelligence-on-ukraine-and-russia/; https://thehackernews.com/2022/05/chinese-twisted-panda-hackers-caught.html; https://blog.checkpoint.com/2022/05/19/twisted-panda-check-point-research-unveils-a-chinese-apt-espionage-campaign-against-russian-state-owned-defense-institutes/,2022-12-09,2023-08-14
1781,"Pro-Ukrainian hacktivists ""hdr0"" claim hack of Russian TV Channel One in Crimea TV to air Pro-Ukrainian Propaganda on September 9, 2022","The hacktivists ""hdr0"" claim to have hijacked various TV Broadcasts to air Pro-Ukrainian Propaganda in Crimea and in Russia during September 2022. On September 9, 2022, a Russian television broadcast (Channel One) in Russian-occupied Crimea was hacked and co-opted for pro-Ukrainian messaging during the Ukraine-Russian War. The hacktivist group ""hdr0"" claim to be behind the operation. The event was reported on the Telegram channel for the Strategic Communications Department (StratCom) of the Armed Forces of Ukraine and also on the hdr0 Telegram channel. The TV broadcast showed excerpts from an address by Ukrainian President Volodymyr Zelenskyy, along with footage of Ukrainian and Crimean Tatar flags to the soundtrack of Tina Karol's song ""Ukraine is you.""",2022-09-09,2022-09-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Channel One,Ukraine,EUROPE; EASTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,hdr0,Ukraine,Non-state-group,Hacktivist(s),1,7509,2022-09-09 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,hdr0,Not available,Ukraine,hdr0,Ukraine,Non-state-group,https://t.me/Hdr0_one/130,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,3.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,Not available,,,,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/putin-speech-television-ddos-ukraine-it-army/; https://www.pravda.com.ua/eng/news/2022/08/20/7364150/; https://twitter.com/nexta_tv/status/1573714056577425408; https://therecord.media/pro-ukraine-hackers-claim-hack-on-russian-tv-broadcasts/?web_view=true; https://t.me/Hdr0_one/130; https://t.me/AFUStratCom/5477,2022-12-09,2023-02-24
1777,"Pro-Russian group Killnet targets Japanese websites in DDOS attack on September 6, 2022","KillNet stated on September 7, 2022, on its Telegram channel that they have declared war against Japan due to their anti-Russian campaign during the Ukraine-Russian war. The Russian-affiliated hackers claimed responsibility for a DDoS attack, which began on September 6, 2022, and impacted Japanese companies and 20 websites across four government ministries. During the attack, some of the impacted websites were online public services, the tax authority’s electronic system, the digital agency, and the education ministry. The group also claimed to have temporarily disabled the websites for Maxi (a social networking site), the subway of Tokyo, and the port of Nagoya. Japanese officials stated that no data had leaked publicly and they were hesitant to attribute the attack to any group. However, Chief Cabinet Secretary, Hirokazu Matsuno, released an update on the attack that stated that foreign interference was suspected. IT experts, Check Point Software, did confirm that Killnet was responsible for the disruption. Chief Cabinet Secretary Matsuno further stated that an official investigation will be conducted by the Japanese National Center of Incident Readiness and Strategy for Cybersecurity. Services were restored by Japanese authorities within a few hours and reporting confirmed that by September 8, 2022, the websites were accessible.
Reporting by Cybersecurity Insiders states that Killnet is funded by Moscow for the purpose of waging cyber war against countries that are allied with Ukraine in the Ukraine-Russian war. Additionally, there is a territorial dispute between Russia and Japan since World War II over the Kuril Islands and both nation states claim the land as their sovereign territory.
Tweets found online describe that Phoenix hackers joined Killnet in the attacks.",2022-09-06,2022-09-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company; Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Transportation; ,Killnet,Russia,Non-state-group,Hacktivist(s),2,12137; 12136; 12136,2022-09-07 00:00:00; 2022-09-29 00:00:00; 2022-09-29 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms; IT-security community attributes attacker; IT-security community attributes attacker,Killnet; Check Point Research; Killnet,Not available; Check Point ; Check Point ,Russia; ; ,Killnet; Killnet; Killnet,Russia; Russia; Russia,"Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","https://www.teiss.co.uk/news/killnet-claims-responsibility-for-ddos-attacks-on-japanese-websites-10818#:~:text=Killnet%20claims%20responsibility%20for%20DDoS%20attacks%20on%20Japanese%20websites,-News08%20Sep&text=Russia%E2%80%93affiliated%20hacking%20gang%20Killnet,at%204.30%20PM%20Japanese%20time.; https://www.infosecurity-magazine.com/news/japan-govt-websites-killnet/; https://cybernews.com/cyber-war/russian-hackers-hit-japans-government-websites/; https://www.cybersecurity-insiders.com/japan-governments-hit-by-killnet-hacking-group-of-russia/; https://twitter.com/Cyberknow20/status/1568821433127825408",System / ideology,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-09-07 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Japan,Hirokazu Matsuno (Chief Cabinet Secretary),No,,Not available,Network Denial of Service,Not available,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,none,none,1,Moderate - high political importance,1.0,Minor,3.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Japan,,Not available,,No response justified (missing state attribution & breach of international law),,"https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/; https://research.checkpoint.com/2022/the-new-era-of-hacktivism/; https://www.teiss.co.uk/news/killnet-claims-responsibility-for-ddos-attacks-on-japanese-websites-10818#:~:text=Killnet%20claims%20responsibility%20for%20DDoS%20attacks%20on%20Japanese%20websites,-News08%20Sep&text=Russia%E2%80%93affiliated%20hacking%20gang%20Killnet,at%204.30%20PM%20Japanese%20time.; https://www.infosecurity-magazine.com/news/japan-govt-websites-killnet/; https://www.reuters.com/technology/japan-investigating-possible-involvement-pro-russian-group-cyberattack-nhk-2022-09-06/; https://cybernews.com/cyber-war/russian-hackers-hit-japans-government-websites/; https://www.cybersecurity-insiders.com/japan-governments-hit-by-killnet-hacking-group-of-russia/; https://twitter.com/Cyberknow20/status/1568821433127825408; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS; https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/",2022-12-09,2024-03-11
1779,Cyberattack on Portuguese military resulting in theft and doxing of NATO documents in 2022,"The Armed Forces General Staff agency of Portugal (EMGFA) allegedly suffered a prolonged and undetected cyberattack which resulted in NATO documents being stolen and sold on the dark web. The documents were discovered by American cyber-intelligence agents and notified US authorities at the US Embassy in Lisbon. The National Security Office (GNS) and Portugal’s national cybersecurity center immediately reacted to the threat by deploying a team of experts to EMGFA to investigate the defence agency's network. The stolen documents were acquired through specially programmed bots that probed the network and were trained to discover and detect precisely this type of information. The leak of the documents is of “extreme gravity” and might impact the NATO alliance by creating distrust between members. The EMGFA computers are air-gapped and the data was exfiltrated via standard non-scure lines. This mean that the first assumpt is that the military agency might have ""broken its operational security rules at some point."" No official statement has been released yet by Portuguese officials. However, members of parliament have requested the chairman of the parliamentary defense committee, Marcos Perestrello, to schedule hearings as soon as possible. The Attorney General's Office confirmed that an investigation has been opened on the cyberattack and that it will be ""led by the public prosecutor’s office of the Central Department of Investigation and Prosecution (DCIAP).” A statement by the Defence Ministry conveyed that ""the investigations are conducted by the National Security Office, 'with which the ministry of defence and the armed forces work in close coordination.'”",2022-01-01,Not available,Not available,,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Armed Forces General Staff Agency of Portugal (EMGFA),Portugal,EUROPE; NATO; EU(MS),State institutions / political system,Military,Not available,Not available,Unknown - not attributed,,1,12138,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,,International power,Not available,,Not available,,1,2022-09-14 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Portugal,Ministry of Defence (PRT),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage,,Not available,1,2022-09-14 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Portugal,Central Department of Investigation and Prosecution (DCIAP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.co/wordpress/135480/data-breach/nato-docs-stolen-from-portugal.html; https://www.bleepingcomputer.com/news/security/classified-nato-documents-stolen-from-portugal-now-sold-on-darkweb/; https://research.checkpoint.com/2022/12th-september-threat-intelligence-report/; https://www.euractiv.com/section/politics/short_news/portugal-investigates-dark-web-sale-of-classified-nato-documents/,2022-12-09,2023-08-03
1756,Iranian-aligned hacking group Agrius deploys Fantasy wiper via Israeli software suite used in diamond industry in February 2022,"The Iran-affiliated hacking group Agrius channelled a wiper called Fantasy through an Israeli software developer in a supply chain attack against targets in or adjacent to the diamond trade.
The destructive tool - disguised as a legitimate update - was deployed against an IT support services company, a diamond wholesaler, and an HR consulting firm in Israel, a South African diamond company, and a jeweller in Hong Kong during the period of 20 February to 12 March 2022. ESET, the cybersecurity firm disclosing the campaign, reported that it was able to intercept the wiper and to prevent the destruction of data for its customers.
The Fantasy wiper builds on the Apostle wiper, also developed by Agrius, which was used in a cyber-operation against Israeli organizations in 2020 attributed to the same group. ",2022-02-20,2022-03-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available,Israel; Hong Kong; South Africa; Israel; Israel,ASIA; MENA; MEA - ASIA - AFRICA; SSA - ASIA; MENA; MEA - ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  -  - ,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14425,2022-12-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Supply Chain Compromise; Valid Accounts,Data Destruction; Disk Wipe; System Shutdown/Reboot,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securitymea.com/2023/02/09/eset-threat-reports-on-russian-invasions-impact-on-digital-threats/; https://therecord.media/iranian-hackers-accused-of-targeting-diamond-industry-with-wiper-malware/; https://www.bleepingcomputer.com/news/security/hackers-use-new-fantasy-data-wiper-in-coordinated-supply-chain-attack/; https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/; https://assets.sentinelone.com/sentinellabs/evol-agrius#page=1; https://thehackernews.com/2022/12/iranian-hackers-strike-diamond-industry.html; https://www.securityweek.com/iranian-hackers-deliver-new-fantasy-wiper-diamond-industry-supply-chain-attack; https://www.welivesecurity.com/videos/diamond-industry-attack-week-security-tony-anscombe/; https://www.wired.com/story/attacks-us-electrical-grid-security-roundup/; https://twitter.com/unix_root/status/1600796578159071233; https://www.darkreading.com/attacks-breaches/agrius-iranian-apt-group-cuts-into-diamond-industry; https://twitter.com/campuscodi/status/1601135496943443969; https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/; https://securitymea.com/2022/12/15/eset-researchers-attributes-iran-aligned-agrius-apt-group-targeting-diamond-industry/,2022-12-08,2023-12-21
1757,Iran-aligned hacking group Agrius deployed Apostle and DEADWOOD wipers against Israeli targets beginning in 2020,"The hacking group Agrius deployed Apostle and DEADWOOD wipers against Israeli targets from 2020 to 2021, according to IT security company SentinelOne. 
The intiators masked their wipers as ransomware, suggesting a focus on sabotage. 
DEADWOOD was previously attributed to APT33, an Iranian state-sponsored hacking group - an indication, as SentinelOne observed, that APT33 and Agrius may share resources.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Israel,ASIA; MENA; MEA,Unknown,,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,6807,2021-05-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,SentinelOne,,United States,"Agrius/Pink Sandstorm fka AMERICIUM (DEV-0227)/Deadwood/Black Shadow/SharpBoys (Jahatpardaz Information Technology Solutions, MOIS)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://assets.sentinelone.com/sentinellabs/evol-agrius#page=1,System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Disk Wipe,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",Not available,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://assets.sentinelone.com/sentinellabs/evol-agrius#page=1; https://therecord.media/new-iranian-threat-actor-targets-israel-with-wipers-disguised-as-ransomware/; https://twitter.com/SentinelOne/status/1624465790882783240; https://cyberscoop.com/microsoft-iran-is-refining-its-cyber-operations/,2022-12-08,2023-12-21
1751,Chinese state-sponsored hackers gained access to the network of Amnesty International Canada in October 2022,"Chinese state-sponsored hackers gained access to the network of Amnesty International Canada for espionage purposes in October 2022, according to the IT security company Secureworks that the NGO brought on for forensic assistance.
Amnesty International Canada announced in a press release that no donor or membership data had been exfiltrated. ",2022-10-05,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Hijacking without Misuse,Amnesty International (Canada),Canada,NATO; NORTHAM,Social groups,Advocacy / activists (e.g. human rights organizations),Not available,China,"Non-state actor, state-affiliation suggested",,1,5510,2022-10-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Secureworks,,United States,Not available,China,"Non-state actor, state-affiliation suggested",https://www.amnesty.ca/news/news-releases/cyber-breach-statement/,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.cbc.ca/news/politics/amnesty-international-canada-cyber-attack-china-1.6674788; https://www.washingtonpost.com/world/amnesty-international-canada-says-it-was-hacked-by-beijing/2022/12/05/2d256324-74fe-11ed-a199-927b334b939f_story.html; https://www.bleepingcomputer.com/news/security/amnesty-international-canada-breached-by-suspected-chinese-hackers/; https://therecord.media/amnesty-international-breach-linked-to-chinese-government-investigation-finds/; https://www.databreaches.net/amnesty-international-canada-hit-by-cyberattack-out-of-china-investigators-say/; https://www.amnesty.ca/news/news-releases/cyber-breach-statement/,2022-12-07,2023-02-09
1754,"Iranian government-backed hacking group APT42 targeted activists, journalists, and politicians since 15 September 2022","Iranian government-backed hacking group APT42 gained access to the phones of one correspondent for a major US newspaper, of a women's rights defender in the Gulf region and of Nicholas Noe who is an advocacy consultant for Refugees International in Lebanon. The group stole sensitive information throughout the period of 15 September to 25 November 2022, as assessed by Human Rights Watch (HRW) in cooperation with Amnesty International's Security Lab with high confidence. 
The government-backed hackers further targeted two HRW staffers and 15 other individuals - who are activists, journalists, researchers, academics, diplomats and politicians. Whether their phones had also been compromised has not yet been confirmed.",2022-09-15,2022-11-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"Nicholas Noe (Refugees International, United States) - Not available - Not available","Lebanon; Gulf Countries (region); Iran, Islamic Republic of",ASIA; MENA; MEA -  - ASIA; MENA; MEA,Social groups - Social groups - Media,Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - ,APT42,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,6810; 6810; 6810; 6810,2022-12-05 00:00:00; 2022-12-05 00:00:00; 2022-12-05 00:00:00; 2022-12-05 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,Human Rights Watch; Human Rights Watch; Security Lab; Security Lab,Not available; Not available; Not available; Not available,Germany; United States; Germany; United States,APT42; APT42; APT42; APT42,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians,System / ideology; International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Human rights,,,,https://twitter.com/M_Miho_JPN/status/1599783272401489920; https://www.wired.com/story/iran-cyber-army-protests-disinformation/; https://thehackernews.com/2022/12/iranian-state-hackers-targeting-key.html; https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians; https://twitter.com/Dennis_Kipker/status/1634204080812830727; https://therecord.media/iran-intelligence-used-drug-trafficker-to-recruit-hell-angel-for-assassination; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/,2022-12-07,2024-02-02
1752,Unknown actors carried out a ransomware attack against New Zealand managed service provider Mercury IT in late 2022,"A ransomware attack against the New Zealand IT services company Mercury IT affected several government agencies. The organizations concerned included the Ministry of Justice and the National Health Authority. The former reported interrupted access to data, including 14,500 files regarding transportation of deceased people and around 4,000 post mortem reports. The health authority estimated that personal data of probably up to 34,000 individuals were affected. Moreover, 5,500 files in the heart disease registers and bereavement care data of 8,500 records could not be accessed. Health services are otherwise operating normally. In addition to the authorities mentioned above, six other health regulatory authorities are also affected.",2022-01-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,Mercury IT,New Zealand,OC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,LockBit,Russia,Non-state-group,Criminal(s),1,5424,NaT,Not available,Not available,Not available,Not available,Not available,LockBit,Russia,Non-state-group,,Unknown,Not available,,Not available,,1,2022-12-06 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,New Zealand,Ministry of Justice (NZL),No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,11.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,11-50,0.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; International peace; Sovereignty,"Economic, social and cultural rights; Prohibition of intervention; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1599682373905313794; https://therecord.media/multiple-government-departments-in-new-zealand-affected-by-ransomware-attack-on-it-provider/; https://www.govinfosecurity.com/ransomware-attack-in-new-zealand-has-cascading-effects-a-20636; https://www.privacy.org.nz/publications/statements-media-releases/new-news-page-5/; https://www.ncsc.govt.nz/news/response-to-managed-service-provider-cyber-security-incident/; https://www.tewhatuora.govt.nz/about-us/news-and-updates/cyber-security-incident-dec-2022/; https://www.justice.govt.nz/about/news-and-media/media-releases/cyber/; https://twitter.com/AlexMartin/status/1600138255218839552; https://www.securityweek.com/new-zealand-government-hit-ransomware-attack-it-provider; https://www.databreaches.net/nz-ransomware-attacks-privacy-commissioner-plans-investigation-as-justice-health-hit/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-9th-2022-wide-impact/; https://twitter.com/ransomwaremap/status/1600753415948156929; https://twitter.com/ido_cohen2/status/1604823853670305792; https://twitter.com/Cyberknow20/status/1604812769857273857; https://www.stuff.co.nz/business/130813253/stolen-nz-data-listed-for-sale-on-dark-web,2022-12-07,2023-08-03
1753,IT Army of Ukraine disrupted the network of Russian VTB Bank in December 2022,"The IT Army of Ukraine disrupted the network of Russia's second largest financial institution, VTB Bank, through sustained DDoS attacks in December 2022, according to the hacktivists' own account on Telegram. This self-announced claim of responsibility remains unverified, although VTB confirmed in a press release that its infrastructure was fending off the largest cyberattack ""in the bank's history"". VTB's online banking portal and mobile app have been offline for several days amid statements by the credit institution that other banking services continued unimpeded.",2022-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,VTB,Russia,EUROPE; EASTEU; CSTO; SCO,,,IT Army of Ukraine,Russia; Ukraine,Non-state-group,Hacktivist(s),1,6811; 6811,2022-12-06 00:00:00; 2022-12-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,IT Army of Ukraine; IT Army of Ukraine,Not available; Not available,Ukraine; Ukraine,IT Army of Ukraine; IT Army of Ukraine,Russia; Ukraine,Non-state-group; Non-state-group,https://t.me/s/itarmyofukraine2022,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/139354/hacking/vtb-bank-ddos-attack.html; https://www.bleepingcomputer.com/news/security/massive-ddos-attack-takes-russia-s-second-largest-bank-vtb-offline/; https://www.usnews.com/news/technology/articles/2022-12-06/russian-state-owned-bank-vtb-hit-by-largest-ddos-attack-in-its-history; https://t.me/s/itarmyofukraine2022; https://frankrg.com/104253?utm_source=tf; https://tass.ru/ekonomika/16511291; https://twitter.com/M_Miho_JPN/status/1600868637807894528; https://twitter.com/YourAnonNews/status/1600941726797279232; https://twitter.com/Dennis_Kipker/status/1603803549699379200; https://www.bleepingcomputer.com/news/security/russia-s-largest-isp-says-2022-broke-all-ddos-attack-records/,2022-12-07,2023-10-26
1735,The Centre of Versailles hospital complex near Paris was hit by a ransomware attack on 3 December 2022,"The Hospital Centre of Versailles near Paris, which includes the Andre-Mignot and the Richaud hospitals as well as the Despagne retirement home, was hit by a ransomware attack on 3 December 2022.
The co-chairman of the hospital's supervisory board Richard Delepierre said on Monday that a ransom demand had been received but that the board had no intention of responding to it. 
France's Minister of Health, Francois Braun, announced that six patients had to be transferred because computer systems have been restricted since Saturday. Three patients had been treated in intensive care. While life-sustaining machines in the intensive care unit remained unaffected, the Center lacked personnel to ensure the monitoring of patients amid organization-wide network outages. As of Monday, the hospital was still only accepting outpatients and had to cancel scheduled surgeries. 
The hospital has filed a complaint and the Paris Prosecutor's Office has launched a preliminary investigation into attempted extortion and unauthorized access of state data. The incident is also being investigated by the French cybersecurity agency ANSSI.",2022-12-03,2022-12-03,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Centre of Versailles - Andre-Mignot Hospital - Centre of Versailles - Richaud Hospital - Centre of Versailles - Despagne Retirement Home,France; France; France,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure,Health - Health - Health,Not available,Not available,Not available,,1,5417,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,1,2022-12-04 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,France,"François Braun (Minister of Health an Prevention, FRA)",No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,,0.0,Not available,0.0,euro,Not available,Human rights; International peace; Due diligence; Sovereignty; Human rights,"Civic / political rights; Prohibition of intervention; ; ; Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/150835/cyber-crime/lockbit-ransomware-carthage-area-hospital.html; https://therecord.media/upstate-new-york-hospitals-ransomware-attack; https://securityaffairs.com/152486/cyber-crime/alphv-ransomware-morrison-community-hospital.html; https://www.lefigaro.fr/social/cyberattaque-a-l-hopital-d-armentieres-300-000-patients-concernes-par-le-vol-de-donnees-20240228; https://theconversation.com/la-lente-convalescence-des-hopitaux-victimes-de-cyberattaques-225372; https://www.faz.net/aktuell/wirtschaft/cyberangriff-gegen-krankenhaus-in-der-naehe-von-paris-18510408.html; https://www.faz.net/aktuell/wirtschaft/cyberangriff-gegen-krankenhaus-in-der-naehe-von-paris-18510408.html; https://www.lefigaro.fr/actualite-france/yvelines-cyberattaque-contre-l-hopital-andre-mignot-du-centre-hospitalier-de-versailles-20221204; https://securityaffairs.co/wordpress/139316/cyber-crime/french-hospital-ransomware-attack-2.html; https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-french-hospital-to-transfer-patients/; https://www.securityweek.com/french-hospital-cancels-operations-after-cyberattack; https://therecord.media/french-hospital-complex-suspends-operations-transfers-critical-patients-after-ransomware-attack/; https://www.darkreading.com/attacks-breaches/cyberattack-shuts-down-french-hospital; https://twitter.com/jnbarrot/status/1599506236185382914; https://www.iledefrance.ars.sante.fr/cyber-attaque-lhopital-andre-mignot-ch-de-versailles-regulation-des-patients-faites-le-15-lars-ile; https://twitter.com/FrcsBraun/status/1599477502325723136; https://www.rfi.fr/en/france/20221205-french-hospital-cancels-operations-after-cyberattack; https://www.france24.com/en/france/20221205-french-hospital-suspends-operations-after-cyber-attacks; https://www.hackread.com/french-hospital-cyber-attack/; https://jyllands-posten.dk/international/europa/ECE14652604/cyberangreb-har-faaet-fransk-hospital-til-at-aflyse-operationer/; https://www.databreaches.net/cyberattack-at-the-versailles-hospital-center-the-trail-of-a-lockbit-usurper/; https://www.lemagit.fr/actualites/252528032/Cyberattaque-au-centre-hospitalier-de-Versailles-la-piste-dun-usurpateur-de-LockBit; https://www.securityweek.com/new-zealand-government-hit-ransomware-attack-it-provider; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-9th-2022-wide-impact/; https://www.securityweek.com/france-seeks-protect-hospitals-after-series-cyberattacks; https://www.lemonde.fr/sante/article/2022/12/21/hopitaux-le-gouvernement-lance-un-programme-de-preparation-aux-cyberattaques_6155313_1651302.html; https://therecord.media/canadas-largest-childrens-hospital-struggles-to-recover-from-pre-christmas-ransomware-attack/,2022-12-06,2023-08-03
1736,Chinese state-sponsored hacking group APT41 stole $20 million in US Covid relief benefits from state governments beginning in mid-2020,"Chinese state-sponsored hacking group APT41 stole $20 million in US Covid relief benefits from state governments beginning in mid-2020, according to the US Secret Service. Agency officials and threat intelligence professionals noted that it remained unclear whether the group was undertaking these operations for their personal gain or at the direction of the Chinese government. At least one industry representative pointed out that they had not previously observed Chinese state-sponsored actors to target government money, a step they would consider an escalation.
",2020-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking with Misuse,Not available,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,1,5419; 5419,2022-12-05 00:00:00; 2022-12-05 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by receiver government / state entity,Not available; Not available,,United States; United States,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.nbcnews.com/tech/security/chinese-hackers-covid-fraud-millions-rcna59636,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,9.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,1.0,> 10 Mio - 100 Mio,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/china-redfly-power-grid-cyberattack-asia/; https://www.jpost.com/international/article-724136; https://www.nbcnews.com/tech/security/chinese-hackers-covid-fraud-millions-rcna59636; https://www.nbcnews.com/tech/security/chinese-hackers-covid-fraud-millions-rcna59636; https://twitter.com/jeffstone500/status/1599765350379573248; https://twitter.com/Mandiant/status/1599841538166689800; https://twitter.com/M_Miho_JPN/status/1599786636866654208; https://www.independent.co.uk/tech/china-hackers-steal-covid-relief-b2239703.html; https://twitter.com/Dennis_Kipker/status/1600172551086276614; https://www.foxnews.com/us/chinese-hackers-exploited-us-covid-relief-funds-millions-secret-service-claims; https://www.heise.de/news/USA-Von-China-gestuetzte-Cyberkriminelle-sollen-Coronahilfsgeld-gestohlen-haben-7367393.html; https://www.wired.com/story/attacks-us-electrical-grid-security-roundup/; https://www.darkreading.com/application-security/tiktok-banned-on-govt-devices-will-private-sector-follow-suit; https://www.wired.com/story/most-dangerous-people-on-the-internet-2022/,2022-12-06,2023-02-09
1737,Pro-Russian hacker group Killnet takes down Italian state police website with DDoS attacks in May 2022,"The pro-Russian hacker group Killnet shut down the website of the Italian state police for several hours on 16 May 2022. The group claimed responsibility for the attack via Telegram, referring to previous reports that the Italian police had prevented DDoS attacks by Killnet against Eurovision. However, the group denies responsibility for those attacks. In addition, the group declared war on a total of 10 countries.",2022-05-16,2022-05-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Polizia di Stato,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Police,Killnet,Russia,Non-state-group,Hacktivist(s),1,6814,2022-05-16 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://t.me/killnet_reservs/1342,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Endpoint Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ultimenotizie/status/1526190731995492352; https://t.me/killnet_reservs/1342; https://www.cybersecurity360.it/nuove-minacce/hacker-filo-russi-buttano-giu-il-sito-della-polizia-di-stato-italiana/; https://www.breakinglatest.news/health/russian-hackers-attack-the-site-of-the-state-police-now-open-war-on-10-countries-2/; https://www.ansa.it/sito/notizie/tecnologia/tlc/2022/05/16/ucraina-hacker-russi-attaccano-sito-polizia-e-annunciano-guerra-globale-_067d9784-ec13-4907-82df-8093e902c24f.html; https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/,2022-12-06,2024-01-25
1741,Purported hacktivist group Predatory Sparrow disrupted Iranian petrol distribution system on 26 October 2021,"The self-declared hacktivist group Predatory Sparrow via Telegram claimed responsibility for the disruption of point-of-sale systems at over 4,000 gas stations across Iran in addition to digital billboards on 26 October 2021. Noting that an assessment of forensic evidence was still pending, the head of the Iranian civil defence Gholamreza Jalali noted in an interview with Iranian state TV that he believed Israel and the United States to have been involved in the activity.
The disruption coincided with the second anniversary of protests in Iran over the increase in fuel prices in November 2019. ",2022-10-26,2022-10-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,National Iranian Oil Products Distribution Company (NIOPDC),"Iran, Islamic Republic of",ASIA; MENA; MEA,Critical infrastructure,Energy,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Not available,Non-state-group,Hacktivist(s),3,16554; 16556; 16555; 16555,2022-10-26 00:00:00; 2022-10-27 00:00:00; 2022-10-30 00:00:00; 2022-10-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200); Abolhassan Firuzabadi (Secretary of the Supreme Council of Cyberspace, Iran); Gholamreza Jalali (Head of Civil Defence, Iran); Gholamreza Jalali (Head of Civil Defence, Iran)",Not available; Not available; Not available; Not available,"Not available; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200); Not available; Not available; Not available",Not available; Not available; Israel; United States,Non-state-group; State; State; State,https://www.bbc.com/news/world-middle-east-59062907; https://www.reuters.com/business/energy/iran-says-israel-us-likely-behind-cyberattack-gas-stations-2021-10-30/; https://mobile.twitter.com/GonjeshkeDarand/status/1453007991578447872,System / ideology,Unknown,,Unknown,,1,2021-10-27 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),"Iran, Islamic Republic of","Ebrahim ""Raisi"" Raisolsadati (President, Iran)",No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://cyberscoop.com/iranian-information-operations-hacking-microsoft-report/; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf; https://cyberscoop.com/israel-iran-cyberattack-houthi/; https://securityaffairs.com/156065/hacktivism/pro-israel-predatory-sparrow-iran-fuel-stations.html; https://www.faz.net/aktuell/wirtschaft/tankstellen-in-iran-lahmgelegt-spekulation-ueber-israelischen-hackerangriff-19392574.html; https://www.rferl.org/a/iran-gas-stations-disruption/32735223.html; https://www.aljazeera.com/news/2023/12/18/iran-says-cyberattack-disrupts-petrol-stations-across-country?traffic_source=rss; https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/; https://sites.google.com/darkcell.se/www/sparrows; https://www.bbc.com/news/world-middle-east-59062907; https://twitter.com/Shayan86/status/1453088697776316419; https://www.reuters.com/business/energy/iran-says-israel-us-likely-behind-cyberattack-gas-stations-2021-10-30/; https://mobile.twitter.com/GonjeshkeDarand/status/1453007991578447872,2022-12-06,2024-01-26
1738,Pro-Ukrainian Team OneFist attacks Novosibirsk transportation system in Operation Yellow Submarine in September 2022,"Pro-Ukrainian hacktivist collective Team OneFist, an Anonymous-affiliated group of hacktivists, allegedly created with the help of the IT Army of Ukraine, hacked the Novosibirsk City Transport Traffic Management System (https://vk.com/nskgortrans) in Operation Yellow Submarine beginning at September 2nd, 2022. The groups founder, named ""Voltage"" (@SpoogemanGhost), claimed that the operation was  ""long-planned"" and that the IT infrastructure had been breached about a month before the attack. Due to the attack, city transportation officials were unable to coordinate the traffic flows via an ""automated bus scheduling system as well as the electronic signs on buses and trolleys."" Voltage also explained that the attack caused damage to the system so that the issue couldn't be immediately resolved and the traffic problems remained for several days until the system was restored. The transportation chaos caused many commuters to resort to walking. During the attack, Team OneFist downloaded the data and was in the process of deleting data when the Russian officials mitigated the damage by removing access to the system.",2022-08-02,2022-09-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Novosibirsk City Transport Traffic Management System ,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Transportation,Team OneFist,Ukraine,Non-state-group,Hacktivist(s),1,7575; 7575; 7575; 7575; 7575; 7575; 7575; 7575,2022-09-03 00:00:00; 2022-09-03 00:00:00; 2022-09-03 00:00:00; 2022-09-03 00:00:00; 2022-09-03 00:00:00; 2022-09-03 00:00:00; 2022-09-03 00:00:00; 2022-09-03 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Media-based attribution; Attacker confirms; Attacker confirms; Media-based attribution; Media-based attribution; Attacker confirms; Attacker confirms,Anonymous; Team OneFist; Anonymous; Team OneFist; Anonymous; Team OneFist; Anonymous; Team OneFist,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,Team OneFist; Team OneFist; Team OneFist; Team OneFist; Team OneFist; Team OneFist; Team OneFist; Team OneFist,Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.ibtimes.com/russians-novosibirsk-forced-pound-pavements-team-onefist-paralyzes-traffic-exclusive-3611628,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Disk Wipe; Inhibit System Recovery; Service Stop,Not available,True,,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,,,Sovereignty,,No response justified (missing state attribution & breach of international law),,https://research.checkpoint.com/2022/the-new-era-of-hacktivism/; https://www.ibtimes.com/russians-novosibirsk-forced-pound-pavements-team-onefist-paralyzes-traffic-exclusive-3611628; https://twitter.com/twitter/status/1565934510516146176; https://twitter.com/SpoogemanGhost/status/1565934510516146177?s=20&t=58lycL_FR1iGJR6RL0_W7g; https://www.onefist.org/about; https://www.ibtimes.com/team-onefist-new-breed-cyber-warriors-pulls-off-holy-grail-all-hackers-russia-3602204; https://www.onefist.org/blog/categories/missions; https://www.ibtimes.com/team-onefist-founder-emerges-dark-trenches-cyber-warfare-reveals-hacker-groups-inside-story-3604271,2022-12-06,2023-02-24
1740,"Pro Ukrainian hacktivist Team OneFist attacks Russian Rostelecom in Operation Sidewinder, starting August 29, 2022","Anonymous-affiliated hacktivist group, Team OneFist, that was created with the help of the IT army of Ukraine according to the group`s website, claimed to attack Russian telecommunication infrastructure (tecon[.]ru) from August 29 until September 1, 2022. The attack was timed for ultimate impact and coincided with the Kherson counter-attack in Ukraine against Russian military forces in order for Kremlin officials to not be able to communicate with field military commanders.  The hacktivists called the ""Operation Sidewinder"" (OpSidewinder) and claimed that it is part of the broader efforts of Anonymous to defend Ukraine in the Ukraine-Russia War (#OpRussia). The attack targeted the voice and data capabilities of Russia attacking the largest digital service provider, Rostelecom. Groups affliliated with Ukraine assisted Team OneFist to attack Rostelecom. Voltage, the leader of the group, provided exclusive information about the attack to International Business Times. The intended impact of the cyber attack was meant to slow Russian communications and, thus, slow their Russian military response. ""The hackers worked round the clock for three days to brick 800 Rostelecom routers and voice gateways,"" which are ""routers that carry VoIP/Voice traffic."" Each router would require 20 minutes to reprogram and all 800 routers could be reprogrammed in over 266 hours. A faster repair would require that the routers be replaced or for commanders to communicate via cell phones. During the attack, the Rostelecom attempted to recover the ability to communicate on 45 voice gateways; however, the hacktivists were able to disable these recovery efforts. According to Voltage, ""this was Team OneFist's first major operation assigned by the IT Army of Ukraine.""",2022-08-29,2022-09-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Rostelecom,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Telecommunications,Team OneFist,Ukraine,Non-state-group,Hacktivist(s),1,8199; 8199,2022-08-29 00:00:00; 2022-08-29 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,Team OneFist; Team OneFist,Not available; Not available,Ukraine; Ukraine,Team OneFist; Team OneFist,Ukraine; Ukraine,Non-state-group; Non-state-group,https://www.ibtimes.com/team-onefist-hackers-strike-russias-rostelecom-disrupting-kremlin-response-kherson-3610327,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,,,Sovereignty,,No response justified (missing state attribution & breach of international law),,https://research.checkpoint.com/2022/the-new-era-of-hacktivism/; https://www.ibtimes.com/team-onefist-hackers-strike-russias-rostelecom-disrupting-kremlin-response-kherson-3610327; https://www.cyberthreat.report/operation-sidewinder-of-pro-ukrainian-onefist/; https://www.cyberthreat.report/pro-ukrainian-hackers-started-operation-sidewinder/; https://www.cyberthreat.report/pro-ukrainian-onefist-have-continued-operation-sidewinder-day-3/; https://vosveteit.zoznam.sk/ukrajincom-pri-protiofenzive-pomohli-aj-anonymous-vysvetluju-ako-narusili-schopnost-ruska-komunikovat-cez-internet/; https://www.onefist.org/about; https://www.ibtimes.com/team-onefist-shames-russias-partial-mobilization-game-changing-leak-3617809; https://www.ibtimes.com/team-onefist-new-breed-cyber-warriors-pulls-off-holy-grail-all-hackers-russia-3602204; https://www.onefist.org/blog/categories/missions; https://www.ibtimes.com/team-onefist-founder-emerges-dark-trenches-cyber-warfare-reveals-hacker-groups-inside-story-3604271,2022-12-06,2023-03-03
1733,"Chinese APT Curious Gorge compromised various targets in Ukraine, Russia and Central Asia since 2022","According to Google`s Threat Analysis Group (TAG), a hacker group associated with Chinese PLA named Curious Gorge compromised targets from the government, military, logistics and manufacturing sectors in Ukraine, Russia and Central Asia in the first half of 2022. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available,Central Asia (region); Ukraine; Russia, - EUROPE; EASTEU - EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system,Government / ministries; ; Military - Government / ministries; ; Military - Government / ministries; Defence industry; ; Military,Curious Gorge (PLA SSF),China,"Non-state actor, state-affiliation suggested",,1,7577,2022-05-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Google's TAG,,United States,Curious Gorge (PLA SSF),China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/,2022-12-05,2023-02-24
1732,Unknown hackers destroyed data in networks of Russian city halls and courts using new malware CryWiper in the fall of 2022,"Unknown hackers disguised the previously unknown destructive CryWiper malware as ransomware with the intention to delete data in networks of Russian city halls and courts in the fall of 2022, according to Kaspersky in a Russian blogpost. 
Igor Bederov, IT-security expert at T.Hunter, told the Russian newspaper Izvestia that this cyber incident is shaped by the current geopolitical context in which foreign hackers are encouraged to attack Russian targets. ",2022-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; State institutions / political system,Judiciary; Civil service / administration,Not available,Not available,Not available,,1,11615,2022-12-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,Not available,Not available,Not available,https://securelist.ru/novyj-troyanec-crywiper/106114/,System / ideology; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/new-crywiper-data-wiper-targets-russian-courts-mayor-s-offices/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/; https://securityaffairs.co/wordpress/139237/malware/crywiper-wiper.html; https://www.hackread.com/crywiper-masquerading-as-ransomware-to-target-russian-courts/; https://arstechnica.com/information-technology/2022/12/never-before-seen-malware-is-nuking-data-in-russias-courts-and-mayors-offices/; https://twitter.com/campuscodi/status/1598592947037020162; https://securelist.ru/novyj-troyanec-crywiper/106114/; https://iz.ru/1433190/ivan-chernousov/stiratelnyi-pocherk-gosstruktury-atakoval-novyi-virus-shifrovalshchik; https://research.checkpoint.com/2022/5th-december-threat-intelligence-report/; https://thehackernews.com/2022/12/russian-courts-targeted-by-new-crywiper.html; https://www.darkreading.com/threat-intelligence/wiper-disguised-fake-ransomware-targets-russian-orgs; https://therecord.media/data-wiping-malware-hits-russian-courts-city-halls/; https://twitter.com/unix_root/status/1599776859734134786; https://twitter.com/cybersecboardrm/status/1599755194081894401; https://twitter.com/lukOlejnik/status/1599703247497101313; https://www.schneier.com/blog/archives/2022/12/crywiper-data-wiper-targeting-russian-sites.html; https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/; https://arstechnica.com/staff/2022/12/the-20-most-read-stories-on-ars-technica-in-2022/; https://twitter.com/780thC/status/1618575901230497792,2022-12-05,2023-07-14
1726,Pro-Russian group Killnet targeted Moldovan public and corporate websites at the end of August 2022,"Over a period of 72 hours, the Russia-affiliated Killnet hacktivist group conducted DDoS attacks against the Moldovan Information Technology and Cybersecurity Service (STISC) portal. The hackers announced on 22 August that they would target Moldovan government agencies.  This was followed by Killnet posting screenshots on 23 August that the target of the attack was the STISC Portal and the website was not accessible to users. Around 80 platforms and public portals were targeted in the attack, although actual downtimes caused by the attack remained limited. Other entities on the target list included the tax service of Moldova and Premier Energy, the country's main energy supplier. The attacks came shortly after statements by the former Minister of Defence of Moldova, Anatol Salaru, that were critical of Russian President Vladimir Putin and the Russian invasion of Ukraine.",2022-08-23,2022-08-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim; Incident disclosed by attacker,Disruption,Tax Service of Moldova - Premier Energy - Information Technology and Cyber Security Service (STISC; Moldova),"Moldova, Republic of; Moldova, Republic of; Moldova, Republic of",EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,State institutions / political system - Critical infrastructure - State institutions / political system; Critical infrastructure,"Civil service / administration - Energy - Other (e.g., embassies); Other",Killnet,Russia,Non-state-group,Hacktivist(s),1,7580,2022-08-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://moldovalive.md/killnet-hackers-continuously-attacks-moldovan-inf-syst/; https://nag.ru/news/42701,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-08-01 00:00:00,State Actors: Preventive measures,Awareness raising,"Moldova, Republic of",Information Technology and Cybersecurity Service (STISC),No,,Not available,Network Denial of Service,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Minor,3.0,Days (< 7 days),Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,No justification under IL,,"Moldova, Republic of",,Sovereignty,,No response justified (missing state attribution & breach of international law),,https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://therecord.media/russias-cyberattacks-aimed-at-destabilizing-moldova-pm-says/; https://therecord.media/moldova-to-kick-out-russian-diplomats; https://moldovalive.md/killnet-hackers-continuously-attacks-moldovan-inf-syst/; https://nag.ru/news/42701; https://www.cyberthreat.report/russian-hackers-attacked-websites-of-moldova/; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS,2022-12-02,2024-03-01
1725,Iranian hacktivist group Black Reward deleted 250 TB of data and stole confidential information from Iranian Fars News Agency in November 2022,"Iranian hacktivist group Black Reward deleted 250 TB of data and stole confidential information from Iranian Fars News Agency on 25 November 2022, according to a Telgram post of the group. 
The Iranian Fars News Agency disputed the extent of the hack and said that only information and news created on 23 November 2022 was destroyed. 
The confidential information contained the bulletins and directives sent by the Iranian Fars News Agency to the office of the Supreme Leader Ali Khamenei, based on accounts from the hacktivists. The cache of stolen data reportedly includes a an alleged missive from Supreme Leader Ali Khamenei dated 30 November that orders a smear campaign against a well-known Sunni scholar. 
Following the hack, the hacktivists released a video through the compromised Twitter account of the news agency's manager Habib Torkashvand, which allegedly shows one of the economic editors of the news agency in a sexual act.
On 4 December 2022, Black Reward published an audio file from the Iranian pro-regime Coalition Council of Islamic Revolution Forces, which appears to show the secretary of the council admitting to the accidental killing of women and children during a bloody crackdown in the southeastern city of Zahedan on September 30.
",2022-11-25,2022-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Fars News Agency,"Iran, Islamic Republic of",ASIA; MENA; MEA,Media,,Black Reward,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),1,11560,2022-11-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Black Reward,Not available,"Iran, Islamic Republic of",Black Reward,"Iran, Islamic Republic of",Non-state-group,https://t.me/black_reward/149,System / ideology,System/ideology; National power,Iran (opposition); Iran (opposition),Yes / HIIK intensity,HIIK 4,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Destruction,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.rferl.org/a/iran-irgc-commander-warns-province-red-lines/32339011.html; https://cyberscoop.com/iranian-hacking-group-hacked-app/; https://www.hackread.com/fars-news-agency-website-iran-hacked/; https://www.databreaches.net/iran-blames-israel-for-fars-news-agency-hack/; https://www.rferl.org/a/iran-sunni-cleric-discrediting-leaked-document/32157807.html; https://www.jns.org/iran-blames-israel-for-fars-news-agency-hack/; https://telegram.me/s/farsna; https://www.iranintl.com/en/202211269743; https://t.me/black_reward/149; https://www.rferl.org/a/iran-official-admits-women-children-killed-protests/32162594.html; https://www.securityweek.com/iran-arrests-news-agency-deputy-after-reported-cyberattack; https://www.rferl.org/a/iran-rights-security-forces-closing-roads-zahedan-protests/32230871.html,2022-12-02,2023-07-14
1722,China-linked hacker group UNC4191 gained access to private and public entities located in the Philippines beginning in September 2021,"China-linked hacker group UNC4191 gained access to private and public sector entities located in the Philippines for intelligence collection purposes related to China's political and commercial interests beginning in September 2021, according to a technical report by Mandiant. 
The not further specified public and private sector entities were predominantly targeted through branches in the Philippines, including for organizations headquartered in other states. 
The hacker group leveraged USB devices to initially infect the given networks leveraging three new malware families (MISTCLOAK, DARKDEW, and BLUEHAZE). 
",2021-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available,United States; Northeast Asia (region); Philippines; Europe (region); Oceania (region); Southeast Asia (region),NATO; NORTHAM -  - ASIA; SCS; SEA -  -  - ,Unknown - Unknown - Unknown - Unknown - Unknown - Unknown, -  -  -  -  - ,UNC4191,China,Unknown - not attributed,,1,6829,2022-11-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,UNC4191,China,Unknown - not attributed,https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html,International power,Territory; Resources; International power,Vietnam et al. – China (South China Sea); Vietnam et al. – China (South China Sea); Vietnam et al. – China (South China Sea),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Replication Through Removable Media,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,1.0,Not available,Not available,Not available,0.0,1-10,5.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.hackread.com/hackers-usb-drives-malware-attack/; https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia; https://twitter.com/unix_root/status/1597858467947184129; https://thehackernews.com/2022/11/chinese-cyber-espionage-hackers-using.html; https://www.securityweek.com/self-replicating-malware-used-chinese-cyberspies-spreads-usb-drives; https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html; https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia; https://twitter.com/Mandiant/status/1598742797603016713; https://www.mandiant.com/resources/blog/infected-usb-steal-secrets,2022-12-01,2023-07-12
1716,Pro-Russian group Killnet claims DDoS attack against US-company Starlink in November 2022,"The Russian-affiliated hacktivist group Killnet claims responsibility for a DDoS attack against the satellite service provider Starlink in retaliation for its support of Ukraine following Russia's invasion. Trustwave researchers identified service outage reports from Starlink customers coinciding with the claims of the hacktivists. Various hacktivist groups that are known Killnet collaborators have also claimed to be participating in the attack, such as: Anonymous Russian, Msidstress, Radis, Mrai, and Halva.",2022-11-18,2022-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Starlink,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Telecommunications; Space,Killnet; KillMilk; MSIDSTRESS; RADIS; Anonymous Russia; Mrai; Halva,Russia; Not available; Not available; Not available; Russia; Not available; Not available,Non-state-group; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Non-state-group; Unknown - not attributed; Unknown - not attributed,Hacktivist(s); ; ; ; Hacktivist(s); ; ,1,7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938; 7938,2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00; 2022-11-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Killnet; Killnet; Killnet; Killnet; KillMilk; KillMilk; KillMilk; KillMilk; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; RADIS; RADIS; RADIS; RADIS; Anonymous Russia; Anonymous Russia; Anonymous Russia; Anonymous Russia; Mrai; Mrai; Mrai; Mrai; Halva; Halva; Halva; Halva,Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available,Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed; Non-state-group; Unknown - not attributed,https://t.me/killnet_reservs/3565,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.darkreading.com/edge/how-researchers-hijacked-a-satellite; https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/killnet-claims-attacks-against-starlink-whitehousegov-and-united-kingdom-websites/; https://t.me/killnet_reservs/3565; https://www.darkreading.com/ics-ot/space-race-defenses-satellite-cyberattacks,2022-11-30,2024-03-01
1720,North Korean state-sponsored hacker group Lazarus stole $100 million from blockchain company Harmony on 24th June 2022,"North Korean state-sponsored hacker group Lazarus stole $100 million from blockchain company Harmony on 24th June 2022, states the British IT-company Elliptic on the basis of strong indications. 
On Jan. 23, the FBI confirmed this attribution, adding that a portion of over $60 million worth of Ethereum that has been converted to Bitcoin has been frozen in coordination with some of the virtual asset service providers. ",2022-06-24,2022-06-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Hijacking with Misuse,Harmony,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,6832; 6831,2023-01-23 00:00:00; 2022-06-29 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,Federal Bureau of Investigation (FBI); Elliptic,Not available; ,United States; United Kingdom,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://hub.elliptic.co/analysis/the-100-million-horizon-hack-following-the-trail-through-tornado-cash-to-north-korea/; https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,100000000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/sinbad-crypto-mixer-north-korean-hackers/; https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193; https://therecord.media/binance-huobi-freeze-some-cryptocurrency-stolen-in-100-million-harmony-hack/; https://twitter.com/Dinosn/status/1617871299250126855; https://twitter.com/ericgeller/status/1617884932117872640; https://twitter.com/securityaffairs/status/1617892979309711361; https://twitter.com/ryanaraine/status/1617911577621200897; https://twitter.com/juanandres_gs/status/1617911614833070081; https://twitter.com/Cyber_O51NT/status/1617915698189340677; https://twitter.com/InfoSecSherpa/status/1617915840632066049; https://twitter.com/zackwhittaker/status/1617904976017383424; https://www.justice.gov/opa/pr/justice-department-investigation-leads-takedown-darknet-cryptocurrency-mixer-processed-over-3; https://www.databreaches.net/justice-department-investigation-leads-to-takedown-of-darknet-cryptocurrency-mixer-chipmixer/; https://cyberscoop.com/police-shut-down-cryptocurrency-mixer-chipmixer/; https://cyberscoop.com/north-korean-hackers-cloud-mining-cyrptocurrency/; https://www.wired.com/story/north-korea-apt43-crypto-mining-laundering/; https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html; https://therecord.media/south-korea-us-agree-to-cooperate-cybersecurity-north-korea; https://therecord.media/millions-stolen-from-multichain-crypto; https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/; https://securityaffairs.com/149798/hacking/north-korea-cash-out-stolen-crypto-assets.html; https://therecord.media/us-arrests-tornado-cash-cofounder; https://www.bleepingcomputer.com/news/security/us-charges-founders-of-tornado-cash-mixer-used-by-lazarus-hackers/; https://therecord.media/north-korea-lazarus-behind-crypto-heists; https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW; https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace; https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen; https://www.bleepingcomputer.com/news/security/north-koreas-state-hackers-stole-3-billion-in-crypto-since-2017/; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://www.bleepingcomputer.com/news/security/north-korean-hackers-now-launder-stolen-crypto-via-yomix-tumbler/; https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/; https://securityaffairs.com/160586/breaking-news/security-affairs-newsletter-round-463-by-pierluigi-paganini-international-edition.html; https://www.01net.com/actualites/pirates-utilisent-antivirus-propager-malwares-depuis-2019.html; https://therecord.media/north-korea-accused-of-orchestrating-100-million-harmony-crypto-hack/; https://hub.elliptic.co/analysis/the-100-million-horizon-hack-following-the-trail-through-tornado-cash-to-north-korea/; https://therecord.media/fbi-investigating-100-million-theft-from-blockchain-company-harmony/; https://www.cyberscoop.com/cryptocurrency-hacks-2022/; https://twitter.com/campuscodi/status/1615692241116225536; https://securityaffairs.com/141266/apt/harmony-horizon-bridge-lazarus-apt.html; https://thehackernews.com/2023/01/fbi-says-north-korean-hackers-behind.html; https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft; https://www.certik.com/resources/blog/2QRuMEEZAWHx0f16kz43uC-harmony-incident-analysis; https://twitter.com/cz_binance/status/1614887319177428992; https://twitter.com/MistTrack_io/status/1617521823067025408; https://twitter.com/zachxbt/status/1614771861266792449; https://therecord.media/north-korean-hackers-use-fake-job-offers-salary-bumps-as-lure-for-crypto-theft/; https://securityaffairs.com/141325/apt/ta444-turns-credential-harvesting-activity.html; https://cyberscoop.com/north-korean-cryptocurrency-hackers-education-government/; https://twitter.com/securityaffairs/status/1618371896277598209; https://twitter.com/chuksjonia/status/1618101629840142336; https://www.wired.com/story/meduza-russia-outlaw-security-roundup/; https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html; https://www.cisa.gov/uscert/ncas/alerts/aa22-108a; https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft; https://www.govinfosecurity.com/banner-year-for-north-korean-cryptocurrency-hacking-a-21075; https://www.darkreading.com/ics-ot/lazarus-group-rises-again-gather-intelligence-energy-healthcare-firms; https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/; https://twitter.com/RecordedFuture/status/1621646826360250370; https://twitter.com/RecordedFuture/status/1621646796219883520,2022-11-30,2023-09-08
1709,Chinese state-sponsored hacking group APT41 deployed the KeyPlug backdoor on high-profile victims in Asian countries beginning in late 2021,"Chinese state-sponsored hacking group APT41 deployed the KeyPlug backdoor on high-profile victims in Asian countries beginning in late 2021, as reported by Russian IT security company Kaspersky with medium confidence. ",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Asia (region),,Unknown,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6842,2022-11-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securelist.com/apt-trends-report-q3-2022/107787/,2022-11-29,2023-03-31
1715,North Korean state-sponsored hacker group Lazarus exploited VMWare Horizon vulnerability to infect unknown targets with MagicRAT,"The North Korean state-sponsored hacker group Lazarus exploited VMWare Horizon vulnerability to infect unknown targets with MagicRAT, as reported by Cisco Talos Intelligence with medium to high confidence. 
The infrastructure of MagicRat was also used to deploy TigerRAT, another malware attributed to Lazarus.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Unknown,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6835,2022-09-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/lazarus-magicrat/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/147976/apt/andariel-apt-earlyrat-malware.html; https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/; https://securityaffairs.com/148895/cyber-crime/coinspaid-cyber-heist.html; https://www.darkreading.com/edge/why-identity-management-key-stopping-apt-cyberattacks; https://decoded.avast.io/threatresearch/avast-q3-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q3-2022-threat-report; https://blog.talosintelligence.com/lazarus-magicrat/; https://www.databreaches.net/north-korea-linked-hackers-behind-100-million-crypto-heist-fbi-says/; https://thehackernews.com/2023/01/north-korean-hackers-turn-to-credential.html,2022-11-29,2023-02-22
1703,Pro-Russian group Killnet targets Estonian entities in DDoS attack in August 2022,"The Russian hacking group, Killnet, claimed responsibility for the DDoS attack on over 200 Estonian state and private institutions (such as financial services) in August 2022. The attacks coincided with the removal of Soviet monuments in Estonia. An Estonian official, Luukas Ilves (Undersecretary for digital transformation at Estonia's Ministry of Economic Affairs and Communications) described it as ""the most extensive cyber attacks since 2007,"" yet the actual impact of the attack was limited and had ""gone largely unnoticed in Estonia."" Tõnu Tammer, executive director of the CERT-EE, stated that the ""most visible attack"" occurred on August 17th against the website of emta.ee (the Estonian Tax and Customs Board). The attacks mainly targeted ""the clients of the State Network of the Information System Authority."" Tammer claimed that the presidential website had ""over 40 million tries"" made to the website during the attack.",2022-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Estonia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,,,,1,; 11555; 11555,NaT; 2022-08-01 00:00:00; 2022-08-01 00:00:00,"; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",; Media-based attribution; Attacker confirms,; Killnet; Killnet,; Not available; Not available,; ; ,; Killnet; Killnet,; Russia; Russia,; Non-state-group; Non-state-group,https://securityaffairs.co/wordpress/134560/cyber-warfare-2/estonia-blocked-cyberattacks-killnet.html; https://www.reuters.com/world/europe/estonia-says-it-repelled-major-cyber-attack-after-removing-soviet-monuments-2022-08-18/,System / ideology,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,1,2022-08-01 00:00:00,State Actors: Preventive measures,Awareness raising,Estonia,CERT-EE,No,,Not available,Endpoint Denial of Service,Not available,False,,Not available,,Not available,Not available,0,Not available,0.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.defenseone.com/threats/2023/10/estonia-sent-offensive-cyber-tools-ukraine-after-russia-invaded/390985/; https://securityaffairs.co/wordpress/134560/cyber-warfare-2/estonia-blocked-cyberattacks-killnet.html; https://research.checkpoint.com/2022/the-new-era-of-hacktivism/; https://www.reuters.com/world/europe/estonia-says-it-repelled-major-cyber-attack-after-removing-soviet-monuments-2022-08-18/; https://www.euronews.com/next/2022/08/18/estonia-hit-by-most-extensive-cyberattack-since-2007-amid-tensions-with-russia-over-ukrain; https://www.thetechoutlook.com/news/technology/security/killnet-claims-their-attacks-on-estonia-have-impacted-over-200-financial-services/; https://intel471.com/blog/pro-russian-hacktivist-groups-target-ukraine-supporters; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS,2022-11-26,2023-12-20
1702,Russian state-sponsored hacking group ACTINIUM / Gamaredon targeted various organizations in Ukraine beginning in October 2021,"Russian state-sponsored hacking group ACTINIUM (aka Gamaredon) targeted various organizations in Ukraine for espionage purposes but also for gaining and maintaining strategic access into these networks beginning in October 2021, according to the technical report of Microsoft. 
ACTINIUM specifically targeted organizations critical to emergency response, to ensuring the security of the Ukrainian territory and to the distribution of humanitarian aid. 
The Security Service of Ukraine (SSU) attributed ACTINIUM or better known as Gamaredon to the Russian Federal Security Service (FSB) in November 2021. ",2021-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system; Social groups; State institutions / political system; State institutions / political system; State institutions / political system,Judiciary; Advocacy / activists (e.g. human rights organizations); Government / ministries; Military; Police,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7585,2022-02-04 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf; https://www.microsoft.com/en-us/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/; https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf; https://twitter.com/780thC/status/1616401790676701187; https://securityaffairs.com/141752/malware/apt-gamaredon-attacks.html; https://twitter.com/securityaffairs/status/1621443390691840001; https://twitter.com/Dennis_Kipker/status/1621467787326590977; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html,2022-11-26,2023-02-24
1704,Pro-Russian hacktivist group Killnet targets Norway entities with DDoS Attack at the end of June 2022,"The Russian hacktivist group, NoName057, targeted Norway government sites in DDoS attacks that rendered Norwegian websites and online services inaccessible. According to NSM (National Security Authority) and media reporting, the group was later identified as the Killnet hacktivist group. IT-company Avast indicated in a report from September 6, that KillNet and NoName057 are actually two cooperating, but separate pro-Russian hacktivist groups. The cyber attacks coincided with ""the decision of Norwegian authorities to block Russian cargo to the Svalbard archipelago"" (an Arctic coal-mining settlement in the Barentsburg region, which Norway controls and allows other countries to access for natural resources); the donation of long-range rocket artillery (MLRS) to Ukraine; and Norway pushing for NATO membership for Finland and Sweden. The Telegram channel ""Legion – Cyber Spetsnaz RF"" published the websites targeted in the attack. The hacktivist group ""Legion"" is affiliated with Killnet. According to NoName057 ""some of the targeted Norwegian entities are Norway's national police, the state's public services portal, the NAV office site (immigration), the Altinn digital government document portal, and the UDI portal (immigration and traveling)."" One organization that is publicly known to have been impacted during the attack is: Norwegian Labour Inspection Authority. According to a Telegram channel, other websites that were claimed in the attack were: ""Norwegian Public Roads Administration, the Stander Consumer Bank, and a financial organization Sbanken Service."" Via social media (Twitter and Telegram), the group supposedly also leaked information when they ""provided links to breached data from the compromised websites...in an attempt to prove their successor hacking campaign.""
Although Norway's Prime Minister, Jonas Gahr Store, stated that he had no knowledge that ""significant damage"" occurred due to the attack. In response to the attack the director of Norway’s NSM, Sofie Nystrøm, released a statement and held a press conference. ",2022-06-29,2022-06-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption,State Public Service Portal (Norway) - Not available - Norwegian Police Service - UDI portal (Norway) - NAV office site (Norway) - Altinn digital government document portal (Norway),Norway; Norway; Norway; Norway; Norway; Norway,EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU - EUROPE; NATO; NORTHEU,State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration -  - Police - Civil service / administration - Civil service / administration - Civil service / administration,Killnet,Russia,Non-state-group,Hacktivist(s),3,12141; 12140; 12142,2022-06-29 00:00:00; 2022-07-01 00:00:00; 2022-09-06 00:00:00,"Political statement / report (e.g., on government / state agency websites); Attribution given, type unclear; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,"National Security Authority (NSM, NOR); National Security Authority (NSM) (Norway); Avast",Not available; Not available; ,Norway; Norway; United States,Killnet; Killnet; NoName057(16),Russia; Russia; Not available,Non-state-group; Non-state-group; Non-state-group,https://www.bleepingcomputer.com/news/security/russian-hacktivists-take-down-norway-govt-sites-in-ddos-attacks/; https://securityaffairs.co/wordpress/132765/hacking/legion-ddos-norway.html; https://www.computerweekly.com/news/252524358/Norway-has-NOK200m-plan-to-bolster-cyber-defences; https://www.thetechoutlook.com/news/technology/security/pro-russian-hacking-group-killnet-claimed-to-ddos-attack-three-norwegian-banking-websites/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,2,2022-06-29 00:00:00; 2022-06-29 00:00:00,State Actors: Preventive measures; State Actors: Preventive measures,Confidence and security-building Dialogues; Confidence and security-building Dialogues,Norway; Norway,National Security Authority (NSM) (Norway);  Jonas Gahr Store (Norway's Prime Minister),No,,Not available,Data Exfiltration; Endpoint Denial of Service,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Sovereignty,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik; https://www.bleepingcomputer.com/news/security/ivanti-releases-patches-for-13-critical-avalanche-rce-flaws/; https://securityaffairs.com/160112/cyber-warfare-2/moldova-warns-of-hybrid-attacks-from-russia.html; https://intel471.com/blog/pro-russian-hacktivist-groups-target-ukraine-supporters; https://www.bleepingcomputer.com/news/security/russian-hacktivists-take-down-norway-govt-sites-in-ddos-attacks/; https://www.reuters.com/world/europe/norway-targeted-by-cyber-attack-security-agency-2022-06-29/; https://www.cnbc.com/2022/06/30/cyberattack-hits-norway-pro-russian-hacker-group-suspected.html; https://therecord.media/norway-accuses-pro-russian-hackers-of-launching-wave-of-ddos-attacks/; https://securityaffairs.co/wordpress/132765/hacking/legion-ddos-norway.html; https://www.computerweekly.com/news/252524358/Norway-has-NOK200m-plan-to-bolster-cyber-defences; https://thehill.com/policy/cybersecurity/3541585-norway-hit-with-cyberattack-temporarily-suspending-service/; https://www.securityweek.com/cyberattack-hits-norway-pro-russian-hacker-group-fingered; https://cybernews.com/news/pro-russian-hackers-blamed-for-a-cyberattack-on-norways-data-network/; https://www.thetechoutlook.com/news/technology/security/pro-russian-hacking-group-killnet-claimed-to-ddos-attack-three-norwegian-banking-websites/; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS; https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/; https://therecord.media/ddos-denmark-us-russia-killnet/,2022-11-26,2024-03-01
1700,Ukrainian nuclear power company Energoatom targeted in a DDoS attack by Russian hacktivists on 16 August 2022,"Energoatom, a Ukrainian nuclear power company, was targeted in a DDoS attack by the Russia-based hacktivist group ""People's Cyber Army."" The attack lasted three hours but did not interfere with systems linked to operations of the power plant. The attack was announced on the Telegram channel ""Popular Cyberarmy"" and directed followers to attack the website. It appeared that over seven million bots were used in the assault. ",2022-08-16,2022-08-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,Energoatom (Ukraine),Ukraine,EUROPE; EASTEU,Critical infrastructure,Energy,People’s Cyber Army,Russia,Non-state-group,Hacktivist(s),1,7794,2022-08-17 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Energoatom (Ukrainian nuclear power operator),Not available,Ukraine,People’s Cyber Army,Russia,Non-state-group,https://www.aljazeera.com/news/2022/8/16/ukraine-nuclear-power-company-says-russia-attacked-website; https://therecord.media/ukraines-state-owned-nuclear-power-operator-said-russian-hackers-attacked-website/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,3.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,No justification under IL,,,,Sovereignty,,No response justified (missing state attribution & breach of international law),,https://www.aljazeera.com/news/2022/8/16/ukraine-nuclear-power-company-says-russia-attacked-website; https://therecord.media/ukraines-state-owned-nuclear-power-operator-said-russian-hackers-attacked-website/; https://twitter.com/SamRamani2/status/1559656840413200391; https://twitter.com/KyivIndependent/status/1559627165909540865; https://twitter.com/IuliiaMendel/status/1559625647760228354; https://www.rferl.org/a/ukraine-enerhoatom-hacking-attack-zaporizhzhya/31992142.html; https://intel471.com/blog/pro-russian-hacktivist-groups-target-ukraine-supporters,2022-11-25,2023-02-28
1699,Iranian state-sponsored hacking group MERCURY used Log4j 2 vulnerabilities against Israeli organizations in July 2022,"Iranian state-sponsored hacking group MERCURY used two Log4j vulnerabilities (CVE-2021-44228; CVE-2021-45046) in unpatched SysAid applications against Israeli organizations during 23-25 July 2022, according to a technical report by Microsoft.
Microsoft attributed this cyber incident with high confidence to MERCURY, also known as MuddyWater, which is affiliated with Iran's Ministry of Intelligence and Security (MOIS).
",2022-07-23,2022-07-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Israel,ASIA; MENA; MEA,Unknown,,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State",,1,11552; 11552; 11552; 11552,2022-08-25 00:00:00; 2022-08-25 00:00:00; 2022-08-25 00:00:00; 2022-08-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft; Microsoft; Microsoft,; ; ; ,United States; United States; United States; United States,"MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Ministry of Intelligence and Security (MOIS, Iran); Ministry of Intelligence and Security (MOIS, Iran)","Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",https://www.microsoft.com/en-us/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/,Unknown,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; External Remote Services,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/application-security/building-a-better-sbom; https://www.darkreading.com/vulnerabilities-threats/sossa-and-cra-spell-trouble-for-open-source-software; https://www.darkreading.com/vulnerabilities-threats/ciso-guide-paying-down-software-supply-chain-security-debt; https://nakedsecurity.sophos.com/2023/07/03/wordpress-plugin-lets-users-become-admins-patch-early-patch-often/; https://cyberscoop.com/top-routinely-exploited-vulnerabilities/; http://www.defenseone.com/defense-systems/2023/08/army-looks-big-data-better-security-future-cloud-environments/389506/; https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-still-exploiting-log4j-bugs-against-israel/; https://lookingglasscyber.com/blog/threat-intelligence-insights/cyber-monitor-september22022/; https://www.microsoft.com/en-us/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/,2022-11-25,2023-12-21
1701,North Korean state-sponsored hacker group Lazarus exploited Log4Shell vulnerability in South Korean targets in April 2022,"North Korean state-sponsored hacker group Lazarus exploited the Log4Shell vulnerability (CVE-2021-44228) in an unpatched VMware Horizon product to place the NukeSped backdoor into South Korean targets in April 2022, according to the technical report of South Korean IT-company AhnLab. 
In some cases, the hacker group also used the cryptocurrency malware JimMiner for monetary gains.",2022-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,Not available,"Korea, Republic of",ASIA; SCS; NEA,Unknown,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11554,2022-05-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,"Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://asec.ahnlab.com/en/34461/,Unknown,System/ideology; Territory; International power,North Korea – South Korea; North Korea – South Korea; North Korea – South Korea,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; External Remote Services,Not available,,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,3.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/; https://asec.ahnlab.com/en/34461/; https://www.darkreading.com/application-security/building-a-better-sbom; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://cyberscoop.com/top-routinely-exploited-vulnerabilities/; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-supply-chain-attacks/,2022-11-25,2024-03-06
1688,Pro-Russian hacktivist group Killnet disrupted the website of Prince William on 22 November 2022,"Pro-Russian hacktivist group Killnet disrupted the website of Prince William on 22 November 2022, according to a Telegram post by the group. The hacktivists stated that they conducted this attack because of Britain's supply of high-precision missiles to Ukraine. These claims remain unverified.
",2022-11-22,2022-11-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Website of The Duke and Duchess of Cambridge - Prince of Wales,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Government / ministries,Killnet,Russia,Non-state-group,Hacktivist(s),1,6990,2022-11-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://www.hackread.com/pro-russian-killnet-uk-ddos-attacks/; https://t.me/s/killnet_reservs,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Armed conflict,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.hackread.com/pro-russian-killnet-uk-ddos-attacks/; https://t.me/s/killnet_reservs; https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov; https://twitter.com/DarkReading/status/1597950076000804866; https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/killnet-claims-attacks-against-starlink-whitehousegov-and-united-kingdom-websites/; https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-february-6-12,2022-11-24,2023-05-16
1689,Pro-Russian group Killnet took down the European Parliament website with a DDoS attack on 23 November 2022,The pro-Kremlin hacker group KillNet shut down the European Parliament's website on 23 November 2022. The takedown lasted for approximately one hour and was launched only a few hours after the Parliament had voted in favor of a resolution designating Russia as a state sponsor of terrorism. KillNet took responsibility for the attack on Telegram and linked the activity explicitly to the Parliament's declaration. The President of the European Parliament confirmed on Twitter that a cyber attack had taken place.,2022-11-23,2022-11-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,European Parliament,EU (institutions),,International / supranational organization,,Killnet,Russia,Non-state-group,Hacktivist(s),1,12146,2022-11-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://t.me/killnet_reservs/3710,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-11-23 00:00:00,EU: Legislative reactions,Stabilizing statement by member of parliament,EU (region),Roberta Metsola (President of the EU Parliament),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/HackRead/status/1623358394613567488; https://twitter.com/RecordedFuture/status/1623519318150463489; https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://therecord.media/killnet-ddos-hospitals-healthcare-russia; https://www.techrepublic.com/article/google-launches-project-shield/; https://www.diepresse.com/6272288/plattform-fuer-wiederaufbau-im-visier-prorussischer-hacker; https://www.malwarebytes.com/blog/news/2023/09/europol-publishes-report-discussing-observed-methodologies-and-threats; https://twitter.com/Cyberwarzonecom/status/1595486137694687233; https://twitter.com/juschuetze/status/1595517029120966656; https://twitter.com/aselawaid/status/1595567502415007744; https://twitter.com/lukOlejnik/status/1595466951941591041; https://twitter.com/lukOlejnik/status/1595517657150799872; https://twitter.com/DigitalPeaceNow/status/1595512761664081928; https://twitter.com/ransomwaremap/status/1595481007507095572; https://www.kleinezeitung.at/politik/aussenpolitik/ukraine/6219169/Angriffe-auf-zivile-Ziele_Kurz-nach-RusslandVerurteilung_; https://www.elmundo.es/internacional/2022/11/23/637e3186fc6c837b508b45d5.html; https://www.govinfosecurity.com/russian-killnet-shuts-down-eu-parliament-website-ddos-a-20541; https://securityaffairs.co/wordpress/138906/hacktivism/killnet-ddos-european-parliament.html; https://www.bleepingcomputer.com/news/security/pro-russian-hacktivists-take-down-eu-parliament-site-in-ddos-attack/; https://www.securityweek.com/eu-parliament-website-attacked-after-meps-slam-russian-terrorism; https://therecord.media/european-parliament-faces-cyberattack-from-pro-russia-group-after-terrorism-declaration/; https://www.rferl.org/a/russia-state-sponsor-terrorism-european-parliament/32145200.html; https://t.me/killnet_reservs/3710; https://twitter.com/EP_President/status/1595443471518777345; https://twitter.com/jduch/status/1595433790809284614; https://www.bleepingcomputer.com/news/security/pro-russian-hacktivists-take-down-eu-parliament-site-in-ddos-attack/; https://www.politico.eu/article/cyber-attack-european-parliament-website-after-russian-terrorism/; https://twitter.com/laurenscerulus/status/1595614456826023936; https://www.kleinezeitung.at/politik/aussenpolitik/ukraine/6219393/We-are-Killnet_Cyberangriff-auf-EUParlament-nach-Votum-gegen-Russland; https://elpais.com/internacional/2022-11-23/el-parlamento-europeo-declara-a-rusia-como-estado-promotor-del-terrorismo.html?autoplay=1; https://www.hackread.com/killnet-european-parliament-ddos-attack/; https://www.politico.eu/article/cyber-attack-european-parliament-website-after-russian-terrorism/; https://www.euractiv.com/section/digital/news/ep-comes-under-russian-cyber-attack-hours-after-state-terrorism-vote/; https://www.spiegel.de/netzwelt/hacker-legen-website-des-eu-parlaments-lahm-a-db4f97c1-9a24-4b4e-978e-4e4e6383dcc0; https://www.derstandard.at/story/2000141140390/cyberangriff-auf-die-seite-des-eu-parlaments-wie-wird-eine; https://www.lefigaro.fr/flash-actu/le-site-du-parlement-europeen-cible-par-une-cyberattaque-apres-un-vote-sur-la-russie-20221123; https://www.wired.com/story/hacktivism-russia-ukraine-ddos/; https://www.govinfosecurity.com/russian-nuisance-hacking-group-killnet-targets-germany-a-21039; https://www.volkskrant.nl/nieuws-achtergrond/ziekenhuis-groningen-geraakt-door-pro-russische-hackers-geen-vitale-systemen-getroffen~b7becbaa/; https://therecord.media/ddos-denmark-us-russia-killnet/; https://twitter.com/securityaffairs/status/1621617739721752579; https://twitter.com/securityaffairs/status/1621511156430143490,2022-11-24,2024-03-01
1691,Likely China-linked group RedEcho has been targeting India's energy sector since 2020,"According to Recorded Future, a likely China-linked group named RedEcho has been targeting the Indian energy sector since mid-2020 by using infrastructure tracked by Recorded Future as AXIOMATICASYMPTOTE. The attacks occured in the context of the India-China border clashes that have been taking place since 5 May 2020, possibly indicating efforts to develop leverage through the pre-positioning of malware on strategic assets. RedEcho uses some TTPs that have been used before by other Chinese state-sponsored groups such as APT41 and Tonto Team. However, there is insufficient evidence to attribute the activities to an existing group, so the report attributes the activities to RedEcho. Recorded Future lists twelve targets of the group, which are mainly organisations in the power generation and transmission sector. However, targets in the maritime sector were also affected. Links to a power outage in Mumbai in October 2020 remain unsubstantiated. ",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,"Western Regional Load Despatch Centre (India) - Telangana State Load Despatch Centre (India) - North Eastern Regional Load Despatch Centre (India) - Eastern Regional Load Despatch Centre (India) - Power System Operation Corporation Limited (India) - DTL Tikri Kalan (Mundka), Delhi Transco Ltd - NTPC Kudgi STPP - Southern Regional Load Despatch Centre (India) - V. O. Chidambaranar Port - Delhi State Load Despatch Centre (India) - Mumbai Port Trust - NTPC Limited",India; India; India; India; India; India; India; India; India; India; India; India,ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Energy - Energy - Energy - Energy - Energy - Energy - Energy - Energy - Transportation - Energy - Transportation - Energy,RedEcho,China,"Non-state actor, state-affiliation suggested",,1,6987,2021-02-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,,United States,RedEcho,China,"Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf,Territory; International power,Territory; Resources; International power,China – India; China – India; China – India,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,12.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/ics-ot/chinas-winnti-apt-compromises-national-grid-in-asia-for-6-months; https://www.wired.com/story/china-redfly-power-grid-cyberattack-asia/; https://www.ironnet.com/blog/cyber-attacks-on-the-power-grid; https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf; https://therecord.media/redecho-group-parks-domains-after-public-exposure/; https://www.malwarebytes.com/blog/news/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids; https://www.recordedfuture.com/from-coercion-to-invasion-the-theory-and-execution-of-china-cyber-activity,2022-11-24,2023-03-13
1693,The phones of Spain's prime minister Pedro Sanchez and defense minister Margarita Robles were compromised with Pegasus spyware in 2021,"The phones of Spain's prime minister Pedro Sanchez and defense minister Margarita Robles were compromised with Pegasus spyware from May to June 2021, the Spanish government revealed on 2 May 2022. Pedro Sanchez was the first sitting EU and NATO head of state confirmed to have been targeted with Pegasus spyware. ",2021-05-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,"Margarita Robles (Defence Minister; ESP) - Pedro Sánchez (Prime Minister, Spain)",Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,Not available,Not available,Not available,,1,12147,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,2,2022-05-02 00:00:00; 2022-05-10 00:00:00,EU member states: Stabilizing measures; EU member states: Executive reactions,Statement by other ministers (or spokespersons)/members of parliament; Removal from office,Spain; Spain,"Félix Bolaños (Minister of the Presidency, Relations with the Cortes and Democratic Memory, Spain); Spanish Government",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,,0.0,,0.0,euro,Not available,Cyber espionage; Sovereignty,State actors; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/157667/malware/ishutdown-spyware-infections-iphones.html; https://www.politico.eu/article/pegasus-spyware-targeted-spanish-pm-pedro-sanchez-defense-minister/; https://twitter.com/perearagones/status/1521064638191910912; https://www.politico.eu/article/pegasus-hacking-spyware-spain-government-prime-minister-pedro-sanchez-margarita-robles-digital-espionage-crisis/; https://www.politico.eu/article/pegasus-use-5-eu-countries-nso-group-admit/; https://www.euronews.com/2022/05/10/pegasus-spyware-spain-s-intelligence-chief-dismissed-over-phone-hacking-scandal; https://elpais.com/internacional/2023-01-19/la-eurocamara-aprueba-un-resolucion-critica-con-marruecos-con-el-voto-en-contra-de-los-socialistas-espanoles.html,2022-11-24,2023-08-03
1694,The Spanish government is suspected to have conducted an extensive cyber-espionage operation against the Catalan independence movement using Pegasus spyware beginning in 2017,"The Spanish government is suspected to have conducted an extensive cyber-espionage operation against the Catalan independence movement using Pegasus spyware from 2017 until 2020, according to a technical report by CitizenLab. It states that it does not ""conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities"".
The cyber-espionage operation targeted 65 individuals. 52 spyware infections were observed. Among the victims are members of the European Parliament, former Catalan presidents, legislators, jurists, members of the civil society, and also some of their family members. 
The European Parliament launched an inquiry committee to investigate the use of the Pegasus spyware in April, that was already announced in March 2022. This cyber incident is the first time Pegasus spyware was used in Europe. Some of the later reconfirmed victims reported suspected surveillance of their phones as early as 2020.
The Spanish government as well launched an investigation into the conduct of Spain's National Intelligence Centre (CNI), which had contracted the use of Pegasus spyware. ",2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by victim; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"Albert Batet (Member of the Parliament of Catalonia, Spain) - Arnaldo Otegi (General Secretary, Euskal Herria Bildu, Spain) - Jaume Alonso Cuevillas (Member of Parliament of Catalonia, Spain) - Alba Bosch - Diana Riba (Member of European Parliament, Spain) - David Bonvehi (Former Member of the Parliament of Catalonia, Spain) - Joaquim Jubert (Member of the Parliament of Catalonia, Spain) - Carles Riera (Member of the Parliament of Catalonia, Spain) - Dolors Mas (Businesswoman, Spain) - Albert Botran (Member of the Congress of Deputies, Spain) - Elena Jimenez (Òmnium Cultural, Spain) - Josep Ma Ganyet (Professor, Spain) - Joan Matamala (Fundació Llibreria Les Voltes, Spain) - Artur Mas (Former President of Catalonia, Spain) - Gonzalo Boye (Lawyer, Spain) - Antoni Comín (Member of European Parliament, Spain) - Marcela Topor (Journalist, Spain) - Elisenda Paluzie (President of Assemblea Nacional Catalana, Spain) - Jon Iñarritu (Member of the Congress of Deputies, Spain) - Jordi Sanchez (Former President Assemblea Nacional Catalana, Spain) - Meritxell Budo (Former Minister of the Presidency of Catalonia, Spain) - Andreu Van den Eynde (Lawyer, Spain) - Dr. Elias Campo (Director, August Pi i Sunyer Biomedical Research Institute (IDIBAPS), Spain) - Joaquim Torra (Former President of Catalonia, Spain) - Jordi Bosch (Òmnium Cultural, Spain) - Joan Ramon Casals (Former Member of the Parliament of Catalonia, Spain) - Marta Rovira (Former Member of the Parliament of Catalonia, Spain) - Marc Solsona (Former Member of the Parliament of Catalonia, Spain) - Maria Cinta Cid (Professor, Spain) - David Madi (Businessman, Former advisor to President Artur Mas, Spain) - Meritxell Serret (Member of the Parliament of Catalonia, Spain) - Marcel Mauri (Òmnium Cultural, Spain) - Josep Maria Jové (Member of the Parliament of Catalonia, Spain) - Josep Rius (Junts per Catalunya, Spain) - Jordi Solé (Former Member of European Parlament, Spain) - Jordi Baylina (Open-source Developer, Spain) - Oriol Sagrera (Former Head of the Cabinet of the Presidency of the Parliament of Catalonia, Spain) - Pere Aragonès (President of Catalonia, Spain) - Meritxell Bonet (Journalist, Spain) - Josep Costa (Former Member of the Parliament of Catalonia, Spain) - Pol Cruz (European Parliament Assistant, Spain) - Miriam Nogueras (Member of the Congress of Deputies, Spain) - Xavier Vendrell (Former Member of the Parliament of Catalonia, Spain) - Sergi Sabrià (Former Member of the Parliament of Catalonia, Spain) - Sònia Urpí (Assemblea Nacional Catalana, Spain) - Josep Lluís Alay (Office Director of President Puigdemont and Professor of Asian History, Spain) - Albano Dante Fachin (Journalist, Former Member of the Parliament of Catalonia, Spain) - Not available",Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Switzerland; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; WESTEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system - State institutions / political system - Social groups - International / supranational organization - State institutions / political system - State institutions / political system - State institutions / political system - End user(s) / specially protected groups - State institutions / political system - Social groups - Science - Social groups - End user(s) / specially protected groups - End user(s) / specially protected groups - International / supranational organization - Media - Social groups - State institutions / political system - State institutions / political system - State institutions / political system - End user(s) / specially protected groups - Science - State institutions / political system - Social groups - State institutions / political system - State institutions / political system - State institutions / political system - Science - End user(s) / specially protected groups - State institutions / political system - Social groups - State institutions / political system - State institutions / political system - International / supranational organization - End user(s) / specially protected groups - State institutions / political system - State institutions / political system - Media - State institutions / political system - International / supranational organization - State institutions / political system - State institutions / political system - State institutions / political system - Social groups - Social groups; Science - State institutions / political system; Media - State institutions / political system; International / supranational organization; Social groups; End user(s) / specially protected groups; State institutions / political system,Legislative - Political parties - Legislative - Advocacy / activists (e.g. human rights organizations) -  - Legislative - Legislative - Legislative -  - Legislative - Advocacy / activists (e.g. human rights organizations) -  - Advocacy / activists (e.g. human rights organizations) -  -  -  -  - Advocacy / activists (e.g. human rights organizations) - Legislative - Legislative - Government / ministries -  -  - Government / ministries - Advocacy / activists (e.g. human rights organizations) - Legislative - Legislative - Legislative -  -  - Legislative - Advocacy / activists (e.g. human rights organizations) - Legislative - Political parties -  -  - Government / ministries - Government / ministries -  - Legislative -  - Legislative - Legislative - Legislative - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations);  - Legislative;  - Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ; Legislative,Centro Nacional de Inteligencia (CNI),Spain,State,,1,12143,2022-04-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,CitizenLab,Not available,Canada,Centro Nacional de Inteligencia (CNI),Spain,State,https://www.theguardian.com/world/2020/jul/13/phone-of-top-catalan-politician-targeted-by-government-grade-spyware; https://www.europapress.es/nacional/noticia-torrent-maragall-comparan-watergate-presunto-espionaje-telefonos-20200715123213.html; https://www.theguardian.com/world/2020/jul/13/top-catalan-politician-says-alleged-attack-confirms-fears-about-spanish-state; https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/,Autonomy; Subnational predominance; Secession,Autonomy; Secession,Spain (Catalan nationalists / Catalonia); Spain (Catalan nationalists / Catalonia),Yes / HIIK intensity,HIIK 3,3,2022-04-19 00:00:00; 2022-05-10 00:00:00; 2022-04-25 00:00:00,EU: Legislative reactions; EU member states: Executive reactions; EU member states: Legislative reactions,Parliamentary investigation committee; Removal from office; Parliamentary investigation committee,EU (region); Spain; Spain,European Parliament (EP); Spanish Government; Spanish Government,Yes,One,Exploit Public-Facing Application; Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,52.0,,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Human rights,State actors; ,Not available,0,,Not available,,Not available,Not available,Cyber espionage; Human rights,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.politico.eu/article/pegasus-spyware-targets-top-catalan-politicians-and-activists/; https://www.politico.eu/article/eus-vestager-brushes-off-spyware-threat/; https://twitter.com/perearagones/status/1521064638191910912; https://twitter.com/perearagones/status/1516012341162348547; https://www.theguardian.com/world/2020/jul/13/phone-of-top-catalan-politician-targeted-by-government-grade-spyware; https://www.theguardian.com/technology/2020/jul/28/whatsapp-confirms-catalan-politicians-phone-was-target-of-2019-attack; https://www.theguardian.com/world/2020/jul/16/spains-deputy-pm-urges-investigation-into-catalan-spyware-claims; https://www.europapress.es/nacional/noticia-torrent-maragall-comparan-watergate-presunto-espionaje-telefonos-20200715123213.html; https://www.theguardian.com/world/2020/jul/13/top-catalan-politician-says-alleged-attack-confirms-fears-about-spanish-state; https://www.theguardian.com/world/2020/jul/17/who-has-been-using-spyware-on-catalan-independence-campaigners; https://www.reuters.com/article/spain-politics-spyware/catalan-politician-suspects-was-target-of-state-phone-tapping-spokesman-says-idUKL5N2EL1OC; https://www.vice.com/en/article/pkyzxz/spain-nso-group-pegasus-catalonia; https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/; https://www.politico.eu/article/pegasus-use-5-eu-countries-nso-group-admit/; https://www.euronews.com/2022/04/25/spain-begins-investigation-into-catalonia-pegasus-spyware-allegations; https://www.euronews.com/2022/05/10/pegasus-spyware-spain-s-intelligence-chief-dismissed-over-phone-hacking-scandal; https://www.europarl.europa.eu/news/de/press-room/20220412IPR27112/ep-inquiry-committee-for-pegasus-and-other-spyware-launched; https://netzpolitik.org/2022/untersuchungsauschuss-zu-pegasus-skandal-spanien-wird-zum-problemfall-fuer-das-eu-parlament/; https://netzpolitik.org/2023/pegasus-eu-kommission-prueft-klagen-gegen-mitgliedslaender/,2022-11-24,2023-08-03
1690,Pro-Russian group Killnet targets Latvia's parliament in DDoS attack in August 2022,"Pro-Russian hacktivist group, Killnet, disrupted the parliament of the Republic of Latvia (Saeima) in a DDoS attack in August 2022. The attack occurred after the Latvian government officials ""designated Russia as a 'state sponsor of terrorism'"" and called on European Union (EU) countries to do likewise. Parliament's website network was disrupted for several hours when it was overwhelmed by malicious traffic. However, Latvia’s Computer Emergency Response Team (CERT.LV) stated that preparatory measures allowed the network to defend itself enough that the attacks didn't disrupt parliament. These events were communicated via the CERT.LV Twitter. Killnet claimed responsibility for the attack on their Telegram channel.",2022-08-11,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption,Parliament/ Saeima (Latvia),Latvia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Legislative,,,,,1,; 12148; 12148; 12148; 12148,NaT; 2022-08-11 00:00:00; 2022-08-11 00:00:00; 2022-08-11 00:00:00; 2022-08-11 00:00:00,"; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",; Media-based attribution; Attacker confirms; Media-based attribution; Attacker confirms,; Killnet; Killnet; Killnet; Killnet,; Not available; Not available; Not available; Not available,; Albania; Albania; Albania; Albania,; Killnet; Killnet; Killnet; Killnet,; ; ; ; ,; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://therecord.media/pro-kremlin-hackers-target-latvias-parliament-after-declaring-russia-a-sponsor-of-terrorism/,System / ideology,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,1,2022-08-11 00:00:00,EU member states: Preventive measures,Awareness raising,Latvia,CERT.LV,Not available,,Not available,Endpoint Denial of Service,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,"Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),3,Not available,0.0,Minor,3.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,No justification under IL,,,,,,No response justified (missing state attribution & breach of international law),,https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://therecord.media/ddosia-pro-russian-hackers-upgrades; https://www.bleepingcomputer.com/news/security/hacktivists-fund-their-operations-using-common-cybercrime-tactics/; https://research.checkpoint.com/2022/the-new-era-of-hacktivism/; https://therecord.media/pro-kremlin-hackers-target-latvias-parliament-after-declaring-russia-a-sponsor-of-terrorism/; https://twitter.com/certlv/status/1557696147971624961; https://www.baltictimes.com/saeima_web_servers_under_massive_ddos_attack/; https://rus.delfi.lv/news/daily/latvia/sejm-latvii-podvergsya-moschnoj-ddos-atake.d?id=54631366; https://twitter.com/cyber_etc/status/1558079006351794176; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS; https://therecord.media/ddos-denmark-us-russia-killnet/,2022-11-24,2023-08-03
1682,Conti related group UAC-0098 targeted Ukrainian critical infrastructure since April 2022 with AnchorMail backdoor,"The Google Threat Analysis Group (TAG) reported a hacking campaign using the AnchorMail backdoor by the group UAC-0098 and assesses that some members of it are also ""former members of the Conti cybercrime group"". TAG linked UAC-0098 to previous ransomware attacks that were politically and financially motivated. From April to June 2022, the group targeted the Ukrainian government and Ukrainian organizations, such as hotels along with European humanitarian organizations. 

",2022-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,; ; ,UAC-0098,Russia,"Non-state actor, state-affiliation suggested",,1,7631,2022-09-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Google's TAG,,United States,UAC-0098,Russia,"Non-state actor, state-affiliation suggested",https://www.securityweek.com/google-details-recent-ukraine-cyberattacks; https://cert.gov.ua/article/339662,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,Not available,Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,,,Not available,,Not available,,https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/; https://www.bleepingcomputer.com/news/security/google-says-former-conti-ransomware-members-now-attack-ukraine/; https://www.techtarget.com/searchsecurity/news/252524685/Google-Former-Conti-ransomware-members-attacking-Ukraine; https://www.securityweek.com/google-details-recent-ukraine-cyberattacks,2022-11-22,2023-02-27
1683,TA428 used Windows malware to target Eastern European governments and entities and departments in Afghanistan since 2021,"According to Kaspersky ICS CERT experts, a Chinese APT group known as TA428 (APT TA428/Colourful Panda/Vicious Panda/BRONZE DUDLEY) utilized Windows malware in targeted attacks on military-industrial-complex enterprises; public institutions; and government entities, such as agencies, ministries, and departments in various Eastern European countries (Belarus, Russia, and Ukraine) as well as Afghanistan. The bad actors penetrated and, in some cases, hijacked the IT infrastructure. The goal of this activity was for cyber espionage purposes. Penetration was achieved via spear-phishing emails, which in some cases utilized not publicly available information. The bad actors utilized five backdoors simultaneously, such as: PortDoor, nccTrojan, Logtu, Cotx, and DNSep. These five backdoors were used in previous attacks by APT TA428, while the sixth backdoor (CotSam) was newly observed. ",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available,Belarus; Afghanistan; Ukraine; Russia,EUROPE; EASTEU; CSTO - ASIA; SASIA - EUROPE; EASTEU - EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,; Defence industry - ; Defence industry - ; Defence industry - ; Defence industry,TA428/ Temp.Hex/ Vicious Panda,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7628,2022-08-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,Kaspersky,Russia,TA428/ Temp.Hex/ Vicious Panda,China,"Non-state actor, state-affiliation suggested",https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-windows-malware-to-backdoor-govt-defense-orgs/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,1-10,4.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,,Not available,0,,Not available,,,,Cyber espionage,,,,https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://securelist.com/targeted-attack-on-industrial-enterprises-and-public-institutions/107054/; https://intrusiontruth.wordpress.com/2022/12/24/no-limits-relationship-chinas-state-hackers-scoop-up-intelligence-on-ukraine-and-russia/; https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-windows-malware-to-backdoor-govt-defense-orgs/; https://www.spiceworks.com/it-security/vulnerability-management/news/chinese-ta428-cyber-espionage-campaign/; https://www.csoonline.com/article/3669236/chinese-apt-group-uses-multiple-backdoors-in-attacks-on-military-and-research-organizations.html; https://securityaffairs.co/wordpress/134180/apt/china-apt-attacks-industrial-enterprises.html,2022-11-22,2023-12-22
1680,The hacktivists group Belarusian Cyber-Partisans disrupted the computer systems of and stole information from the Russian General Radio Frequency Center (GRFC) in 2022,"The hacktivists group Belarusian Cyber-Partisans disrupted the computer systems of and stole information from the Russian General Radio Frequency Center (GRFC), which is part of Roskomnadzor (RKN), the Federal Service for Supervision of Communications, Information Technology and Mass Media. The activities lasted until November 2022, according to tweets of the hacktivist group itself that described the actions as a response to Roskomnadzor's role in censorship and surveillance of the political opposition in Russia.
The hacktivists said that they used software of Belarusian surveillance company Falcongaze to conduct the cyber-operation and announced plans to share material obtained in the operation with journalists. ",2022-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Russian General Radio Frequency Center (GRFC),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Civil service / administration,Belarusian Cyber-Partisans,Belarus,Non-state-group,Hacktivist(s),1,6996,2022-11-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Belarusian Cyber Partisans,Not available,Belarus,Belarusian Cyber-Partisans,Belarus,Non-state-group,https://twitter.com/cpartisans/status/1594397517684572161; https://twitter.com/cpartisans/status/1593634667147988993; https://t.me/cpartisans/980,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/evacide/status/1593649558269169665; https://twitter.com/cpartisans/status/1594397517684572161; https://twitter.com/cpartisans/status/1593634667147988993; https://tass.ru/obschestvo/16372881; https://twitter.com/campuscodi/status/1594699712996773888; https://therecord.media/belarusian-hacktivists-claim-to-breach-russias-internet-regulator/; https://t.me/cpartisans/980,2022-11-21,2023-02-15
1679,Pro-Ukraine hacktivist group AnonGhost targeted the russian Global Navigation Satellite System (GLONASS) and leaked information about it beginning on March 15th 2022,"Pro-Ukraine hacktivist group AnonGhost targeted the Russian Global Navigation Satellite System (GLONASS) and leaked information from March 15th to March 17th 2022, according to a tweet. At the beginning of March, the IT Army of Ukraine had announced that GLONASS was on a list of intended next hacking targets, which could explain this choice of targeting by AnonGhost. 
",2022-03-15,2022-03-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Global Navigation Satellite System (GLONASS; Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Critical infrastructure,Military; Telecommunications,AnonGhost,Not available,Non-state-group,Hacktivist(s),1,7635,2022-03-17 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,AnonGh0st,Not available,Not available,AnonGhost,Not available,Non-state-group,https://twitter.com/JoanneHuggins6/status/1504423179703386118?s=20&t=0ZpLkITQgZ8Z7RmdRpvSJw,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://www.reuters.com/world/europe/ukraines-it-army-targets-belarus-railway-network-russian-gps-2022-03-03/; https://twitter.com/JoanneHuggins6/status/1504423179703386118?s=20&t=0ZpLkITQgZ8Z7RmdRpvSJw; https://www.darkowl.com/blog-content/developing-impacts-of-ukraine-invasion-felt-across-the-darknet/,2022-11-17,2023-02-27
1674,An unnamed Iranian state-sponsored hacking group gained access to the computer systems of a US federal civilian executive branch organization beginning in February 2022,"An unnamed Iranian state-sponsored hacking group gained access into the computer systems of an unnamed US federal civilian executive branch organization from February 2022 to mid-July 2022, according to a technical report of by the US Cybersecurity and Infrastructure Security Agency (CISA). 
A source familiar with the incident identified the agency to the Washington Post as the US Merit Systems Protection Board and named Nemesis Kitten as the suspected threat actor.
",2022-02-01,2022-07-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Hijacking without Misuse,U.S. Merit Systems Protection Board,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Not available,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,11548; 11549,2022-11-16 00:00:00; 2022-11-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution,Cybersecurity and Infrastructure Security Agency (CISA); Unknown,Not available; Not available,United States; United States,Not available; Nemesis Kitten,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.cisa.gov/uscert/ncas/alerts/aa22-320a,Unknown,System/ideology; International power,Iran – USA; Iran – USA,Yes / HIIK intensity,HIIK 1,1,2022-11-16 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/zackwhittaker/status/1592963474505994240; https://twitter.com/ryanaraine/status/1592917570621173767; https://twitter.com/CISAJen/status/1592924863786004482; https://twitter.com/ericgeller/status/1592925472618418181; https://twitter.com/snlyngaas/status/1592934189925818369; https://www.securityweek.com/us-gov-warning-start-hunting-iranian-apts-exploited-log4j; https://www.cyberscoop.com/iranian-hackers-log4shell-crypto/; https://www.bleepingcomputer.com/news/security/us-govt-iranian-hackers-breached-federal-agency-using-log4shell-exploit/; https://therecord.media/suspected-iranian-apt-accessed-federal-server-via-log4j-vulnerability/; https://www.govinfosecurity.com/iranian-hacker-group-uses-log4shell-to-cryptojack-us-agency-a-20484; https://www.cisa.gov/uscert/ncas/alerts/aa22-320a; https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html; https://lookingglasscyber.com/blog/news/iranian-government-linked-hackers-got-into-merit-systems-protection-boards-network/; https://www.databreaches.net/us-govt-iranian-hackers-breached-federal-agency-using-log4shell-exploit/; https://www.washingtonpost.com/politics/2022/11/17/iranian-hackers-breached-agency-that-hears-federal-worker-grievances/; https://twitter.com/RecordedFuture/status/1593271969662861313; https://twitter.com/nakashimae/status/1593258744258904132; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-18th-2022-rising-operations/; https://www.hackread.com/log4shell-iran-hackers-domain-controller-network/; https://twitter.com/JAMESWT_MHT/status/1593651871771672578; https://research.checkpoint.com/2022/21st-november-threat-intelligence-report/; https://www.darkreading.com/risk/supply-chain-risks-got-you-down-keep-calm-and-get-strategic-; https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/; https://socradar.io/4-lessons-learned-from-log4shell/; https://www.darkreading.com/attacks-breaches/iran-backed-actor-behind-cyberattack-charlie-hebdo-microsoft-says,2022-11-17,2023-07-14
1676,Lazarus APT Attacks European and Latin American Organizations using DTrack backdoor in 2022,"North Korean APT Lazarus attacked multiple entities across Europe and Latin America, including government-related institutes, IT service providers, telecommunications companies, manufacturing, etc. with the DTrack backdoor. According to Kaspersky, Lazarus uses this backdoor since 2019. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,Saudi Arabia; Brazil; Germany; Switzerland; Turkey; Mexico; United States; India; Italy,ASIA; MENA; MEA; GULFC - SOUTHAM - EUROPE; NATO; EU(MS); WESTEU - EUROPE; WESTEU - ASIA; NATO; MEA -  - NATO; NORTHAM - ASIA; SASIA; SCO - EUROPE; NATO; EU(MS),State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ;  - Civil service / administration; Telecommunications; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6999,2022-11-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securityaffairs.co/wordpress/138622/apt/dtrack-backdoor-targets-europe-latin-america.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,Not available,1-10,0.0,,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.co/wordpress/138622/apt/dtrack-backdoor-targets-europe-latin-america.html; https://securelist.com/dtrack-targeting-europe-latin-america/107798/; https://thehackernews.com/2022/11/north-korean-hackers-targeting-europe.html; https://research.checkpoint.com/2022/21st-november-threat-intelligence-report/; https://twitter.com/Cyber_O51NT/status/1639428701137035264,2022-11-17,2023-07-14
1673,Chinese state-sponsored hacking group Billbug gained access to the systems of government agencies in multiple Asian countries beginning in March 2022,"The Chinese state-sponsored hacking group Billbug gained access to the systems of government agencies in multiple Asian countries, probably for espionage reasons, beginning in March 2022, according to a technical report by Symantec. 
As part of the same campaign, the hacking group infiltrated a digital certificate authority in Asia but fell short of comprosing actual certificates. Access to these digital stamps could have enabled it to brand malware as legitimate software to subvert detection.",2022-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Asia (region),,State institutions / political system,Government / ministries,Billbug / Lotus Blossom / Thrip,China,"Non-state actor, state-affiliation suggested",,1,4438,2022-11-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,Billbug / Lotus Blossom / Thrip,China,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/unix_root/status/1592508717399822337; https://www.securityweek.com/chinese-cyberespionage-group-billbug-targets-certificate-authority; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority; https://thehackernews.com/2022/11/researchers-say-china-state-backed.html; https://securityaffairs.co/wordpress/138568/apt/billbug-apt-hit-certificate-authority.html; https://therecord.media/alleged-chinese-state-sponsored-group-hacked-certificate-authority-govt-agencies-in-asia/; https://www.bleepingcomputer.com/news/security/chinese-hackers-target-government-agencies-and-defense-orgs/; https://www.darkreading.com/endpoint/china-based-billbug-apt-infiltrates-certificate-authority,2022-11-16,2023-02-15
1672,Chinese state-sponsored hacking group Earth Longzhi gained access to high-profile victims of various sectors in several countries beginning in mid-2021,"Chinese state-sponsored hacking group Earth Longzhi, which is a subgroup of Chinese cyber-proxy APT41, gained access to high-profile victims of various sectors in several countries beginning in August 2021 and lasting until June 2022. ",2021-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,China; Ukraine; Indonesia; Malaysia; Taiwan; Thailand; Pakistan,ASIA; SCS; EASIA; NEA; SCO - EUROPE; EASTEU - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS - ASIA; SEA - ASIA; SASIA; SCO,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Transportation; ; Defence industry - Transportation; ; Defence industry - Transportation; ; Defence industry - Transportation; ; Defence industry - Transportation; ; Defence industry - Transportation; ; Defence industry - Transportation; ; Defence industry,,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11546,2022-11-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,United States,,China,"Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en%5Fus/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html,International power,System/ideology; Secession,China (Taiwan); China (Taiwan),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,4.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://www.darkreading.com/vulnerabilities-threats/apt41-subgroup-plows-through-asia-pacific-utilizing-layered-stealth-tactics; https://thehackernews.com/2023/05/chinese-hacker-group-earth-longzhi.html; https://twitter.com/unix_root/status/1592222330066849792; https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html; https://research.checkpoint.com/2022/14th-november-threat-intelligence-report/; https://www.trendmicro.com/en%5Fus/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html; https://twitter.com/unix_root/status/1592328026641031170; https://securityaffairs.co/wordpress/138536/apt/earth-longzhi-subgroup-apt41.html,2022-11-15,2023-07-14
1671,Chinese state-sponsored hacking group Earth Longzhi gained access to various targets in Taiwan and the banking sector in China beginning in 2020,"Chinese state-sponsored hacking group Earth Longzhi, which is a subgroup of Chinese cyber-proxy APT41, gained access to the network of various targets in Taiwan and the banking sector in China beginning in May 2020 and lasting until February 2021, according to a technical report of Trend Micro. ",2020-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available,China; Taiwan,ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS, - State institutions / political system; Science, - Government / ministries; ,Earth Longzhi < APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7000,2022-11-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,United States,Earth Longzhi < APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.trendmicro.com/en%5Fus/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html,System / ideology; International power; Secession,System/ideology; Secession,China (Taiwan); China (Taiwan),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,4.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",Not available,0.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://thehackernews.com/2023/05/chinese-hacker-group-earth-longzhi.html; https://twitter.com/unix_root/status/1592222330066849792; https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html; https://research.checkpoint.com/2022/14th-november-threat-intelligence-report/; https://www.trendmicro.com/en%5Fus/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html; https://twitter.com/unix_root/status/1592328026641031170; https://securityaffairs.co/wordpress/138536/apt/earth-longzhi-subgroup-apt41.html,2022-11-15,2023-03-28
1665,"Pro-Russian hacktivist group disrupted multiple organizations in Ukraine with ""Somnia"" ransomware on 11 November 2022","The pro-Russian hacktivist group named ""From Russia with Love"" or ""Z-Team"" infected multiple organizations in Ukraine with a new ransomware strain called ""Sonia"", encrypting the systems on 11 November 2022 and causing operational problems. The group has previously disclosed creating the Somnia ransomware on their Telegram channel. CERT-UA has attributed the attack to the hacktivist group and describes Somnia as a data-wiper malware as it does not provide the possibility of data decryption.",2022-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,Not available,Ukraine,EUROPE; EASTEU,Unknown,,From Russia with Love (FRwL)/Z-Team/UAC-0118,Russia,Non-state-group,Criminal(s),2,8491; 8492,2022-11-11 00:00:00; 2022-11-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms,CERT-UA; From Russia with Love (FRwL)/Z-Team/UAC-0118,Not available; Not available,Ukraine; Russia,From Russia with Love (FRwL)/Z-Team/UAC-0118; From Russia with Love (FRwL)/Z-Team/UAC-0118,Russia; Russia,Non-state-group; Non-state-group,https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hacktivists-use-new-somnia-ransomware/; https://cert.gov.ua/article/2724253,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,External Remote Services,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,2.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hacktivists-use-new-somnia-ransomware/; https://twitter.com/securityaffairs/status/1592290595309076480; https://twitter.com/hacks4pancakes/status/1592202195138908160; https://securityaffairs.co/wordpress/138496/hacking/somnia-ransomware-attacks-ukraine.html; https://twitter.com/M_Miho_JPN/status/1592502459821592579; https://twitter.com/JAMESWT_MHT/status/1592418378001813504; https://cert.gov.ua/article/2724253; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-18th-2022-rising-operations/; https://twitter.com/Cyberknow20/status/1606396705548619776,2022-11-14,2023-03-09
1669,Unknown actors stole data from various Spanish state agencies using the communication network Punto Neutro Judicial of the judiciary starting in October 2022,"The General Council of the Judiciary (CGPJ) in Spain suffered a cyberattack on its Punto Neutro Judicial (PNJ) platform that connects judicial bodies with other government agencies in October 2022. El Diario reported on 11 November that attackers were able to hit the Treasury Information Services and exfiltrated information from half a million Spanish taxpayers. They also accessed networks of the General Police Directorate and obtained the IDs and addresses of 50,000 police officers. Initial findings from an investigation by the National Court revealed that the attackers had sought to identify the files of specific individuals with a public profile. ",2001-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,Directorate-General of the Police (DGP; Spain) - Spanish Tax Administration Agency (AEAT) - Public Employment Service (PES; Spain) - National Institute of Social Security (INSS; Spain),Spain; Spain; Spain; Spain,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Police - Civil service / administration - Civil service / administration - Civil service / administration,Not available,Not available,Not available,,1,7002,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,4.0,,0.0,Not available,0.0,euro,Not available,Cyber espionage; Human rights,; Civic / political rights,Not available,1,2022-10-20 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Spain,Juzgado Central de Instrucción de la Audiencia Nacional (ESP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-16/; https://www.eleconomista.es/telecomunicaciones/noticias/12026256/11/22/Ciberataque-al-corazon-del-sistema-judicial-millones-de-datos-personales-en-riesgo.html; https://www.poderjudicial.es/cgpj/es/Poder-Judicial/Sala-de-Prensa/Archivo-de-notas-de-prensa/El-Punto-Neutro-Judicial--afectado-por-un-ciberataque-a-las-redes-de-las-Administraciones-Publicas-espanolas; https://www-eldiario-es.translate.goog/politica/hackeo-traves-judicial-roba-hacienda-datos-medio-millon-contribuyentes_1_9699143.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://elpais.com/espana/2022-11-08/la-red-informatica-que-conecta-los-juzgados-con-instituciones-estatales-sufre-un-ciberataque.html; https://elpais.com/espana/2022-11-10/la-audiencia-nacional-investiga-el-ciberataque-a-una-red-de-telecomunicaciones-del-poder-judicial.html,2022-11-14,2023-02-15
1668,Chinese state-sponsored hacking group APT15 used Android surveillance tool Bad Bazaar to spy on Uyghur and other Turkic minorities in China and abroad beginning in 2018,"Chinese state-sponsored hacking group APT15 used Android surveillance tool Bad Bazaar to spy on Uyghur and other Turkic minorities in China and abroad from 2018 to 2022, according to a technical report by Lookout. 
",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available,China; Turkey; Afghanistan,ASIA; SCS; EASIA; NEA; SCO - ASIA; NATO; MEA - ASIA; SASIA,Social groups - Social groups - Social groups,Ethnic - Ethnic - Ethnic,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11541,2022-11-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Lookout,,United States,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,"Non-state actor, state-affiliation suggested",https://de.lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine,System / ideology; Secession,System/ideology; Secession,; China (Uyghurs / Xinjiang),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Trusted Relationship,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,4.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",Not available,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Human rights,; Civic / political rights; Other human rights instruments,Not available,0,,Not available,,,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/vulnerabilities-threats/20-year-old-chinese-apt15-new-life-foreign-ministry-attacks; https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15; https://www.darkreading.com/attacks-breaches/china-group-spreads-android-spyware-via-trojan-signal-telegram-apps; https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegram-apps-on-google-play-delivered-spyware/; https://thehackernews.com/2023/08/china-linked-badbazaar-android-spyware.html; https://www.heise.de/news/Android-Malware-Badbazaar-wurde-im-Google-Play-Store-und-Samsung-Store-verteilt-9290217.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.govinfosecurity.com/chinese-apt-uses-fake-messenger-apps-to-spy-on-android-users-a-22986; https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf; https://securityaffairs.co/wordpress/138395/intelligence/uyghurs-badbazaar-moonshine-surveillance.html; https://www.darkreading.com/threat-intelligence/china-using-spyware-to-target-uyghurs; https://www.bleepingcomputer.com/news/security/new-badbazaar-android-malware-linked-to-chinese-cyberspies/; https://www.securityweek.com/chinese-spyware-targets-uyghurs-through-apps-report; https://twitter.com/unix_root/status/1591357632702357504; https://de.lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine; https://research.checkpoint.com/2022/14th-november-threat-intelligence-report/,2022-11-14,2023-09-01
1667,Suspected hacktivist Al-Toufan disrupted several Bahraini websites on the day of the municipal and parliamentary elections on 12 November 2022,"Suspected hacktivist group ""Al-Toufan"" targeted official websites in Bahrain just hours before the start of a parliamentary election on 12 November 2022, the Interior Ministry of Bahrain said. Social media accounts associated with Al-Toufan (Arabic for ""The Flood"") said the group targeted the parliament's website “due to the persecution carried out by the Bahraini authorities, and in implementation of the popular will to boycott the sham elections.” Bahrain claims that the attack was ""state-backed"" without naming the state it believed carried out the attack.",2022-11-12,2022-11-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by attacker,Disruption; Hijacking with Misuse,Not available - Bahrain News Agency - Not available,Bahrain; Bahrain; Bahrain,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC,State institutions / political system - Media - State institutions / political system,Election infrastructure / related systems -  - Legislative,Not available,Not available,"Non-state actor, state-affiliation suggested",,2,11614; 11613,2022-11-12 00:00:00; 2022-11-12 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attribution by receiver government / state entity; Attacker confirms,Ministry of Interior; Al-Toufan,Not available; Not available,Bahrain; Not available,Not available; Not available,Not available; Not available,"Non-state actor, state-affiliation suggested; Non-state-group",https://apnews.com/article/middle-east-religion-boycotts-edea32fb189ad69ba07248f2bdcbc08d,System / ideology; National power,System/ideology; National power,Bahrain (opposition); Bahrain (opposition),Yes / HIIK intensity,HIIK 2,1,2022-11-12 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Bahrain,Interior Ministry (BHR),No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,4.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf; https://socradar.io/dark-web-profile-cyber-toufan-al-aqsa/; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/; https://www.databreaches.net/bahraini-websites-hacked-hours-before-parliamentary-election/; https://apnews.com/article/middle-east-religion-boycotts-edea32fb189ad69ba07248f2bdcbc08d; https://www.aljazeera.com/news/2022/11/12/polls-open-in-bahrain-parliamentary-elections,2022-11-14,2023-08-17
1670,"Unknown actors gained access into the server of the Mexican Secretariat of Infrastructure, Communications and Transport (SICT) in October 2022","The Secretariat of Infrastructure, Communications and Transportation (SICT) made the announcement via Twitter on October 24, that it got hacked. The hack subsequently disrupted the Mexican transportation system because the ministry has stopped issuing new permits, license plates and driver’s licenses for commercial truck operators until Dec. 31, but it did not damage the agency’s systems, nor were citizen’s data compromised.",2022-10-01,2022-10-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,"Secretariat of Infrastructure, Communications and Transportation (SICT; Mexico)",Mexico,,State institutions / political system,Government / ministries,Not available,Not available,Not available,,1,7001,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,Not available,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/cyberattack-disrupts-mexicos-transportation-system/; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-16/; https://www.gob.mx/sct/prensa/informa-sict-que-software-malicioso-no-dano-sistemas-internos-ni-vulnero-datos-personales?idiom=es; https://twitter.com/SCT_mx/status/1584664267126558720?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1584664267126558720%7Ctwgr%5E01cb322c82e5ae2ed879fe07507a72b244f00b61%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.milenio.com%2Fnegocios%2Fsict-registra-ciberataque-activa-protocolo-vulnerabilidades,2022-11-14,2023-02-15
1659,Russian state-sponsored hacking group IRIDIUM used new Prestige ransomware to attack transport and logistics companies in Ukraine and Poland beginning in March 2022,"Russian state-sponsored hacking group IRIDIUM, which overlaps with the GRU-run group Sandworm, is likely responsible for using the new Prestige ransomware to attack transport and logistics companies in Ukraine and Poland to disrupt Ukrainian military activities beginning in March 2022, according to additional information shared by Microsoft following a technical report on October 14, 2022. Microsoft had previously tracked the activity cluster as DEV-0960.
In April 2024, WithSecure reported that according to their analyses, Sandworm used a backdoor called Kapeka amongst others for the deployment of the Prestige ransomware. ",2022-03-01,2022-10-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company; Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,Not available - Not available,Poland; Ukraine,EUROPE; NATO; EU(MS); EASTEU - EUROPE; EASTEU,Critical infrastructure - Critical infrastructure,Transportation - Transportation,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,18849,2022-11-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,4,Moderate - high political importance,4.0,Minor,1.0,Not available,Not available,Not available,0.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://www.govinfosecurity.com/ukraine-tracks-increased-russian-focus-on-cyberespionage-a-21423; https://blogs.microsoft.com/on-the-issues/2023/03/15/russia-ukraine-cyberwarfare-threat-intelligence-center/; https://www.rferl.org/a/russian-hackers-ukraine-cyberattacks-microsoft/32319995.html; https://www.jpost.com/international/article-734447; https://cyberscoop.com/russian-hackers-ukraine-cyberattacks/; https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://therecord.media/poland-warns-of-pro-kremlin-cyberattacks-aimed-at-destabilization/; https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/; https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/; https://twitter.com/CyberScoopNews/status/1651336998253207555; https://twitter.com/NSA_CSDirector/status/1651323970401243136; https://therecord.media/russia-ransomware-attacks-logistics-supply-chain-ukraine; https://securityaffairs.com/152617/apt/sandworm-ukraine-telecommunication-service.html; https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html; https://securityaffairs.com/161987/hacking/kapeka-backdoor-linked-sandworm.html; https://www.bleepingcomputer.com/news/security/russian-military-hackers-linked-to-ransomware-attacks-in-ukraine/; https://www.cyberscoop.com/russian-military-hacking-crew/; https://therecord.media/microsoft-attributes-prestige-ransomware-attacks-on-ukraine-and-poland-to-russian-group/; https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/; https://securityaffairs.co/wordpress/138362/apt/prestige-ransomware-linked-iridium.html; https://www.securityweek.com/microsoft-links-prestige-ransomware-attacks-russian-state-sponsored-hackers; https://thehackernews.com/2022/11/microsoft-blames-russian-hackers-for.html; https://twitter.com/Dennis_Kipker/status/1592115380797214720; https://research.checkpoint.com/2022/14th-november-threat-intelligence-report/; https://www.bleepingcomputer.com/news/security/microsoft-warns-of-russian-cyberattacks-throughout-the-winter/; https://www.wired.com/story/worst-hacks-2022/; https://twitter.com/M_Miho_JPN/status/1609010093793906689; https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html; https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/,2022-11-11,2024-04-22
1658,Russian military intelligence service GRU exploited Microsoft Exchange vulnerability to gain access and wipe a Ukrainian target in 2022,"The Russian military intelligence service GRU exploited the Microsoft Exchange vulnerability ProxyShell to gain access to a Ukrainian target in January 2022 and subsequently wipe that target in February 2022 at the start of the war, according to a presentation by IT security company Mandiant of 19 destructive cyberattacks the GRU has conducted in Ukraine delivered at the CyberwarCon security conference. ",2022-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Unknown,,GRU,Russia,State,,1,7077,2022-11-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Mandiant,,United States,GRU,Russia,State,https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Disk Wipe,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,10.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Armed conflict; Sovereignty,,Not available,0,,Not available,,,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.darkreading.com/edge/securing-cloud-identities-to-protect-assets-and-minimize-risk; https://www.wired.com/story/flipper-zero-iphone-dos-attack-security-roundup/; https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/,2022-11-11,2023-03-06
1663,Ukrainian IT Army disrupts St. Petersburg Economic Forum with DDoS attack in June 2022,"The Ukrainian IT Army disrupted the accreditation and admission systems of the St. Petersburg Economic Forum in June 2022 with a DDoS attack, delaying Vladimir Putin's speech by over an hour. Kremlin spokesman Dmitry Peskov confirmed the attack but did not attribute responsibility to any actor. The IT Army called for the attack shortly before on Telegram and claimed responsibility after the attack.",2022-06-17,2022-06-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,St. Petersburg Economic Forum,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,"Other (e.g., embassies)",IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),2,12387; 12388,2022-06-17 00:00:00; 2022-08-30 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,IT Army of Ukraine; IT Army of Ukraine,Not available; Not available,Ukraine; Ukraine,IT Army of Ukraine; IT Army of Ukraine,Ukraine; Ukraine,Non-state-group; Non-state-group,https://therecord.media/inside-the-it-army-of-ukraine-a-hub-for-digital-resistance/; https://t.me/itarmyofukraine2022/442,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-06-17 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government (or executive official),Russia,Dmitry Peskov (Press Secretary for the Russian President),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/inside-the-it-army-of-ukraine-a-hub-for-digital-resistance/; https://www.reuters.com/world/europe/cyberattack-hits-russian-davos-adjusts-new-reality-2022-06-17/; https://www.darkreading.com/attacks-breaches/ddos-attacks-delay-putin-speech-russian-economic-forum; https://tvpworld.com/60812603/st-petersburg-international-economic-forum-opens-with-cyber-attack; https://t.me/itarmyofukraine2022/437; https://www.interfax.ru/forumspb/846779; https://t.me/itarmyofukraine2022/442; https://www.wired.com/story/hacktivism-russia-ukraine-ddos/; https://www.wired.com/story/worst-hacks-2022/,2022-11-11,2024-01-25
1662,Russian military intelligence service GRU compromised the routers of a Ukrainian organization in Spring 2022 following a wiper attack in February,"The Russian military intelligence service GRU compromised the routers of a Ukrainian organization in spring 2022, facilitating widespread access to the connected network, according to details shared by IT security company Mandiant at the CyberwarCon security conference. That same organization had been hit by wiper malware at the start Russia's full-scale invasion of Ukraine in late February 2022.",2022-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption; Hijacking without Misuse; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,Unknown,,,Russia,State,,1,7011,2022-11-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Mandiant,,United States,,Russia,State,https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,2.0,Not available,Not available,1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Armed conflict; Sovereignty,,Not available,0,,Not available,,,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/; https://www.wired.com/story/worst-hacks-2022/,2022-11-11,2023-02-15
1661,Russian military intelligence service GRU exploited stolen credentials to gain access to the Zimbra email server of a Ukrainian organization in June 2021 after a wiper attack in February,"The Russian military intelligence service GRU exploited stolen credentials to gain access to the Zimbra email server of a Ukrainian organization for espionage purposes in June 2021, according to findings shared by IT security company Mandiant at the CyberwarCon security conference. That same organization had been hit earlier by the GRU in February 2021 with wiper malware. ",2021-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption; Hijacking without Misuse; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,Unknown,,GRU,Russia,State,,1,7012,2022-11-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Mandiant,,United States,GRU,Russia,State,https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Valid Accounts,Disk Wipe,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Armed conflict; Sovereignty,; ; ,Not available,0,,Not available,,,Not available,Cyber espionage,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/,2022-11-11,2023-02-15
1660,Russian military intelligence service GRU compromised a firewall and carried out wiper attacks against a Ukrainian target beginning in April 2021,"The Russian military intelligence service GRU compromised a firewall of a Ukrainian organization in April 2021 and used that access to launch one wiper attack in February and maintained its presence to deploy a second wiper against the same organization in March 2022. According to a presentation by IT security company Mandiant at the CyberwarCon security conference, the GRU has modified its tactics to ""live on the edge"" - infiltrating gateway devices, such as email servers and routers, to establish a foothold in networks of interest to then faster transition to data-destroyring attacks.",2021-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,Unknown,,,Russia,State,,1,7013,2022-11-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Mandiant,,United States,,Russia,State,https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Disk Wipe,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Armed conflict; Sovereignty,,Not available,0,,Not available,,,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/780thC/status/1629087842516320256; https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/,2022-11-11,2023-02-15
1664,More than 30 Thai activists were victims of the Pegasus spyware between October 2020 and November 2021,"An investigation by iLaw, Digital Reach and Citizen Lab discovered that at least 30 Thai pro-democracy protesters and activists were victims of Pegasus spyware between October 2020 and November 2021. The investigation was conducted in response to a mass warning from Apple about spyware attacks by state-sponsored actors in November 2021. The attacks took place during the period of pro-democracy protests in Thailand and primarily targeted individuals associated with them. The organizations suspect Thai government operator as the initiators, but cannot attribute the attacks to any particular actor. In February 2023, activists announced that they sue the government for this activity. 

",2020-10-21,2021-11-12,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,Panusaya Sithijirawattanakul - Elia Fofi - Sarinee Achavanuntakul - Chatrapee Artsomboon - Prajak Kongkirati - Puangthong Pawakapan - Katekanok Wongsapakdee - Nuttaa Mahattana - Benja Apan - Wichapat Srigasipun - Jatupat Boonpattararaksa - Rattapoom Lertpaijit - Jutatip Sirikhan - Dechathorn “Hockey” Bamrungmuang - Chonlatit Chottsawas - Piyarat Chongthep - Inthira Charoenpura - None - Poramin Rassameesawas - Bussarin Paenaeh - Yingcheep Atchanont - Niraphorn Onnkhaow - Pornpen Khongkachonkiet - Nutchanon Pairoj - Pansiree Jirathakoone - Arnon Nampa,Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand; Thailand,ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA - ASIA; SEA,Social groups - Other - Science - Social groups - Science - Science - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Other - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups - Social groups,Advocacy / activists (e.g. human rights organizations) -  -  - Advocacy / activists (e.g. human rights organizations) -  -  - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) -  - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations),Not available,Thailand,State,,1,8817; 8817; 8817; 8817; 8817; 8817,2022-07-17 00:00:00; 2022-07-17 00:00:00; 2022-07-17 00:00:00; 2022-07-17 00:00:00; 2022-07-17 00:00:00; 2022-07-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,CitizenLab; CitizenLab; iLaw; iLaw; Digital Reach; Digital Reach,Not available; Not available; Not available; Not available; Not available; Not available,Canada; United Kingdom; Canada; United Kingdom; Canada; United Kingdom,Not available; Not available; Not available; Not available; Not available; Not available,Thailand; Thailand; Thailand; Thailand; Thailand; Thailand,State; State; State; State; State; State,https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/,System / ideology; National power,System/ideology; National power,Thailand (opposition); Thailand (opposition),Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,30.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,1,2023-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Thailand,Activists from Thailand,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/DuguinStephane/status/1625534088496009217; https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/; https://freedom.ilaw.or.th/en/report-parasite-that-smiles; https://www.reuters.com/technology/pegasus-phone-spyware-used-target-30-thai-activists-cyber-watchdogs-say-2022-07-18/; https://www.washingtonpost.com/technology/2022/07/17/pegasus-nso-thailand-apple/,2022-11-11,2023-03-30
1657,The websites of several Russian arbitration courts were disrupted on March 16th 2022,"The websites of Russian arbitration courts in several regions, e.g. the Far East, Siberia, the Urals and other ones, were disrupted and defaced with anti-Russian sentiments on March 16th 2022, according to newspaper Izvestia. 
The newspaper states that the cyber attack was conducted out of Ukraine, according to some reports. ",2022-03-16,2022-03-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,Russian Arbitration Courts,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Judiciary,Not available,Ukraine,Unknown - not attributed,,1,7637,2022-03-16 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Not available,Not available,Russia,Not available,Ukraine,Unknown - not attributed,https://iz-ru.translate.goog/1305747/2022-03-16/saity-arbitrazhnykh-sudov-rossii-podverglis-khakerskoi-atake?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement; Endpoint Denial of Service,Not available,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,Not available,0.0,Not available,0.0,euro,,,,Not available,0,,Not available,,,Not available,Not available,,Not available,,https://iz-ru.translate.goog/1305747/2022-03-16/saity-arbitrazhnykh-sudov-rossii-podverglis-khakerskoi-atake?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de,2022-11-10,2023-02-27
1654,DDoS attack on multiple Mississippi state websites during the US mid-term elections in November 2022,"The Mississippi secretary of state's office announced that during the US mid-term elections on November 8, 2022, several Mississippi state websites were attacked with DDoS attacks. A pro-Russian hacker group announced the attack earlier on Telegram. In a statement on the following day, however, the Mississippi secretary of state's office announced that additional evidence was needed to determine who perpetrated the attack.",2022-11-08,2022-11-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Not available,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,,,,1,; 12389,NaT; NaT,; Not available,; Not available,; Not available,; Not available,,; Not available,,; Unknown - not attributed,,System / ideology; International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Unknown,,1,2022-11-08 00:00:00,State Actors: Stabilizing measures,Subnational executive official,United States,"Michael Watson (Secretary of State, Mississippi, USA)",No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/mississippi-election-websites-knocked-out-by-ddos-attack/; https://twitter.com/MichaelWatsonMS/status/1590206815698292736?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1590207397460512768%7Ctwgr%5E3e97c48d808536868b576582cc73a817bce75490%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fwww.mississippifreepress.org%2F29030%2Frussian-hackers-take-down-mississippi-secretary-of-state-site-in-election-day-attack; https://twitter.com/MichaelWatsonMS/status/1590207397460512768; https://t.me/CyberArmyofRussia_Reborn/1589; https://www.sos.ms.gov/index.php/press/election-day-update; https://eu.usatoday.com/story/news/politics/elections/2022/11/08/2022-midterm-websites-mississippi-hit-cyber-attack/8308615001/; https://www.databreaches.net/state-hit-by-largest-sustained-election-day-cyberattack-warns-its-only-going-to-get-worse/; https://twitter.com/thegrugq/status/1604863317994278912,2022-11-10,2024-02-01
1652,Russian state-sponsored hacking group APT29 exploited Windows feature Credential Roaming to gain access to the network of a European diplomatic entity in early 2022,"Russian state-sponsored hacking group APT29 exploited the Windows feature Credential Roaming to gain access to the network of a European diplomatic entity in early 2022, according to a technical report by Mandiant. 
The hacking group successfully phished the European diplomatic entity and subsequently used the vulnerability CVE-2022-30170 to elevate its privileges. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Europe (region),,State institutions / political system,"Other (e.g., embassies)",Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,1,11539,2022-11-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming,Unknown,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,Yes,One,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty; Law of treaties (pacta sunt servanda),,Not available,0,,Not available,,,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html; https://www.bleepingcomputer.com/news/security/russian-hackers-linked-to-widespread-attacks-targeting-nato-and-eu/; https://socradar.io/the-wolf-in-sheeps-clothing-how-cybercriminals-abuse-legitimate-software/; https://thehackernews.com/2022/11/apt29-exploited-windows-feature-to.html; https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming; https://securityaffairs.co/wordpress/138322/apt/apt29-windows-credential-roaming.html; https://www.securityweek.com/analysis-russian-cyberspy-attacks-leads-discovery-windows-vulnerability,2022-11-10,2023-12-22
1653,Ukrainian IT Army targeted the Central Bank of Russia in November 2022 with hack-and-leak operation,"The Ukrainian hacktivist group IT Army announced on 3 November 2022 that it had hacked the Russian Central Bank. The group claims to have stolen 27,000 files amounting to 2.6 GB from the central bank and then released them on Anonfile. The Ukrainian Minister of digital transformation, Mykhailo Fedorov, announced on Telegram that the IT Army had obtained information on personnel, specialised automated banking systems, output files and KPI systems, among other things. Financial transactions of the Russian Ministry of Defence and data on military personnel are also said to be among the tapped data. The Russian side denied the attack on the Central Bank, claiming the leaked data was already publicly available before. ",2022-01-01,2022-11-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Central Bank (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,7803,2022-11-03 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://t.me/itarmyofukraine2022/851,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),,,none,none,2,Moderate - high political importance,2.0,Low,6.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.govinfosecurity.com/army-ukraine-targets-russian-banks-a-20443; https://t.me/zedigital/2589; https://t.me/itarmyofukraine2022/851; https://tass.ru/ekonomika/16239391,2022-11-10,2024-04-04
1651,The IT Army of Ukraine disrupted the website of Russian defense company Rostec on March 11th 2022,"The IT Army of Ukraine disrupted the website of Russian defense company Rostec on March 11th 2022, according to the Russian defense company itself. 
The IT Army of Ukraine in fact announced on the same day that the Russian defense company will be their priority. ",2022-03-11,2022-03-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,Rostec,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Defence industry,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,7641,2022-03-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Rostec,Not available,Russia,IT Army of Ukraine,Ukraine,Non-state-group,https://www.bleepingcomputer.com/news/security/russian-defense-firm-rostec-shuts-down-website-after-ddos-attack/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,Not available,,,Not available,Not available,,,,https://www.bleepingcomputer.com/news/security/russian-defense-firm-rostec-shuts-down-website-after-ddos-attack/; https://t.me/s/itarmyofukraine2022?q=rostec; https://www.wired.com/story/worst-hacks-2022/,2022-11-08,2023-02-27
1650,The websites of several Russian ministries and agencies were disrupted with reference to the Russian-Ukrainian war on March 8th 2022,"The websites of several Russian ministries and agencies were disrupted leaving an apparently anti-war image on the given main page on March 8th 2022.  The target list include the following entities: websites of the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry, and other Russian state agencies. Russian Ministry of Economic Development and Russian Digital Development Ministry confirmed the incident two news outlets. ",2022-03-08,2022-03-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,Russian Federal Antimonopoly Service - Russian Energy Ministry - Russian Federal Bailiff Service - Russian Federal State Statistics Service  - Ministry of Culture (Russia) - Russian Federal Penitentiary Service,Russia; Russia; Russia; Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Government / ministries - Civil service / administration - Civil service / administration - Civil service / administration - Civil service / administration,Not available,Not available,Unknown - not attributed,,1,7827,2022-03-08 00:00:00,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Unknown - not attributed,https://t.me/dataleak/2531,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,11.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.rferl.org/a/russia-agencies-hackers-protest/31743378.html; https://tjournal.ru/news/557878-sayty-fsin-minkultury-i-drugih-vedomstv-vzlomali-vmesto-glavnoy-stranicy-antivoennaya-kartinka; https://t.me/dataleak/2531; https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/,2022-11-08,2023-03-03
1648,Hacktivist group Belarusian Cyber-Partisans disrupted the Belarusian railway network in February 2022,"Hacktivist group Belarusian Cyber-Partisans disrupted the Belarusian railway network in three cities, namely Minsk, Orsha and Osipovichi to halt the Russian movement of troops into Ukraine in February 2022, according to Bloomberg News and subsequent self-attribution of the hacktivists. 
The hacktivists encrypted stored data and put the train systems into manual control mode so that the railway systems routing and switching devices went inoperable.",2022-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Belarusian Railway,Belarus,EUROPE; EASTEU; CSTO,Critical infrastructure,Transportation,Belarusian Cyber-Partisans,Belarus,Non-state-group,Hacktivist(s),1,7644,2022-03-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Belarusian Cyber Partisans,Not available,Belarus,Belarusian Cyber-Partisans,Belarus,Non-state-group,https://twitter.com/cpartisans/status/1500560752477937677?s=20&t=qdVWgsY3vl3CaaDCN-SXow,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,Not available,0.0,Not available,0.0,euro,,,,Not available,0,,Not available,,,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/russian-railway-site-taken-down-by-ukrainian-hackers; https://www.wired.com/story/poland-train-radio-stop-attack/; https://therecord.media/russia-albatross-drones-alleged-data-leak-ukraine-cyber-resistance; https://fortune.com/2022/02/27/belarus-hackers-disrupt-trains-russia-invasion-ukraine-cyber-partisans/; https://www.railway-technology.com/news/belarus-hackers-attack-train-systems/; https://www.vice.com/en/article/m7vwxq/video-belarusian-cyber-partisans-explain-why-theyre-hacking-to-stop-russia; https://twitter.com/cpartisans/status/1500560752477937677?s=20&t=qdVWgsY3vl3CaaDCN-SXow; https://t.me/belzhd_live/1338,2022-11-07,2024-04-29
1644,Pro-Russian group Killnet attacks several Italian institutional and government websites using DDoS attacks in May 2022,"The pro-Russian hacktivist group Killnet has been attacking Italian institutional and government websites using DDoS attacks since 11 May 2022. According to the Italian Computer Security Incident Response Team (CSIRT), this involved the use of the Slow HTTP technique, in which numerous requests are made at very low transmission speeds. Killnet claimed the attacks and announced further attacks on Telegram.",2022-05-11,2022-05-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,Kompass - Senato della Repubblica - Ministero della Difesa - Automobile Club d'Italia - Infomedix International - Scuola IMT Alti Studi Lucca - Istituto Superiore di Sanità (ISS; Italy),Italy; Italy; Italy; Italy; Italy; Italy; Italy,EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS),Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - State institutions / political system - Other - Media - Science - Science, - Government / ministries - Government / ministries -  -  -  - ,Killnet,Russia,Non-state-group,Hacktivist(s),1,12390,2022-05-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://t.me/Legion_Russia/232,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-05-11 00:00:00,EU member states: Legislative reactions,Stabilizing statement by member of parliament,Italy,Maria Elisabetta Alberti Casellati (President of the Senate; ITA),No,,Not available,Endpoint Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,7.0,,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://therecord.media/killnet-ddos-hospitals-healthcare-russia; https://securityaffairs.com/160112/cyber-warfare-2/moldova-warns-of-hybrid-attacks-from-russia.html; https://t.me/killnet_reservs/1250; https://www.bleepingcomputer.com/news/security/italian-cert-hacktivists-hit-govt-sites-in-slow-http-ddos-attacks/; https://www.csirt.gov.it/contenuti/attacchi-ddos-ai-danni-di-soggetti-nazionali-ed-internazionali-avvenuti-a-partire-dall11-maggio-2022-analisi-e-mitigazione-bl01-220513-csirt-ita; https://t.me/Legion_Russia/232; https://www.corriere.it/cronache/22_maggio_11/attacco-hacker-russi-siti-italia-anche-senato-difesa-presi-mira-612c2c38-d149-11ec-b465-8b7c23727ee0.shtml; https://therecord.media/italy-killnet-hacking-military-parliament-national-health-institute/; https://twitter.com/Min_Casellati/status/1524469977763434497?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1524469977763434497%7Ctwgr%5E5723eaea66ecc76d3ed2bfda811d956f6801b64e%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Fitaly-killnet-hacking-military-parliament-national-health-institute%2F; https://therecord.media/ddos-denmark-us-russia-killnet/,2022-11-05,2023-08-17
1646,Anonymous defaces Russian psychological and consulting website in May 2022,"In May 2022, in the context of the war in Ukraine, the Anonymous collective defaced the Russian psychology and consulting website Metodkabi using cross-site scripting (XSS). The message ""Stop the War"" appeared on the website.",2022-05-14,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Metodkabi,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Not available,Non-state-group,Hacktivist(s),1,8198,2022-05-14 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Not available,Non-state-group,https://twitter.com/Anonymous_Link/status/1525431109437341696,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://twitter.com/Anonymous_Link/status/1525431109437341696; https://www.thetechoutlook.com/news/technology/security/anonymous-collective-hacks-the-russian-psychology-and-consulting-website-cross-site-scripting/; https://twitter.com/Anonymous_Link/status/1526240927500709888,2022-11-05,2023-05-16
1640,"Anonymous hacked and leaked 77,500 emails from the Russian Port and Railway Projects Service of JSC UMMC in May 2022","In May 2022, Anonymous announced that it had hacked and leaked 77,500 emails totaling 106 GB from the Russian Port and Railway Projects Service of JSC UMMC as part of #OpRussia. It operates the two largest ports in Russia specializing in coal shipment. By working with JSC Russian Railways, the two ports have been able to maximize their cargo turnover. Countries supplied include Japan, Germany, South Korea and Turkey.",2022-05-01,2022-05-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Port and Railway Projects Service of JSC UMMC (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Transportation,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8194,2022-05-10 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Unknown,Non-state-group,https://twitter.com/YourAnonTV/status/1524067375057936386?s=20&t=oEE6ju6a-b3iAvxsoKRfZQ,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://twitter.com/YourAnonTV/status/1524067375057936386?s=20&t=oEE6ju6a-b3iAvxsoKRfZQ; https://www.thetechoutlook.com/news/technology/anonymous-collective-has-leaked-around-106-gb-worth-of-data-from-the-port-and-railway-projects-service-of-jsc-ummc/; https://ddosecrets.com/wiki/Port_and_Railway_Projects_Service_of_JSC_UMMC; https://securityaffairs.co/wordpress/131264/hacktivism/anonymous-oprussia-updates.html,2022-11-01,2023-03-13
1641,Anonymous targeted the Polar Department of the Russian Federal Research Institute of Fisheries and Oceanography with a hack-and-leak operation in May 2022,"In May 2022, Anonymous claims to have hacked and leaked the Polar Department of the Russian Federal Research Institute of Fisheries and Oceanography. More than 450GB of emails were allegedly published in the process. The leak sources are B00daMooda and DepaixPorteur.",2022-05-01,2022-05-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Polar Department of the Russian Federal Research Institute of Fisheries and Oceanography,Russia,EUROPE; EASTEU; CSTO; SCO,Science,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8195,2022-05-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Unknown,Non-state-group,https://twitter.com/DepaixPorteur/status/1524378643681611777,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/DepaixPorteur/status/1524378643681611777; https://www.thetechoutlook.com/news/technology/security/anonymous-collective-leaked-466-gb-of-emails-from-the-polar-branch-of-the-russian-federal-research-institute-of-fisheries-and-oceanography/; https://securityaffairs.co/wordpress/131264/hacktivism/anonymous-oprussia-updates.html; https://ddosecrets.com/wiki/Polar_Branch_of_the_Russian_Federal_Research_Institute_of_Fisheries_and_Oceanography,2022-11-01,2023-03-03
1642,Anonymous targeted the Achinsk city government with hack-and-leak operation in May 2022,"In May 2022, Anonymous announced that the collective has hacked and leaked more than 7000 emails amounting to 8.5 GB from the Achinsk city government, as part of #OpRussia. ",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,Achinsk city government (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Civil service / administration,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8196,2022-05-12 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Unknown,Non-state-group,https://twitter.com/YourAnonTV/status/1524737564304936960?ref_src=twsrc%5Etfw,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://securityaffairs.co/wordpress/131264/hacktivism/anonymous-oprussia-updates.html; https://twitter.com/YourAnonTV/status/1524737564304936960?ref_src=twsrc%5Etfw; https://www.thetechoutlook.com/news/technology/security/anonymous-breached-achinsk-city-government-email-database-with-7000-emails-leaked/; https://ddosecrets.com/wiki/Achinsk_City_Government,2022-11-01,2023-03-03
1643,Suspected Chinese state-sponsored hacking group APT10 targeted Japanese media and government organizations with LODEINFO backdoor beginning in March 2022,"Suspected chinese state-sponsored hacking group APT10 was observed abusing antivirus software to install a new version of LODEINFO malware on devices used by Japanese media groups, diplomatic agencies, government and public sector organizations and think tanks from March to September 2022, detected by IT-security company Kaspersky. APT 10 has targeted Japanese organizations since 2019 in a cyberespionage campaign, according to Kaspersky.
",2022-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Japan,ASIA; SCS; NEA,Unknown; State institutions / political system; Social groups; Media; State institutions / political system,"; Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Other (e.g., embassies)","APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,11538; 11538; 11537,2022-06-15 00:00:00; 2022-06-15 00:00:00; 2021-11-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Japan Computer Emergency Response Team Coordination Center (JPCERT/CC); Macnica Inc.; Kaspersky,; ; ,Japan; Japan; Russia,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html; https://www.macnica.co.jp/business/security/cyberespionage_report_2021_6.pdf; https://hitcon.org/2021/en/agenda/6d88317b-4d90-4249-ba87-d81c80a21382/APT10%20HUNTER%20RISE%20ver3.0%20Repel%20new%20malware%20LODEINFO%20DOWNJPIT%20and%20LilimRAT.pdf,International power,Territory; Resources; International power,China - Japan (East China Sea); China - Japan (East China Sea); China - Japan (East China Sea),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Not available,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,1.0,No system interference/disruption,Not available,Not available,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,; Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/hacking-group-abuses-antivirus-software-to-launch-lodeinfo-malware/; https://www.darkreading.com/threat-intelligence/china-backed-apt10-spy-game-custom-fileless-backdoor; https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html; https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/; https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-ii/107745/; https://www.macnica.co.jp/business/security/cyberespionage_report_2021_6.pdf; https://hitcon.org/2021/en/agenda/6d88317b-4d90-4249-ba87-d81c80a21382/APT10%20HUNTER%20RISE%20ver3.0%20Repel%20new%20malware%20LODEINFO%20DOWNJPIT%20and%20LilimRAT.pdf,2022-11-01,2023-07-14
1638,DDoS attack disrupts Polish parliament in October 2022,"The website of the upper house in the Polish parliament was disrupted by a DDoS attack on 27 October 2022, according to the speaker of the parliament. 
The speaker of the Polish senate noted that the attack came from many directions, including Russia. He further added that the attack may have been sparked by a resolution passed one day earlier, which had referred to the Russian government as a ""terrorist regime"". 
Coinciding connectivity issues affecting the Slovak parliament were traced back to an unintentional disruption caused by a member of parliament who had incorrectly plugged in a cable. ",2022-10-27,2022-10-27,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,Parliament (Poland),Poland,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Legislative,Unknown,Russia,Not available,,1,5408,2022-10-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"Tomasz Paweł Grodzki (Marshal of the Senate, Poland)",Not available,Poland,Unknown,Russia,Not available,https://www.kleinezeitung.at/international/6208461/Angriffe-auch-aus-Russischer-Foerderation_Cyberangriffe-auf; https://www.govinfosecurity.com/cyber-events-disrupt-polish-slovakian-parliament-systems-a-20358; https://securityaffairs.co/wordpress/137777/hacking/slovak-polish-parliaments-cyberattacks.html,System / ideology,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,; ; ; ; ,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.kleinezeitung.at/international/6208461/Angriffe-auch-aus-Russischer-Foerderation_Cyberangriffe-auf; https://www.securityweek.com/slovak-polish-parliaments-hit-cyberattacks; https://www.govinfosecurity.com/cyber-events-disrupt-polish-slovakian-parliament-systems-a-20358; https://twitter.com/dani_stoffers/status/1585906677555277826; https://twitter.com/Dennis_Kipker/status/1586034877765283840; https://securityaffairs.co/wordpress/137777/hacking/slovak-polish-parliaments-cyberattacks.html; https://tvnoviny.sk/domace/clanok/331263-technicke-problemy-v-narodnej-rade-odstranili-kollar-tvrdi-ze-podaju-trestne-oznamenie; https://www.barrons.com/articles/slovak-polish-parliaments-hit-by-cyber-attacks-01666885208; https://www.reuters.com/world/europe/slovak-parliament-suspends-voting-due-suspected-cyberattack-2022-10-27/; https://uk.finance.yahoo.com/news/website-polish-senate-hacked-says-103450282.html; https://twitter.com/campuscodi/status/1586715085799452672; https://therecord.media/votes-in-slovakias-parliament-suspended-after-alleged-cybersecurity-incident/; https://www.gov.pl/web/special-services/russian-cyberattacks; https://www.govinfosecurity.com/russian-nuisance-hacking-group-killnet-targets-germany-a-21039,2022-10-31,2024-03-01
1639,Russian spies are suspected of hacking into the personal phone of former british prime minister Liz Truss,"Russian spies are suspected of having hacked into the personal phone of former British Prime Minister Liz Truss while she was serving as Foreign Secretary, according to anonymous sources cited by The Mail on Sunday. 
The incident was discovered during the Conservative Party leadership election that ran from13 July to 5 September 2022, following the resignation of then British Prime Minister Boris Johnson. Johnson and Cabinet Secretary Simon Case were immediately informed and decided to keep the incident secret. 
The attackers are believed to have gained access to top-secret exchanges with key international partners as well as private conversations concerning arm shipments to Ukraine and disputes within the Conservative Party.
Earlier, on 1 October, The Mail on Sunday reported that the phone number in use by Ms. Truss at the time of the compromise had been listed by a US-registered website aggregating stolen personal information that is accessible for as little as £6.49. The database also included the phone numbers of 25 other UK cabinet ministers.",2022-01-01,2022-09-05,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,"Liz Truss (Secretary of State for Foreign, Commonwealth and Development Affairs, United Kingdom)",United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Government / ministries,Not available,Russia,State,,1,7090,2022-10-29 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Not available,Not available,United Kingdom,Not available,Russia,State,https://www.dailymail.co.uk/news/article-11368619/Liz-Trusss-personal-phone-hacked-Putins-spies-secret-details-negotiations.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.co/wordpress/137826/intelligence/liz-truss-phone-hacked.html; https://www.dailymail.co.uk/news/article-11368619/Liz-Trusss-personal-phone-hacked-Putins-spies-secret-details-negotiations.html; https://www.kleinezeitung.at/politik/aussenpolitik/6209233/Britische-ExPremierministerin_Mobiltelefon-von-Truss-wurde; https://www.securityweek.com/calls-uk-probe-reported-hacking-liz-trusss-phone; https://therecord.media/uk-government-confirms-its-intel-agency-is-helping-to-defend-ukraine/; https://www.cbsnews.com/news/liz-truss-phone-hack-claim-uk-cybersecurity/; https://www.lefigaro.fr/international/le-telephone-de-liz-truss-pirate-par-des-hackers-russes-l-ex-premiere-ministre-britannique-de-nouveau-dans-la-tourmente-20221101; https://elpais.com/tecnologia/2022-11-24/candid-wuest-si-alguien-apaga-ucrania-probablemente-haya-una-respuesta-y-eso-no-interesa-porque-todos-los-paises-son-vulnerables.html; https://www.independent.co.uk/news/uk/politics/gillian-keegan-twitter-hack-elon-musk-cryptocurrency-b2251493.html,2022-10-31,2023-03-13
1637,Russian Turla APT Group sets up fake DDoS application in order to install malware on pro-Ukrainian hacktivist devices in 2022,"Google's Threat Analysis Group (TAG) revealed that the Turla Russian APT group impersonated pro-Ukrainian hacktivists and spoofed a pro-Ukrainian ""DDoS application"" to attack ""Russian Internet infrastructure"" on behalf of Ukraine, but was in reality used to likely install malware on pro-Ukrainian computers. However, the impact of this attack is likely minor as the number of computers impacted is low. The case is the first first known instance of Turla distributing Android-related malware.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Ukraine,EUROPE; EASTEU,Social groups,Hacktivist,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,1,7646,2022-07-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Google's TAG,Google Threat Analysis Group,United States,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-ddos-app-to-infect-pro-ukrainian-activists/; https://www.theverge.com/2022/7/19/23270049/russian-malware-ukraine-apps-turla-cyber-azov-google,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,Not available,,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/; https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-ddos-app-to-infect-pro-ukrainian-activists/; https://www.theverge.com/2022/7/19/23270049/russian-malware-ukraine-apps-turla-cyber-azov-google,2022-10-28,2024-02-16
1635,Chinese and Iranian APT groups exploited the Fortinet Authentication Bypass vulnerability,"Multiple APT groups with suspected state links to Iran (Charming Kitten and APT34) and China (Hafnium, Elderwood, and APT31) have exploited a critical vulnerability (CVE-2022-40684) in several Fortinet products prior to its public reporting, according to IT security company CYFIRMA.",2001-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Not available,,,,,,1,; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077; 5077,NaT; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00; 2022-10-21 00:00:00,"; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore; Singapore,"; Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Elderwood; Elderwood; Elderwood; Elderwood; APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); Silk Typhoon fka HAFNIUM; Silk Typhoon fka HAFNIUM; Silk Typhoon fka HAFNIUM; Silk Typhoon fka HAFNIUM; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM","; Iran, Islamic Republic of; Iran, Islamic Republic of; China; China; Iran, Islamic Republic of; Iran, Islamic Republic of; China; China; Iran, Islamic Republic of; Iran, Islamic Republic of; China; China; Iran, Islamic Republic of; Iran, Islamic Republic of; China; China; Iran, Islamic Republic of; Iran, Islamic Republic of; China; China","; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; Unknown - not attributed",https://www.cyfirma.com/outofband/fortinet-authentication-bypass-vulnerability-exploited-by-threat-actors/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,,,,,,False,,,,,,0,,,Low,7.0,Not available,Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/; https://cyberscoop.com/top-routinely-exploited-vulnerabilities/; https://www.mandiant.com/resources/blog/traditional-advice-modern-threats; https://portswigger.net/daily-swig/critical-authentication-bug-in-fortinet-products-actively-exploited-in-the-wild; https://www.cyfirma.com/outofband/fortinet-authentication-bypass-vulnerability-exploited-by-threat-actors/,2022-10-26,2024-03-27
1629,APT SideWinder Positioned Backdoor on the website of Pakistan's National Electric Power Regulatory Authority (NEPRA) in September 2022,"The APT group SideWinder placed a backdoor on the official website of the National Electric Power Regulatory Authority (NEPRA) of Pakistan, possibly by compromising NEPRA's web server, Zscaler discovered in September 2022. Attackers used the website as staging ground to deploy malware modules via files disguised as official cybersecurity advisories against further espionage targets in Pakistan. Despite SideWinder's high activity rate - a Kaspersky security researcher in May 2022 identified it as among the most prolific groups - indicators that previously suggested an association with Indian actors have not been substantiated.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,National Electric Power Regulatory Authority (NEPRA; Pakistan),Pakistan,ASIA; SASIA; SCO,State institutions / political system,Civil service / administration,Sidewinder APT/ Rattlesnake/ T-APT4,India,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11528,2022-10-21 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Zscaler,,United States,Sidewinder APT/ Rattlesnake/ T-APT4,India,"Non-state actor, state-affiliation suggested",https://thehackernews.com/2022/10/sidewinder-apt-using-new-warhawk.html; https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0; https://www.theregister.com/2022/05/12/sidewinder_apt_attack_spree/; https://blog.group-ib.com/sidewinder-antibot,International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,3.0,Not available,Not available,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,; Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Cyber espionage,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2022/10/sidewinder-apt-using-new-warhawk.html; https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0; https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-Shabab-SideWinderUncoilsToStrike.pdf; https://www.theregister.com/2022/05/12/sidewinder_apt_attack_spree/; https://twitter.com/Dinosn/status/1584451594233729024; https://twitter.com/cybersecboardrm/status/1584557116194365442; https://blog.group-ib.com/sidewinder-antibot,2022-10-25,2023-07-14
1630,North Korean state-backed Lazarus group stole more than $615 million in cryptocurrency from Axie Infinity's Ronin Networks on 23 March 2022,"North Korean state-backed Lazarus group stole more than $615 million in cryptocurrency (ether and USD coin) from Axie Infinity's Ronin Network on 23 March 2022, according to the Federal Bureau of Investigation (FBI). 
In September 2022, the U.S. government announced the recovery of more than $30 million worth of cryptocurrency, representing 10% of the stolen funds. Then, in March 2023 Norwegian police agency Økokrim has announced the seizure of 60 million NOK (about $5.84 million) worth of cryptocurrency stolen by the Lazarus Group following the Axie Infinity Ronin Bridge hack.
On May 23, 2023, the United States Department of the Treasury, in cooperation with its partners in South Korea, imposed economic sanctions on four entities and one individual for obfuscated revenue generation and malicious cyber activities supporting the North Korean government. Among the sanctioned entities was the Reconnaissance General Bureau (RGB)-controlled Technical Reconaissance Bureau and its subordinate cyber unit, the 110th Research Center. The Technical Reconaissance Bureau leads the development of offensive cyber tactics and weapons and is linked to the Axie Infinity Hack because it also operates the Lazarus hacking group, among others.",2022-03-23,2022-03-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Hijacking with Misuse,Ronin Network,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,3,11532; 11533; 11534,2022-04-14 00:00:00; 2022-04-14 00:00:00; 2023-05-23 00:00:00,"Political statement / report (e.g., on government / state agency websites); Domestic legal action; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Federal Bureau of Investigation (FBI); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC),Not available; Not available; Not available,United States; United States; United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State",https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220414; https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-attribution-of-malicious-cyber-activity-posed-by-the-democratic-peoples-republic-of-korea; https://home.treasury.gov/news/press-releases/jy1498,National power; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,1,2023-05-23 00:00:00,State Actors: Preventive measures,Awareness raising,United States,"Antony J. Blinken (Secretary of State, USA)",No,,Not available,Not available,Not available,False,,,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,Not available,0.0,> 100 Mio - 1 bn,615000000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence,,Not available,2,2022-04-14 00:00:00; 2023-05-23 00:00:00,Peaceful means: Retorsion (International Law); Peaceful means: Retorsion (International Law),Economic sanctions; Economic sanctions,United States; United States,US Department of the Treasury; US Department of the Treasury,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/sinbad-crypto-mixer-north-korean-hackers/; https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193; https://twitter.com/Dinosn/status/1627661466982572032; https://www.govinfosecurity.com/norwegian-authorities-seize-586-million-from-lazarus-group-a-21250; https://tarnkappe.info/artikel/it-sicherheit/axie-infinity-polizei-beschlagnahmt-59-mio-usd-aus-hack-265774.html; https://www.databreaches.net/justice-department-investigation-leads-to-takedown-of-darknet-cryptocurrency-mixer-chipmixer/; https://www.justice.gov/opa/pr/justice-department-investigation-leads-takedown-darknet-cryptocurrency-mixer-processed-over-3; https://cyberscoop.com/police-shut-down-cryptocurrency-mixer-chipmixer/; https://www.wired.com/story/north-korea-apt43-crypto-mining-laundering/; https://www.govinfosecurity.com/us-indicts-chinese-national-for-laundering-dprk-crypto-a-21843; https://www.nytimes.com/2023/04/24/us/politics/justice-dept-cryptocurrency-north-korea.html; https://www.govinfosecurity.com/double-edged-sword-crypto-in-ransomware-a-21999; https://twitter.com/CyberScoopNews/status/1661059884836700193; https://www.voanews.com/a/us-issues-fresh-north-korea-sanctions-on-illicit-it-workforce-/7105653.html; https://www.bleepingcomputer.com/news/security/us-sanctions-orgs-behind-north-koreas-illicit-it-worker-army/; https://home.treasury.gov/news/press-releases/jy1498; https://www.state.gov/taking-joint-action-with-the-republic-of-korea-to-combat-the-democratic-peoples-republic-of-koreas-illicit-revenue-generation/; https://www.businessinsider.com/housing-is-unaffordable-for-most-middle-income-buyers-2023-6; https://therecord.media/millions-stolen-from-multichain-crypto; https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/; https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/; https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/; https://securityaffairs.com/148895/cyber-crime/coinspaid-cyber-heist.html; https://securityaffairs.com/149798/hacking/north-korea-cash-out-stolen-crypto-assets.html; https://therecord.media/us-arrests-tornado-cash-cofounder; https://www.bleepingcomputer.com/news/security/us-charges-founders-of-tornado-cash-mixer-used-by-lazarus-hackers/; https://therecord.media/north-korea-lazarus-behind-crypto-heists; https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk; https://securityaffairs.com/150957/apt/lazarus-stole-240m-crypto-assets.html; https://www.bleepingcomputer.com/news/security/bluenoroff-hackers-backdoor-macs-with-new-objcshellz-malware/; https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen; https://www.bleepingcomputer.com/news/security/microsoft-bluenoroff-hackers-plan-new-crypto-theft-attacks/; https://www.darkreading.com/threat-intelligence/dprk-hackers-masquerading-tech-recruiters--job-seekers; https://therecord.media/us-treasury-sanctions-sinbad-crypto-mixer; https://www.bleepingcomputer.com/news/security/us-seizes-sinbad-crypto-mixer-used-by-north-korean-lazarus-hackers/; https://www.bleepingcomputer.com/news/security/north-koreas-state-hackers-stole-3-billion-in-crypto-since-2017/; https://tarnkappe.info/artikel/cyberangriff/lazarus-2-milliarden-dollar-diebstahl-von-kryptos-im-jahr-2023-285802.html; https://therecord.media/cybercriminals-stole-over-1-billion-from-crypto-funds-2023; https://www.bleepingcomputer.com/news/security/north-korean-hackers-now-launder-stolen-crypto-via-yomix-tumbler/; https://www.01net.com/actualites/pirates-utilisent-antivirus-propager-malwares-depuis-2019.html; https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/; https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220414; https://roninblockchain.substack.com/p/community-alert-ronin-validators?s=w; https://finance.yahoo.com/news/hackers-steal-615-million-in-crypto-194522160.html?guce_referrer=aHR0cHM6Ly9hZG1pbi5ldXJlcG9jLmV1Lw&guce_referrer_sig=AQAAAFejRO2vw82SHLjK8euktUtNFQEaMnrNQ6joWb0_5Jk0R-9L70iGANmsM4jrvsArHiwLYataVk_H-nK71ei4Lw9xF_a4Uj4nKdr1owYbRUTo1UW9X1YVDqZjL3B8QOo9OyKJtEQWClGvDytRRPJX4ePyBZbKrz7KEj3F2AHJhTj5&guccounter=2; https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-attribution-of-malicious-cyber-activity-posed-by-the-democratic-peoples-republic-of-korea; https://therecord.media/us-agency-attributes-540-million-ronin-hack-to-north-korean-apt-group/; https://www.wired.com/story/most-dangerous-people-on-the-internet-2022/; https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/; https://www.cyberscoop.com/cryptocurrency-hacks-2022/; https://www.cyberscoop.com/cryptocurrency-illicit-chainalysis-tornado-cash/; https://cyberscoop.com/north-korean-cryptocurrency-hackers-education-government/; https://www.govinfosecurity.com/banner-year-for-north-korean-cryptocurrency-hacking-a-21075; https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/; https://twitter.com/RecordedFuture/status/1621646826360250370; https://twitter.com/RecordedFuture/status/1621646796219883520; https://twitter.com/MischaHansel/status/1623012083854979083,2022-10-25,2023-07-14
1631,Anonymous targeted the Russian Ministry of Defense in a hack-and-leak operation including mobilization data in September 2022,"Anonymous hacked and leaked data of 305,925 people who are likely to be mobilized in the first of three waves of mobilization. Anonymous claims that this hacking Russia's Ministry of Defense and leaking data about Russia mobilized soldiers is for the purpose of defending the sovereign territory of Ukraine against the Russian invasion, as part of #OperationRussia ",2022-09-01,2022-09-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by attacker,Data theft & Doxing,Ministry of Defence (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8184,2022-09-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Unknown,Non-state-group,https://www.thetechoutlook.com/news/technology/security/anonymous-collective-hacked-and-leaked-data-of-305925-people-who-are-likely-to-be-mobilized-in-the-first-of-three-waves-of-mobilization/; https://twitter.com/YourAnonTV/status/1573290421270507520,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,Not available,,Not available; Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://www.thetechoutlook.com/news/technology/security/anonymous-collective-hacked-and-leaked-data-of-305925-people-who-are-likely-to-be-mobilized-in-the-first-of-three-waves-of-mobilization/; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonTV/status/1573290421270507520,2022-10-25,2023-03-03
1628,Anonymous hacking group Black Reward stole and leaked information of Iran’s Atomic Energy Organization (AEOI) in October 2022,"The hacker group Black Reward gained access to the email servers of a subsidiary of the Atomic Energy Organization of Iran (AEOI) and threatened the government on 21 October with the release of stolen confidential data. The targeted entity, the Nuclear Energy Production and Development Co., operates Iran's so far only nuclear power plant in Busher. The group set a 24-hour ultimatum for the government to release all political prisoners. When this demand was not met, the group moved to leak information it said it had obtained from the subsidiary's email system.
The 50 gigabytes of published information included, inter alia, administrative and operational plans of the Bushehr nuclear facility, passports and visas of Iranian as well as Russian employees, and contracts and agreements on nuclear development plans, according to a Tweet of the hacking group. It remains unclear whether the compromised systems handled classified information.
The attack is one in a series of operations carried out in connection with the protests against the death of Mahsa Amini.",2022-01-01,2022-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking without Misuse,Atomic Energy Production and Development Co. (Iran),"Iran, Islamic Republic of",ASIA; MENA; MEA,Critical infrastructure,Energy,,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),2,11524; 11525,2022-10-21 00:00:00; 2022-10-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Receiver attributes attacker,Black Reward; Atomic Energy Organization of Iran (AEOI),Not available; Not available,"Iran, Islamic Republic of; Iran, Islamic Republic of",,"Iran, Islamic Republic of; Not available","Non-state-group; Non-state actor, state-affiliation suggested",https://www.foxnews.com/world/hackers-breach-irans-atomic-energy-agency-protests-persist; https://www.haaretz.com/middle-east-news/iran/2022-10-23/ty-article/hackers-target-irans-atomic-energy-organization-release-nuclear-data/00000184-0493-d644-a39c-d5f7c19c0000; https://www.japantimes.co.jp/news/2022/10/23/world/iran-nuclear-energy-hack/; https://securityaffairs.co/wordpress/137513/hacking/hackers-stole-sensitive-data-from-irans-atomic-energy-agency.html; https://mobile.twitter.com/black_reward/status/1583539226049536000,System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Yes / HIIK intensity,HIIK 4,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Cyber espionage,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://cyberscoop.com/iranian-dissidents-presidential-hack/; https://cyberscoop.com/iranian-hacking-group-hacked-app/; https://apnews.com/article/iran-technology-dubai-middle-east-business-944d99079fca61439d64054db6bde941; https://www.foxnews.com/world/hackers-breach-irans-atomic-energy-agency-protests-persist; https://www.haaretz.com/middle-east-news/iran/2022-10-23/ty-article/hackers-target-irans-atomic-energy-organization-release-nuclear-data/00000184-0493-d644-a39c-d5f7c19c0000; https://www.japantimes.co.jp/news/2022/10/23/world/iran-nuclear-energy-hack/; https://www.independent.co.uk/news/world/europe/ap-xi-jinping-bering-strait-rishi-sunak-russia-b2208760.html; https://www.derstandard.at/story/2000140234915/hacker-unterstuetzen-proteste-irans-atombehoerde-meldet-cyberangriff; https://securityaffairs.co/wordpress/137513/hacking/hackers-stole-sensitive-data-from-irans-atomic-energy-agency.html; https://mobile.twitter.com/black_reward/status/1583539226049536000; https://aeoi.org.ir/?news/48466/318330/337446/%D8%A7%D8%B7%D9%84%D8%A7%D8%B9%DB%8C%D9%87-%D8%B3%D8%A7%D8%B2%D9%85%D8%A7%D9%86-%D8%A7%D9%86%D8%B1%DA%98%DB%8C-%D8%A7%D8%AA%D9%85%DB%8C-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86-%D8%AF%D8%B1%D8%A8%D8%A7%D8%B1%D9%87-%D9%86%D9%81%D9%88%D8%B0-%D8%A8%D9%87-%D8%B3%D8%B1%D9%88%D8%B1-%D9%BE%D8%B3%D8%AA-%D8%A7%D9%84%DA%A9%D8%AA%D8%B1%D9%88%D9%86%DB%8C%DA%A9-%DB%8C%DA%A9%DB%8C-%D8%A7%D8%B2-%D8%B4%D8%B1%DA%A9%D8%AA%E2%80%8C%D9%87%D8%A7%DB%8C-%D8%AA%D8%A7%D8%A8%D8%B9%D9%87; https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/; https://www.cyberscoop.com/iran-nuclear-emails-hack-leak-black-reward/; https://www.bleepingcomputer.com/news/security/iran-s-atomic-energy-agency-confirms-hack-after-stolen-data-leaked-online/; https://therecord.media/iran-says-specific-foreign-country-behind-hacktivist-leak-of-atomic-energy-emails/; https://www.rferl.org/a/iran-nuclear-agency-hacked-e-mail/32096955.html; https://twitter.com/HackRead/status/1584617205588578309; https://twitter.com/SentinelOne/status/1586019403820212224; https://twitter.com/Dennis_Kipker/status/1587058112736989186,2022-10-24,2023-07-14
1626,Iranian hacker group Emennet Pasargad stole and leaked information of a US-based organization to target an Iranian opposition group in early 2022,"Iranian hacker group Emennet Pasargad stole and leaked information of a US-based organization to target the Iranian opposition group People's Mojahedin Organization of Iran (MEK) in early 2022, according to a notification of the Federal Bureau of Investigation (FBI). ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",,Data theft & Doxing; Disruption; Hijacking with Misuse,Not available,United States,NATO; NORTHAM,Unknown,,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,16981,2022-10-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,Federal Bureau of Investigation (FBI),Not available,United States,"Cotton Sandstorm fka NEPTUNIUM, DEV-0198/Vice Leaker/Marnanbridge (Emennet Pasargad, IRGC)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.ic3.gov/Media/News/2022/221020.pdf,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,Iran (opposition); Iran (opposition); Iran (Opposition),Yes / HIIK intensity,HIIK 4,1,2022-10-20 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,External Remote Services,Data Exfiltration; Data Encrypted for Impact,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/iranian-cyber-group-emennet-pasargad-conducting-hack-and-leak-operations-using-false-flag-personas/; https://www.ic3.gov/Media/News/2022/221020.pdf; https://therecord.media/fbi-warns-of-hack-and-leak-operations-from-group-based-in-iran/; https://www.darkreading.com/threat-intelligence/fbi-iranian-threat-group-likely-to-target-us-midterms; https://www.cyberscoop.com/fbi-iran-warning-hacktivists-election-israel/; https://www.securityweek.com/fbi-warns-iranian-cyber-firms-hack-and-leak-operations; https://twitter.com/780thC/status/1584489425144143872; https://twitter.com/securityaffairs/status/1661995453037043712,2022-10-21,2024-02-08
1627,Iranian-based APT-C-50 continued Domestic Kitten campaign to spy on Iranian citizens starting in June 2021,"Iranian-based APT-C-50 continued its Domestic Kitten campaign to spy on Iranian citizens using new mobile FurBall malware starting in June 2021, according to a technical report by the IT security company ESET. Hidden within an app, the surveillance software is distributed via a website designed to imitate a legitimate platform for resources translated from English to Farsi. In a possible attempt to maintain a low profile and avoid premature detection, the app's default permissions are limited to extract contact lists that could enable subsequent spearphishing attacks. Earlier versions of the app contained expansive surveillance functionalities that, if activiated by the attacker, could siphon text messages, device location, information on installed apps, notifications of other apps (including incoming messages) from infected devices and included the capability to capture and exfiltrate photos and videos. The Domestic Kitten campaign started in 2016, as reported by multiple IT companies, targeting predominantly anti-Iranian-government groups. ",2021-06-21,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,"Iran, Islamic Republic of",ASIA; MENA; MEA,End user(s) / specially protected groups,,APT-C-50,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7103,2022-10-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,APT-C-50,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/,System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Unknown,,0,,Not available,,Not available,Not available,No,,Drive-By Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Medium,12.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; International telecommunication law,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Human rights,Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html; https://www.bleepingcomputer.com/news/security/hacking-group-updates-furball-android-spyware-to-evade-detection/; https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/; https://www.darkreading.com/attacks-breaches/furball-spyware-being-used-against-iranian-citizens; https://www.welivesecurity.com/videos/apt-c-50-updates-furball-android-malware-week-security-tony-anscombe/; https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/; https://securitymea.com/2022/10/27/furball-spyware-goes-after-iranian-citizens-eset-research/,2022-10-21,2023-03-02
1615,National Republican Army (NRA) steals data from Russian government contractors and disrupts government websites,"In October 2022, the Kyiv Post disclosed that the Russian hacktivist group National Republican Army (NRA) hacked and stole data from several Russian technology companies based on information received from the group, including sample data allegedly obtained during the operation. Targets included Technoserv, which provides services to protect the Russian government. The group cites the goal of overthrowing Putin as the reason for the attack. Among the documents, according to the NRA, are records that also indicate a relationship between Technoserv and Russia's Federal Security Service (FSB). In an apparant message to Technoserv system administrators, the group claimed to have extracted over 1.2 TB of data,  the equivalent of one million files, ranging from AutoCAD designs, contracts with clients and partners, personal information of employees, including passport details. NRA threatened to publicly release the data.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Not available - None - Technoserv,Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - Government / ministries - ,National Republican Army (NRA),Russia,Non-state-group,Hacktivist(s),1,11523,2022-10-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,National Republican Army (NRA),Not available,Russia,National Republican Army (NRA),Russia,Non-state-group,https://www.kyivpost.com/russias-war/russians-against-putin-nra-claims-massive-hack-of-russian-government-contractors-computers.html,System / ideology; National power,System/ideology; National power,Russia (opposition); Russia (opposition),Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Defacement,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://tarnkappe.info/artikel/hacking/cyberangriff-nra-hackt-wichtige-russische-unternehmen-258025.html; https://www.kyivpost.com/russias-war/russians-against-putin-nra-claims-massive-hack-of-russian-government-contractors-computers.html,2022-10-20,2023-07-14
1613,Members of REvil ransomware group stole information of Australian private health insurance provider Medibank in October 2022,"Members of REvil ransomware group stole personal information of customers of Australian private health insurance provider Medibank in October 2022. A week before the company became aware of the data theft, Medibank had arrested a ransomware attack in the staging phase. Stolen data came from the systems of the ahm insurance and the international student insurance services, and comprised customer names, addresses, dates of birth, medicare numbers, policy numbers, and phone numbers. In some cases, details also included claims data, recording the location of where a customer received medical services and codes revealing their diagnoses and procedures.
In November the hackers started leaking the stolen data on the dark web containing screencaps from chats or negotiations between Medibank and the ransomware group. 
On the 1st December 2022, Medibank confirmed, that the hackers leaked another dump of stolen data containing health claim information. In February 2023, the company stated that the ""criminal accessed our systems using a stolen Medibank username and password used by a third party IT service provider"" and that ""following the triage of a security alert on 11 October we closed down the criminal’s attack path and can reconfirm no further activity by the criminal since 12 October 2022 has been detected inside our systems."" In a coordinated effort, Australia joined by the US and the UK on 23 January 2024 imposed sanctions and a travel ban on Russian national Alexander Ermakov, a suspected member of the ransomware group REvil.  ",2022-10-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,Medibank Private Ltd.,Australia,OC,Critical infrastructure,Health,REvil,Russia,Non-state-group,Criminal(s),2,17367; 17366,2024-01-23 00:00:00; 2022-11-11 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by third-party; Attribution by receiver government / state entity,"US Department of the Treasury; Reece Kershaw (Australian Federal Police Commissioner, Australia)",Not available; Not available,United States; Australia,REvil; Unknown,Russia; Russia,Non-state-group; Non-state-group,https://www.medibank.com.au/health-insurance/info/cyber-security/; https://www.afp.gov.au/news-media/media-releases/statement-afp-commissioner-reece-kershaw-medibank-private-data-breach,Unknown,Not available,,Not available,,2,2022-12-08 00:00:00; 2022-11-04 00:00:00,State Actors: Stabilizing measures; State Actors: Legislative reactions,Statement by other ministers (or spokespersons)/members of parliament; Legislative initiative,Australia; Australia,"Clare O'Neil (Cyber Security Minister, AUS); Parliament of Australia",No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,11.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,> 10 Mio - 100 Mio,24000000.0,dollar,None/Negligent,Human rights,Civic / political rights,Not available,3,2022-11-12 00:00:00; 2024-01-23 00:00:00; 2024-01-23 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests); Peaceful means: Retorsion (International Law); Peaceful means: Retorsion (International Law)",; Travel bans; Travel bans,Australia; Australia; United States,Australian Government; Australian Government; Australian Government,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/UK_Daniel_Card/status/1630097281516032000; https://socradar.io/what-we-learned-from-medibank-ransomware-incident/; https://www.faz.net/aktuell/wirtschaft/digitec/cyberangriff-auf-australische-krankenkasse-hacker-in-russland-18453252.html; https://www.thestar.com.my/tech/tech-news/2022/11/30/hackers-cripple-prestigious-indian-hospitals-internet-systems; https://www.cyberscoop.com/ransomware-australia-task-force/; https://www.smh.com.au/national/happy-cyber-security-day-medibank-hackers-release-massive-trove-of-data-online-20221201-p5c2q5.html; https://twitter.com/unix_root/status/1598340896910557184; https://www.smh.com.au/business/companies/case-closed-medibank-hackers-release-massive-data-file-20221201-p5c2pu.html; https://www.thestar.com.my/tech/tech-news/2022/12/01/hackers-dump-more-customer-data-from-australian-insurer-medibank; https://www.lemonde.fr/economie/article/2022/12/01/cybercriminalite-au-vanuatu-le-retour-au-stylo-n-est-plus-une-chimere-de-nostalgique_6152491_3234.html; https://research.checkpoint.com/2022/5th-december-threat-intelligence-report/; https://therecord.media/multiple-government-departments-in-new-zealand-affected-by-ransomware-attack-on-it-provider/; https://socradar.io/major-cyber-attacks-in-review-november-2022/; https://www.smh.com.au/technology/in-some-countries-you-have-a-right-to-be-forgotten-online-so-can-you-ask-a-company-to-ditch-your-data-in-australia-20221206-p5c43l.html; https://www.smh.com.au/business/companies/accounting-illusion-downer-delivers-the-latest-corporate-head-scratcher-20221208-p5c4t1.html; https://www.govinfosecurity.com/australian-aims-to-be-worlds-most-cyber-secure-country-a-20677; https://minister.homeaffairs.gov.au/ClareONeil/Pages/national-press-club-address.aspx; https://www.theguardian.com/australia-news/2022/dec/15/russian-medibank-hackers-could-be-first-targets-of-australian-sanctions-against-cyber-attackers; https://twitter.com/jasonnurse/status/1604812727289012227; https://www.spiceworks.com/it-security/data-security/news/medibank-data-leak/; https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/; https://socradar.io/introducing-radar-pages-major-cyber-attacks/; https://www.theguardian.com/australia-news/2022/dec/01/medibank-hackers-announce-case-closed-and-dump-huge-data-file-on-dark-web; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/; https://socradar.io/top-10-data-leaks-in-2022/; https://therecord.media/international-counter-ransomware-task-force-kicks-off/; https://www.govinfosecurity.com/australian-insurer-back-online-after-cyberattack-a-20274; https://therecord.media/shares-in-australias-medibank-drop-despite-foiling-ransomware-attack/; https://www.theguardian.com/technology/2022/oct/19/health-insurer-medibank-enters-trading-halt-after-purported-cyber-attack; https://www.smh.com.au/national/customer-data-may-have-been-exposed-in-medibank-cyber-incident-20221019-p5br74.html; https://www.smh.com.au/technology/medibank-hackers-threaten-to-release-stolen-health-data-in-ransom-demand-20221019-p5br2s.html; https://www.heise.de/news/Krankenversicherer-gehackt-Angreifer-wollen-1000-betroffene-Promis-kontaktieren-7313388.html; https://www.abc.net.au/news/2022-10-20/medibank-cyber-attack-hack-stolen-data/101557122; https://www.medibank.com.au/health-insurance/info/cyber-security/; https://www.smh.com.au/business/the-economy/the-cybersecurity-arms-race-is-running-hot-and-the-hackers-are-winning-20221020-p5brl0.html; https://www.foxnews.com/world/cybercriminal-holding-customers-data-australian-health-insurer-ransom; https://www.theguardian.com/australia-news/2022/oct/20/medibank-says-sample-of-stolen-customer-data-includes-details-of-medical-procedures; https://www.smh.com.au/technology/what-we-know-about-medibank-hack-and-what-should-customers-do-20221020-p5brgi.html; https://www.smh.com.au/technology/four-million-australians-could-be-exposed-in-medibank-hack-20221021-p5brmx.html; https://apnews.com/article/technology-health-australia-hacking-business-cfa90df38c870633a24384c01487a92e; https://www.independent.co.uk/news/ap-australian-canberra-trade-parliament-b2206642.html; https://www.securityweek.com/australian-health-insurer-medibank-admits-customer-data-stolen-ransomware-attack; https://www.channelnewsasia.com/business/after-telco-hack-australia-faces-wave-data-breaches-3016611; https://therecord.media/medibank-says-criminals-have-shared-proof-they-stole-customer-data/; https://minister.homeaffairs.gov.au/ClareONeil/Pages/statement-on-medibank-cyber-incident.aspx; https://www.medibank.com.au/livebetter/newsroom/post/medibank-cyber-incident-response; https://www.smh.com.au/business/companies/medibank-cyberattack-could-be-costly-on-multiple-fronts-20221021-p5brth.html; https://www.smh.com.au/technology/how-medibank-joined-optus-in-hack-hell-20221021-p5brt3.html; https://www.smh.com.au/technology/energyaustralia-struck-by-cyber-attack-attacking-weakness-in-password-rules-20221022-p5bryn.html; https://abcnews.go.com/Technology/wireStory/australia-flags-corporate-penalties-privacy-breaches-91902034; https://www.independent.co.uk/news/ap-australia-canberra-parliament-b2208256.html; https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/; https://www.securityweek.com/australia-flags-new-corporate-penalties-privacy-breaches; https://www.databreaches.net/medibank-updates-incident-report-customer-data-also-affected/; https://www.securityweek.com/medibank-confirms-broader-cyberattack-impact-after-hackers-threaten-target-celebs; https://www.channelnewsasia.com/business/pay-hackers-cybersecurity-it-australia-government-firm-3023661; https://www.malwarebytes.com/blog/news/2022/10/medibank-customers-personal-data-compromised-by-cyber-attack; https://www.databreaches.net/au-medibanks-latest-update-reveals-more-woes-my-home-hospital-patient-info-accessed/; https://www.databreaches.net/australian-clinical-labs-says-data-of-223000-people-hacked/; https://thehackernews.com/2022/10/australian-health-insurer-medibank.html; https://www.govinfosecurity.com/fallout-from-medibank-hack-grows-a-20361; https://therecord.media/cyberspace-has-become-a-battleground-warns-australian-cyber-security-centre/; https://www.securityweek.com/hackers-leak-australian-health-records-dark-web; https://www.bleepingcomputer.com/news/security/medibank-warns-customers-their-data-was-leaked-by-ransomware-gang/; https://www.databreaches.net/hackers-release-australian-health-insurers-customer-data/; https://twitter.com/ciaranmartinoxf/status/1590596497137360896; https://twitter.com/HackRead/status/1590511910763474944; https://twitter.com/ColetteWeston/status/1590607741139054592; https://twitter.com/Dennis_Kipker/status/1590663811576451072; https://www.govinfosecurity.com/australia-blames-russian-hackers-for-medibank-hack-a-20452; https://therecord.media/australian-federal-police-say-cybercriminals-in-russia-behind-medibank-hack/; https://www.databreaches.net/au-government-announces-new-task-force-to-target-hackers/; https://twitter.com/ciaranmartinoxf/status/1591535531976196096; https://twitter.com/troyhunt/status/1591532230211698688; https://twitter.com/Cyberknow20/status/1591526482450567178; https://www.lemonde.fr/international/article/2022/11/11/cyberattaque-l-australie-accuse-des-pirates-russes-de-vol-de-donnees-medicales_6149437_3210.html; https://www.afp.gov.au/news-media/media-releases/statement-afp-commissioner-reece-kershaw-medibank-private-data-breach; https://www.news.com.au/finance/business/hackers-leak-more-medibank-customer-data-on-dark-web/news-story/70433a3c5a0b6b2329733912d4470030; https://www.pm.gov.au/media/doorstop-cenotaph-sydney; https://twitter.com/UK_Daniel_Card/status/1592244332761079809; https://research.checkpoint.com/2022/14th-november-threat-intelligence-report/; https://www.darkreading.com/threat-intelligence/australia-declares-war-against-cybercriminals; https://twitter.com/jasonnurse/status/1592511718328258561; https://www.databreaches.net/medibank-defends-decision-to-not-pay-hackers-ransom-for-stolen-data-as-it-contacts-480000-customers/; https://ministers.ag.gov.au/media-centre/tougher-penalties-serious-data-breaches-22-10-2022; https://www.darkreading.com/attacks-breaches/australia-hack-back-plan-against-cyberattackers-familiar-concerns; https://ministers.ag.gov.au/media-centre/joint-standing-operation-against-cyber-criminal-syndicates-12-11-2022; https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22legislation%2Fbillsdgs%2F8863742%22; https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;page=0;query=BillId:r6940%20Recstruct:billhome; https://twitter.com/medibank/status/1585052710730362880; https://socradar.io/growing-cybercrime-outsourcing-model-initial-access-brokers/; https://www.medibank.com.au/livebetter/newsroom/post/2023-half-year-results-a-solid-result-with-business-momentum-returning?utm_source=substack&utm_medium=email; https://thehackernews.com/2023/03/breaking-mold-pen-testing-solutions.html; https://www.darkreading.com/attacks-breaches/australia-is-scouring-the-earth-for-cybercriminals-the-us-should-too; https://socradar.io/whats-next-for-cybercrime-ecosystem-after-genesis-market-takedown/; https://www.theguardian.com/technology/2023/may/02/australian-law-firm-hwl-ebsworth-hit-by-russian-linked-ransomware-attack; https://socradar.io/mutation-effect-of-babuk-code-leakage-new-ransomware-variants/; https://www.brisbanetimes.com.au/technology/law-firm-takes-out-court-order-to-prevent-spread-of-hacked-info-20230613-p5dgac.html?ref=rss&utm_medium=rss&utm_source=rss_feed; https://therecord.media/ventia-hit-with-cyberattack-australia; https://socradar.io/under-the-spotlight-state-of-evolving-australian-threat-landscape-in-2023/; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/trellix-2024-threat-predictions.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://www.darkreading.com/dr-global/what-we-can-learn-from-major-cloud-cyberattacks; https://www.techrepublic.com/article/cybersecurity-trends-australia-2024/; https://therecord.media/hackers-breach-australian-court-hearing-database; https://www.20min.ch/fr/story/cyberattaque-en-2022-laustralie-annonce-des-sanctions-sans-precedent-contre-un-russe-101405453229; https://www.lefigaro.fr/international/vaste-cyberattaque-en-australie-un-pirate-russe-accuse-et-sanctionne-20240123; https://www.letemps.ch/monde/l-australie-attribue-une-vaste-cyberattaque-a-un-pirate-russe-et-le-sanctionne; https://www.lnc.nc/article/faits-divers/politique/justice/pacifique/australie/l-australie-prevoit-des-sanctions-sans-precedent-contre-un-cyberpirate-russe; https://cyberscoop.com/us-uk-australia-sanction-russian-national-after-major-australian-ransomware-attack/; https://www.rferl.org/a/sanctions-yermakov-cyber-attack-australian-us-uk/32788739.html; https://tr.euronews.com/2024/01/23/avustralya-ulke-tarihinin-en-buyuk-siber-sucunu-isleyen-rus-bilgisayar-korsanina-yaptirim-; https://securityaffairs.com/157983/hacking/australia-sanctions-for-medibank-hacker.html; https://www.france24.com/es/minuto-a-minuto/20240123-el-espionaje-australiano-acusa-a-un-ruso-de-un-ataque-cibern%C3%A9tico; https://www.bleepingcomputer.com/news/security/us-uk-australia-sanction-revil-hacker-behind-medibank-data-breach/; https://thehackernews.com/2024/01/us-uk-australia-sanction-russian-revil.html; https://www.minister.defence.gov.au/media-releases/2024-01-23/cyber-sanction-response-medibank-private-cyber-attack; https://home.treasury.gov/news/press-releases/jy2041; https://www.gov.uk/government/news/uk-and-allies-sanctions-russian-cyber-hacker; https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html; https://krebsonsecurity.com/2024/01/who-is-alleged-medibank-hacker-aleksandr-ermakov/; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-26th-2024-govts-strike-back/; https://securityaffairs.com/158225/breaking-news/security-affairs-newsletter-round-456-by-pierluigi-paganini-international-edition.html; https://therecord.media/australia-healthcare-saint-vincent-cyberattack,2022-10-20,2024-02-21
1618,Pro-Russian group Killnet claims DDoS and hack-and-leak against US defense company Lockheed Martin in August 2022,"Pro-Russian group Killnet claims to have attacked the American aerospace and defense corporation, Lockheed Martin, through a DDOS attack in August 2022. The Moscow Times first reported that the pro-Russian hacktivist group was claiming responsibility. The group further claimed to have stolen personal data from employees and threatened to release the information. The group's Telegram group released a video that stated that personnel information contained names, email addresses, phone numbers, and pictures. The reason for the attack was Lockheed Martins authorship of the M142 High Mobility Artillery Rocket System (HIMARS) that has been supplied to Ukraine during the Russian-Ukrainian war. The group stated that the HIMARS: “allowed the criminal authorities of the Kyiv regime to kill civilians, destroy the infrastructure and social facilities of the still temporarily occupied Ukraine”. 
Whereas the claimed DDoS attack was not contested, experts claimed that the leaked data could be old/open source. However, Lockheed Martin did not deny or confirm the breach.",2022-08-05,2022-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,Lockheed Martin,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,Killnet,Russia,Non-state-group,Hacktivist(s),1,7939,2022-08-13 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://www.thetechoutlook.com/world/russian-hacker-group-killnet-reportedly-launched-cyberattack-on-lockheed-martin-american-defense-giant/; https://securityaffairs.co/wordpress/134341/hacking/killnet-lockheed-martin.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://research.checkpoint.com/2022/the-new-era-of-hacktivism/; https://www.thetechoutlook.com/world/russian-hacker-group-killnet-reportedly-launched-cyberattack-on-lockheed-martin-american-defense-giant/; https://securityaffairs.co/wordpress/134341/hacking/killnet-lockheed-martin.html; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS; https://www.newsweek.com/russian-hackers-target-us-himars-maker-report-ukraine-russia-1729502,2022-10-20,2023-12-20
1614,"Ukrainian TV channels haven been hacked to disseminate pro-Russian content on June 5, 2022","On June 6, 2022, the State Service of Special Communications and Information Protection of Ukraine (cip.gov.ua) issued a notice that the OLL.TV online platform was hacked in an Information Operation (InfoOp) to disseminate pro-Russian propaganda during the Ukraine-Russia war in 2022. Ukraine’s UNIAN news agency reported that the defacement of the media platform occurred on June 5, 2022 during a National Team Soccer 2022 World Cup qualification match between Ukraine and Wales. The Ukrainian government stated that other TV channels were also defaced in the attack: Football 1 & Indigo Ukraine, Ukraine 24, UA:First. The threat actors appeared to gain access to a CDN (Content Delivery Network) node and rerouted the IT traffic to the pro-Russian propaganda site ""Izvestia."" The disruption was brief since the IT specialists stopped the broadcast, located the CDN node that was affected, and restarted the digital traffic flow. ",2022-06-05,2022-06-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Football 1 - UA:First - Ukraine 24 - OLL.TV - Indigo Ukraine,Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,Media - Media - Media - Media - Media, -  -  -  - ,Not available,Not available,Not available,,1,7708,NaT,Not available,Not available,,Not available,Not available,Not available,Not available,Not available,https://twitter.com/cyber_etc/status/1533542717589962753?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://imi.org.ua/en/news/hackers-attack-oll-tv-media-service-and-broadcast-russian-propaganda-instead-of-football-i45981; https://twitter.com/Cyberknow20/status/1533514368331132928?s=20&t=8H1Q5oqyz-7qdub0-AU2Pg; https://cip.gov.ua/en/news/kiberataka-rosiyi-na-servis-oll-tv,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/putin-speech-television-ddos-ukraine-it-army/; https://twitter.com/cyber_etc/status/1533542717589962753?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://imi.org.ua/en/news/hackers-attack-oll-tv-media-service-and-broadcast-russian-propaganda-instead-of-football-i45981; https://twitter.com/Cyberknow20/status/1533514368331132928?s=20&t=8H1Q5oqyz-7qdub0-AU2Pg; https://cip.gov.ua/en/news/kiberataka-rosiyi-na-servis-oll-tv,2022-10-20,2023-11-26
1609,Anonymous-linked group CaucasNet claims a hack of patrol robots of the Russian company SMP Robotics in May 2022,"The Anonymous-linked group CaucasNet claims to have hacked the administration panel of the patrol robots ""Tral Patrol 4.0"" of the Russian company SMP Robotics worldwide and broadcasted the Ukrainian national anthem and a Georgian song on the robots on May 9, 2022. Targets included robots at Sheremetyevo International Airport.",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,SMP Robotics,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,CaucasNet,Unknown,Non-state-group,Hacktivist(s),1,8178,2022-05-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,CaucasNet,Not available,Unknown,CaucasNet,Unknown,Non-state-group,https://twitter.com/caucasnet/status/1521643929178939392,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement; Resource Hijacking,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://twitter.com/caucasnet/status/1524177545465372673?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1524177545465372673%7Ctwgr%5E2caead7fdff69fa732bc4bfa398899c2066e99e6%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.dailydot.com%2Fdebug%2Fhackers-surveillance-robots-russia%2F; https://www.dailydot.com/debug/hackers-surveillance-robots-russia/; https://twitter.com/caucasnet/status/1521643929178939392; https://vosveteit.zoznam.sk/hackeri-z-anonymous-rozoberaju-rusko-pribuda-jeden-kyberneticky-utok-za-druhym/; https://twitter.com/Anonymous_Link/status/1524056118259036162?s=20&t=1tD6JNcAL4R2MjNPMiP6Hw; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-10-19,2023-03-03
1606,An unnamed Chinese APT gained access to the systems of a US software company through the use of  shack2 and China Chopper web shells in 2022,"An unnamed and possibly state-sponsored Chinese APT gained access to the network of a US software company in 2022, using the shack2 and China Chopper web shells, according to the findings that the cybersecurity firm IronNet published with moderate confidence. No data theft was reported. IronNet detected the incident in August 2022. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Not available,China,"Non-state actor, state-affiliation suggested",,1,11521,2022-10-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,IronNet,,United States,Not available,China,"Non-state actor, state-affiliation suggested",https://www.ironnet.com/blog/the-security-risk-of-m-a,International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,External Remote Services; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.ironnet.com/blog/the-security-risk-of-m-a,2022-10-19,2023-07-14
1611,CERT-UA warns about unknown hackers infiltrating Ukrainian government targets exploiting the Zero-Day vulnerability Follina since March 2022,"In early June 2022, the Computer Emergency Response Team of Ukraine warned in a report (CERT-UA #4753) of Cobalt Strike beacon malware attacks on Ukrainian IT infrastructure that exploited CVE-2021-40444 (Microsoft MSHTML flaw) and CVE-2022-30190 (Follina zero-day) zero-day vulnerabilities. At that time, CERT-UA warned (CERT-UA #4753) that the campaign was ongoing. IT company SOC Prime referred to CERT-UA information about multiple intrusions between March and June 2022, but the original CERT-UA statement does not contain this detail. 
The Cobalt Strike Beacon malware is frequently utilized by state-backed cyber actors that target Ukrainian IT infrastructure. since March 2022. The CVE-2022-30190 (Follina) specifically is a recently discovered vulnerability that is quickly available to use after implementation. The most recent attacks used the file ""changes in salary with accruals.docx"" (""зміни оплата праці з нарахуваннями.docx"") and was distributed among Ukrainian state organizations. The document contains a link to an external object and leads to a launch of a PowerShell Command, the EXE file ""ms-msdt.exe"" being downloaded, and the computer being infected with the Cobalt Strike Beacon malware. CERT-UA responded by blocking the domain name and the corresponding server, issuing a warning (CERT-UA#4753), and advising further cyber security measures via the Microsoft website.
",2022-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Military,Not available,Not available,Not available,,1,7693,2022-06-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,Not available,Not available,Not available,https://socprime.com/blog/cve-2021-40444-and-cve-2022-30190-exploit-detection-cobalt-strike-beacon-delivered-in-a-cyber-attack-on-ukrainian-state-bodies/; https://twitter.com/cyber_etc/status/1532358772689186817?s=20&t=MgEq_efbLJJYbTt1Y6SKFA,Unknown,Unknown,,Unknown,,1,2022-06-02 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,Yes,One,,Not available,,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://socprime.com/blog/cve-2021-40444-and-cve-2022-30190-exploit-detection-cobalt-strike-beacon-delivered-in-a-cyber-attack-on-ukrainian-state-bodies/; https://twitter.com/cyber_etc/status/1532358772689186817?s=20&t=MgEq_efbLJJYbTt1Y6SKFA,2022-10-19,2023-02-27
1607,Chinese state-sponsored Winnti Group targets Hong Kong government organizations in espionage effort starting in 2021,"The Chinese state-sponsored hackers APT Winnti Group attacked several of Hong Kong's government institutions using the Spyder Loader malware in an effort to gather intelligence for over a year starting in 2021. This activity is linked to Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers to steal information from critical infrastructure companies dating back to 2019.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,,Hong Kong,ASIA,State institutions / political system,Government / ministries,,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7123,2022-10-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,,China,"Non-state actor, state-affiliation suggested",https://therecord.media/hong-kong-govt-orgs-targeted-for-over-a-year-with-spyder-loader-malware-report/,System / ideology; Autonomy; Secession,System/ideology; Autonomy; Secession,China (Hong Kong); China (Hong Kong); China (Hong Kong),Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,Months,Not available,Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Law of treaties (pacta sunt servanda),,Not available,0,,Not available,,Not available,Not available,Cyber espionage,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2022/10/chinese-spyder-loader-malware-spotted.html; https://www.bleepingcomputer.com/news/security/hackers-compromised-hong-kong-govt-agency-network-for-a-year/; https://therecord.media/hong-kong-govt-orgs-targeted-for-over-a-year-with-spyder-loader-malware-report/; https://securityaffairs.co/wordpress/137300/apt/apt41-spyder-loader.html; https://twitter.com/unix_root/status/1582349777592758273; https://twitter.com/Dinosn/status/1582357654391128065; https://twitter.com/Cyber_O51NT/status/1582332169225371649; https://twitter.com/780thC/status/1582324378880028673; https://www.darkreading.com/threat-intelligence/china-linked-cyber-espionage-team-homes-in-on-hong-kong-government-orgs; https://www.securityweek.com/chinas-winnti-group-seen-targeting-governments-sri-lanka-hong-kong; https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/,2022-10-19,2023-02-19
1610,Project Nemesis: Mass doxxing of Ukrainian military and intelligence personnel information by Pro-Russian group RaHDit in May 2022,"A pro-Russian organized information warfare campaign, dubbed Project Nemesis, began in late May 2022 and mass doxxed persons actively involved in the Ukraine-Russia War, including members of the Ukrainian military, secret services, volunteers, Russians working for Ukraine, and international trainers. A website began publishing information bout hundreds of persons, including photographs, personal details, birth dates, addresses, telephone numbers, passport numbers, and personal social media profiles. Additionally, a Russian-language Telegram channel posted multiple times a day and encouraged harassment of these individuals by their followers. Particular groups that were targeted in this doxxing activity were the Azov Battalion and Pravyi Sektor. The bad actors behind the incident also claim that they hacked 700 members of Ukraine’s Security Service (SBU) and doxxed them too. ISD did not verify this activity; however, the Russian state media stated that it was authentic. The initiator of the attack has not been determined yet and the malicious activity has not yet been attributed. However, the actors described themselves on their Telegram channel as: ""IT volunteers and OSINTers"" which the goal of targeting Ukrainian Nazis and ""those who help them."" Other self-descriptions identify them as RaHDit, which is a Pro-Russian hacktivist group that is supposedly responsible for several attacks against Ukraine. The planning stage of the attack appears to have been prepared as early as mid-March 2022. The Telegram content is promoted across Russian propaganda channels and even on Russian state media. According to online searches and Mandiant, the pro-Russian hacktivist group RaHDit was unknown prior to the start of the war in Feb 2022.",2022-03-01,Not available,"Attack on (inter alia) political target(s), politicized",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,Ukraine’s Security Service (SBU) - Azov Battalion,Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU,State institutions / political system - State institutions / political system,Intelligence agencies - Military,RaHDit,Russia,Non-state-group,Hacktivist(s),2,7707; 7706,2022-05-19 00:00:00; 2022-05-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,Mandiant; RaHDit,; Not available,United States; Not available,RaHDit; RaHDit,Russia; Russia,Non-state-group; Non-state-group,https://www.isdglobal.org/digital_dispatches/project-nemesis-and-the-new-frontiers-of-informational-warfare/; https://gadgets360.com/internet/news/russia-rahdit-hacker-group-citizens-collaborating-ukraine-military-intelligence-3168225#rss-gadgets-news,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,,0.0,euro,,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://www.isdglobal.org/digital_dispatches/project-nemesis-and-the-new-frontiers-of-informational-warfare/; https://www.mandiant.com/resources/blog/information-operations-surrounding-ukraine; https://gadgets360.com/internet/news/russia-rahdit-hacker-group-citizens-collaborating-ukraine-military-intelligence-3168225#rss-gadgets-news,2022-10-19,2023-03-30
1605,"Unknown APT groups used a 0-day in Zimbra software to gain access to government, telecommunication and IT entities throughout Central Asia in early September 2022","Unknown APT groups used a 0-day in Zimbra software, namely CEV-2022-41352, to gain access to government, telecommunication and IT entities in early September 2022 as part of the first attack wave, according to a technical report by Kaspersky. The taregeting showed mixed patters of selective and opportunistic attacks with a strong geographic focus on Central Asia. ",2022-09-07,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,Not available,Central Asia (region),,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Telecommunications; ,Unknown,Not available,Unknown - not attributed,,2,3578; 3579,2022-10-13 00:00:00; 2022-10-13 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Kaspersky; Volexity,Not available; Not available,Russia; United States,Unknown; Unknown,Not available; Not available,Unknown - not attributed; Unknown - not attributed,https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/; https://twitter.com/Volexity/status/1580591431197945857,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,One,Exploit Public-Facing Application,Data Manipulation,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,1.0,Not available,Not available,Not available,0.0,,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.securityweek.com/zimbra-patches-under-attack-code-execution-bug; https://thehackernews.com/2022/10/zimbra-releases-patch-for-actively.html; https://forums.zimbra.org/viewtopic.php?f=15&t=71153&sid=ec590d3c33b28980e53752569defe800; https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/; https://twitter.com/Volexity/status/1580591431197945857; https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/; https://socradar.io/unpatched-rce-vulnerability-in-zimbra-actively-exploited/; https://twitter.com/unix_root/status/1581981098493595648,2022-10-18,2023-02-19
1604,"Anonymous claims to have hacked RuTube on Russian Victory Day, May 9, 2022","Anonymous claims on Twitter to have hacked the video streaming platform RuTube on Russia's Victory Day (May 9, 2022) Most of its databases and infrastructure were reportedly damaged in the process, as were its backups. The hack happened at the same time as the spread of anti-war messages by unknown threat actors on Russian smart TV as well as on the platforms of the IT company Yandex. RuTube was offline for three days as a result of a massive cyber attack. The company confirmed the attack and claimed to be the victim of an APT. The Ukrainian Minister of Digital Transformation, Mykhailo Fedorov, praised the RuTube hack.",2022-05-09,2022-05-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim; Incident disclosed by attacker,Disruption,RuTube,Russia,EUROPE; EASTEU; CSTO; SCO,Media,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8175,2022-05-10 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Unknown,Non-state-group,https://twitter.com/YourAnonTV/status/1524099094628634624?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1524099094628634624%7Ctwgr%5E0ff5ceb31f3309a93d2045aa005f17a3a228178d%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.republicworld.com%2Fworld-news%2Frussia-ukraine-crisis%2Fanonymous-claims-it-hacked-russian-video-streaming-service-rutube-on-victory-day-articleshow.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,,,,Low,0,,Not available,,Not available,Not available,Not available,,,,https://therecord.media/putin-speech-television-ddos-ukraine-it-army/; https://rbc-ru.turbopages.org/rbc.ru/s/technology_and_media/10/05/2022/627a10239a794725a51d4dd0; https://twitter.com/cyber_etc/status/1523676171451662338; https://www.washingtonpost.com/world/2022/05/09/russia-tv-hack-victory-day-ukraine-war/; https://www.bleepingcomputer.com/news/security/hackers-display-blood-is-on-your-hands-on-russian-tv-take-down-rutube/; https://www.hngn.com/articles/242120/20220512/rutube-hack-anonymous-claims-cyberattack-russian-video-streaming-site-victory.htm; https://www.nbcnews.com/tech/tech-news/rutube-down-russia-hack-attack-ukraine-rcna28299; https://t.me/rutube/4173; https://twitter.com/YourAnonTV/status/1524099094628634624?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1524099094628634624%7Ctwgr%5E0ff5ceb31f3309a93d2045aa005f17a3a228178d%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.republicworld.com%2Fworld-news%2Frussia-ukraine-crisis%2Fanonymous-claims-it-hacked-russian-video-streaming-service-rutube-on-victory-day-articleshow.html; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-10-17,2023-11-07
1603,Pro-Russian group KillNet disrupted various Bulgarian websites on 15 October 2022,"Russian hacktivist group KillNet disrupted various Bulgarian websites, including of government, airports, media and a telecommunication company, on 15 October 2022, according to statements by the hackers
",2022-10-15,2022-10-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,Ministry of Justice (Bulgaria) - Constitutional Court (Bulgaria) - Ministry of Defence (Bulgaria) - Ministry of Interior (Bulgaria) - Presidency (Bulgaria) - Not available,Bulgaria; Bulgaria; Bulgaria; Bulgaria; Bulgaria; Bulgaria,EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS) - EUROPE; BALKANS; NATO; EU(MS),State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure; Media; Critical infrastructure,Government / ministries - Judiciary - Government / ministries - Government / ministries - Government / ministries - Telecommunications; ; Transportation,Killnet,Russia,Non-state-group,Hacktivist(s),3,7969; 7970; 7970; 7971; 7971,2022-10-16 00:00:00; 2022-10-15 00:00:00; 2022-10-15 00:00:00; 2022-10-15 00:00:00; 2022-10-15 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Killnet; Ivan Geshev (Chief Public Prosecutor, BGR); Prosecutor's Office; Borislav Sarafov; National Investigative Service",Not available; Not available; Not available; Not available; Not available,Russia; Bulgaria; Bulgaria; Bulgaria; Bulgaria,Killnet; Unknown; Unknown; Unknown; Unknown,Russia; Russia; Russia; Russia; Russia,Non-state-group; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403495_geshev_hakerskata_ataka_idva_ot_ruskiia_grad/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403469_hakerska_ataka_zatrudni_vlizaneto_v_saita_na/?ref=home_NaiNovoto&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://t.me/killnet_reservs/3137,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.rferl.org/a/bulgaria-cyberattack-russia/32084869.html; https://www.databreaches.net/bulgarian-government-hit-by-cyberattack-blamed-on-russian-hacking-group/; https://www.novinite.com/articles/217097/Russians+might+be+behind+Hacker+Attacks+against+Bulgaria; https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403495_geshev_hakerskata_ataka_idva_ot_ruskiia_grad/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403469_hakerska_ataka_zatrudni_vlizaneto_v_saita_na/?ref=home_NaiNovoto&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://www-svobodnaevropa-bg.translate.goog/a/32084652.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://www.rferl.org/a/bulgaria-cyberattack-russia/32084869.html; https://t.me/killnet_reservs/3137; https://www.euractiv.com/section/digital/news/bulgaria-targeted-by-russian-hacker-attack/; https://www.euractiv.com/section/politics/news/nuclear-phase-out-strains-german-coalition-2/; https://securityaffairs.co/wordpress/137230/hacking/bulgaria-hit-cyber-attack-russia.html; https://twitter.com/securityaffairs/status/1582089024252305408; https://twitter.com/Dennis_Kipker/status/1581951029179883520; https://therecord.media/cyberattack-disrupts-bulgarian-government-websites-over-betrayal-to-russia/; https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/,2022-10-17,2024-02-26
1599,Pro-Russian group Killnet targets German authorities and ministries with DDoS attacks in early May,"At the beginning of May, the Russian hacker group Killnet attacked servers of several German authorities and ministries via DDoS attacks, making them temporarily inaccessible. The hacker group claimed responsibility for the attack via telegram. The attacks allegedly affected, among others, the Ministry of Defense, the Bundestag, the Federal Police, the Bundeskriminalamt, several state police agencies, airports, and the SPD website of Chancellor Olaf Scholz. Authorities suspect retaliatory attacks over German arms deliveries to Ukraine behind the attacks. The Federal Office for Information Security assesses the attacks as technically unsophisticated. The ministry of the interior stated that all attacks have been successfully defended and no data was stolen, but according to Der Spiegel, some of the targeted websites have been temporarily unavailable. The German government confirmed the attacks. ",2022-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,None - None - None - None - None - None - None,Germany; Germany; Germany; Germany; Germany; Germany; Germany,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries - Police - Transportation - Political parties - Police,,Russia,Non-state-group,Hacktivist(s),1,13285,2022-05-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,Not available,Russia,,Russia,Non-state-group,https://www.wiwo.de/politik/ausland/cyberangriff-russische-hacker-greifen-webseiten-deutscher-behoerden-an/28314926.html; https://www.republicworld.com/world-news/russia-ukraine-crisis/russian-hackers-target-german-govt-websites-in-series-of-cyberattacks-report-articleshow.html; https://www.dw.com/de/wie-der-krieg-in-der-ukraine-mit-cybercrime-zusammenh%C3%A4ngt/a-61739052; https://www.zdf.de/nachrichten/digitales/hacker-angriff-deutschland-ukraine-krieg-russland-100.html,Other,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Endpoint Denial of Service,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Medium,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wiwo.de/politik/ausland/cyberangriff-russische-hacker-greifen-webseiten-deutscher-behoerden-an/28314926.html; https://www.republicworld.com/world-news/russia-ukraine-crisis/russian-hackers-target-german-govt-websites-in-series-of-cyberattacks-report-articleshow.html; https://www.dw.com/de/wie-der-krieg-in-der-ukraine-mit-cybercrime-zusammenh%C3%A4ngt/a-61739052; https://www.zdf.de/nachrichten/digitales/hacker-angriff-deutschland-ukraine-krieg-russland-100.html; https://www.telegraph.co.uk/news/2022/10/18/germanys-cyber-security-agency-chief-sacked-alleged-close-ties/; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS,2022-10-16,2023-09-24
1594,Anonymous -linked group v0g3lSec defaces a Russian drug dealing website on the dark web in May 2022,"Anonymous collective v0g3lSec takes over a Russian website on the dark web related to drug dealing in May 2022. Using the Squad 303 tool, the collective defaces the website.",2022-05-03,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,Social groups,Criminal,v0g3lSec,Unknown,Non-state-group,Hacktivist(s),1,8174,2022-05-03 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,v0g3lSec ‏,Not available,Unknown,v0g3lSec,Unknown,Non-state-group,http://web.archive.org/web/20220503132909/https://twitter.com/v0g3lSec/status/1521481842121129987,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,Not available,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,,,,Low,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.thetechoutlook.com/news/anonymous-collective-v0g3lsec-has-seized-the-drug-dealing-dark-net-website-of-russia-and-defaced-it-with-squad303-tool/; https://www.thetechoutlook.com/news/v0g3lsec-has-hacked-into-another-russian-black-market-website-on-the-dark-web/; http://web.archive.org/web/20220503132909/https://twitter.com/v0g3lSec/status/1521481842121129987; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-10-15,2023-03-03
1591,Pro-Russian group Killnet targeted US Energy Company Devon in April 2022,"Killnet, a pro-Russian hacker group, targeted Devon Energy, a US-American energy provider, with DDoS in April 2022, as part of the Russia-Ukraine War. The group dedicated the attack to REvil via Social Media. 
",2022-04-16,2022-04-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Devon Energy,United States,NATO; NORTHAM,Critical infrastructure,Energy,Killnet,Russia,Non-state-group,Hacktivist(s),2,7972; 7973,2022-04-16 00:00:00; 2022-10-18 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker,Killnet; Avertium Cyber Fusion Centers,Not available; ,Russia; United States,Killnet; Killnet,Russia; Russia,Non-state-group; Non-state-group,https://twitter.com/Cyberknow20/status/1515474245882507266,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,2.0,Not available,Not available,1-10,1.0,1-10,1.0,Not available,0.0,euro,,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-russian-threat-actor-killnet; https://twitter.com/Cyberknow20/status/1515474245882507266,2022-10-14,2023-03-02
1590,The Bulgarian post was disrupted in April 2022,"The Bulgarian Post was hit by a cyber attack of unknown origin, but Bulgarian cybersecurity experts suspect Russian involvement behind the attack. These hackers utilized Delphi software, of which its users are ""99 %"" in Russia, and disrupted postal service in order to cause tension.",2022-04-04,2022-04-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,Bulgarian Post,Bulgaria,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system,Civil service / administration,Not available,Russia,Unknown - not attributed,,1,12392,2022-05-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,"Vasil Velichkov (IT expert and government advisor, Bulgaria)",,Bulgaria,Not available,Russia,Unknown - not attributed,https://3e-news.net/en/a/view/33112/poor-cyber-defense-and-delayed-reaction-to-hacking-have-led-to-massive-damage-to-bulgarian-posts,Unknown,Unknown,,Unknown,,1,2022-05-04 00:00:00,EU member states: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Bulgaria,"Kalina Konstantinowa (Deputy Prime Minister for Effective Governance, Bulgaria)",No,,Not available,Data Destruction; Data Encrypted for Impact,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,Not available,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/cyber_etc/status/1516070213439135744; https://www.euractiv.com/section/politics/short_news/russian-style-hackers-ruin-bulgarian-post-office/; https://3e-news.net/en/a/view/33112/poor-cyber-defense-and-delayed-reaction-to-hacking-have-led-to-massive-damage-to-bulgarian-posts; https://www.bgpost.bg/en/news/3375,2022-10-14,2023-08-17
1589,"State-sponsored Chinese hacker group Budworm gained access to networks of targets in the US, Middle East and Southeast Asia since April 2022","State-sponsored Chinese hacker group Budworm gained access to networks of a Middle Eastern government, a multinational electronics manufacturer, a US state legislature, and a hospital in Southeast Asia from April 2022 to October 2022, according to IT company Symantec.
On 8 August 2023, the US IT security firm Recorded Future published a technical report on the Chinese state-sponsored hacking group RedHotel. In it, Recorded Future contestet the attribution of this cyber incident to Budworm and attributed it to RedHotel due to the infrastructure, capabilities and victimology overlap. ",2022-04-01,2022-10-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available - Not available - Not available - Not available,Middle East (region); United States; Not available; Southeast Asia (region), - NATO; NORTHAM -  - ,State institutions / political system - State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure,Government / ministries - Legislative -  - Health,Budworm,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,12259; 12260,2022-10-13 00:00:00; 2023-08-08 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Symantec; Recorded Future,; Recorded Future,United States; United States,Budworm; RedHotel/Aquatic Panda/BRONZE UNIVERSITY/Charcoal Typhoon fka CHROMIUM/Earth Lusca/Red Scylla/ControlX/Fishmonger/DeepCliff/POISON CARP (I-Soon),China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-espionage-us-state; https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Supply Chain Compromise,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,Months,Not available,1-10,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,Non-state actors; Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securityaffairs.co/wordpress/137075/apt/budworm-apt-targets-us.html; https://www.securityweek.com/chinese-cyberspies-targeting-us-state-legislature; https://thehackernews.com/2022/10/budworm-hackers-resurface-with-new.html; https://therecord.media/u-s-state-legislature-middle-eastern-govt-targeted-by-espionage-group-through-log4j/; https://www.cyberscoop.com/china-hacking-budworm-apt27-nsa-threat/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-espionage-us-state; https://www.darkreading.com/threat-intelligence/disinformation-attacks-threaten-us-midterm-elections; https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf; https://www.darkreading.com/threat-intelligence/redhotel-dominant-china-backed-cyber-spy-group; https://therecord.media/hong-kong-software-supply-chain-attack-carderbee-apt; https://www.darkreading.com/edge/cyber-threats-to-watch-out-for-in-2024,2022-10-14,2024-02-23
1583,Anonymous hacked and leaked the database of the Russian Ministry of Defense in February 2022,"The hacker collective Anonymous breached the database of the Russian Ministry of Defense's website and leaked data such as emails, passwords and telephone numbers via Twitter on February 25, 2022. 

",2022-02-01,2022-02-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,Ministry of Defence (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8145,2022-02-25 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Unknown,Non-state-group,https://twitter.com/YourAnonTV/status/1497326134802984960?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1497326134802984960%7Ctwgr%5Ea4b7203900a76638271415f4301434e7149685bc%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Flondonlovesbusiness.com%2Fanonymous-have-successfully-breached-and-leaked-the-database-of-the-russian-ministry-of-defence-website%2F,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,,,Low,0,,Not available,,Not available,Not available,Not available,,,,https://twitter.com/YourAnonTV/status/1497326134802984960?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1497326134802984960%7Ctwgr%5Ea4b7203900a76638271415f4301434e7149685bc%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Flondonlovesbusiness.com%2Fanonymous-have-successfully-breached-and-leaked-the-database-of-the-russian-ministry-of-defence-website%2F; http://www.thelowdownblog.com/2022/02/anonymous-hacks-russian-defense.html; https://metro.co.uk/2022/02/26/anonymous-leaks-russian-mod-database-in-major-victory-during-cyberwar-16179039/; https://londonlovesbusiness.com/anonymous-have-successfully-breached-and-leaked-the-database-of-the-russian-ministry-of-defence-website/; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-10-12,2023-03-03
1581,Ukrainian IT Army defaced the website of the Collective Security Treaty Organisation (CSTO) on 7 October 2022,"Ukrainian IT Army defaced a series of websites related to the Collective Security Treaty Organisation (CSTO), a Russian-led military alliance framework, on the occasion of Russian President Wladimir Putin's birthday on 7 October 2022, according to the Ukrainian IT Army. In a message posted to the website, the group ostensibly congratulated Putin, alluding to his responsibility for alleged war crimes. The websites were subsequently taken offline. The CSTO website was previously hacked in September 2022 but was not attributed to any cyber group.

",2022-10-07,2022-10-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,Collective Security Treaty Organization (CSTO; Russia),Russia,EUROPE; EASTEU; CSTO; SCO,International / supranational organization,,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,7141,2022-10-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,Not available,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,https://t.me/itarmyofukraine2022/763,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty; International organizations,Prohibition of intervention; ; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.nytimes.com/2022/10/07/world/europe/putin-birthday-russia-ukraine.html; https://www.nytimes.com/2022/10/07/world/europe/russia-strikes-ukraine.html; https://ain.ua/2022/10/07/it-armiya-zlamala-sajt-odkp-i-pryvitala-putina-z-dnem-narodzhennya/; https://t.me/itarmyofukraine2022/763; https://www.bignewsnetwork.com/news/272759179/russian-led-military-bloc-claims-website-was-hacked?utm_source=feeds.bignewsnetwork.com&utm_medium=referral,2022-10-12,2023-03-02
1580,Lebanon-based hacking group POLONIUM has targeted Israeli organizations in possible coordination with Iran's Ministry of Intelligence since September 2021,"Lebanon-based hacking group POLONIUM has targeted a range of Israeli organizations in the IT, manufacutring, and defense sectors since at least September 2021 with the presumed aim of stealing confidential data. Microsoft Threat Intelligence Center (MSTIC) assessed with high confidence that the group operates from Lebanon and concluded with moderate confidence that reported activity was coordinated with actors associated with Iran's Ministry of Intelligence and Security (MOIS). Considering operational overlaps on networks compromised by Mercury/MuddyWater, an activity group linked to the MOIS, MSTIC investigates the possibility of a ""hand-off"" model under which MOIS elements provide POLONIUM with access to infiltrated networks.",2021-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,Israel,ASIA; MENA; MEA,Unknown; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure,"; Government / ministries; Finance; ; ; Other (e.g., embassies); Transportation; Health; Defence industry",Plaid Rain fka POLONIUM/UNC4453/Aqua Dev 1/Greatrift; Ministry of Intelligence and Security (MOIS; Iran),"Lebanon; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ",1,7142; 7142; 7142; 7142; 7142; 7142; 7142; 7142,2022-06-02 00:00:00; 2022-06-02 00:00:00; 2022-06-02 00:00:00; 2022-06-02 00:00:00; 2022-06-02 00:00:00; 2022-06-02 00:00:00; 2022-06-02 00:00:00; 2022-06-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft,; ; ; ; ; ; ; ,United States; United States; United States; United States; United States; United States; United States; United States,"Plaid Rain fka POLONIUM/UNC4453/Aqua Dev 1/Greatrift; Plaid Rain fka POLONIUM/UNC4453/Aqua Dev 1/Greatrift; Plaid Rain fka POLONIUM/UNC4453/Aqua Dev 1/Greatrift; Plaid Rain fka POLONIUM/UNC4453/Aqua Dev 1/Greatrift; Ministry of Intelligence and Security (MOIS, Iran); Ministry of Intelligence and Security (MOIS, Iran); Ministry of Intelligence and Security (MOIS, Iran); Ministry of Intelligence and Security (MOIS, Iran)","Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/,International power,System/ideology; International power,Iran – Israel; Iran – Israel,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Supply Chain Compromise,Not available,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Due diligence,; Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.bleepingcomputer.com/news/security/hacking-group-polonium-uses-creepy-malware-against-israel/; https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/; https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/; https://twitter.com/chuksjonia/status/1579784402884001792; https://twitter.com/cyb3rops/status/1579768943614386178; https://therecord.media/report-lebanon-based-hacking-group-attacked-israeli-targets-with-custom-backdoors/; https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html; https://securityaffairs.co/wordpress/137030/apt/polonium-custom-backdoors.html; https://www.securityweek.com/seven-creepy-backdoors-used-lebanese-cyberspy-group-israel-attacks; https://www.welivesecurity.com/videos/eset-research-poloniums-creepy-toolset-week-security-tony-anscombe/; https://twitter.com/Cyber_O51NT/status/1639428701137035264,2022-10-12,2023-12-12
1574,Iranian activist hackers Edaalate Ali disrupt Iranian state TV broacast featuring the Supreme Leader on 8 October 2022,"Iranian activist hackers Edaalate Ali disrupted the TV news broadcast of Islamic Republic of Iran News Network (IRINN) on 8 October 2022, interfering with a report about a meeting of Iran's Supreme Leader Ayatollah Khamenei. The 15-second-long intervention displayed anti-regime and pro-protest messages. ",2022-10-08,2022-10-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,Islamic Republic of Iran Broadcasting (IRIB),"Iran, Islamic Republic of",ASIA; MENA; MEA,Media,,Edaalate Ali,Not available,Non-state-group,Hacktivist(s),1,11520,2022-10-08 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Edaalate Ali,Not available,Not available,Edaalate Ali,Not available,Non-state-group,https://www.euractiv.com/section/global-europe/news/iran-state-tv-hacked-with-image-of-supreme-leader-in-crosshairs/; https://www.deutschlandfunk.de/iran-hackerangriff-staats-tv-100.html,System / ideology,System/ideology; National power,Iran (opposition); Iran (opposition),Yes / HIIK intensity,HIIK 4,0,,Not available,,Not available,Not available,No,,Not available,Data Manipulation,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",2.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.haaretz.com/middle-east-news/2022-10-09/ty-article/irans-leadership-holds-crisis-meeting-as-protests-rage-nationwide/00000183-bc39-dc53-a987-fc3df0280000; https://www.euractiv.com/section/global-europe/news/iran-state-tv-hacked-with-image-of-supreme-leader-in-crosshairs/; https://www.nbcnews.com/news/world/iran-protests-mahsa-amini-news-hacked-supreme-leader-khamenei-protests-rcna51323; https://www.rferl.org/a/iran-protests-oil-workers-unrest/32073170.html; https://www.deutschlandfunk.de/iran-hackerangriff-staats-tv-100.html; https://www.haaretz.com/israel-news/2022-10-11/ty-article/.premium/irans-vision-at-home-and-in-mideast-falters-but-ties-with-russia-blossom/00000183-c68f-d1ea-a5c3-cedf15060000; https://www.hackread.com/iran-state-run-tv-hacked-edalate-ali-hackers/,2022-10-11,2023-07-14
1577,Pro-Russian group Killnet attacked Romanian websites from the state and private sector in April 2022,"Pro-Russian hacktivists Killnet claimed attacks on government websites in Romania in defense of Russia in the Ukraine-Russian War. The cyber threat actors published a message on Telegram that the attacks followed statements made by Marcel Ciolacu, President of the Romanian Chamber of Deputies, that promised ""maximum assistance"" for the defense of Ukraine and support in providing them with weapons. The Romanian Intelligence Service (SRI) issued a warning that DDoS attacks against Romania had begun on April 29, 2022 at 4:00am. The Romanian national cyber security and incident response team (DNSC) also issued a warning and were investigating the attacks. The attacks specifically targeted web apps (OSI level 7) and almost 300 websites, among them were: gov.ro (official website of Romania's Government); mapn.ro (official website of Romania's Ministry of Defense); politiadefrontiera.ro (official of Romanian Border Police); cfrcalatori.ro (official website of Romania's National Railway Transport Company); and otpbank.ro (site of a commercial bank operating in Romanian). Additional websites were the Ministry of Finance, Ministry of Health, Ministry of Internal Affairs, tax collection agency (ANAF), the Romanian Gendarmerie, and special telecommunications services STS. ""According to the initial statements of the National Directorate of Cyber ​​Security (DNSC), 'the main objective of the attackers is the inactivation of websites and web services, the destruction of reputation and the panic of users in Romania.'"" However, by May 1, 2022, the attack methods had diversified, including ransomware, spearphishing, and spoofing, and were being used to attack the same systems that were targeted in the previous DDoS attacks. The attacks, which used network equipment outside of Romania, caused several hours of disruption to the websites. The DNSC shared indicators of compromise for these attacks and published guidelines to mitigate them. 
As a response, Anonymous Romania claimed to attack the website of the Unified Procurement Information System of Russia and deleted data on April 30.",2022-04-29,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Ransomware,Not available,Romania,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system; Critical infrastructure; State institutions / political system; State institutions / political system,Government / ministries; Transportation; Civil service / administration; Police,Killnet,Russia,Non-state-group,Hacktivist(s),2,8494; 8493,2022-04-29 00:00:00; 2022-04-29 00:00:00,"Political statement / report (e.g., on government / state agency websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attribution by receiver government / state entity; Attacker confirms,Romanian Intelligence Service (SRI); Killnet,Not available; Not available,Romania; Russia,Killnet; Killnet,Russia; Russia,Non-state-group; Non-state-group,https://www.secureblink.com/cyber-security-news/romanian-government-becomes-the-victim-of-pro-russian-group-killnet; https://www.datacenterdynamics.com/en/news/romanian-government-sites-hit-by-russian-killnet-hacking-group/; https://www.bleepingcomputer.com/news/security/russian-hacktivists-launch-ddos-attacks-on-romanian-govt-sites/; https://securityaffairs.co/wordpress/130732/hacking/russian-hacktivists-ddos-romanian-govt.html; https://www.romania-insider.com/romania-cyberattack-russia-killnet-2022; https://www.romania-insider.com/romania-state-websites-cyberattack-2022,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-04-29 00:00:00,State Actors: Preventive measures,Awareness raising,Romania,SRI- Romanian Intelligence Service,No,,Exploit Public-Facing Application; Phishing,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html; https://www.sri.ro/articole/atacuri-cibernetice-asupra-site-urilor-unor-institutii-publice-si-financiar-bancare.html; https://therecord.media/killnet-ddos-hospitals-healthcare-russia; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://securityaffairs.com/160112/cyber-warfare-2/moldova-warns-of-hybrid-attacks-from-russia.html; https://research.checkpoint.com/2022/the-new-era-of-hacktivism/; https://www.secureblink.com/cyber-security-news/romanian-government-becomes-the-victim-of-pro-russian-group-killnet; https://www.datacenterdynamics.com/en/news/romanian-government-sites-hit-by-russian-killnet-hacking-group/; https://www.bleepingcomputer.com/news/security/russian-hacktivists-launch-ddos-attacks-on-romanian-govt-sites/; https://securityaffairs.co/wordpress/130732/hacking/russian-hacktivists-ddos-romanian-govt.html; https://www.romania-insider.com/romania-cyberattack-russia-killnet-2022; https://www.romania-insider.com/romania-state-websites-cyberattack-2022; https://twitter.com/twitter/status/1520516474070208512; https://twitter.com/twitter/status/1520515576019357696; https://twitter.com/twitter/status/1520515236909912064; https://twitter.com/twitter/status/1520538281758187520; https://twitter.com/twitter/status/1520335552960159744; https://twitter.com/twitter/status/1520607976045785088; https://twitter.com/twitter/status/1520554480814608384; https://twitter.com/twitter/status/1520827500309352448; https://twitter.com/cyber_etc/status/1530577129561374722?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS; https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/; https://therecord.media/ddos-denmark-us-russia-killnet/; https://www.databreaches.net/hc3-analyst-note-pro-russian-hacktivist-group-killnet-threat-to-hph-sector-2/,2022-10-11,2024-03-01
1573,Pro-Russian group Killnet disrupts over a dozen US airport websites on 10 October 2022,"Russian hacktivist group KillNet causes short-lived disruptions to over a dozen US airport websites on 10 October 2022. A target list published by KillNet on the group's Telegram channel included 49 domains related to airports in more than half of the countries' states. The DDOS attacks were significant enough to overwhelm the servers hosting sites where travelers booked flights and updates on flights were also impacted. Some of the inaccessible airport websited were: Hartsfield-Jackson Atlanta International Airport (ATL), Los Angeles International Airport (LAX), and Chicago O'Hare International Airport (ORD). The DDOS attacks were confirmed by an official at Department of Homeland Security; however, an official from CISA refused to comment on the attribution of the attacks.

Following the attacks, the FBI stated on November 4, 2022: ""Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success."" The FBI further stated that DDoS attacks have a minor impact on services provided to users because these attacks ""target public-facing infrastructure like websites instead of the actual services."" More specifically, the FBI related that DDoS attacks are ""opportunistic in nature"" and have more of a ""psychological impact.""",2022-10-10,2022-10-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,Daniel K. Inouye International Airport (HNL) - Des Moines International Airport (DSM) - Denver International Airport (DEN) - None - Los Angeles International Airport (LAX) - St. Louis Lambert International Airport (STL) - Phoenix Sky Harbor International Airport (PHX) - LaGuardia Airport (LGA) - Indianapolis International Airport (IND) - Orlando International Airport (MCO) - Chicago Midway International Airport (MDW),United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation - Transportation - Transportation - Transportation - Transportation - Transportation - Transportation - Transportation - Transportation,,Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,11518; 11519,2022-10-10 00:00:00; 2022-10-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by third-party,"Killnet; Frank J. Cilluffo (Academics, USA)",Not available; Not available,Russia; United States,,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state-group",https://www.usatoday.com/story/news/politics/2022/10/10/hackers-airport-websites-russia/8236879001/; https://abcnews.go.com/Technology/cyberattacks-reported-us-airports/story?id=91287965; https://t.me/killnet_reservs/3007,System / ideology,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/RecordedFuture/status/1623519318150463489; https://blog.cloudflare.com/uptick-in-healthcare-organizations-experiencing-targeted-ddos-attacks/; https://www.malwarebytes.com/blog/news/2023/02/killnet-group-targets-us-and-european-hospitals-with-ddos-attacks; https://twitter.com/securityaffairs/status/1627734553778442240; https://therecord.media/killnet-ddos-hospitals-healthcare-russia; https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation; https://www.darkreading.com/risk/cisos-find-business-as-usual-shows-the-harsh-realities-of-cyber-risk; https://therecord.media/queretaro-international-airport-mexico-cyberattack; https://www.usatoday.com/story/news/politics/2022/10/10/hackers-airport-websites-russia/8236879001/; https://www.theguardian.com/us-news/2022/oct/10/cyberattacks-disrupt-us-airport-websites; https://www.cbsnews.com/news/airport-websites-hacked-pro-russia-ddos-attack/; https://www.smh.com.au/world/north-america/let-the-hunger-games-begin-pro-russian-hackers-strike-us-airport-websites-20221011-p5borl.html; https://www.latimes.com/california/story/2022-10-10/los-angeles-airport-website-hacked-pro-russia-hacking-group-targets-airports-united-states; https://www.nbcnews.com/tech/security/us-travel-websites-knocked-offline-russian-hacker-group-calls-attack-rcna51482; https://apnews.com/article/technology-business-atlanta-680cf93f7eb0300127448c35299ad66e; https://abcnews.go.com/Technology/wireStory/airport-websites-offline-investigated-91295146; https://www.voanews.com/a/some-airport-websites-go-offline-cause-being-investigated-/6783953.html; https://www.govinfosecurity.com/us-airport-websites-targeted-by-russian-killnet-group-a-20239; https://www.darkreading.com/attacks-breaches/us-airports-cyberattack-crosshairs-pro-russian-group-killnet; https://www.bleepingcomputer.com/news/security/us-airports-sites-taken-down-in-ddos-attacks-by-pro-russian-hackers/; https://www.jpost.com/international/article-719356; https://www.securityweek.com/us-airport-websites-hit-suspected-pro-russian-cyberattacks; https://securityaffairs.co/wordpress/136894/hacktivism/killnet-targets-us-airports.html; https://edition.cnn.com/2022/10/10/us/airport-websites-russia-hackers/index.html; https://abcnews.go.com/Technology/cyberattacks-reported-us-airports/story?id=91287965; https://t.me/killnet_reservs/3007; https://www.digitalshadows.com/blog-and-research/killnet-the-hactivist-group-that-started-a-global-cyber-war/; https://therecord.media/coverage-of-killnet-ddos-attacks-plays-into-attackers-hands-experts-say/; https://www.databreaches.net/us-airports-in-cyberattack-crosshairs-for-pro-russian-group-killnet/; https://twitter.com/LawyerLiz/status/1579858370399698946; https://www.theguardian.com/culture/2022/oct/12/trevor-noah-kanye-west; https://www.voanews.com/a/experts-cyberattacks-on-us-airport-websites-highlight-ongoing-threats-/6790243.html; https://lookingglasscyber.com/blog/threat-intelligence-insights/lookingglass-cyber-monitor-october-14-2022/; https://www.foxbusiness.com/technology/major-us-airport-websites-taken-offline-pro-russia-hacking-group-takes-credit; https://www.bleepingcomputer.com/news/security/fbi-hacktivist-ddos-attacks-had-minor-impact-on-critical-orgs/; https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/; https://therecord.media/ddos-denmark-us-russia-killnet/,2022-10-11,2023-11-02
1575,"On February 23, 2022, several Ukrainian government institutions as well as some banks were attacked by (amongst others) pro-Russian hacktivists through a DDoS attack ","On February 23, 2022, the Ukrainian Minister of Digital Transformation, Mykhailo Fedorov, wrote on Telegram that around 16:00 several important Ukrainian government institutions as well as some banks were attacked by a DDoS attack. The government institutions are the Ukrainian Parliament (Verkhovna Rada), the Cabinet of Ministers, and the Ministry of Foreign Affairs. However, the names of the banks were not mentioned. The BBC reported that groups of ""patriotic"" Russian hackers were among the attackers. Parallel to the DDoS attack, malware was spread via cloned Ukrainian government websites (but no successful deployment was reported). The Insider and Bellingcat attributed the latter attack to the GRU hacker group APT28 (Fancy Bear). ",2022-02-23,2022-02-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,Cabinet of Ministers (Ukraine) - Ukrainian Parliament (Verkhovna Rada) - Not available - Ukraine’s Security Service (SBU) - Ministry of Foreign Affairs (Ukraine),Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,State institutions / political system - State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Finance - Intelligence agencies - Government / ministries,Not available,Russia,Non-state-group,Hacktivist(s),1,12393; 12393,2022-02-25 00:00:00; 2022-02-25 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Attacker confirms,BBC; BBC,Not available; Not available,United Kingdom; United Kingdom,Not available; Not available,Russia; Russia,Non-state-group; Non-state-group,https://www.bellingcat.com/news/2022/02/23/attack-on-ukrainian-government-websites-linked-to-russian-gru-hackers/; https://t.me/zedigital/1077; https://www.cnbc.com/2022/02/23/cyberattack-hits-ukrainian-banks-and-government-websites.html; https://www.ukrinform.net/rubric-society/3410616-websites-of-ukrainian-banks-govt-agencies-targeted-in-another-ddos-attack.html; https://www.politico.eu/article/minister-ukraine-websites-down-in-another-massive-online-attack/; https://theins.ru/politika/248818; https://www.bbc.com/news/technology-60528594,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-02-23 00:00:00,State Actors: Stabilizing measures,Statement by other ministers (or spokespersons)/members of parliament,Ukraine,"Mykhailo Fedorov (Minister of Digital Transformation, Ukraine)",No,,Not available,Network Denial of Service,,False,,Short-term disruption (< 24h; incident scores 1 point in intensity),,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,Not available,0.0,euro,,,,,0,,Not available,,Not available,Not available,Not available,,,,https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/; https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/; https://www.bellingcat.com/news/2022/02/23/attack-on-ukrainian-government-websites-linked-to-russian-gru-hackers/; https://t.me/zedigital/1077; https://www.cnbc.com/2022/02/23/cyberattack-hits-ukrainian-banks-and-government-websites.html; https://www.ukrinform.net/rubric-society/3410616-websites-of-ukrainian-banks-govt-agencies-targeted-in-another-ddos-attack.html; https://www.politico.eu/article/minister-ukraine-websites-down-in-another-massive-online-attack/; https://theins.ru/politika/248818; https://www.bbc.com/news/technology-60528594; https://www.nytimes.com/interactive/2022/12/16/world/europe/russia-putin-war-failures-ukraine.html,2022-10-11,2023-08-17
1566,"The City of Tucson in Arizona was hacked and personal information of 123,500 individuals was stolen in 2022","Hackers stole personal information, including social security numbers, driver's licenses, state identification and passport numbers from the network of the City of Tucson in Arizona during the period of 17-31 May 2022, according to the city.",2022-05-17,2022-05-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,City of Tucson ,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,,,,1,; 7153,NaT; NaT,; Not available,; Not available,; Not available,; Not available,; Not available,; Unknown,; Not available,; Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,0.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.securityweek.com/personal-information-123k-individuals-exposed-city-tucson-data-breach; https://securityaffairs.co/wordpress/136735/data-breach/city-of-tucson-data-breach.html; https://apps.web.maine.gov/online/aeviewer/ME/40/d860ebbf-49e8-4e8f-ad8c-d7359c836c9b.shtml; https://apps.web.maine.gov/online/aeviewer/ME/40/d860ebbf-49e8-4e8f-ad8c-d7359c836c9b/9591839b-dc88-4261-9e60-f6c4cd709ace/document.html,2022-10-10,2023-02-19
1567,"Pro-Russian group Killnet disrupts government websites in Colorado, Kentucky and Mississippi on 5 October 2022","Russian hacktivist group Killnet disrupts the government websites of Colorado, Kentucky and Mississippi on 5 October 2022, according to the hackers. ",2022-10-05,2022-10-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,,Disruption,Official Government Portal of Colorado - Official Government Portal of Kentucky - Official Government Portal of Mississippi,United States; United States; United States,NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - State institutions / political system - State institutions / political system,Civil service / administration - Civil service / administration - Civil service / administration,Killnet,Russia,Non-state-group,Hacktivist(s),1,11517,2022-10-05 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,Not available,Russia,Killnet,Russia,Non-state-group,https://edition.cnn.com/2022/10/05/politics/russian-hackers-state-government-websites/index.html,System / ideology,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,None/Negligent,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/russian-speaking-hackers-knock-us-state-government-websites-offline/; https://www.darkreading.com/attacks-breaches/russian-hackers-shut-down-state-government-sites; https://edition.cnn.com/2022/10/05/politics/russian-hackers-state-government-websites/index.html,2022-10-10,2023-07-14
1569,VSOP stole and leaked information from Guatemalan Ministry of Foreign Affairs in September 2022,"VSOP stole information from the Guatemalan Ministry of Foreign Affairs and leaked files of the Guatemalan consulate in New York in September 2022. The compromise resulted in the temporary unavailability of ministry services. Disclosed details included appointment data, passport information and reports on detainees and deportees, the latter dating back as far as 2014.",2022-09-01,2022-10-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,Ministry of Foreign Affairs (Guatemala),Guatemala,CENTAM,State institutions / political system,Government / ministries,VSOP,Not available,Unknown - not attributed,,1,5708,2022-09-30 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,VSOP,Not available,Not available,VSOP,Not available,Unknown - not attributed,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-11/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration; Service Stop,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,8.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty; Law of treaties (pacta sunt servanda),Prohibition of intervention; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-11/; https://prensa.gob.gt/comunicado/comunicado-oficial-0; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-16/,2022-10-10,2023-02-19
1570,Unknown actors used JavaScript-code BrownFlood to target mainly Ukrainian websites with DDoS since March 2022,"Ukraine's computer emergency response team (CERT-UA), in cooperation with the National Bank of Ukraine (CSIRT-NBU), identified and warned about DDoS attacks that targeted pro-Ukrainian sites, including a government web portal, and were disseminating from compromised WordPress sites using the malicious JavaScript-code BrownFlood (CERT-UA#4553). Hackers inserted the malicious script into WordPress sites so that visitors' browsers unwittingly performed Distributed Denial of Service (DDoS) attacks on the following websites: https://stop-russian-desinformation.near.page; https://gfsis.org/ (inaccessible); http://93.79.82.132/; http://195.66.140.252/; https://kordon.io/; https://war.ukraine.ua/ (news portal); https://www.fightforua.org/ (international enlistment portal); https://bank.gov.ua/; https://liqpay.ua (inaccessible); https://edmo.eu (news portal); kmu.gov.ua (Ukrainian government portal); callrussia.org (project to raise awareness in Russia); gngforum.ge (inaccessible); secjuice.com (infosec advice for Ukrainians); playforukraine.org (play-based fundraiser); micro.com.ua (inaccessible); ntnu.no (Norwegian university site); megmar.pl (Polish logistics firm). These sites didn't appear randomly selected since all had been vocal in their support of Ukraine during the Russian invasion of Ukraine.
The JavaScript, when loaded, coopted the device and forced the visitors' browser to perform HTTP GET requests to each of the sites listed above. This activity occurred in the background and the users were unaware except for their devices operating slower. ""Each request to the targeted websites will utilize a random query string so that the request is not served through a caching service, such as Cloudflare or Akamai, and is directly received by the server being attacked."" ""developer Andrii Savchenko states that hundreds of WordPress sites are compromised to conduct these attacks."" According to Avast, the same script was found on compromised websites as early as March 7th, 2022. According to BleepingComputer, the script was found on GitHub and one website found to contain this malicious script was https://stop-russian-desinformation.near.page, which is a pro-Ukrainian site and the attacks were against Russian targets.

",2022-03-07,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Disruption,Norwegian University of Science and Technology - Not available,Norway; Ukraine,EUROPE; NATO; NORTHEU - EUROPE; EASTEU,State institutions / political system; Critical infrastructure; Education - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups,Civil service / administration; Research;  - ; ; Finance; ,Not available,Not available,Not available,,1,10753,2022-04-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,Not available,Ukraine,Not available,Not available,Not available,https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/; https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-ddos-attacks-from-compromised-wordpress-sites/; https://cert.gov.ua/article/39925,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-04-28 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,Drive-By Compromise,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/; https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-ddos-attacks-from-compromised-wordpress-sites/; https://cert.gov.ua/article/39925,2022-10-10,2023-10-30
1571,"Several hours before the Russian invasion in February 2022, IRIDIUM attacked more than a dozen organizations in Ukraine using FoxBlade malware","According to Microsoft, just before the Russian invasion on February 24, 2022, the IRIDIUM group (aka Sandworm) used the FoxBlade malware (aka HermeticWiper) to launch a destructive cyber attack on Ukrainian organizations. The attack aimed to destroy over 300 systems in government, IT, energy, and finance sectors. The malware was detected on February 23, 2022, but the attackers had likely gained access to the network as early as December 2021. The specific access vector remains unclear, but the attackers used various methods, including exploiting Microsoft Exchange Server and SQL Server vulnerabilities. The HermeticWiper malware corrupted data, disabled backup services, and rendered targeted computer systems inoperable, impacting Ukraine, Lithuania, and Latvia. The attack was likely related to the escalating conflict in Ukraine, with the goal of crippling local IT systems and hindering the government's response capabilities. As of May 2022, the HermeticWiper attacks remained a continued risk, leading to joint advisories from CISA and the FBI for organizations to protect against such threats.",2022-02-23,2022-02-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption; Hijacking without Misuse,Not available - Not available,Lithuania; Ukraine,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; EASTEU,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; Critical infrastructure; Critical infrastructure,Transportation; ; Finance; Defence industry - Government / ministries; Energy; ; Military; Transportation; Defence industry,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,State,,1,12193,2022-02-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,State,https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",,,4,Moderate - high political importance,4.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,High,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1651371578888945664; https://www.darkreading.com/microsoft/microsoft-digital-defense-report-key-cybercrime-trends; https://cyberlaw.ccdcoe.org/wiki/HermeticWiper_malware_attack_(2022); https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd; https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/; https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/; https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/; https://thehackernews.com/2022/03/microsoft-finds-foxblade-malware-hit.html; https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/; https://twitter.com/ESETresearch/status/1496581903205511181?s=20&t=28eN-xDjqHCNGLH5ZCYdkQ; https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia; https://www.rferl.org/a/us-blames-russia-cyberattack-ukraine/31710689.html; https://www.wired.com/story/worst-hacks-2022/; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/; https://securityaffairs.com/141752/malware/apt-gamaredon-attacks.html; https://twitter.com/securityaffairs/status/1621443390691840001; https://twitter.com/Dennis_Kipker/status/1621467787326590977; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html,2022-10-10,2023-11-10
1572,"Russian threat actors attack a Ukrainian governmental network with the IsaacWiper on February 24, 2022","According to ESET, on February 24, 2022, unknown threat actors launched an attack against a Ukrainian governmental network using IsaacWiper. Shortly before, on February 23, there was a destructive campaign with HermeticWiper against some Ukrainian organizations. A connection between the IsaacWiper and HermeticWiper has not yet been identified by ESET. However the IsaacWiper was found at an organization that was not a target of the HermeticWiper. A day after the IsaacWiper attack, a new version of the Wiper was deployed. ESET suspects that the attackers were not able to wipe all target systems and added log messages to understand what was happening. According to Malwarebytes, no code overlap was found between IsaacWiper, HermeticWiper, or WhisperGate. Moreover, the company perceives IsaacWiper as far less advanced than HermeticWiper. Singapore-based Cyfirma stated on March 4, that IsaacWiper belongs to Russia`s wiper arsenal used against Ukraine, just as HermeticWiper etc. ",2022-02-24,2022-02-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,Not available; Not available,Not available; Russia,Unknown - not attributed; State,,2,7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815; 7815,2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00; 2022-03-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,ESET; ESET; ESET; ESET; ESET; ESET; ESET; ESET; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma; Cyfirma,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,Slovakia; Slovakia; Slovakia; Slovakia; Singapore; Singapore; Singapore; Singapore; Slovakia; Slovakia; Slovakia; Slovakia; Singapore; Singapore; Singapore; Singapore,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia; Not available; Not available; Russia; Russia,Unknown - not attributed; State; Unknown - not attributed; State; Unknown - not attributed; State; Unknown - not attributed; State; Unknown - not attributed; State; Unknown - not attributed; State; Unknown - not attributed; State; Unknown - not attributed; State,https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,Disk Wipe,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,,,,Not available,0,,Not available,,Not available,Not available,Not available; Not available,,,,https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://twitter.com/Cyber_O51NT/status/1629280661474508801; https://twitter.com/780thC/status/1629087842516320256; https://www.cyfirma.com/outofband/emerging-cyber-threats-in-the-ongoing-russia-ukraine-conflict/; https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html; https://twitter.com/securityaffairs/status/1654074007052861440; https://securityaffairs.com/152617/apt/sandworm-ukraine-telecommunication-service.html; https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://securityaffairs.com/156958/cyber-warfare-2/sandworm-inside-kyivstar-for-months.html; https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/; https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-ukraine-hit-by-destructive-attacks-before-and-during-the-russian-invasion-with-hermet/; https://thehackernews.com/2022/03/second-new-isaacwiper-data-wiper.html; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/,2022-10-10,2023-11-10
1565,Shuckworm / Gamaredon attacked an organization in Ukraine with seven self-extracting 7-Zip SFX binaries between July and August 2021,"According to Symantec, the Russia-linked group Shuckworm (Gamaredon/Armageddon) attacked an organization in Ukraine between July and August 2021 using seven self-extracting 7-Zip SFX binaries. According to the report, the targeted machines have actually been infected because the user opened the malicious file. In the following, the attackers executed several variants of the Pterodo malware, that is associated with Shuckworm / Gamaredon. Moreover, the group deployed multiple variants of their custom VBS backdoor on the infected machine. Symantec could not assess if Gamaredon actually opened files on the machine, because this could have been legitimate user activity. 
",2021-07-14,2021-08-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Ukraine,EUROPE; EASTEU,Other,,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7492,2022-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine,Territory; Resources; International power,Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Phishing,Resource Hijacking,Required,False,,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Low,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine; https://www.bleepingcomputer.com/news/security/russian-gamaredon-hackers-use-8-new-malware-payloads-in-attacks/,2022-10-09,2023-06-16
1562,"Middle East-based DeftTorero targeted a variety of sectors in the region with new tactics, techniques and procedures starting in 2019","Kaspersky reports that the threat actor DeftTorero (Lebanese Cedar/Volatile Cedar) from the Middle East became known in attacks as early as 2015. With no further activity detected until 2021, the IT company found a change in tactics, techniques and procedures and investigated them for the period from 2019 to 2021. The main targets were corporates and the education, government, military, media and telecommunications sectors in the Middle East.",2019-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None - None - None - None - None,Turkey; Egypt; Saudi Arabia; Lebanon; Kuwait; Jordan; United Arab Emirates,ASIA; NATO; MEA - MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science,Military; Telecommunications; ; ;  - Military; Telecommunications; ; ;  - Military; Telecommunications; ; ;  - Military; Telecommunications; ; ;  - Military; Telecommunications; ; ;  - Military; Telecommunications; ; ;  - Military; Telecommunications; ; ; ,DeftTorero/Volatile Cedar/Lebanese Cedar,Middle East (region),Unknown - not attributed,,1,7156,2022-10-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,DeftTorero/Volatile Cedar/Lebanese Cedar,Middle East (region),Unknown - not attributed,https://securitymea.com/2022/10/05/kaspersky-uncovers-new-tactics-used-by-middle-eastern-apt-group-defttorero/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",2.0,Minor,2.0,Not available,Not available,Not available,0.0,1-10,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securitymea.com/2022/10/05/kaspersky-uncovers-new-tactics-used-by-middle-eastern-apt-group-defttorero/; https://twitter.com/campuscodi/status/1577477170590613504; https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/; https://securelist.com/defttorero-tactics-techniques-and-procedures/107610/; https://www.itweb.co.za/content/VgZey7JllVDqdjX9,2022-10-06,2023-02-19
1563,Colombia's National Food and Drug Surveillance Institute (INVIMA) services were disrupted,"Colombia's National Food and Drug Surveillance Institute (INVIMA) experienced disruptions, knocking offline the agency's website as well as the service to process import licenses for medicines.",2022-10-03,2022-10-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,National Food and Drug Surveillance Institute (INVIMA; Colombia),Colombia,SOUTHAM,State institutions / political system,Civil service / administration,Unknown,Not available,Not available,,1,7155,NaT,Not available,Not available,Not available,Not available,Not available,Unknown,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Unknown,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,10.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; International peace; Sovereignty,"Economic, social and cultural rights; Prohibition of intervention; ",Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/colombia-national-food-and-drug-surveillance-institute-hit-with-cyberattack/; https://twitter.com/invimacolombia/status/1577455552954712064; https://mobile.twitter.com/linapc/status/1577118540200493056,2022-10-06,2023-02-19
1561,Pro-Russian hacktivist group XakNet targeted Ukrainian organizations via DDoS and other methods in March 2022,"Cybersecurity authorities from the United States, Australia, Canada New Zealand, and the United Kingdom issued a joint Cybersecurity advisory (CSA) warning of a new Russia-language cyber crime group, XakNet, that was targeting Ukrainian organizations via DDoS and other attack methods. On March 31, 2022, XakNet released a statement that they worked exclusively for the benefit of the Russian Federation. In late March 2022, the group released a statement critical of the Ukrainian government and leaked email data from a Ukrainian governmental official and the Ukrainian Ministry of Foreign Affairs. To counter the cyber attacks, CISA recommends critical infrastructure organizations prepare to defend themselves from cyber threats by immediately updating software, enforcing MFA, securing and monitoring RDP and other potentially risky services, and providing end-user awareness and training. It is suspected that the XakNet group may work in affiliation with Killnet.",2022-03-31,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by attacker; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,Ministry of Foreign Affairs (Ukraine),Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,XakNet,Russia,Non-state-group,Hacktivist(s),2,12394; 12394; 12394; 12394; 12394; 12395,2022-04-20 00:00:00; 2022-04-20 00:00:00; 2022-04-20 00:00:00; 2022-04-20 00:00:00; 2022-04-20 00:00:00; 2022-03-31 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms,Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); XakNet,; ; ; ; ; Not available,Australia; Canada; New Zealand; United Kingdom; United States; Russia,XakNet; XakNet; XakNet; XakNet; XakNet; XakNet,Russia; Russia; Russia; Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://twitter.com/Cyberknow20/status/1509448590413860866?s=20&t=vpG0VcF4EZvQ-ebYtTd9Xw; https://www.cisa.gov/uscert/ncas/alerts/aa22-110a; https://securityboulevard.com/2022/04/a-significant-spike-in-cyberattacks-from-russia-could-be-expected-in-april/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-04-20 00:00:00,State Actors: Preventive measures,Capacity building in third countries,Australia,Cybersecurity and Infrastructure Security Agency (CISA),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/Cyberknow20/status/1509448590413860866?s=20&t=vpG0VcF4EZvQ-ebYtTd9Xw; https://www.cisa.gov/uscert/ncas/alerts/aa22-110a; https://securityboulevard.com/2022/04/a-significant-spike-in-cyberattacks-from-russia-could-be-expected-in-april/,2022-10-05,2023-12-20
1553,North Korean state-sponsored hacker group Lazarus gained access to the corporate network of an aerospace company in the Netherlands in October 2021,"North Korean state-sponsored hacker group Lazarus gained access to the corporate network of an aerospace company in the Netherlands for data exfiltration purposes in autumn 2021, attributed by IT-security company ESET with high confidence. 
The hacker group used the Dell firmware exploit (CVE-2021-21551) to deploy various malware. In a related case, the attempt to gain access to the computer of a Belgian political journalist was stopped. ",2021-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,Not available,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Space,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7638,2022-09-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/; https://www.virusbulletin.com/uploads/pdf/conference/vb2022/VB2022-Kalnai-Havranek.pdf,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,4.0,Not available,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://securitymea.com/2023/02/09/eset-threat-reports-on-russian-invasions-impact-on-digital-threats/; https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/; https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/; https://www.bleepingcomputer.com/news/security/lazarus-hackers-abuse-dell-driver-bug-using-new-fudmodule-rootkit/; https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/; https://twitter.com/cybersecboardrm/status/1576976076860973056; https://thehackernews.com/2022/10/hackers-exploiting-dell-driver.html; https://securityaffairs.co/wordpress/136623/apt/lazarus-exploit-dell-firmware-driver.html; https://www.securityweek.com/north-korean-hackers-exploit-dell-driver-vulnerability-disable-windows-security; https://www.virusbulletin.com/uploads/pdf/conference/vb2022/VB2022-Kalnai-Havranek.pdf; https://socradar.io/apt-group-lazarus-exploits-high-severity-flaw-in-dell-driver/,2022-10-05,2023-02-27
1554,The Russia-affiliated Conti Group carried out a ransomware attack against several Costa Rican government institutions in April 2022,"The Russia-affiliated Conti/Wizard Spider group gained access toand stole data from 27 governmental entities, municipalities and state-run utilities in Costa Rica during 11-18 April 2022.
IT security company AdvIntel questioned whether ransom demands of $10 million and subsequently $20 million dollars cited in news reports should be taken seriously, speculating that Conti rather conducted this final attack as a publicity before disbanding and reorganizing. 
In response to the ransomware attacks, Costa Rican President Rodrigo Chaves declared a national emergency on 8 May 2022. 
Additionally, the US State Department is offering a $10 million reward for information leading to the identification of Conti group members.
Due to the groups pro-Russian stance, it took in the course of war in Ukraine, the Conti group dismantled into multiple splinter groups that were part of the Conti Ransomware group. The core group of Conti operators responsible for the attack against the Costa Rican government subsequently reconstituted under the name Quantum.
Almost a year after the attack, in March 2023, the US government announced that it plans on providing $25 million to the government of Costa Rica in cybersecurity assistance to help recover from the incident and to strengthen its digital infrastructure.

Among the institutions affected were: The Finance Ministry; The Ministry of Science, Innovation, Technology, and Telecommunications; The Labor and Social Security Ministry; The Social Development and Family Allowances Fund; The National Meteorological Institute; The Costa Rican Social Security Fund and The Interuniversity Headquarters of Alajuela.",2022-04-11,2022-04-18,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,None - None - None - None - None - None - None - None - None - None - None,Costa Rica; Costa Rica; Costa Rica; Costa Rica; Costa Rica; Costa Rica; Costa Rica; Costa Rica; Costa Rica; Costa Rica; Costa Rica,CENTAM - CENTAM - CENTAM - CENTAM - CENTAM - CENTAM - CENTAM - CENTAM - CENTAM - CENTAM - CENTAM,State institutions / political system; Education - State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system - Critical infrastructure - Unknown - Critical infrastructure - State institutions / political system - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,Civil service / administration;  - Government / ministries - Energy - Civil service / administration - Government / ministries -  -  - Health - Government / ministries - Government / ministries; Telecommunications - Civil service / administration; Finance,None; None,Not available; Not available,Non-state-group; Individual hacker(s),Criminal(s); ,2,16074; 16074; 16073,2022-05-20 00:00:00; 2022-05-20 00:00:00; 2022-04-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms,AdvIntel; AdvIntel; Conti Group,; ; Not available,United States; United States; Russia,; ; ,Not available; Not available; Russia,Non-state-group; Individual hacker(s); Non-state-group,https://heimdalsecurity.com/blog/check-out-these-new-details-on-the-costa-rica-government-attack-by-conti-ransomware/; https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/; https://www.bbc.com/news/technology-61323402; https://www.centralamerica.com/news/costa-rica-cyber-attack-currently-underway/; https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape,System / ideology,Unknown,,Unknown,,2,2022-05-08 00:00:00; 2023-03-30 00:00:00,State Actors: Stabilizing measures; State Actors: Preventive measures,Statement by head of state/head of government (or executive official); Capacity building in third countries,Costa Rica; United States,Rodrigo Chaves (President of Costa Rica); U.S. Department of State,No,,Valid Accounts,Data Exfiltration; Defacement,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",11-50,0.0,1-10,1.0,Not available,0.0,dollar,None/Negligent,Sovereignty,,Not available,1,2022-05-08 00:00:00,Proclamation of public emergency (national level),,Costa Rica,"Rodrigo Chaves (President, Costa Rica)",Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://twitter.com/SentinelOne/status/1627742884827959296; https://heimdalsecurity.com/blog/check-out-these-new-details-on-the-costa-rica-government-attack-by-conti-ransomware/; https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/; https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion; http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_articulo.aspx?param1=NRA&nValor1=1&nValor2=96886&nValor3=130028&nValor4=-1&nValor5=2&nValor6=08/05/2022&strTipM=FA; https://www.bleepingcomputer.com/news/security/costa-rica-declares-national-emergency-after-conti-ransomware-attacks/; https://therecord.media/ransomware-tracker-the-latest-figures/; https://www.cyberscoop.com/karakurt-extortion-cisa-advisory-conti-ransomware/; https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/; https://www.swissinfo.ch/spa/costa-rica-gobierno_chaves-decreta-emergencia-de-ciberseguridad-y-elimina-el-uso-de-mascarilla/47577168; https://twitter.com/CCSSdeCostaRica/status/1516465311872172032?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516465311872172032%7Ctwgr%5E7a28d45cc8c3f935187136be031b9f32af083fc2%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcosta-rica-declares-national-emergency-after-conti-ransomware-attacks%2F; http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_articulo.aspx?param1=NRA&nValor1=1&nValor2=96886&nValor3=130028&nValor5=2&strTipM=FA; https://www.bbc.com/news/technology-61323402; https://www.micitt.go.cr/2022/05/06/estados-unidos-ofrece-recompensa-por-informacion-que-lleve-a-co-conspiradores-de-conti-ransomware-ante-la-justicia/; https://www.ameliarueda.com/nota/costa-rica-en-emergencia-nacional-por-ciberataques-noticias-costa-rica; https://www.centralamerica.com/news/costa-rica-cyber-attack-currently-underway/; https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape; https://observador.cr/ministro-elian-villegas-reconoce-hackeo-en-sistemas-de-hacienda-y-asegura-que-no-pagara-por-rescate/; https://restofworld.org/2022/cyberattack-costa-rica-citizens-hurting/; https://www.wired.com/story/most-dangerous-people-on-the-internet-2022/; https://www.eff.org/deeplinks/2022/12/hacking-governments-and-government-hacking-latin-america-2022-year-review; https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/; https://www.wired.com/story/twitter-leak-200-million-user-email-addresses/; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-24/; https://twitter.com/SentinelOne/status/1631004375563862036; https://cyberscoop.com/white-house-announces-25-million-in-cybersecurity-aid-to-costa-rica/; https://therecord.media/biden-administration-commits-25-million-costa-rica-ransomware-recovery; https://www.wired.com/story/white-house-costa-rica-albania-ransomware-aid/; https://www.defenseone.com/defense-systems/2023/03/state-department-give-costa-rica-25m-cybersecurity/384603/; https://www.databreaches.net/us-commits-25-million-to-costa-rica-for-conti-ransomware-recovery/; https://cyberscoop.com/microsoft-cobalt-strike-hacking-tool/; https://blogs.microsoft.com/on-the-issues/2023/04/06/stopping-cybercriminals-from-abusing-security-tools/; https://therecord.media/foreign-cyber-aid-state-department-congress; https://cyberscoop.com/fick-cyber-diplomats-embassies/; https://www.databreaches.net/one-of-the-scariest-podcasts-ever/; https://socradar.io/cyber-attacks-on-latin-american-governments/; https://therecord.media/buenos-aires-legislature-announces-ransomware-attack/; https://therecord.media/cisa-fbi-warn-royal-ransomware-gang-rebrands-blacksuit; https://therecord.media/trinidad-and-tobago-government-agency-hit-with-post-christmas-cyberattack; https://www.techrepublic.com/article/cyber-security-trends-uk/,2022-10-05,2024-01-10
1555,Russian hackers attacked Gloucester City Council's website using malware in December 2021,"In December 2021, Russian hackers attacked Gloucester City Council's website using malware embedded in an email. Several online services could no longer be accessed. The cost of completely rebuilding the website was already £787,000 in October 2022 and could still exceed the amount of £1 million.
In a council meeting on 27 November 2023, the institution dealt with the cyberattack, its impact, recovery and lessons learnt. The meeting document states that the incident cost the council in total  £ 1.1 million. Furthermore, it states that the attackers used spear phishing and then established a foothold in the target systems, in order to 230GB or 240,000 files to a file sharing website in New Zealand and from then to an unknown destination. The stolen data might have included personally identifiable data, as addressed by the GDPR. After the attackers stole the data, they conducted a ransomware operation, resulting in the ""encryption of all servers making
almost every council system inaccessible, and subsequently most services ceased being able to function effectively.""",2021-11-24,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,Gloucester City Council,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Civil service / administration,Not available,Russia,Not available,,1,14705,2022-01-18 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,Not available,Not available,United Kingdom,Not available,Russia,Not available,https://www.bbc.com/news/uk-england-gloucestershire-60045060,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,12.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,0.0,=< 10 Mio,1400000.0,dollar,Not available,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bbc.com/news/uk-england-gloucestershire-63087153; https://www.bbc.com/news/uk-england-gloucestershire-63129084; https://www.bbc.com/news/uk-england-gloucestershire-60045060; https://www.gloucestershirelive.co.uk/news/gloucester-news/gloucesters-cyber-attack-financial-fallout-7659790; https://www.databreaches.net/uk-just-a-slap-on-the-wrist-for-gloucester-council-data-breach-which-saw-peoples-data-fall-into-hands-of-criminals/; https://therecord.media/st-helens-council-suspected-ransomware-attack-england; https://democracy.gloucester.gov.uk/documents/s59773/Cyber%20Attack%20Impact%20and%20Lessons%20Learnt%20Report.pdf; https://www.cybersecurityintelligence.com/blog/cyber-attacks-hit-three-english-councils-at-once-7410.html,2022-10-05,2023-11-29
1558,Multiple unnamed APTs obtained sensitive information from US defense company since January 2021,"Multiple APT groups gained long-term access to a US defense company as early as January 2021 and mainted access through January 2022, based on a joint advisory issued by CISA, the FBI, and the NSA. Utilizing a series of recently disclosed vulnerabilities to take advantage of unpatched systems, the attackers installed China Chopper webshells on Exchange servers to steal sensitive data through a custom exfiltration tool. ",2021-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,,Not available,State,,1,7160,2022-10-04 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,Recorded Future,Not available,United States,,Not available,State,https://therecord.media/cisa-multiple-government-hacking-groups-had-long-term-access-to-defense-company/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available; Valid Accounts,Data Exfiltration,Required,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.cyberscoop.com/feds-release-advisory-apts/; https://www.bleepingcomputer.com/news/security/us-govt-hackers-stole-data-from-us-defense-org-using-new-malware/; https://therecord.media/cisa-multiple-government-hacking-groups-had-long-term-access-to-defense-company/; https://www.cisa.gov/uscert/ncas/alerts/aa22-277a; https://twitter.com/CyberScoopNews/status/1577428097602920449; https://www.c4isrnet.com/cyber/2022/10/05/us-says-hackers-attacked-defense-organization-stole-sensitive-info/; https://twitter.com/GossiTheDog/status/1577422022254071809; https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html; https://www.securityweek.com/us-government-details-tools-used-apts-defense-organization-attack; https://twitter.com/Dinosn/status/1577540118956724225; https://twitter.com/cybereason/status/1577665461105442818; https://twitter.com/cahlberg/status/1577505324608942080,2022-10-05,2023-02-19
1542,State-sponsored hacker group hijacked Microsoft Exchange Servers and stole information of 10 global organizations since August 2022,"A state-sponsored hacker group hijacked Microsoft Exchange Servers and stole information from 10 global organizations, including one critical infrastructure operator, since August 2022, according to a report made by Microsoft with medium confidence. 
The hacker group used two zero-day vulnerabilities (CVE-2022-41040; CVE-2022-41082), named ProxyNotShell to deploy the Chinese Chopper webshell. ",2022-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Global (region),,Unknown; Critical infrastructure,,Unknown,Not available,"Non-state actor, state-affiliation suggested",,2,18571; 18572,2022-09-30 00:00:00; 2022-09-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; GTSC,,United States; Vietnam,Unknown; Unknown,Not available; China,"Non-state actor, state-affiliation suggested; Unknown - not attributed",https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html; https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,Yes,multiple,Exploit Public-Facing Application; Valid Accounts,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Not available,3.0,Minor,2.0,Not available,Not available,1-10,0.0,Not available,0.0,Not available,0.0,euro,Not available,Sovereignty; International organizations,,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://www.hackread.com/muddling-meerkat-espionage-great-firewall-china/; https://twitter.com/Cyberwarzonecom/status/1575635646450106368; https://socradar.io/threat-actors-exploit-unpatched-microsoft-exchange-zero-days/; https://twitter.com/hackerfantastic/status/1575627994403840000; https://www.hackread.com/microsoft-confirms-0-days-exchange-servers/; https://www.heise.de/news/Warten-auf-Sicherheitsupdates-Zero-Day-Attacken-auf-Microsoft-Exchange-Server-7280460.html; https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/; https://www.govinfosecurity.com/possible-chinese-hackers-exploit-microsoft-exchange-0-days-a-20182; https://twitter.com/cybersecboardrm/status/1576604169791733763; https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-proxynotshell-exploits-for-sale-on-github/; https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/; https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html; https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/; https://twitter.com/_r_netsec/status/1576979919665770496; https://www.heise.de/news/Exchange-Server-Zero-Day-Bisheriger-Workaround-unzureichend-7283072.html; https://www.securityweek.com/microsoft-links-exploitation-exchange-zero-days-state-sponsored-hacker-group; https://www.securityweek.com/mitigation-proxynotshell-exchange-vulnerabilities-easily-bypassed; https://thehackernews.com/2022/10/proxynotshell-new-proxy-hell.html; https://securityaffairs.co/wordpress/136596/hacking/microsoft-exchange-0day-mitigations-bypass.html; https://www.heise.de/news/Exchange-0-Day-Microsoft-korrigiert-Workaround-7284241.html; https://www.bleepingcomputer.com/news/security/microsoft-updates-mitigation-for-proxynotshell-exchange-zero-days/; https://therecord.media/microsoft-updates-guidance-for-proxynotshell-bugs-after-researchers-get-around-mitigations/; https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html; https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html; https://www.cybersecasia.net/news/two-recent-zero-day-vulnerabilities-affecting-microsoft-exchange-not-exploited-yet; https://www.securityweek.com/patch-tuesday-microsoft-scrambles-thwart-new-zero-day-attacks; https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/; https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2022-patch-tuesday-fixes-6-exploited-zero-days-68-flaws/,2022-10-04,2024-04-17
1543,Russian hacker group National Republican Army (NRA) attacked Russian software developer Unisoftware with ransomware and stole information,"Russian hacker group National Republican Army (NRA) attacked Russian software developer Unisoftware with ransomware and stole information to protest against the Russian government and its war against Ukraine. According to statements by the group published in the Ukrainian newspaper Kyiv Post, its actions pursue the overthrow of the government.
The Kyiv Post authenticated the stolen data and verified several of Unisoftware's government clients. The identity of these organizations remains unknown. The Federal Tax Service, the Ministry of Finance and the Central Bank are believed to be among the company's clients. ",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Ransomware,None - Unisoftware,Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries - ,,Russia,Non-state-group,Hacktivist(s),1,7170,2022-10-02 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,National Republican Army (NRA),Not available,Russia,,Russia,Non-state-group,https://www.kyivpost.com/world/russian-citizens-wage-cyberwar-from-within.html,System / ideology; National power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Not available,0.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://twitter.com/YourAnonNews/status/1576737272648683520; https://twitter.com/Cyberknow20/status/1576549145942233088; https://www.kyivpost.com/world/russian-citizens-wage-cyberwar-from-within.html; https://twitter.com/officejjsmart/status/1576526846736601088,2022-10-04,2023-02-27
1544,Hackers compromised the databases and disrupted some services of Mimoso do Sul city hall in Brazil on 29 September 2022,"Hackers compromised the databases and disrupted some services of Mimoso do Sul city hall in Brazil on 29 September 2022, according to a social media post of the local administration. ",2022-09-29,2022-09-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,Mimoso do Sul City Hall,Brazil,SOUTHAM,State institutions / political system,Civil service / administration,Unknown,Not available,Unknown - not attributed,,1,7169,NaT,Not available,Not available,Not available,Not available,Not available,Unknown,Not available,Unknown - not attributed,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,Not available,,Not available,Data Encrypted for Impact; Service Stop,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,3,Moderate - high political importance,3.0,Minor,3.0,Not available,Not available,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/ransomwaremap/status/1576458666555084800; https://www.instagram.com/p/CjGNolYuTJZ/?utm_source=ig_embed&ig_rid=8acaa568-02d4-4925-a1f6-f7eca019f0c9; https://www.agazeta.com.br/es/cotidiano/prefeitura-de-mimoso-do-sul-tem-sistema-invadido-em-ataque-cibernetico-0922,2022-10-04,2023-02-19
1546,Emails involving Labour Party councillors in Croydon and journalist Steven Downes hacked in early 2021,"Email correspondence involving several Labour Party councillors in Croydon and Steven Downes, a journalist reporting for the local newspaper Inside Croydon, was compromised through a hack of Downes account in early 2021, according to the Investigative Unit of Al Jazeera. Material from the hacked emails was subsequently used to expel David White, then secretary of Croydon Central Constituency Labour Party, and Andrew Pelling, then councillor in Croydon. ",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,Steven Downes,United Kingdom,EUROPE; NATO; NORTHEU,Media,,Unknown,Not available,Unknown - not attributed,,1,4121,NaT,Not available,Not available,Not available,Not available,Not available,Unknown,Not available,Unknown - not attributed,,System / ideology; National power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,12.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/jsrailton/status/1576387939722227712; https://www.youtube.com/watch?v=db-Gpmfajp8; https://www.ajiunit.com/article/unprecedented-leak-exposes-inner-workings-of-uk-labour-party/,2022-10-04,2023-02-19
1550,Pro-Russian group Ghostwriter/UNC1151 hijacked social media accounts of Ukrainian military members in order to spread disinformation in March 2022,"In its annual report, Facebook stated that GhostWriter aka UNC1151 took over social media accounts of Ukrainian military members and attempted to spread a disinformation campaign. The group successfully gained Facebook credentials via email compromises and posted videos that urged the Ukrainian army to surrender. ",2022-02-28,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system,Military,UNC1151/Storm-0257 fka DEV-0257/Ghostwriter,Belarus; Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7792; 7792,2022-02-27 00:00:00; 2022-02-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,Meta; Meta,Not available; Not available,United States; United States,UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter,Belarus; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Human rights,,,,https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hackers-backdoored-govt-websites-in-2021/; https://about.fb.com/news/2022/04/metas-adversarial-threat-report-q1-2022/; https://twitter.com/dsszzi/status/1516147055969935361; https://www.zdnet.com/article/ukraine-security-agency-warns-of-ghostwriter-threat-group-activity-phishing-campaigns/; https://www.golem.de/news/ghostwriter-facebook-bestaetigt-hacks-ukrainischer-militaer-accounts-2204-164498.html; https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/; https://cert.gov.ua/article/37626; https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers/; https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/,2022-10-04,2023-03-13
1537,"North Korean state-sponsored hacker group ZINC compromises various organizations in the United States, the United Kingdom, India and Russia since late April 2022","North Korean state-sponsored hacker group ZINC compromises organizations in various fields - like media, defense, aerospace and IT services - in the United States, the United Kingdom, India and Russia in order to exfiltrate information from late April to mid-September 2022, according to a technical report of Microsoft. The initiators used open-source software like PuTTY, KiTTY, TightVNC Viewer, Sumatra PDF Reader and muPDF/Subliminal Recording. 
This cyber incident is part of a broader campaign of North Korean state-sponsored Lazarus Group, whom ZINC belongs to, which is still ongoing, according to a technical report of Mandiant a month ago. ",2022-04-01,2022-09-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,India,ASIA; SASIA; SCO,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Defence industry; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,7178,2022-09-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,External Remote Services; Phishing,Not available,Required,False,none,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,Not available,Not available,Not available,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Not available,,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing; https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/; https://www.securityweek.com/north-korean-gov-hackers-caught-rigging-legit-software; https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/,2022-09-30,2023-02-19
1541,"Ukraine telecom firm's IT-infrastructure attacked on March 28, 2022","A telecommunications company in Ukraine, Ukrtelecom, suffered a cyber attack on its IT-infrastructure on March 28, 2022, although the attack was repulsed and the company restored service to its clients only after a 15-hour outage. The attack was documented by NetBlocks, which showed that ""connectivity collapsed"" due to the nationwide disruption due to the company being the nation's largest provider geographically of fixed internet. This attack was preceded by a hack of Triolan, another Ukrainian telecom firm, which suffered from localized disruption of the network due to a breach that caused the internal system to be reset to factory settings. Viktor Zhora, deputy head of the State Service for Special Communications and Information Protection, confirmed to Forbes that the attack took place. ",2022-02-28,2022-02-28,Not available,,Incident disclosed by victim,Disruption; Hijacking with Misuse,Ukrtelecom,Ukraine,EUROPE; EASTEU,Critical infrastructure,Telecommunications,Not available,Russia,State,,1,7817,2022-03-28 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"Yurii Shchyhol (Chairman of the State Service of Special Communication and Information Protection, UKR)",Not available,Ukraine,Not available,Russia,State,https://www.reuters.com/business/media-telecom/ukrainian-telecom-companys-internet-service-disrupted-by-powerful-cyberattack-2022-03-28/?taid=62425feeb56bf000017512bf&utm_campaign=trueAnthem:+Trending+Content&utm_medium=trueAnthem&utm_source=twitter,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,,Not available,True,,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://therecord.media/middle-east-telecommunications-httpsnoop-malware; https://www.reuters.com/business/media-telecom/ukrainian-telecom-companys-internet-service-disrupted-by-powerful-cyberattack-2022-03-28/?taid=62425feeb56bf000017512bf&utm_campaign=trueAnthem:+Trending+Content&utm_medium=trueAnthem&utm_source=twitter; https://www.forbes.com/sites/thomasbrewster/2022/03/28/huge-cyberattack-on-ukrtelecom-biggest-since-russian-invasion-crashes-ukraine-telecom/?sh=661a09467dc2; https://www.datacenterdynamics.com/en/news/ukraine-ukrtelecom-hit-by-15-hour-outage-due-to-cyberattack/; https://securityaffairs.co/wordpress/137390/cyber-warfare-2/internet-disruptions-russia-ukraine.html,2022-09-30,2023-09-22
1539,Witchetty targeted governments and a stock market exchange in the Middle East and Africa between February and September 2022,The espionage group Witchetty (LookingFrog) targeted governments and a stock exchange in the Middle East and Africa between February and September 2022. They also exploited the ProxyShell and ProxyLogon vulnerabilities and used new tools such as a backdoor Trojan. The goal is a permanent presence in the targets' networks.,2022-02-27,2022-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Middle East (region); Africa, - ,State institutions / political system - Critical infrastructure,Government / ministries - Finance,,Not available,Unknown - not attributed,,1,4129,2022-09-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,,Not available,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Medium,12.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Cyber espionage; Diplomatic / consular law; Sovereignty,; ; ,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage; https://www.darkreading.com/attacks-breaches/espionage-steganographic-backdoor-against-govs-stock-exchange; https://thecyberwire.com/stories/c74b6d30ddac4d769bba3a6276145805/witchetty-espionage-group-uses-updated-toolkit; https://tarnkappe.info/artikel/hacking/windows-logo-enthaelt-backdoor-malware-tarnt-sich-als-bild-257020.html; https://securityaffairs.co/wordpress/136477/apt/witchetty-apt-steganography.html; https://www.hackread.com/chinese-hackers-hide-windows-logo-malware/; https://twitter.com/securityaffairs/status/1575972607681527809; https://twitter.com/switch_d/status/1576329148905185286; https://twitter.com/securityaffairs/status/1576163136893112320; https://twitter.com/HackRead/status/1576290468656078848; https://twitter.com/JAMESWT_MHT/status/1576633774481510401; https://www.heise.de/news/Backdoor-in-Windows-Logo-versteckt-7282730.html; https://twitter.com/securityaffairs/status/1576860040836788224; https://twitter.com/HackRead/status/1576829408135901186,2022-09-30,2023-02-19
1538,Chinese APT Group BRONZE STARLIGHT using ransomware to mask IP theft since mid-2021,"Since mid-2021, the state-sponsored Chinese APT Group BRONZE STARLIGHT has engaged in a campaign of deploying ransomware in an effort to conceal the theft of steal strategic intellectual property. Targeted organizations, including semiconductor companies, largely operate in sectors that align with China's industrial priorities. In what appears to be a bid to avoid attention, the group has limited targeting to a few select organizations at a time and frequently moved on to new ransomware families. The group seeks to leverage unmitigated vulnerabilities, such as Log4j 2, that enable it to establish access and escalate privileges during early phases of an intrusion.",2021-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse; Ransomware,None - None - None - None - None - None - None - None,Europe (region); India; Japan; Brazil; Kazakhstan; United States; Not available; United States, - ASIA; SASIA; SCO - ASIA; SCS; NEA - SOUTHAM - ASIA; CSTO; SCO - NATO; NORTHAM -  - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media, - Defence industry -  - Health - Finance - Finance;  - ;  - Civil service / administration; Finance; ; ,Cinnamon Tempest fka DEV-0401/Emperor Dragonfly/Bronze Starlight,China,"Non-state actor, state-affiliation suggested",,3,7175; 7176; 7177,2022-06-23 00:00:00; 2022-10-03 00:00:00; 2022-01-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Secureworks; Sygnia; Microsoft,; ; ,United States; South Africa; United States,Cinnamon Tempest fka DEV-0401/Emperor Dragonfly/Bronze Starlight; Emperor Dragonfly/ DEV-0401/ BRONZE STARLIGHT; ,China; China; China,"Non-state actor, state-affiliation suggested; Unknown - not attributed; Unknown - not attributed",https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader; https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#Night%20Sky; https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group; https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#DEV-0401,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Minor,1.0,Not available,Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,,Not available,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/149686/breaking-news/security-affairs-newsletter-round-433-by-pierluigi-paganini-international-edition.html; https://www.recordedfuture.com/semiconductor-companies-targeted-by-ransomware; https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader; https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#Night%20Sky; https://twitter.com/unix_root/status/1576954728121974785; https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/; https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html; https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group; https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html; https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/; https://twitter.com/MsftSecIntel/status/1480730559739359233; https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#DEV-0401,2022-09-30,2023-08-21
1533,Anonymous-linked group NB65 targeted Russian firms with hack-and-leak operation in March / April 2022,"Anonymous-linked hacking group Network Battalion (aka NB65) claimed to have hacked-and-leaked data by Russian law firm Capital Legal Services (65GB of data leaked and submitted by wh1t3sh4d0w) and Mosekspertiza (483GB of data) in March / April 2022. The data was leaked via Twitter on April 1, 2022. Moscow Metro; SSK Gazregion LLC; Russian bank PSCB (Petersburg Social Commercial Bank/JSC Bank PSCB); Continent Express, a travel organization (399 GB); Elektrocentromontazh, the power organization; ALET, a customs broker; Qiwi. This activity also included data leaks.",2022-03-01,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Mosekspertiza - Capital Legal Services (Russia),Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,NB65,Unknown,Non-state-group,Hacktivist(s),1,8153,2022-04-01 00:00:00,"Attribution given, type unclear",Attacker confirms,Anonymous,Not available,Unknown,NB65,Unknown,Non-state-group,https://twitter.com/YourAnonTV/status/1509934686444867586?s=20&t=ECZnWFN9zLTS7IZ4FD-ctw; https://twitter.com/YourAnonTV/status/1509938786444189708?s=20&t=TuNPN5ln0j_92nTB50lJ7A,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,1.0,Not available,0.0,euro,,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://twitter.com/twitter/status/1512918186462691328; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://securityaffairs.co/wordpress/130262/hacktivism/anonymous-targets-russian-entities.html; https://twitter.com/YourAnonTV/status/1509938786444189708?s=20&t=TuNPN5ln0j_92nTB50lJ7A; https://twitter.com/YourAnonTV/status/1509934686444867586?s=20&t=ECZnWFN9zLTS7IZ4FD-ctw; https://twitter.com/xxNB65/status/1510484074070224896; https://www.secureworld.io/industry-news/nb65-hackers-russia-ukraine; https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/; https://twitter.com/twitter/status/1516010705748647936; https://twitter.com/youranontv/status/1519316487965749249; https://twitter.com/Anonymous_Link/status/1520082146995494912; https://twitter.com/cyber_etc/status/1522149035888586756; https://twitter.com/twitter/status/1516086586798186496; https://twitter.com/twitter/status/1515060469136044032; https://twitter.com/cyber_etc/status/1510175920866443272; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-09-28,2023-05-25
1529,Russian hacker Nikolaj Kozachek of the state-sponsored hacker group APT28 compromised two computers of the NATO Joint Air Power Competence Centre in Germany in April 2017,"Russian hacker Nikolaj Kozachek of the state-sponsored hacker group APT28 compromised two computers of the NATO Joint Air Power Competence Centre in Germany in April 2017, according to the German media outlet Der Spiegel. The German Attorney General issued an arrest warrant for Nikolaj Kozachek.
This cyber incident is part of a cyber espionage campaign against around 1,000 targets. ",2017-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,Joint Air Power Competence Centre (JAPCC; Germany),Germany,EUROPE; NATO; EU(MS); WESTEU,International / supranational organization,,"None; Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Main Directorate of the General Staff of the Armed Forces of the Russian Federation",Russia; Russia; Russia,"Individual hacker(s); Non-state actor, state-affiliation suggested; State",; ; ,1,7183; 7183; 7183; 7183; 7183; 7183; 7183; 7183; 7183,2022-06-17 00:00:00; 2022-06-17 00:00:00; 2022-06-17 00:00:00; 2022-06-17 00:00:00; 2022-06-17 00:00:00; 2022-06-17 00:00:00; 2022-06-17 00:00:00; 2022-06-17 00:00:00; 2022-06-17 00:00:00,Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice; Public Prosecutor General at the Federal Court of Justice,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany; Germany,"; ; ; Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Main Directorate of the General Staff of the Armed Forces of the Russian Federation; Main Directorate of the General Staff of the Armed Forces of the Russian Federation; Main Directorate of the General Staff of the Armed Forces of the Russian Federation",Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,"Individual hacker(s); Non-state actor, state-affiliation suggested; State; Individual hacker(s); Non-state actor, state-affiliation suggested; State; Individual hacker(s); Non-state actor, state-affiliation suggested; State",https://www.spiegel.de/netzwelt/hackerangriff-auf-nato-denkfabrik-in-deutschland-wenn-blablabla1234565-mitliest-a-3ac1abcb-4b5f-447f-8030-660784c8e704; https://securityaffairs.co/wordpress/132452/hacking/apt28-hacked-nato-think-tank.html,International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,Not available,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage,Non-state actors,High,1,2022-06-17 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Germany,Public Prosecutor General at the Federal Court of Justice,Cyber espionage,Non-state actors,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.spiegel.de/netzwelt/hackerangriff-auf-nato-denkfabrik-in-deutschland-wenn-blablabla1234565-mitliest-a-3ac1abcb-4b5f-447f-8030-660784c8e704; https://www.tagesschau.de/investigativ/wdr/russischer-hacker-101.html; https://securityaffairs.co/wordpress/132452/hacking/apt28-hacked-nato-think-tank.html,2022-09-28,2023-03-16
1512,CyberBerkut broke into the Ukrainian Election Commission's network in May 2014 before the presidential election and posted files online,"The pro-Russian hacktivist group CyberBerkut announced that it had broken into the Ukrainian Election Commission's network in May 2014 ahead of the presidential election and posted files online, such as system logs and mailbox contents of Election Commission members. The group reasoned that the hack was intended to reject the election as illegal. A short time later, Ukrainian Interior Minister Arsen Avakov announced on Facebook that his website had been hacked, after an announcement was made there that the electronic voting system had failed and votes would have to be counted by hand. This was due to DDoS attacks, allegedly by CyberBerkut that lasted from about 1 to 3 a.m. on May 26.",2014-05-22,2014-05-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,Ukrainian Central Election Commission,Ukraine,EUROPE; EASTEU,State institutions / political system,Election infrastructure / related systems,CyberBerkut,Ukraine,Non-state-group,Hacktivist(s),1,7198,2014-05-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,CyberBerkut,Not available,Ukraine,CyberBerkut,Ukraine,Non-state-group,http://www.cyber-berkut.ru/en/index_02.php,System / ideology,Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Data Destruction,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; International peace; Sovereignty,Civic / political rights; Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bloomberg.com/opinion/articles/2014-05-26/how-hackers-exposed-ukraine-s-vulnerability; http://www.cyber-berkut.ru/en/index_02.php; https://ria.ru/20140525/1009211710.html; https://www.csmonitor.com/World/Passcode/2014/0617/Ukraine-election-narrowly-avoided-wanton-destruction-from-hackers; https://www.wired.com/story/ukraine-russia-wiper-malware/,2022-09-27,2023-08-09
1513,Chinese state-sponsored hacker group TA413 targets Tibetan organizations in the first half of 2022,"Chinese state-sponsored hacker group TA413 targets Tibetan organizations for surveillance and intelligence-gathering purposes in the first half of 2022, according to the technical report of Recorded Future. 
The hackers exploited a zero-day vulnerability in the Sophos firewall and deployed a new backdoor called LOWZERO.",2022-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,,,Social groups,Religious,TA413,China,"Non-state actor, state-affiliation suggested",,1,11516,2022-09-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,,United States,TA413,China,"Non-state actor, state-affiliation suggested",https://www.recordedfuture.com/chinese-state-sponsored-group-ta413-adopts-new-capabilities-in-pursuit-of-tibetan-targets,System / ideology; Autonomy,System/ideology; Autonomy; Resources,China (Tibet); China (Tibet); China (Tibet),Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,Yes,One,Exploit Public-Facing Application; Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,10.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Self-determination,; ; ,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.mandiant.com/resources/blog/zero-days-exploited-2022; https://securityaffairs.co/wordpress/136252/apt/ta413-targets-tibet-backdoor.html; https://thehackernews.com/2022/09/chinese-espionage-hackers-target.html; https://www.recordedfuture.com/chinese-state-sponsored-group-ta413-adopts-new-capabilities-in-pursuit-of-tibetan-targets; https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce; https://securityaffairs.co/wordpress/131843/apt/china-apt-exploits-follina-flaw.html; https://twitter.com/M_Miho_JPN/status/1576073406692237312,2022-09-27,2023-07-14
1514,Viasat Hack: Russian Military Intelligence disrupted Ukrainian satellite broadband services in February 2022,"Russia disrupted the satellite broadband services of US communication company Viasat in Ukraine in support of the Russian invasion on 24 February 2022, according to the US State Department, the government of the United Kingdom, and the Council of the European Union. In addition to Ukraine, the disruption of satellite services of Viasat also affected other countries in Europe, including Germany (e.g., German wind turbines). While the Viasat network was ""stabilized"" by 15 March, an incident report was issued by Viasat on 30 March and stated that the company and its customers were still affected by the attack. The US authorities (CISA and FBI) issued a warning on 17 March to US critical infrastructure companies of satellite communications (SATCOM) risks and ""possible threats."" By 10 May the malicious attack was attributed to the Russian Federation. Sentinel Labs identified that the data wiping malware supposedly used in the Viasat attack was AcidRain, the cybersecurity researchers also attributed the malware to being developed by Russian intelligence agencies. The virus was uploaded to VirusTotal via Italy under the file name ""Ukrop."" The malware affected 5,600 wind turbines in Germany that utilized Viasat modems.",2022-02-24,2022-03-15,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,None - None - None - None - None - None - None,Poland; Hungary; Greece; Ukraine; Germany; Italy; France,EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); BALKANS - EUROPE; EASTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications,,Russia,State,,8,12406; 12401; 12404; 12402; 12403; 12400; 12405; 12399,2022-07-19 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by EU institution/agency; Attribution by EU institution/agency; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,"High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Antony J. Blinken (Secretary of State, USA); Liz Truss (Secretary of State for Foreign, Commonwealth and Development Affairs, United Kingdom); United Kingdom’s National Cyber Security Centre (NCSC); Government of Canada; Marise Payne (Minister for Foreign Affairs, Minister for Women, AUS); Nanaia Cybelle Mahuta (Foreign Minister, NZL)",Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,EU (region); EU (region); United States; United Kingdom; United Kingdom; Canada; Australia; New Zealand,; ; ; ; ; ; ; ,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,State; State; State; State; State; State; State; State,https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion; https://www.ncsc.gov.uk/news/russia-behind-cyber-attack-with-europe-wide-impact-hour-before-ukraine-invasion; https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/; https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/; https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/,System / ideology; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,7,2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-07-19 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00; 2022-05-10 00:00:00,State Actors: Preventive measures; State Actors: Preventive measures; EU: Stabilizing measures; EU: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures,Capacity building in third countries; Capacity building in third countries; Declaration of HR; Declaration of HR; Statement by minister of foreign affairs (or spokesperson); Statement by minister of foreign affairs (or spokesperson); Statement by minister of foreign affairs (or spokesperson),United States; EU (region); EU (region); United Kingdom; Canada; Australia; New Zealand,"U.S. Department of State; High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Liz Truss (Secretary of State for Foreign, Commonwealth and Development Affairs, GBR); Government of Canada; Marise Payne (Minister for Foreign Affairs; Minister for Women, AUS); Nanaia Cybelle Mahuta (Foreign Minister, NZL)",No,,External Remote Services; Supply Chain Compromise,Disk Wipe,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,13.0,Months,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),International telecommunication law; Due diligence; Sovereignty,; ; ,Not available,1,2022-05-10 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,New Zealand,"Nanaia Cybelle Mahuta (Foreign Minister, NZL)",International peace; Due diligence,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thediplomat.com/2023/02/the-next-cyber-phase-of-the-russia-ukraine-war-will-echo-in-asia/; https://elpais.com/tecnologia/2023-02-14/por-que-rusia-no-ha-logrado-ganar-la-guerra-cibernetica-en-ucrania.html; https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html; https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html; https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months; https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://www.nrc.nl/nieuws/2023/02/26/zelfs-rusland-houdt-grote-cyberaanvallen-maar-eventjes-vol-a4158110; https://twitter.com/Dennis_Kipker/status/1629122902099361795; https://www.c4isrnet.com/cyber/2023/03/02/biden-vows-to-wield-all-instruments-in-fighting-cyber-threats/; https://cyberscoop.com/ukraine-internet-outages-infrastructure-attacks/; https://cyberscoop.com/solarium-commission-space-systems-critical-infrastructure/; https://therecord.media/designate-space-critical-infrastructure-cyberspace-solarium-commission; https://twitter.com/Cyber_O51NT/status/1651371578888945664; https://therecord.media/us-cyber-ambassador-fick-rsa-nato-russia-deterrence; https://www.defenseone.com/technology/2023/05/space-force-will-look-how-hack-targets-space/386755/; https://www.darkreading.com/edge/how-researchers-hijacked-a-satellite; https://www.sueddeutsche.de/politik/cybersicherheit-immer-mehr-cyberattacken-aus-russland-1.6000411; https://cyberscoop.com/viasat-ka-sat-hack-black-hat/; https://www.heise.de/news/BKA-Bericht-fuer-2022-IT-Attacken-kosten-deutsche-Firmen-203-Milliarden-Euro-9249673.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://therecord.media/fbi-warns-of-space-cyberattacks; https://www.wired.com/story/poland-train-radio-stop-attack/; http://www.defenseone.com/technology/2023/09/space-force-contracts-new-zero-trust-data-protection/390671/; https://therecord.media/cisa-goldstein-ukrainian-response-to-viasat-hack-proves-need-for-redundancy; https://www.liberation.fr/international/europe/deux-ans-de-guerre-en-ukraine-ce-conflit-est-un-accelerateur-de-linnovation-en-armement-20240224_S2KFY4OVXRFS7DPWQ5TRIYAWFY/; https://www.lalibre.be/economie/conjoncture/2024/03/15/une-cyberattaque-menee-par-la-russie-pourrait-provoquer-un-black-out-en-europe-LSTFIR5QXJCCLONIYOW7WDXMAY/; https://cyberscoop.com/viasat-malware-wiper-acidrain/; https://securityaffairs.com/160739/cyber-warfare-2/acidpour-wiper.html; https://www.bleepingcomputer.com/news/security/new-acidpour-data-wiper-targets-linux-x86-network-devices/; https://www.wired.com/story/apple-m-chip-flaw-leak-encryption-keys/; https://arstechnica.com/security/2024/03/never-before-seen-data-wiper-may-have-been-used-by-russia-against-ukraine/; https://www.bleepingcomputer.com/news/security/cisa-fbi-warn-us-critical-orgs-of-threats-to-satcom-networks/; https://www.spiegel.de/netzwelt/web/viasat-satellitennetzwerk-offenbar-gezielt-in-osteuropa-gehackt-a-afd98117-5c32-4946-ab8a-619f1e7af024?sara_ecid=soci_upd_KsBF0AFjflf0DZCxpPYDCQgO1dEMph; https://www.reuters.com/world/europe/exclusive-us-spy-agency-probes-sabotage-satellite-internet-during-russian-2022-03-11/; https://edition.cnn.com/2022/03/15/europe/ukraine-detains-hacker/index.html; https://news.viasat.com/blog/corporate/ka-sat-network-cyber-attack-overview; https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected; https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/; https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion; https://www.ncsc.gov.uk/news/russia-behind-cyber-attack-with-europe-wide-impact-hour-before-ukraine-invasion; https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/; https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/; https://www.techtarget.com/searchsecurity/news/252518023/US-EU-attribute-Viasat-hack-to-Russia; https://www.reuters.com/business/media-telecom/exclusive-hackers-who-crippled-viasat-modems-ukraine-are-still-active-company-2022-03-30/; https://www.cybersecurity-insiders.com/new-acidrain-malware-hit-viasats-modems-downing-ukraines-internet/; https://securityboulevard.com/2022/04/a-significant-spike-in-cyberattacks-from-russia-could-be-expected-in-april/; https://www.cyberscoop.com/nakasone-persistent-engagement-hunt-forward-nine-teams-ukraine/; https://www.golem.de/news/windraeder-cyberangriff-auf-deutsche-windtechnik-ag-2204-164655.html; https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/; https://www.canada.ca/en/global-affairs/news/2022/05/statement-on-russias-malicious-cyber-activity-affecting-europe-and-ukraine.html; https://www.foreignminister.gov.au/minister/marise-payne/media-release/attribution-russia-malicious-cyber-activity-against-european-networks; https://www.beehive.govt.nz/release/new-sanctions-target-disinformation-and-malicious-cyber-actors; https://www.darkreading.com/threat-intelligence/advanced-cyberattackers-disruptive-hits-new-technologies; https://www.cyberscoop.com/dhs-mayorkas-cybersecurity/; https://twitter.com/CyberScoopNews/status/1603803185986125831; https://www.wired.com/story/most-dangerous-people-on-the-internet-2022/; https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/; https://www.wired.com/story/worst-hacks-2022/; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/; https://www.darkreading.com/ics-ot/space-race-defenses-satellite-cyberattacks,2022-09-27,2024-04-23
1515,Russian state-sponsored hacker group Strontium compromised the government network of Ukrainian city Vinnytsia on 4th March 2022,"Russian state-sponsored hacker group Strontium compromised the government network of Ukrainian city Vinnytsia in support of the military invasion on Ukraine on 4th March 2022, according to a special report of Microsoft.",2022-03-04,2022-03-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Vinnytsia,Ukraine,EUROPE; EASTEU,State institutions / political system,Civil service / administration,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,"Non-state actor, state-affiliation suggested; State",,1,7188; 7188; 7188; 7188,2022-04-27 00:00:00; 2022-04-27 00:00:00; 2022-04-27 00:00:00; 2022-04-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft; Microsoft; Microsoft,; ; ; ,United States; United States; United States; United States,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU; GRU",Russia; Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",https://www.cfr.org/index.php/cyber-operations/targeting-government-network-vinnytsia-ukraine; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd; https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Required,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Medium,11.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.cfr.org/index.php/cyber-operations/targeting-government-network-vinnytsia-ukraine; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd; https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/,2022-09-27,2023-06-07
1519,Anonymous-linked group v0g3lSec targeted Russian space agency Roscosmos in hack-and-leak operation and defaced the Space Research Institute in March 2022,"Anonymous-linked group ""v0g3lSec"" supposedly hacked the Russian space agency Roscosmos, defaced the Space Research Institute (IKI) website, and leaked files online in Spring 2022 in support of Ukraine during the Russian-Ukrainian War. The hackers seemed to have breached an IKI website subdomain and compromised an element of the site that pertains to the World Space Observatory Ultraviolet project (WSO-UV). An Anonymous-linked Twitter profile shared information on the breach and provided the cloud-hosted zip file link with data regarding the project and also about the lunar mission (Luna-27/Lunik). The IKI website (uv.ikiweb.ru) was inaccessible for reporters to access and previous messages posted on the website shared a message to Dmitry Rogozin, head of Roscosmos, regarding the NASA/Russia partnership for the International Space Station (ISS). ",2022-03-01,2022-03-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,Space agency Roscosmos of Russia - Space Research Institute (IKI; Russia),Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - State institutions / political system,"Other (e.g., embassies) - Other (e.g., embassies)",v0g3lSec,Unknown,Non-state-group,Hacktivist(s),1,8146,2021-03-03 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,v0g3lSec,Unknown,Non-state-group,https://twitter.com/YourAnonNews/status/1499380682174480386; https://twitter.com/anonymus_2022_/status/1505428617303633922?s=20&t=x9Rdi6JKHLqimhe61dsMsg; https://www.theverge.com/2022/3/3/22960183/anonymous-hack-russian-space-research-roscosmos-ukraine; https://www.vice.com/en/article/z3n8ea/hackers-breach-russian-space-research-institute-website; https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/; https://www.thetechoutlook.com/news/technology/security/luna-resource-mission-documents-from-the-russian-space-agency-have-been-leaked-by-anonymous/; https://twitter.com/twitter/status/1518227999304396800,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Defacement; Service Stop,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/YourAnonNews/status/1499380682174480386; https://twitter.com/anonymus_2022_/status/1505428617303633922?s=20&t=x9Rdi6JKHLqimhe61dsMsg; https://www.theverge.com/2022/3/3/22960183/anonymous-hack-russian-space-research-roscosmos-ukraine; https://www.vice.com/en/article/z3n8ea/hackers-breach-russian-space-research-institute-website; https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/; https://www.thetechoutlook.com/news/technology/security/luna-resource-mission-documents-from-the-russian-space-agency-have-been-leaked-by-anonymous/; https://twitter.com/twitter/status/1518227999304396800; https://twitter.com/twitter/status/1512844568751837184; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://www.wired.com/story/hacktivism-russia-ukraine-ddos/,2022-09-27,2023-03-03
1522,Russian nation-state actors stole data from nuclear safety organization on the 13th of March,Russian nation-state actors stole data from nuclear safety organization on the 13th of March. The same organization was compromised by FSB-affiliated actor BROMINE in December 2021 to steal data until mid-March 2022.,2022-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,,,Critical infrastructure,Energy,,Russia,State,,1,2362,2022-04-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,,Russia,State,https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd,System / ideology; International power,Not available,,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,,,none,none,none,0,Moderate - high political importance,1.0,Medium,11.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage,State actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.wired.com/story/chernobyl-radiation-spike-mystery/; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd,2022-09-27,2023-02-19
1523,"Anonymous-affiliated group GhostSec hacked Russian printers for InfoOp to defend Ukraine on March 20, 2022","Anonymous-affiliated group, GhostSec, claims to have hijacked printers in Russia for a ""Print Attack"" to print instructions to download the TOR browser to avoid censorship by Russian authorities and spread the truth about the Russian invasion in Ukraine, including anti-war messages. Similar to previous Anonymous attacks, the hackers hacked misconfigured cloud databases. The details of the attack was shared directly with Hackread.com on March 20th, 2022. The group attacked over 160 devices and printed over 40,000 copies of anti-war messages in the Russian language.",2022-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,Not available,,Anonymous; GhostSec/Ghost Security,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,8125; 8125; 8125; 8125,2022-03-20 00:00:00; 2022-03-20 00:00:00; 2022-03-20 00:00:00; 2022-03-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Anonymous; Anonymous; GhostSec; GhostSec,Not available; Not available; Not available; Not available,Unknown; Unknown; Unknown; Unknown,Anonymous; GhostSec/Ghost Security; Anonymous; GhostSec/Ghost Security,Unknown; Unknown; Unknown; Unknown,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://twitter.com/DepaixPorteur/status/1505624076886413329?s=20&t=x9Rdi6JKHLqimhe61dsMsg; https://www.hackread.com/anonymous-hacks-unsecured-printers-message-russia/; https://cybernews.com/cyber-war/russian-printers-juiced-by-hacker-antiwar-messages/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://twitter.com/DepaixPorteur/status/1505624076886413329?s=20&t=x9Rdi6JKHLqimhe61dsMsg; https://www.hackread.com/anonymous-hacks-unsecured-printers-message-russia/; https://cybernews.com/cyber-war/russian-printers-juiced-by-hacker-antiwar-messages/; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-09-27,2023-03-03
1520,Anonymous disrupted Russian TV networks broadcast in February and March 2022,"Anonymous hacked several Russian TV and streaming networks (Rostelecom, All-Russia State Television and Radio Broadcasting Company, VGTRK, Wink, Ivi, Russia 24, Channel One, Moscow 24, St. Petersburg TV Channel) and created broadcast signal intrusions by showing pro-Ukrainian content, including footage of the 2022 Russian invasion of Ukraine and patriotic Ukrainian music. ",2022-02-27,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,VGTRK - Ivi - Moscow 24 - Russia 24 - Rostelecom - Channel One - Wink,Russia; Russia; Russia; Russia; Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8116; 8116,2022-02-27 00:00:00; 2022-02-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Media-based attribution; Attacker confirms,Anonymous; Anonymous,Not available; Not available,Unknown; Unknown,Anonymous; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html; https://www.independent.co.uk/news/world/europe/anonymous-wink-ivi-russia-24-channel-1-moscow-24-b2029915.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://www.independent.co.uk/news/world/europe/anonymous-wink-ivi-russia-24-channel-1-moscow-24-b2029915.html; https://www.bbc.com/news/technology-60784526; https://www.secureworld.io/industry-news/nb65-hackers-russia-ukraine; https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/; https://www.theguardian.com/world/2022/feb/27/anonymous-the-hacker-collective-that-has-declared-cyberwar-on-russia; https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html; https://ddosecrets.substack.com/p/release-vgtrk-7862-gb?s=r; https://twitter.com/twitter/status/1513228484834906112; https://twitter.com/cyber_etc/status/1531290170393251844?s=20&t=cpIeg7vXC1n32GgdYJ5dRg; https://twitter.com/cyber_etc/status/1531324715066970113?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://twitter.com/cyber_etc/status/1534501056151003136?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://www.cbsnews.com/news/russian-radio-station-hacked-ukrainian-anthem-and-anti-war-song-kommersant-fm/; https://twitter.com/cyber_etc/status/1534513094969507840?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/MilaDiamond/status/1551366232024109056; https://www.hackread.com/ev-charging-stations-dos-attacks/; https://twitter.com/twitter/status/1515411501049434112; https://twitter.com/YourAnonNews/status/1500613013510008836?; https://twitter.com/joetidy/status/1505450799241039875?s=20&t=x9Rdi6JKHLqimhe61dsMsg,2022-09-27,2023-03-03
1511,CaddyWiper: Russian state-sponsored hacker group attacked a ukrainian bank and other targets on the 14th of March 2022,"CaddyWiper: Russian state-sponsored hacker group Sandworm (GRU Unit 74455) (aka Telebots, Voodoo Bear, and Iron Viking) is attributed to an attack on a Ukrainian bank and other Ukrainian targets, including targets within the energy industry, beginning on March 14 2022.  The IT-security company, ESET, made the assessment with high confidence. The ESET researchers worked closely with CERT-UA when ICS-capable malware, including an infamous Industroyer malware (previously used in a 2016 Sandworm APT attack that cut Ukrainian power), and regular disk wipers for Windows, Linux and Solaris operating systems was used in an attack against Ukrainian energy providers. Following the most recent malware attack, CERT-UA renamed the malware Industroyer2. CaddyWiper was found on March 14, 2022, to have been used in an attack against a Ukrainian Bank and again on April 8, 2022, against a Ukrainian energy provider in which a temporary disruption occurred and power was cut from nine substations (according to a non-public document from CERT-UA). In addition to Industroyer2 and CaddyWiper, Sandworm deployed various destructive malware families including ORCSHRED, SOLOSHRED, and AWFULSHRED. The initial compromise of the IT system is not known nor how the attackers transitioned from the IT network to the Industrial Control System (ICS) network. Cooperations with Microsoft and ESET allow the Ukrainian cybersecurity professionals to continue to investigate and respond to the Industroyer2 attacks.
",2022-03-14,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available - Not available,Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU,Unknown - Critical infrastructure, - Energy,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11369,2022-04-12 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/; https://twitter.com/ESETresearch/status/1503436420886712321; https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine; https://www.welivesecurity.com/deutsch/2022/03/15/caddywiper-neue-datenloeschende-malware-in-der-ukraine-entdeckt/; https://thehackernews.com/2022/09/researchers-identify-3-hacktivist.html; https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/; https://www.csoonline.com/article/3656954/ukraine-energy-facility-hit-by-two-waves-of-cyberattacks-by-russia-s-sandworm-group.html#tk.rss_criticalinfrastructure,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Valid Accounts,Disk Wipe; Inhibit System Recovery,Not available,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Armed conflict; Due diligence; Sovereignty,Prohibition of intervention; Conduct of hostilities; ; ,Not available,0,,Not available,,Not available,Not available,Due diligence,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://twitter.com/Cyber_O51NT/status/1629280661474508801; https://twitter.com/780thC/status/1629087842516320256; https://securityaffairs.com/143570/cyber-warfare-2/russian-hybrid-warfare-ukraine.html; https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/; https://www.darkreading.com/microsoft/microsoft-digital-defense-report-key-cybercrime-trends; https://securityaffairs.com/152617/apt/sandworm-ukraine-telecommunication-service.html; https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://securityaffairs.com/156958/cyber-warfare-2/sandworm-inside-kyivstar-for-months.html; https://www.cyberscoop.com/ukraine-russia-cyber-zhora-industroyer2-sandworm/; https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/; https://twitter.com/ESETresearch/status/1503436420886712321; https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine; https://www.welivesecurity.com/deutsch/2022/03/15/caddywiper-neue-datenloeschende-malware-in-der-ukraine-entdeckt/; https://thehackernews.com/2022/09/researchers-identify-3-hacktivist.html; https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/; https://www.csoonline.com/article/3656954/ukraine-energy-facility-hit-by-two-waves-of-cyberattacks-by-russia-s-sandworm-group.html#tk.rss_criticalinfrastructure; https://www.welivesecurity.com/2022/05/20/sandworm-ukraine-new-version-arguepatch-malware-loader/; https://www.technologyreview.com/2022/04/12/1049586/russian-hackers-tried-to-bring-down-ukraines-power-grid-to-help-the-invasion/; https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/; https://www.wired.com/story/worst-hacks-2022/; https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/; https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/; https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/; https://twitter.com/RecordedFuture/status/1619109632882135040; https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html,2022-09-26,2024-03-26
1508,Anonymous targeted the Russian Ministry of Defense in a hack-and-leak operation in April 2022,"The hacker group Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked the data of over 300,000 people who are most likely to be mobilized for the Ukraine war in September 2022 as part of its #OpRussia.",2022-09-01,2022-09-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,Ministry of Defence (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Anonymous,Not available,Non-state-group,Hacktivist(s),1,8140,2022-09-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Not available,Non-state-group,https://twitter.com/YourAnonTV/status/1573290421270507520,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Cyber espionage,Non-state actors,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.co/wordpress/136127/hacktivism/anonymous-russian-ministry-of-defense.html; https://twitter.com/YourAnonTV/status/1573290421270507520; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-09-26,2023-03-03
1510,Cyber criminals stole customer data of Australian telecommunication company Optus,"Cyber criminals stole customer data - personal information, passport and driver's license number -  of Australian telecommunication company Optus, according to Optus itself.
On the 24th of September an account named ""Optusdata"" threatened to leak data and demanded 1 million dollars for not selling it.
On the 26th of September the same threat actor leaked information on 10,200 customers. In the meantime the Australian Federal Police (AFP) with the support of the Federal Bureau of Investigation (FBI) and other law enforcement agencies started Operation Hurricane to track down the perpetrator.
The threat actor that threatened to leak data then withdrew his ransom demand on the 27th of September, even apologising for it and promising to have deleted the stolen data. ",2022-01-01,2022-09-27,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing,Optus,Australia,OC,Critical infrastructure,Telecommunications,Optusdata,Not available,Non-state-group,Criminal(s),1,4533,2022-09-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Optusdata,Not available,Not available,Optusdata,Not available,Non-state-group,https://www.govinfosecurity.com/optus-under-1-million-extortion-threat-in-data-breach-a-20142,Not available,Not available,,Not available,,2,2022-09-26 00:00:00; 2022-10-26 00:00:00,State Actors: Stabilizing measures; State Actors: Legislative reactions,Statement by head of state/head of government (or executive official); Legislative initiative,Australia; Australia,Australian Prime Minister (Anthony Albanese); Australian Government,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Not available,,Not available,1,2022-11-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Australia,Australian Government,Not available,,Not available,,https://www.darkreading.com/attacks-breaches/canadian-telecom-firm-telus-reportedly-investigating-breach; https://twitter.com/UK_Daniel_Card/status/1630097281516032000; https://www.securityweek.com/optus-says-id-numbers-21-million-compromised-data-breach; https://thehackernews.com/2022/10/optus-hack-exposes-data-of-nearly-21.html; https://twitter.com/Cyber_O51NT/status/1577127757862969344; https://twitter.com/unix_root/status/1577214691180351488; https://thehackernews.com/2022/10/19-year-old-hacker-arrested-for-using.html; https://www.bleepingcomputer.com/news/security/police-arrest-teen-for-using-leaked-optus-data-to-extort-victims/; https://therecord.media/australian-teen-charged-with-using-leaked-optus-data-to-blackmail-customers/; https://securityaffairs.co/wordpress/136725/cyber-crime/optus-arrested-scam.html; https://www.smh.com.au/business/companies/telstra-chair-reveals-retirement-plans-defends-optus-after-hack-20221011-p5bos6.html; https://www.smh.com.au/national/australia-news-live-treasurer-warns-of-global-recession-country-marks-20-years-after-bali-bombings-20221011-p5boyg.html; https://www.smh.com.au/politics/federal/voters-back-tougher-privacy-rules-penalties-to-protect-personal-data-20221011-p5bowf.html; https://www.theguardian.com/business/2022/oct/17/optus-tells-customers-affected-by-data-breach-they-can-no-longer-use-passports-as-online-id; https://therecord.media/shares-in-australias-medibank-drop-despite-foiling-ransomware-attack/; https://www.smh.com.au/technology/singapore-offers-cyber-agency-support-on-optus-hack-20221018-p5bqsi.html; https://www.theguardian.com/business/2022/oct/03/optus-commissions-independent-review-of-data-breach; https://www.afp.gov.au/news-media/media-releases/afp-working-overseas-law-enforcement-optus-breach; https://www.theguardian.com/business/2022/oct/02/select-group-of-optus-customers-should-cancel-licences-and-passports-immediately-minister-says; https://www.youtube.com/watch?v=7MCI0eCJLpI; https://www.singtel.com/content/dam/singtel/investorRelations/stockExchange/2022/MR-20221003-OptusMediaAlert.pdf; https://www.smh.com.au/business/the-economy/the-cybersecurity-arms-race-is-running-hot-and-the-hackers-are-winning-20221020-p5brl0.html; https://apnews.com/article/technology-health-australia-hacking-business-cfa90df38c870633a24384c01487a92e; https://www.independent.co.uk/news/ap-australian-canberra-trade-parliament-b2206642.html; https://www.channelnewsasia.com/business/after-telco-hack-australia-faces-wave-data-breaches-3016611; https://www.smh.com.au/technology/energyaustralia-struck-by-cyber-attack-attacking-weakness-in-password-rules-20221022-p5bryn.html; https://abcnews.go.com/Technology/wireStory/australia-flags-corporate-penalties-privacy-breaches-91902034; https://www.independent.co.uk/news/ap-australia-canberra-parliament-b2208256.html; https://www.securityweek.com/australia-flags-new-corporate-penalties-privacy-breaches; https://www.channelnewsasia.com/business/pay-hackers-cybersecurity-it-australia-government-firm-3023661; https://therecord.media/australia-to-tighten-privacy-laws-increase-fines-after-series-of-data-breaches/; https://www.databreaches.net/australian-clinical-labs-says-data-of-223000-people-hacked/; https://therecord.media/cyberspace-has-become-a-battleground-warns-australian-cyber-security-centre/; https://www.darkreading.com/threat-intelligence/australia-declares-war-against-cybercriminals; https://www.darkreading.com/attacks-breaches/australia-hack-back-plan-against-cyberattackers-familiar-concerns; https://ministers.ag.gov.au/media-centre/joint-standing-operation-against-cyber-criminal-syndicates-12-11-2022; https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22legislation%2Fbillsdgs%2F8863742%22; https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;page=0;query=BillId:r6940%20Recstruct:billhome; https://www.lemonde.fr/economie/article/2022/12/01/cybercriminalite-au-vanuatu-le-retour-au-stylo-n-est-plus-une-chimere-de-nostalgique_6152491_3234.html; https://www.smh.com.au/technology/in-some-countries-you-have-a-right-to-be-forgotten-online-so-can-you-ask-a-company-to-ditch-your-data-in-australia-20221206-p5c43l.html; https://www.govinfosecurity.com/australian-aims-to-be-worlds-most-cyber-secure-country-a-20677; https://minister.homeaffairs.gov.au/ClareONeil/Pages/national-press-club-address.aspx; https://therecord.media/australias-second-largest-telco-confirms-cyberattack/; https://www.securityweek.com/australian-telecoms-firm-optus-discloses-breach-impacting-customer-data; https://socradar.io/top-10-data-leaks-in-2022/; https://securityaffairs.co/wordpress/136104/data-breach/optus-discloses-security-breach.html; https://www.govinfosecurity.com/optus-under-1-million-extortion-threat-in-data-breach-a-20142; https://www.databreaches.net/optus-under-1-million-extortion-threat-in-data-breach/; https://www.abc.net.au/news/2022-09-26/home-affairs-minister-blames-optus-for-cyber-attack-hack/101474636; https://www.abc.net.au/news/2022-09-23/optus-rejects-claim-hack-likely-result-of-human-error/101468846; https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/; https://www.theguardian.com/australia-news/2022/sep/23/optus-cyber-attack-leaves-customers-feeling-powerless-over-risk-of-identity-theft; https://www.passports.gov.au/news/optus-data-breach; https://www.theguardian.com/business/2022/sep/24/afp-investigates-1m-ransom-demand-posted-online-for-allegedly-hacked-optus-data; https://www.scamwatch.gov.au/news-alerts/customers-warned-to-watch-out-for-scams-following-optus-data-breach; https://www.theage.com.au/technology/customer-data-exposed-in-major-optus-hack-20220922-p5bk7v.html; https://www.news.com.au/technology/online/hacking/new-security-reforms-expected-as-anthony-albanese-calls-optus-hack-a-wakeup-call/news-story/4ee7afc2111643f3698152a64b8066e3; https://www.databreaches.net/change-of-heart-optusdata-says-they-wont-leak-or-sell-more-data/; https://www.bleepingcomputer.com/news/security/optus-hacker-apologizes-and-allegedly-deletes-all-stolen-data/; https://www.darkreading.com/attacks-breaches/fbi-helping-australian-authorities-investigate-massive-optus-data-breach-reports; https://thehackernews.com/2022/09/hacker-behind-optus-breach-releases.html; https://www.databreaches.net/new-changes-allow-optus-data-leak-victims-to-change-licence-numbers/; https://www.malwarebytes.com/blog/news/2022/09/optus-data-breach-attacker-says-sorry-it-was-a-mistake; https://www.theguardian.com/australia-news/live/2022/oct/01/australia-live-news-updates-optus-hack-fallout-continues-tony-abbott-and-jacinta-price-to-speak-at-cpac; https://www.theguardian.com/business/2022/oct/03/optus-commissions-independent-review-of-data-breach; https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack; https://www.bleepingcomputer.com/news/security/optus-confirms-21-million-id-numbers-exposed-in-data-breach/; https://thehackernews.com/2023/03/breaking-mold-pen-testing-solutions.html; https://www.darkreading.com/attacks-breaches/australia-is-scouring-the-earth-for-cybercriminals-the-us-should-too; https://www.bleepingcomputer.com/news/security/australians-lost-a-record-31-billion-to-scams-last-year/; https://www.theguardian.com/technology/2023/may/02/australian-law-firm-hwl-ebsworth-hit-by-russian-linked-ransomware-attack; https://www.brisbanetimes.com.au/technology/law-firm-takes-out-court-order-to-prevent-spread-of-hacked-info-20230613-p5dgac.html?ref=rss&utm_medium=rss&utm_source=rss_feed; https://therecord.media/ventia-hit-with-cyberattack-australia; https://socradar.io/under-the-spotlight-state-of-evolving-australian-threat-landscape-in-2023/; https://thehackernews.com/2023/08/why-you-need-continuous-network.html; https://www.bbc.co.uk/news/world-australia-67340901?at_medium=RSS&at_campaign=KARANGA; https://www.theguardian.com/business/2023/nov/08/optus-network-outage-cause-what-happened-explained; https://www.channelnewsasia.com/business/optus-network-outage-cuts-millions-australians-3905001; https://www.heise.de/news/Zurueck-in-der-Steinzeit-Millionen-in-Australien-ohne-Internet-und-Telefon-9355859.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.zdnet.com/article/australia-to-investigate-optus-outage-that-impacted-millions/; https://www.heise.de/news/Update-als-Ursache-Optus-liefert-erste-Erklaerung-fuer-massiven-Internetausfall-9438243.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.heise.de/news/Nach-Internetausfall-Optus-war-unvorbereitet-und-zeigt-mit-dem-Finger-auf-Cisco-9532407.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag; https://www.techrepublic.com/article/cybersecurity-trends-australia-2024/; https://therecord.media/hackers-breach-australian-court-hearing-database; https://therecord.media/australia-healthcare-saint-vincent-cyberattack,2022-09-26,2023-08-17
1509,Hacker group Everest gained access into the database and leaked data of the Argentinian Supreme Court,"The hacker group Everest gained access into and leaked data of the Argentinian Supreme Court in Buenos Aires, according to IT-specialist Mauro Eldritch. ",2022-01-01,2022-07-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim; Incident disclosed by IT-security company; Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,Supreme Court (Argentina),Argentina,SOUTHAM,State institutions / political system,Judiciary,Everest,Not available,Not available,,1,7201,2022-07-21 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Everest,Not available,Not available,Everest,Not available,Not available,https://www-clarin-com.translate.goog/tecnologia/ciberdelincuentes-subieron-datos-sensibles-suprema-corte-bonaerense-venden-online_0_LmqIo6cy9T.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,International criminal law,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www-clarin-com.translate.goog/tecnologia/ciberdelincuentes-subieron-datos-sensibles-suprema-corte-bonaerense-venden-online_0_LmqIo6cy9T.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de; https://www-scba-gov-ar.translate.goog/institucional/nota.asp?id=50198&veradjuntos=no&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de,2022-09-26,2023-02-19
1507,Chinese ethnic minorities such as the Uyghurs targeted with Android surveillanceware JadeRAT since 2015,"According to IT-company Lookout, a threat actor potentially connected to other Chinese-state affiliated APTs, such as Naikon or Scarlet Mimic, spied on ethnic minorities in China, such as the Uyghurs, using a mobile phone Android surveillanceware called JadeRate since 2015. ",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Ethnic,,China,"Non-state actor, state-affiliation suggested",,1,7203,2017-10-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Lookout,,United States,,China,"Non-state actor, state-affiliation suggested",https://www.lookout.com/blog/mobile-threat-jaderat,System / ideology; Subnational predominance; Secession,Subnational predominance; Resources; Secession,China (Uyghurs / Xinjiang); China (Uyghurs / Xinjiang); China (Uyghurs / Xinjiang),Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage; Human rights,; Civic / political rights,,,https://www.lookout.com/blog/mobile-threat-jaderat,2022-09-23,2023-03-28
1506,Threat Actor Scarlet Mimic targeted Uyghur and Tibetan Minority Activists with  backdoor FakeM since 2012,"According to PaloAlto Unit 42, the threat actor Scarlet Mimic spied on Uyghur and Tibetan Minority Rights Activists since 2012, which indicates a relationship to other state-associated Chinese APTs. Scarlet Mimic used a backdoor called FakeM and Trojans during this campaign. ",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Advocacy / activists (e.g. human rights organizations),Scarlet Mimic,China,"Non-state actor, state-affiliation suggested",,1,2260,2016-01-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Not available,United States,Scarlet Mimic,China,"Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/,System / ideology,System/ideology; Subnational predominance; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Drive-By Compromise; Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage; Human rights,; Civic / political rights,,,https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/; https://therecord.media/7-year-android-malware-campaign-targeted-uyghurs-report/,2022-09-23,2023-02-19
1505,Uyghur community was targeted since 2016 by threat actor Scarlet Mimic with Android Malware,"In a long-standing espionage campaign, threat actor Scarlet Mimic targeted the Uyghur community since 2016, using more than 20 different variations of their Android malware. The underlying motive seems to be surveillance of the ethnic minority.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,Uyghur Community,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Ethnic,Scarlet Mimic,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7204,2022-09-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,,Israel,Scarlet Mimic,China,"Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2022/never-truly-left-7-years-of-scarlet-mimics-mobile-surveillance-campaign-targeting-uyghurs/; https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/,Subnational predominance; Secession,Subnational predominance; Resources; Secession,China (Uyghurs / Xinjiang); China (Uyghurs / Xinjiang); China (Uyghurs / Xinjiang),Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,Drive-By Compromise; Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Medium,12.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,"Economic, social and cultural rights",Not available,0,,Not available,,Not available,Not available,Cyber espionage; Human rights,; Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,https://thehackernews.com/2022/09/researchers-uncover-years-long-mobile.html; https://research.checkpoint.com/2022/never-truly-left-7-years-of-scarlet-mimics-mobile-surveillance-campaign-targeting-uyghurs/; https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/; https://therecord.media/7-year-android-malware-campaign-targeted-uyghurs-report/; https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/,2022-09-23,2023-07-24
1504,U.S. federal court system was breached in early 2020,"The Judiciary's Case Managment / Electronic Case Files Managment System (CM/ECF) was breached in early 2020 by three hostile foreign actors, according to House Judiciary Committee Chairmain Jerrold Nadler. 
The administrative office of the U.S. courts published a press release on the 6th of January 2021, announcing to protect sensitive court documents because of the actual SolarWinds hack at that time, mentioning that they are investigating an apparent compromise of the U.S. federal court managment system. ",2020-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,Administrative Office of the U.S. Courts (AO),United States,NATO; NORTHAM,State institutions / political system,Judiciary,,Not available,Unknown - not attributed,,1,4528,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Unknown - not attributed,https://www.cyberscoop.com/senator-federal-courts-cyberattack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,Not available,Not available,Not available,none,none,0,Moderate - high political importance,1.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,Not available,,Not available,Not available,Cyber espionage,,Not available,,https://www.cyberscoop.com/senator-federal-courts-cyberattack/; https://judiciary.house.gov/calendar/eventsingle.aspx?EventID=4966; https://www.politico.com/news/2022/07/28/justice-department-data-breach-federal-court-system-00048485; https://www.cyberscoop.com/federal-court-system-breach/; https://www.documentcloud.org/documents/22123051-wyden-letter-about-data-breach-of-us-courts; https://web.archive.org/web/20210106200355/https://www.uscourts.gov/news/2021/01/06/judiciary-addresses-cybersecurity-breach-extra-safeguards-protect-sensitive-court,2022-09-22,2023-11-24
1503,Anonymous takes down Iranian government websites beginning on 20th September 2022,"Op Iran: Anonymous takes down websites of the Iranian government, central bank and state-owned media as a sign of protest following the death of Mahsa Amini, who died on the 16th of September 2022 in the custody of the Iranian moral police, beginning on the 20th September 2022, according to the tweets of Anonymous and Anonymous-affiliated accounts. ",2022-09-20,2022-09-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Central Bank (Iran) - Government Spokesman Office (Iran) - Office of the Supreme Leader (Iran) - President of the Islamic Republic of Iran - Fars News Agency - Islamic Republic of Iran Broadcasting (IRIB) - Forensic Research Center (Iran) - None,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of",ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA,State institutions / political system; Critical infrastructure - State institutions / political system - State institutions / political system - State institutions / political system - Media - Media - Science - State institutions / political system,"Other (e.g., embassies); Finance - Government / ministries - Government / ministries - Government / ministries -  -  -  - Civil service / administration",Anonymous,Not available,Non-state-group,Hacktivist(s),1,6237,2022-09-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Not available,Non-state-group,https://twitter.com/YourAnonSpider/status/1572337224536174593; https://twitter.com/YourAnonSpider/status/1572521377839874049/photo/1; https://twitter.com/YourAnonSpider/status/1572582347593363457; https://twitter.com/YourAnonSpider/status/1572713941448417280,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Endpoint Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,0,Moderate - high political importance,0.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/anonymous-takes-down-iranian-government-websites-amid-protests-following-death-of-mahsa-amini/; https://therecord.media/iran-shutters-mobile-networks-instagram-whatsapp-amid-protests/; https://twitter.com/YourAnonSpider/status/1572337224536174593; https://twitter.com/YourAnonSpider/status/1572521377839874049/photo/1; https://twitter.com/YourAnonSpider/status/1572582347593363457; https://twitter.com/YourAnonSpider/status/1572713941448417280; https://therecord.media/anonymous-takes-down-iranian-government-websites-amid-protests-following-death-of-mahsa-amini/; https://www.hackread.com/opiran-anonymous-iran-state-sites-cctv-camera-hack/; https://www.lefigaro.fr/international/iran-les-hackers-d-anonymous-prennent-part-a-la-protestation-20220928; https://twitter.com/Cyberwarzonecom/status/1577086623392493568; https://www.rferl.org/a/iran-central-bank-cyberattack-thwarted/32212160.html; https://therecord.media/irans-support-of-russia-draws-attention-of-pro-ukraine-hackers/; https://twitter.com/cahlberg/status/1612790331874877446,2022-09-22,2023-08-10
1501,Hackers linked to Iran's MOIS disrupted Albania's Total Information Managment System (TIMS) on 9 September 2022 and leaked internal information related to State Police,"HomeLand Justice, a front the US government suspects to be coordinated by Iran's Ministry of Intelligence and Security (MOIS), infiltrated the data storage and transmission systems of Albania's State Police on 9 September, according to a statement by Albania's Ministry of the Interior. The intrusion led to the temporary shutdown of the Total Information Management System (TIMS), which gathers information on the entries and exits of people and vehicles. Data obtained in the compromise was subsequently offered for sale. This operation follows the public attribution by Albania and NATO allies of an earlier cyber-operation, which had culminated in the disruption of Albanian government services on 15 July 2022, to Iranian state-sponsored hackers. On 19 September, HomeLand Justice disclosed email exchanges of former General Police Director Gledis Nano, including with foreign officials.
The group on subsequent occasions published what appeared to be internal information from systems operated by the Albanian State Police. A cache divulged on 3 October, contained the personal details of individuals suspected of crimes by the Albanian authorities, including photos, names, date of birth, and ID numbers. The origins of the leak remain unclear. The State Police has refuted reports about MEMEX, its system to collect information on investigations, being the source and maintained that the database had not been compromised. A local Albanian media outlet, referring to unnamed officials involved in the investigation, reported that an Albanian citizen enabled access to the data. On 10 October, the group released details of 300 police officers, including their names, photos, and other personal information. The provenance of this information has not been publicly ascertained.",2022-09-09,2022-10-10,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing,Gledis Nano - Albanian State Police,Albania; Albania,EUROPE; BALKANS; NATO; WBALKANS - EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system - State institutions / political system,Police - Police,Not available,"Iran, Islamic Republic of",State,,3,11602; 11603; 11604,2022-09-10 00:00:00; 2022-09-11 00:00:00; 2022-09-21 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,"Edi Rama (Prime Minister, ALB); National Security Council; Cybersecurity and Infrastructure Security Agency (CISA)",Not available; Not available; Not available,Albania; United States; United States,Not available; Not available; Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of",State; State; State,https://twitter.com/WHNSC/status/1568782751511486469?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1568782751511486469%7Ctwgr%5E66097bdaeec8ebc8a08689dfbb86d745b609563c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.dw.com%2Fen%2Falbania-once-again-the-target-of-cyberattacks-after-cutting-diplomatic-ties-with-iran-and-expelling-diplomats%2Fa-63146285; https://twitter.com/ediramaal/status/1568523932029919232; https://www.cisa.gov/uscert/ncas/alerts/aa22-264a,System / ideology,System/ideology; National power; Third-party intervention / third-party affection,Iran (opposition); Iran (opposition); Iran (Opposition),Yes / HIIK intensity,HIIK 4,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,8.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf; https://twitter.com/fr0gger_/status/1657974946113667072; https://socradar.io/mutation-effect-of-babuk-code-leakage-new-ransomware-variants/; https://research.checkpoint.com/2023/irans-most-advanced-cyber-attack-yet/; https://therecord.media/muddywater-cyber-espionage-africa-telecoms-iran; https://therecord.media/albanian-parliament-telecom-company-hit-by-cyberattacks; https://thehackernews.com/2023/12/albanian-parliament-and-one-albania.html; https://thehackernews.com/2024/01/pro-iranian-hacker-group-targeting.html; https://www.databreaches.net/gag-order-issued-to-stop-release-of-information-stolen-by-hackers/; https://www.dw.com/en/albania-once-again-the-target-of-cyberattacks-after-cutting-diplomatic-ties-with-iran-and-expelling-diplomats/a-63146285; https://twitter.com/WHNSC/status/1568782751511486469?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1568782751511486469%7Ctwgr%5E66097bdaeec8ebc8a08689dfbb86d745b609563c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.dw.com%2Fen%2Falbania-once-again-the-target-of-cyberattacks-after-cutting-diplomatic-ties-with-iran-and-expelling-diplomats%2Fa-63146285; https://twitter.com/ediramaal/status/1568523932029919232; https://edition.cnn.com/2022/09/10/politics/albania-cyberattack-iran/index.html; https://www.cisa.gov/uscert/ncas/alerts/aa22-264a; https://www.euractiv.com/section/digital/news/albanian-national-security-council-convenes-over-iran-cyber-attacks/; https://lajme.rtsh.al/artikull/sulmet-kibernetike-mbledhja-e-keshillit-te-sigurimit-kombetar-institucionet-raportojne-mbi-masat-e-marra-; https://dosja.al/politike/mbledhja-me-begajn-per-et-kibernetike-ibrahimaj-zbardh-biseden-me-d-i248361; https://dosja.al/politike/presidenti-mbledh-keshillin-e-sigurise-kombetare-rel-opozita-e-kishte-k-i248443; https://mb-gov-al.translate.goog/reagim-i-ministrise-se-brendshme-rikthehet-sistemi-tims-pas-sulmit-kibernetik/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp; https://www.balkanweb.com/sulmi-kibernetik-me-hakerat-iraniane-bashkepunoi-edhe-nje-shqiptar/; https://balkaninsight.com/2022/10/03/iranian-hackers-leak-database-of-albanian-criminal-suspects/; http://en.ata.gov.al/2022/10/03/state-police-memex-system-data-are-not-hacked/; https://www.euractiv.com/section/politics/news/hackers-continue-to-leak-data-from-albanian-intelligence-services/,2022-09-21,2024-01-29
1502,Iranian state-sponsored hackers disrupted Albanian government websites and essential services on 15 July 2022,"Iranian state-sponsored hackers shut down the websites of the Albanian Parliament and the Prime Minister’s office as well as access to the e-government platform e-Albania, according to a video statement by Albanian Prime Minister Edi Rama. Attackers encrypted and destroyed data enabling essential services and leaked government information, including elements from emails by the prime minister and the ministry of foreign affairs. 
Microsoft attributed the activity with high confidence to at least four Iranian politically motivated hacking groups. Technical reports by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) issued supporting findings, followed by statements of the US National Security Council and the UK Foreign Office condemning the attacks and identifying links to state sponsors in Iran. Reactions of the Foreign Office were founded on conclusions by the UK National Cyber Security Centre (NCSC) that Iranian state-sponsored ""almost certainly"" bore responsibility for the attacks. In a statement by the National Atlantic Council, NATO recognized this attribution of responsibility to Iran by allies. 
The cyber attack took place ahead of a People's Mojahedin Organization of Iran (MEK) summit originally planned for 23-24 July 2022 in Albania, which has been hosting core members of the group. The MEK forms part of the National Council of Resistance of Iran and is considered a terrorist group by Iran. 
The technical report of the FBI and CISA concluded that one of the Iranian threat actors gained access to the network of the Albanian government 14 months before initiating the disruptive effects on 15 July.",2021-05-01,2022-07-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by IT-security company; Incident disclosed by attacker; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state; Incident disclosed by authorities of victim state",Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,e-Albania - Albanian Government,Albania; Albania,EUROPE; BALKANS; NATO; WBALKANS - EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system - State institutions / political system,Civil service / administration - Government / ministries,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,6,17174; 17170; 17170; 17170; 17170; 17170; 17170; 17170; 17170; 17170; 17170; 17170; 17170; 17172; 17172; 17172; 17172; 17171; 17175; 17175; 17175; 17175; 17173; 17173,2022-09-07 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-09-08 00:00:00; 2022-08-04 00:00:00; 2022-08-04 00:00:00; 2022-08-04 00:00:00; 2022-08-04 00:00:00; 2022-09-08 00:00:00; 2022-09-07 00:00:00; 2022-09-07 00:00:00; 2022-09-07 00:00:00; 2022-09-07 00:00:00; 2022-09-21 00:00:00; 2022-09-21 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; IT-security community attributes attacker; Attacker confirms; Attribution by international organization; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,"Edi Rama (Prime Minister, ALB); Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Mandiant; Mandiant; Mandiant; Mandiant; North Atlantic Treaty Organization (NATO); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); National Security Council; National Security Council; Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI)",Not available; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Albania; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; ; United Kingdom; United States; United Kingdom; United States; United States; United States,"; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM; Scarred Manticore/Storm-0861 fka Dev-0861/ShroudedSnooper (Ministry of Intelligence of the Islamic Republic of Iran); Scarred Manticore/Storm-0861 fka Dev-0861/ShroudedSnooper (Ministry of Intelligence of the Islamic Republic of Iran); DEV-0166 (Intruding Divisor); DEV-0166 (Intruding Divisor); Storm-0133 fka DEV-0133/Lyceum/Hexane/Mysticdome/UNC1530/Chrono Kitten; Storm-0133 fka DEV-0133/Lyceum/Hexane/Mysticdome/UNC1530/Chrono Kitten; Storm-0842 fka DEV-0842/Dune/Banished Kitten; Storm-0842 fka DEV-0842/Dune/Banished Kitten; Ministry of Intelligence and Security (MOIS, Iran); Ministry of Intelligence and Security (MOIS, Iran); ; ; ; ; ; ; ; ; ; Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS); Homeland Justice < Storm-0842 fka Dev-0842Dune/Banished Kitten (MOIS)","Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State",https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/; https://www.nato.int/cps/en/natohq/official_texts_207156.htm; https://www.mandiant.com/resources/blog/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against?1=; https://www.kryeministria.al/en/newsroom/videomesazh-i-kryeministrit-edi-rama/; https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/07/statement-by-nsc-spokesperson-adrienne-watson-on-irans-cyberattack-against-albania/; https://www.gov.uk/government/news/uk-condemns-iran-for-reckless-cyber-attack-against-albania; https://www.cisa.gov/uscert/ncas/alerts/aa22-264a,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,Iran (opposition); Iran (opposition); Iran (Opposition),Yes / HIIK intensity,HIIK 4,5,2022-09-06 00:00:00; 2022-09-08 00:00:00; 2022-09-21 00:00:00; 2022-09-08 00:00:00; 2023-01-01 00:00:00,State Actors: Stabilizing measures; International organizations: Stabilizing measures; State Actors: Preventive measures; EU: Stabilizing measures; State Actors: Preventive measures,Statement by head of state/head of government (or executive official); Statement by secretary-general or similar; Awareness raising; Declaration of HR; Capacity building in third countries,Albania; NATO (region); United States; EU (region); United States,Albanian Government; North Atlantic Treaty Organization (NATO); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); High Representative of the European Union for Foreign Affairs and Security Policy,No,,Exploit Public-Facing Application,Data Exfiltration; Data Destruction; Data Encrypted for Impact,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),International telecommunication law; International peace; Sovereignty,; Prohibition of intervention; ,Not available,3,2022-09-07 00:00:00; 2022-09-09 00:00:00; 2022-12-02 00:00:00,"Peaceful means: Retorsion (International Law); Peaceful means: Retorsion (International Law); Other legal measures on national level (e.g. law enforcement investigations, arrests)",Severance of diplomatic relations; Economic sanctions; ,Albania; United States; Albania,Council of ministers; US Department of the Treasury; Tirana Prosecutor’s Office (ALB),,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://www.govinfosecurity.com/us-sends-cyber-team-to-aid-albanias-cyber-defenses-a-21523; https://www.cybercom.mil/Media/News/Article/3337717/committed-partners-in-cyberspace-following-cyberattack-us-conducts-first-defens/; https://twitter.com/Cyberwarzonecom/status/1639063487702880256; https://twitter.com/Dennis_Kipker/status/1639239711872122881; https://therecord.media/foreign-cyber-aid-state-department-congress; https://cyberscoop.com/fick-cyber-diplomats-embassies/; https://therecord.media/us-cyber-ambassador-fick-rsa-nato-russia-deterrence; https://cyberscoop.com/iranian-information-operations-hacking-microsoft-report/; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf; https://therecord.media/nakasone-cyber-strategy-section-702-hunt-forward-russia-ukraine-nato; https://socradar.io/mutation-effect-of-babuk-code-leakage-new-ransomware-variants/; https://www.jpost.com/breaking-news/article-716784; https://www.jpost.com/international/article-716605; https://www.jpost.com/international/article-716572; https://www.jpost.com/breaking-news/article-716539; https://therecord.media/icrc-ethical-guidelines-hacktivists; https://thehackernews.com/2023/11/iranian-cyber-espionage-group-targets.html; https://therecord.media/muddywater-cyber-espionage-africa-telecoms-iran; https://therecord.media/albanian-parliament-telecom-company-hit-by-cyberattacks; https://thehackernews.com/2023/12/albanian-parliament-and-one-albania.html; https://thehackernews.com/2024/01/pro-iranian-hacker-group-targeting.html; https://www.haberler.com/guncel/arnavutluk-istatistik-enstitusune-iran-destekli-siber-saldiri-suclamasi-16852778-haberi/; https://www.sondakika.com/guncel/haber-arnavutluk-iran-destekli-bir-grup-tarafindan-yapil-16852785/; https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/; https://www.nato.int/cps/en/natohq/official_texts_207156.htm; https://www.tiranatimes.com/?p=152748; https://www.mandiant.com/resources/blog/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against?1=; https://twitter.com/VZhora/status/1567601467284160512; https://www.kryeministria.al/en/newsroom/videomesazh-i-kryeministrit-edi-rama/; https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/08/readout-of-national-security-advisor-jake-sullivans-call-with-prime-minister-edi-rama-of-albania/; https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/07/statement-by-nsc-spokesperson-adrienne-watson-on-irans-cyberattack-against-albania/; https://www.gov.uk/government/news/uk-condemns-iran-for-reckless-cyber-attack-against-albania; https://www.bleepingcomputer.com/news/security/fbi-iranian-hackers-lurked-in-albania-s-govt-network-for-14-months/; https://www.securityweek.com/natos-team-albania-help-iran-alleged-cyberattack; https://www.cisa.gov/uscert/ncas/alerts/aa22-264a; https://www.securityweek.com/iranian-hackers-breached-albanian-government-one-year-disruptive-attacks; https://therecord.media/cisa-iranian-hackers-spent-14-months-in-albanian-govt-network-before-launching-ransomware/; https://www.consilium.europa.eu/en/press/press-releases/2022/09/08/cyber-attacks-declaration-by-the-high-representative-on-behalf-of-the-european-union-expressing-solidarity-with-albania-and-concern-following-the-july-malicious-cyber-activities/; https://abcnews.go.com/International/wireStory/albanian-staff-charged-negligence-cyberattack-94202825; https://www.euractiv.com/section/politics/news/five-albanian-state-it-staff-investigated-over-iran-hack/; https://socradar.io/dark-web-profile-apt42-iranian-cyber-espionage-group/; https://www.euractiv.com/section/politics/news/hackers-continue-to-leak-data-from-albanian-intelligence-services/; https://twitter.com/Dennis_Kipker/status/1603049563711062016; https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/; https://twitter.com/780thC/status/1618571785276100609; https://www.cisa.gov/uscert/ncas/alerts/aa22-264a; https://www.darkreading.com/attacks-breaches/iran-backed-actor-behind-cyberattack-charlie-hebdo-microsoft-says,2022-09-21,2024-02-15
1499,The website of the Bosnian parliament was hit by a cyberattack on the 9th of September,"A cyberattack, according to unofficial information Ransomware was involved, hit the website of the parliament of Bosnia & Herzegovina on 9th of September, the website is not accessible since then. The main server of the Parliamentary Assembly was shut down on the 10th of September in order to contain the cyber attack. ",2022-09-09,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Ransomware,Parliamentary Assembly (Bosnia & Herzegovina) ,Bosnia and Herzegovina,EUROPE; BALKANS; WBALKANS,State institutions / political system,Government / ministries,,Not available,Not available,,1,7214,NaT,Not available,Not available,Not available,Not available,Not available,,Not available,Not available,https://therecord.media/bosnia-and-herzegovina-investigating-alleged-ransomware-attack-on-parliament/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),Not available,1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://therecord.media/bosnia-and-herzegovina-investigating-alleged-ransomware-attack-on-parliament/,2022-09-20,2023-07-18
1500,Hacktivist group Guacamaya leaked 10 terabytes of data from military and police agencies of several Central and South American countries on 19 September 2022,"Repressive Forces: Hacktivist group Guacamaya released 10 terabytes of data from military and police agencies of Chile, El Salvador, Colombia, Peru and Mexico the hacktivists are accusing of damaging the environment and repressing the natives on behalf of the former ""invaders"", namely the former colonisers and the ""global North"". The hacktivists leaked the data on the 19th of September 2022 on the website Enlace Hacktivista, a website that publishes material from hackers, where they claimed responsibility for the leak. 

The data leaked from the Mexican Secretariat of National Defense contains references to the health of president Andres Manuel Lopez Obrador, insights into differences between the Secretariat of National Defense and the Navy, information on the surveillance of U.S. ambassador Ken Salazar and transcripts on narco-criminal operations, the revealment that the local police kidnapped 43 students and handed them over to be killed by a drug gang in 2014, general information on the cooperation between military and drug cartels, references to involvement of Russian security companies in the training of defense groups in opposition to the drug cartels, information on the military monitoring of journalists and activists.

The leaked data from the Colombian General Command of the Military Forces exposed identities and methods of Australian secret agents to fight international drug cartels like surveillance reports, phone taps and payroll records for Colombian law enforcement officers.

The leaked data from the Chilean Army Joint Chief's of Staff revealed cybersecurity strategies, communication interceptions, military spending, exposed the identities of 162 members of different security agencies and information on the migratory crisis in North Chile. ",2022-09-19,2022-09-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing,Joint Command of the Armed Forces of Peru (CCFFAA) - El Salvador’s Armed Forces - Peruvian Army - Chief of the Joint Chiefs of Defence (Chile) - General Command of the Armed Forces (Colombia) - National Civil Police (El Salvador) - Secretariat of National Defense (SEDENA; Mexico),Peru; El Salvador; Peru; Chile; Colombia; El Salvador; Mexico,SOUTHAM - CENTAM - SOUTHAM - SOUTHAM - SOUTHAM - CENTAM - ,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Military - Military - Military - Military - Military - Police - Government / ministries,Guacamaya,Central America (region),Non-state-group,Hacktivist(s),1,12408,2022-09-19 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Guacamaya,Not available,Central America (region),Guacamaya,Central America (region),Non-state-group,https://enlacehacktivista.org/comunicado_guacamaya4.txt,System / ideology,Not available,,Not available,,2,2022-09-30 00:00:00; 2022-09-23 00:00:00,State Actors: Stabilizing measures; State Actors: Executive reactions,Statement by head of state/head of government (or executive official); Resignation,Mexico; Chile,Andrés Manuel López Obrador (President; MEX); General Guillermo Paiva Hernández (Head of Joint Chiefs of Staff; CHL),No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,7.0,1-10,5.0,,0.0,euro,Not available,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,Not available,,https://twitter.com/AnonOpsSE/status/1625958482204676096; https://elpais.com/https:/elpais.com/mexico/2023-03-10/lopez-obrador-dice-que-el-ejercito-no-espio-con-pegasus-a-periodistas-y-activistas-sino-que-se-hizo-investigacion.html; https://elpais.com/https:/elpais.com/mexico/2023-04-18/lopez-obrador-acusa-al-pentagono-de-espionaje.html; https://english.elpais.com/international/2023-05-04/a-spy-balloon-a-letter-to-biden-and-the-specter-of-interventionism-lopez-obrador-briefing-brims-with-complaints-against-us.html; https://socradar.io/cyber-attacks-on-latin-american-governments/; https://gestion.pe/tecnologia/ransomware-los-activos-criticos-con-mas-riesgo-a-recibir-un-ciberataque-dirigido-ciberseguridad-palo-alto-networks-fortinet-noticia/; https://gestion.pe/tecnologia/ransomware-los-activos-criticos-con-mas-riesgo-a-recibir-un-ciberataque-dirigido-ciberseguridad-palo-alto-networks-fortinet-noticia/; https://www.cyberscoop.com/central-american-hacking-group-releases-emails/; https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-9/; https://www.defensa.cl/noticias/declaracion-publica/; https://www.securityweek.com/hack-puts-latin-american-security-agencies-edge; https://therecord.media/mexican-president-confirms-guacamaya-hack-targeting-regional-militaries/; https://twitter.com/cybersecboardrm/status/1576027241015873536; https://www.derstandard.at/story/2000139595413/cyberangriff-in-mexiko-hacker-stehlen-militaerunterlagen; https://www.databreaches.net/mexico-confirms-hack-of-military-records-presidents-health-information/; https://securityaffairs.co/wordpress/136497/data-breach/guacamaya-hacked-latam-countries.html; https://twitter.com/securityaffairs/status/1576242644476653573; https://twitter.com/cybersecboardrm/status/1576079035846762496; https://twitter.com/securityaffairs/status/1576663635899785216; https://www.heise.de/news/Mexikanische-Armee-steht-nach-Hackerangriff-nackt-da-7282860.html; https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/; https://chiletoday.cl/massive-hack-reveals-sensitive-chilean-defense-documents/; https://twitter.com/CarlosLoret/status/1575846901986959367; https://twitter.com/lopezdoriga/status/1575825911454236672?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1575825911454236672%7Ctwgr%5E478c23dc7edb20feea572b862f0db3a505be95b7%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww-therecord.recfut.com%2Fmexican-president-confirms-guacamaya-hack-targeting-regional-militaries%2F; https://latinus.us/2022/09/29/loret-capitulo-96/; https://www.reporteindigo.com/reporte/quienes-son-guacamaya-los-hacktivistas-detras-del-ataque-cibernetico-a-la-sedena/; https://therecord.media/mexican-president-confirms-guacamaya-hack-targeting-regional-militaries/; https://securityaffairs.co/wordpress/136497/hacking/guacamaya-hacked-latam-countries.html; https://twitter.com/securityaffairs/status/1576827459164831745; https://www.heise.de/news/Dienstag-Kim-Kardashin-zahlt-Strafe-Mexikanische-Armee-blossgestellt-7282925.html; https://www.heise.de/tp/features/Lateinamerika-Riesiges-Daten-Leak-durch-historische-Cyberattacke-7284158.html; https://english.elpais.com/international/2022-10-09/intercepted-frequencies-satellite-photos-and-intelligence-reports-documents-from-the-us-mexico-war-against-fentanyl.html; https://www.foxnews.com/world/mexican-government-hack-reveals-military-sold-arms-received-escort-cartels-report; https://english.elpais.com/international/2022-10-13/white-house-on-mexicos-defense-ministry-leaks-all-governments-are-vulnerable-to-being-hacked.html; https://www.smh.com.au/national/enter-the-dragonfruit-drugs-gold-and-the-data-hack-revealing-the-fight-to-stop-cartel-20221004-p5bmzj.html; https://www.databreaches.net/australian-police-secret-agents-exposed-in-colombian-data-leak-by-guacamaya/; https://www.bleepingcomputer.com/news/security/australian-police-secret-agents-exposed-in-colombian-data-leak/; https://english.elpais.com/international/2022-10-13/white-house-on-mexicos-defense-ministry-leaks-all-governments-are-vulnerable-to-being-hacked.html; https://twitter.com/Dennis_Kipker/status/1581949719261368321; https://english.elpais.com/international/2022-10-18/mexicos-defense-ministry-leaks-highlight-blowback-effect-of-hacking.html; https://www.washingtonpost.com/world/2022/10/21/mexico-border-china-technology/; https://www.smh.com.au/national/secret-agents-targeting-drug-cartels-in-australia-exposed-in-data-hack-20221004-p5bmzg.html; https://www.reuters.com/world/americas/mexico-president-backs-defense-ministrys-refusal-account-massive-data-leak-2022-10-18/; https://enlacehacktivista.org/comunicado_guacamaya4.txt; https://enlacehacktivista.org/index.php?title=Fuerzas_Represivas; https://therecord.media/guacamaya-leaks-spark-debate-about-militarization-spyware-but-no-accountability/; https://twitter.com/cahlberg/status/1606143773167288321; https://www.eff.org/deeplinks/2022/12/hacking-governments-and-government-hacking-latin-america-2022-year-review; https://en.mercopress.com/2022/09/23/chile-s-top-general-resigns-over-intel-leak; https://therecord.media/mexican-president-confirms-guacamaya-hack-targeting-regional-militaries/; https://www.cyberscoop.com/guacamaya-hacktivist-group-latin-america-interview/,2022-09-20,2023-08-17
1496,North Korean Lazarus Group hijacked media companies with a trojanized PuTTY utility in 2022,"North Korean Lazarus Group hijacked media companies with a trojanized PuTTY utility, that led to the deployment of the AIRDRY.V2 backdoor, since June 2022, according to a technical report by Mandiant. 
The IT-company Mandiant further states that this is an extention of Operation Dream Job, in which state-sponsored North Korean hacking group Lazarus targeted especially Israeli entities in the government and defense sector. ",2022-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Not available,,Media,,UNC4034,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,7215,2022-09-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,UNC4034,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing; https://www.clearskysec.com/operation-dream-job/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,,,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.bleepingcomputer.com/news/security/hackers-trojanize-putty-ssh-client-to-backdoor-media-company/; https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing; https://www.clearskysec.com/operation-dream-job/; https://securityaffairs.co/wordpress/135831/malware/north-korea-linked-apt-backdoored-putty.html; https://thehackernews.com/2022/09/north-korean-hackers-spreading.html; https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-macos-malware-via-cryptocom-job-offers/; https://thehackernews.com/2022/09/north-koreas-lazarus-hackers-targeting.html,2022-09-16,2023-12-08
1493,"Ten Iranians and two Iranian companies engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims since October 2020","Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nickaein Raviri “engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims."" 
The U.S. government on Wednesday announced wide-ranging punitive actions against ten Iranians and two Iranian companies — including sanctions, indictments and multiple $10 million rewards.",2020-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse; Ransomware,Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Canada; Israel; Australia; United Kingdom; Iran, Islamic Republic of; Middle East (region); United States",NATO; NORTHAM - ASIA; MENA; MEA - OC - EUROPE; NATO; NORTHEU - ASIA; MENA; MEA -  - NATO; NORTHAM,Unknown - Unknown - Unknown - Unknown - Unknown - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure," -  -  -  -  - Government / ministries; Telecommunications; ; ; Military; Other (e.g., embassies); Energy - Government / ministries; Telecommunications; ; ; Military; Civil service / administration; Other (e.g., embassies); Transportation; Health; Energy","Mansour Ahmadi, aka Mansur Ahamdi (Najee Technology Hooshmand Fater LLC); Ahmad Khatibi Aghda, aka Ahmad Khatibi (Afkar System Yazd Company); Amir Hossein Nickaein Ravari, aka Amir Hossein Nikaeen, aka Amir Hossein Nickaein, aka Amir Nikayin","Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",4,12412; 12412; 12412; 12410; 12410; 12410; 12410; 12410; 12410; 12410; 12410; 12410; 12410; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12409; 12411; 12411; 12411; 12411; 12411; 12411; 12411; 12411,2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00; 2022-09-14 00:00:00,"Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Secureworks; Secureworks; Secureworks; Secureworks; Secureworks; Secureworks; Secureworks; Secureworks,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; ; ; ; ; ; ; ; ,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,"Mansour Ahmadi, aka Mansur Ahamdi (Najee Technology Hooshmand Fater LLC); Ahmad Khatibi Aghda, aka Ahmad Khatibi (Afkar System Yazd Company); Amir Hossein Nickaein Ravari, aka Amir Hossein Nikaeen, aka Amir Hossein Nickaein, aka Amir Nikayin; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Ali Agha-Ahmadi (Ali Ahmadi); Mohammad Agha Ahmadi (Mohammad Ahmadi); Mo’in Mahdavi (Mahdavi); Aliakbar Rashidi-Barjini (Rashidi); Amir Hossein Nikaeen Ravari (Nikaeen); Mostafa Haji Hosseini (Mostafa); Mojtaba Haji Hosseini (Mojtaba); Mohammad Shakeri-Ashtijeh (Shakeri); Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC < COBALT MIRAGE; Najee Technology Hooshmand Fater LLC < COBALT MIRAGE; Afkar System Yazd Company < COBALT MIRAGE; Afkar System Yazd Company < COBALT MIRAGE; Secnerd < COBALT MIRAGE; Secnerd < COBALT MIRAGE; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps","Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/nj-22541-indictmentaugust102022.pdf; https://www.state.gov/sanctioning-iranians-for-malicious-cyber-acts/; https://www.justice.gov/opa/pr/three-iranian-nationals-charged-engaging-computer-intrusions-and-ransomware-style-extortion; https://home.treasury.gov/news/press-releases/jy0948; https://www.cisa.gov/uscert/ncas/alerts/aa22-257a,Other,Unknown,,Unknown,,1,2022-09-14 00:00:00,State Actors: Stabilizing measures,Statement by minister of foreign affairs (or spokesperson),United States,U.S. Department of State,No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,0,Moderate - high political importance,3.0,Low,6.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,,1,2022-09-14 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,United States,US Department of the Treasury,Due diligence,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://www.securityweek.com/us-indicts-iranians-who-hacked-power-company-womens-shelter; https://www.rferl.org/a/us-accuses-iranians-cyberattacks-sanctions/32033983.html; https://www.bleepingcomputer.com/news/security/us-govt-sanctions-ten-iranians-linked-to-ransomware-attacks/; https://therecord.media/u-s-govt-unveils-sanctions-charges-bounties-on-iranian-ransomware-actors/; https://www.cyberscoop.com/sweeping-action-against-iranian-hackers/; https://www.databreaches.net/three-iranian-nationals-charged-with-engaging-in-computer-intrusions-and-ransomware-style-extortion-against-u-s-critical-infrastructure-providers/; https://www.govinfosecurity.com/us-indicts-sanctions-3-iranian-nationals-for-ransomware-a-20063; https://www.jpost.com/breaking-news/article-717171; https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/nj-22541-indictmentaugust102022.pdf; https://www.state.gov/sanctioning-iranians-for-malicious-cyber-acts/; https://www.justice.gov/opa/pr/three-iranian-nationals-charged-engaging-computer-intrusions-and-ransomware-style-extortion; https://home.treasury.gov/news/press-releases/jy0948; https://www.cisa.gov/uscert/ncas/alerts/aa22-257a; https://www.securityweek.com/us-uk-canada-and-australia-link-iranian-government-agency-ransomware-attacks; https://thehackernews.com/2022/09/us-charges-3-iranian-hackers-and.html; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-16th-2022-iranian-sanctions/; https://www.secureworks.com/blog/opsec-mistakes-reveal-cobalt-mirage-threat-actors; https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/,2022-09-15,2023-10-31
1491,North Korean state-sponsored hackers use Maui ransomware against US Health Sector since May 2021,"North Korean state-sponsored hackers use Maui ransomware against targets from the US Health Sector since May 2021 for financial gains according to US Cybersecurity and Infrastructure Security Agency.
Kaspersky revisited the incident and came to the conclusion that the incident began on 15.04.2021 and that Japan and India were also affected. ",2021-04-15,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Not available - Not available - Not available,Japan; India; United States,ASIA; SCS; NEA - ASIA; SASIA; SCO - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Not available - Critical infrastructure, -  - Health,,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,7223; 7223; 7223; 7224,2022-07-06 00:00:00; 2022-07-06 00:00:00; 2022-07-06 00:00:00; 2022-08-09 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,Cybersecurity and Infrastructure Security Agency (CISA); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Federal Bureau of Investigation (FBI); Kaspersky,Not available; Not available; Not available; ,United States; United States; United States; Russia,"; ; ; Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.cisa.gov/uscert/ncas/alerts/aa22-187a; https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/; https://securelist.com/apt-trends-report-q3-2022/107787/,Other,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Encrypted for Impact,Not available,False,,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,10.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,,,,,Human rights,Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/StateCDP/status/1623746020180910080; https://cyberscoop.com/north-korea-ransomware-hospital/; https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://twitter.com/Cyberknow20/status/1623789450663972864; https://twitter.com/cybersecboardrm/status/1623802230930300929; https://securityaffairs.com/142090/breaking-news/north-korea-hackers-ransomware.html; https://www.bleepingcomputer.com/news/security/north-korean-ransomware-attacks-on-healthcare-fund-govt-operations/; https://twitter.com/CISAJen/status/1623834199152001024; https://www.malwarebytes.com/blog/news/2023/02/cisa-issues-alert-with-south-korean-government-about-dprks-ransomware-antics; https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://www.govinfosecurity.com/fbi-warns-cyberthreats-to-legacy-medical-devices-a-20066; https://www.cisa.gov/uscert/ncas/alerts/aa22-187a; https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/; https://securelist.com/apt-trends-report-q3-2022/107787/; https://thehackernews.com/2022/12/2022-top-five-immediate-threats-in.html,2022-09-15,2023-06-15
1495,Hacker group SparklingGoblin compromised multiple servers of a Hong Kong University since February 2021,"Hacker group SparklingGoblin used the Linux version of the SideWalk backdoor to compromise multiple servers of a Hong Kong University since February 2021, IT-Company ESET reports with ""high confidence"".
Sparkling Goblin targeted the same Hong Kong University in May 2020 during student protests. 
ESET considers SparklingGoblin to be different from the chinese state-sponsored umbrella group Winnti Group but connected. ",2021-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by IT-security company,Hijacking without Misuse,The University of Hong Kong ,Hong Kong,ASIA,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,SparklingGoblin / Earth Baku,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,10756,2022-09-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,SparklingGoblin / Earth Baku,China,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/; https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,,,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,Not available,Not available,11-50,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://thehackernews.com/2022/09/sparklinggoblin-apt-hackers-using-new.html; https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/; https://securityaffairs.co/wordpress/135736/malware/sparklinggoblin-sidewalk-variant.html; https://www.darkreading.com/attacks-breaches/sparklinggoblin-updates-linux-version-of-sidewalk-backdoor-cyber-campaign; https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/; https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/; https://www.welivesecurity.com/videos/sparklinggoblin-apt-new-linux-backdoor-week-security-special/,2022-09-15,2023-09-22
1494,"Between February and July 2022, the North Korean group Lazarus targeted organizations, including energy service providers worldwide","According to a report by Cisco Talos, the North Korean state-sponsored APT Lazarus Group targeted organizations, particularly energy providers, from around the world, primarily in Canada, the U.S. and Japan, in a new campaign conducted between February and July 2022. For this, vulnerabilities in VMWare Horizon were exploited to gain long-term access to networks and then exfiltrate data.",2022-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,United States; Japan; Canada; Global (region),NATO; NORTHAM - ASIA; SCS; NEA - NATO; NORTHAM - ,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Energy - Energy - Energy - Energy,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,7217; 7218,2022-09-08 00:00:00; 2022-07-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by receiver government / state entity,Cisco Talos Intelligence; Japan Computer Emergency Response Team Coordination Center (JPCERT/CC),; Not available,United States; Japan,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://blogs.jpcert.or.jp/en/2022/07/yamabot.html; https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,1.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/Cyber_O51NT/status/1639428701137035264; https://therecord.media/lazarus-new-malware-manageengine-open-source; https://www.techrepublic.com/article/lazarus-targets-energy-providers/; https://blogs.jpcert.or.jp/en/2022/07/yamabot.html; https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html; https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-are-weaponizing-open-source-software/; https://www.databreaches.net/authorities-name-north-korea-hacker-group-warn-of-attacks-on-japanese-crypto-assets/; https://blogs.jpcert.or.jp/en/2021/03/Lazarus_malware3.html,2022-09-15,2023-10-25
1468,Russian APT Gamaredon targeted Ukrainian organizations with infostealer in cyber operations,"The Russian state-sponsored APT Gamaredon aka Shuckworm targeted unnamed Ukrainian organizations from July 15 until at least August 8, 2022. It used an infostealer in order to spy on its targets, according to attributing IT-company Symantec. 
The Russian state-sponsored APT Gamaredon aka Shuckworm targeted Ukrainian government organizations once again since August 2022 with a new infostealer, according to the technical report of Cisco Talos.
The Russian state-sponsored APT Gamaredon attacks continued in September 2022 with various targets in Ukraine, including targeting Ukrainian government agencies which included defense and law enforcement agencies. The intention of the attacks by the bad actors appeared to be partly with the goal of data theft, and partly with the goal of increasing its offensive capabilities. IT specialists from Cisco Talos have analyzed the activity of the APT group and have observed that the hackers use phishing documents with malware, called Infostealer, which is embedded in computers to gain further access to the networks. The malware provides the hackers the ability to exfiltrate files and ""deploy binary and script-based payloads to infected end devices."" The APT threat actors are known to specifically and exclusively target Ukrainian targets. It is suspected that the threat actors first gain access to computers via Office documents.",2022-07-15,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,7225; 7226,2022-08-15 00:00:00; 2022-09-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Symantec; Cisco Talos Intelligence,,United States; United States,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea); Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm; https://cert.gov.ua/article/971405; https://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,,Not available,0,,Not available,,Not available,Not available,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"https://www.bleepingcomputer.com/news/security/russian-hackers-use-powershell-usb-malware-to-drop-backdoors/; https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q2-2023-threat-report; https://www.techrepublic.com/article/russias-shuckworm-cyber-group-launching-ongoing-attacks-on-ukraine/; https://www.bleepingcomputer.com/news/security/russian-hackers-target-ukraine-with-default-word-template-hijacker/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm; https://cert.gov.ua/article/971405; https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-info-stealer-malware-against-ukrainian-orgs/; https://securityaffairs.co/wordpress/135780/apt/gamaredon-new-stealing-malware.html; https://therecord.media/notorious-russian-hacking-group-uses-a-new-tool-against-ukraine-orgs-researchers-say/; https://thehackernews.com/2022/09/russian-gamaredon-hackers-target.html; https://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html; https://www.computerworld.pl/news/Hakerzy-z-grupy-Gamaredon-APT-atakuja-ukrainskie-agencje-rzadowe,441401.html; https://www.securitylab.ru/news/533932.php; https://thehackernews.com/2023/01/new-research-delves-into-world-of.html; https://securityaffairs.com/141752/malware/apt-gamaredon-attacks.html; https://twitter.com/Dennis_Kipker/status/1621467787326590977; https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html",2022-09-08,2023-06-16
483,Turkish Ajan attack on US Air Force Culture Center,Turkish hackers deface the webpage of the US Air Force Culture and Language Center and leak personal data of soldiers.,2013-07-02,2013-07-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Military,Turkish Ajan,Turkey,Non-state-group,Hacktivist(s),1,584,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turkish Ajan,Turkey,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/us-air-force-culture-language-hacked-leaked/,2022-08-15,2022-11-02
489,LulzSecPeru vs. Peruvian Government 2013,LulzSec Peru defaces me in Peruvian government portal and dumps personal and login data in response to the NSA scandal.,2013-07-15,2013-07-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Peru,SOUTHAM,State institutions / political system,Civil service / administration,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),1,590,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/lulzsecperu-hacks-leaks-portal-nsa/,2022-08-15,2022-11-02
482,SEA vs. Israel,Israeli Defense Forces official Blog Hacked by Syrian Electronic Army,2013-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Military,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,582; 583,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,System / ideology; Territory; Resources,System/ideology; Territory; Resources,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/syrian-electronic-army-hacks-israeli-defense-forces-blog/; https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
481,RedHack vs. Istanbul Part II,"Turkish hackergroup RedHack hacks into the Istanbul Administration website, claims to have erased citizens' utility debts to government.",2013-06-28,2013-06-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Civil service / administration,RedHack,Turkey,Non-state-group,Hacktivist(s),1,581,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/RedHack-Breaches-Istanbul-Administration-Site-Hackers-Claim-to-Have-Erased-Debts-364000.shtml,2022-08-15,2022-11-02
484,RedHack vs. Turkish Directorate of religous affairs,Turkish hackergroup RedHack defaces webpage of the Turkish Directorate of Religious Affairs to protest the government's religion policies.,2013-07-03,2013-07-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,RedHack,Turkey,Non-state-group,Hacktivist(s),1,585,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Turkey-s-Ministry-of-Religious-Affairs-Hacked-by-RedHack-365149.shtml,2022-08-15,2022-11-02
485,Turkish Hackers Uyghur Support,Turkish hackers deface 33 Chinese government websites to protest the killing of Uyghur Muslims in China.,2013-07-04,2013-07-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system,Government / ministries,Bozkurt; De4THBLoW,Turkey; Turkey,Non-state-group; Non-state-group,Religious actors; Religious actors,1,586; 586,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Bozkurt; De4THBLoW,Turkey; Turkey,Non-state-group; Non-state-group,,System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/33-chinese-govt-sites-hacked-turkish-hacker/,2022-08-15,2022-11-02
486,Anonymous Jordan vs. Egyptian Government,Egyptian government websites are defaced by Anonymous Jordan in solidarity with anti-government protesters.,2013-07-07,2013-07-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Egypt,MENA; MEA; AFRICA; NAF,State institutions / political system,Government / ministries,Anonymous,Jordan,Non-state-group,Hacktivist(s),1,587,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Jordan,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/egyptian-ministry-sites-hacked-anonymous-jordan/,2022-08-15,2022-11-02
487,H4x0rHuSsy vs. Government of Goan,The Indian government makes Pakistani hackers responsible for the defacement of several regional government websites.,2013-07-10,2013-07-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,H4x0rHuSsy,Pakistan,Non-state-group,Criminal(s),1,588,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,H4x0rHuSsy,Pakistan,Non-state-group,,International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/india-pins-cyberattacks-on-pakistani-hackers/,2022-08-15,2022-11-02
488,Afghan Cyber Army attack on Pakistan,"Afghan hackers deface six Pakistani government websites, leaving messages that accuse Pakistan of having orchestrated a suicide bombing in Kabul.",2013-07-11,2013-07-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Afghan Cyber Army,Afghanistan,Non-state-group,Hacktivist(s),1,589,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Afghan Cyber Army,Afghanistan,Non-state-group,,System / ideology; International power,Territory; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/afghan-cyber-army-hacks-pakistani-ministry-sites/,2022-08-15,2022-11-02
493,Anonymous vs. Nauru,"Hacker group Anonymous brings down Nauruan government websites and main internet provider in solidarity with a riot at an Australian refugee camp on the island. Government has to be ""shut down"" for over four hours.",2013-07-22,2013-07-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Nauru,OC,State institutions / political system; Critical infrastructure,Government / ministries; Telecommunications,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,595,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2013/jul/22/anonymous-responsibility-nauruan-government-attack,2022-08-15,2022-11-02
490,"SyrianElectronicArmy vs. Truecaller, Tango & Viber","SEA hacked the Swedish site Truecaller, home to the world's largest online telephone directory, with over a billion phone numbers in over 100 countries. SEA claimed this attack also gave it accesscodes to more than a million Facebook, Twitter, LinkedIn, and Gmailaccounts. Other targets of this campaign were the free online calling application Viber as well as the textmessaging service Tango.",2013-07-16,2013-07-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,Sweden,EUROPE; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,Syrian Electronic Army,Syria,Unknown - not attributed,,2,591; 592,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,Unknown - not attributed; Non-state-group,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
491,Anonymous vs. FEMA,Hacker collective Anonymous hacks into the database of the Federal Emergency Management Agency (FEMA) and allegedly obtains login data of government employees.,2013-07-17,2013-07-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,593,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.pri.org/stories/2013-07-17/fema-hacked-anonymous-hacks-us-server-defense-snowden-and-government-transparency,2022-08-15,2022-12-29
492,Defacement of Transport Authority,Saudi hackers deface the page of the United Arab Emirate's National Transport Authority and leave a message accusing the ARE and Qatar of cooperating with Iran and the USA.,2013-07-20,2013-07-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United Arab Emirates,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,,Saudi Arabia,Non-state-group,Hacktivist(s),1,594,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Saudi Arabia,Non-state-group,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/national-transport-authority-uae-hacked/,2022-08-15,2022-11-02
479,Operation Dark Seoul 2013 part II,"North Korea launches DDoS attacks against South Korea, hitting the websites of the president’s office, National Intelligence Service, the ruling party's website and local newspapers. Data of over 40000 US troops and two million workers of South Korea's ruling party are leaked.",2013-06-25,2013-06-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Data theft & Doxing; Disruption,None - Saenuri Party,"United States; Korea, Republic of",NATO; NORTHAM - ASIA; SCS; NEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Political parties;  - Political parties; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State,,3,16708; 16708; 16707; 16707; 16709; 16709,2013-08-01 00:00:00; 2013-08-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Media-based attribution; Media-based attribution; IT-security community attributes attacker; IT-security community attributes attacker,National Intelligence Service (South Korea); National Intelligence Service (South Korea); ; ; Korea Internet & Security Agency; Korea Internet & Security Agency,Not available; Not available; Not available; Not available; ; ,"Korea, Republic of; Korea, Republic of; ; ; Korea, Republic of; Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","State; State; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.bbc.com/news/world-asia-23324172(falseflagVersuchdurchAnonymous-Attribution),System / ideology; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://twitter.com/securityaffairs/status/1661438436912295936; https://twitter.com/securityaffairs/status/1661671109014564864; https://home.treasury.gov/news/press-releases/jy1498; https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/; https://www.bbc.com/news/world-asia-23324172(falseflagVersuchdurchAnonymous-Attribution); https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/,2022-08-15,2024-02-23
494,Reuters Hack-Syrian Electronic Army,The Reuters Twitter Account was hacked by the Syrian Electronic Army and broadcasted false tweets for a few hours,2013-07-29,2013-07-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Canada,NATO; NORTHAM,Media,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,596,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,https://www.theatlantic.com/technology/archive/2013/07/thomson-reuters-apparently-latest-pro-assad-twitter-hack-victim/312749/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theatlantic.com/technology/archive/2013/07/thomson-reuters-apparently-latest-pro-assad-twitter-hack-victim/312749/,2022-08-15,2022-11-02
495,SEA vs. White House,"Syrian hackers gain access to three White House E-Mail accounts, send phishing mails to other employees.",2013-07-29,2013-07-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,598; 597,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; http://www.ehackingnews.com/2013/07/whitehouse-email-hacked.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
496,Cyber Jihad in Indonesia,"Bangladeshi hackers deface Indonesian commercial and public webpages, in retaliation against small attacks from Indonesia against Bangladeshi sites.",2013-07-30,2013-07-30,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Indonesia,ASIA; SCS; SEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Religious actors,1,599,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.theregister.co.uk/2013/07/30/cyber_war_erupts_between_indonesia_and_bangladesh/,2022-08-15,2022-11-02
497,Making the Dalai Lama a Watering hole,A prominent computer security firm warned that the Dalai Lama’s Chinese-language website has been hacked and is infecting visitors’ computers with viruses in what may to be an effort to spy on human rights activists who frequently visit the site.,2013-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Ethnic,,Unknown,Unknown - not attributed,,1,600,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,http://www.bbc.com/news/technology-23680686,System / ideology; Autonomy; Territory; Subnational predominance,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/net-us-tibet-cyberattack/dalai-lamas-china-site-hacked-infects-others-expert-idUSBRE97B0QU20130812?feedType=RSS&feedName=worldNews; http://www.bbc.com/news/technology-23680686,2022-08-15,2022-11-02
480,Operation Armageddon by GamaredonGroup,"“Operation Armageddon,” active since at least mid-2013, exposes a cyberespionage campaign devised to provide a military advantage to Russian leadership by targeting Ukrainian government, law enforcement, and military officials. The Group has been later dubbed ""Gamaredon"" and seems to be sponsored by or the same as the 16th and 18th center of the FSB.",2013-06-26,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Military; Police; Political parties,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia,State; State,,2,580; 580; 579; 579,2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,; ; ; ,; ; ; ,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia; Russia; Russia,State; State; State; State,https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf; https://lookingglasscyber.com/blog/threat-intelligence-insights/operation-armageddon-cyber-espionage-as-a-strategic-component-of-russian-modern-warfare/,System / ideology; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf; https://lookingglasscyber.com/blog/threat-intelligence-insights/operation-armageddon-cyber-espionage-as-a-strategic-component-of-russian-modern-warfare/; https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf; https://securityaffairs.co/wordpress/129859/apt/armageddon-apt-targets-ukrainian-state-orgs.html; https://tarnkappe.info/artikel/hacking/ukraine-warnt-vor-cyber-angriffen-auf-den-telegram-messenger-219440.html; https://www.bleepingcomputer.com/news/security/russian-state-hackers-hit-ukraine-with-new-malware-variants/; https://blogs.blackberry.com/en/2022/11/gamaredon-leverages-microsoft-office-docs-to-target-ukraine-government,2022-08-15,2022-12-12
475,SEA vs. Turkish Government,Hackergroup Syrian Electronic Army downs Turkish government websites and allegedly obtains personal information on PM staffers. Private e-mail addresses are leaked.,2013-06-05,2013-06-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing; Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,571; 572,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-Turkish-Ministry-of-Interior-358599.shtml; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html,2022-08-15,2022-11-02
478,Anonymous vs. Swaziland,Hacker collective Anonymous Africa takes down government websites of Swaziland and Zimbabwe for alleged crimes against democracy.,2013-06-24,2013-06-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,Swaziland; Zimbabwe,AFRICA; SSA - AFRICA; SSA,State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,575,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Anonymous-Africa-Attacks-Swaziland-Government-Zimbabwe-Ministry-of-Defence-363029.shtml,2022-08-15,2022-11-02
468,Counter DDOS against Taiwan,Phillipino hackers launch DDoS attacks against Taiwanese government websites in response to Taiwanese hacking attacks.,2013-05-13,2013-05-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Taiwan,ASIA; SCS,State institutions / political system,Government / ministries,,Philippines,Unknown - not attributed,,1,564,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Philippines,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/DDOS-Attacks-Launched-by-Filipino-Hackers-Disrupt-Several-Taiwan-Government-Sites-352676.shtml,2022-08-15,2022-11-02
461,Anonymous vs. Gabon Part II,Hacker collective Anonymous takes down webpages of Gabonese government to protest ritual killings.,2013-04-19,2013-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Gabon,AFRICA; SSA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,556,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/OpGabon-Gabon-Ministry-of-Justice-Other-Government-Sites-Attacked-by-Anonymous-346887.shtml,2022-08-15,2022-11-02
462,AP Twitter Hack SEA,"Hackers of the Syrian Electronic Army prompt a 143-point fall in the Dow Jones industrial average after sending a message from the Twitter feed of the Associated Press, saying the White House had been hit by two explosions and that Barack Obama was injured. The fake tweet, which was immediately corrected by Associated Press employees, caused a sensation on Twitter and in the stock market. Later on, three Members of the SEA have been indicted for the attack by the US.",2013-04-23,2013-04-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,Media,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,557; 558,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Domestic legal action; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attribution by receiver government / state entity; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html; https://www.ap.org/ap-in-the-news/2016/us-indicts-3-it-ties-to-syrian-electronic-army-for-hacking,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/syrian-electronic-army-members-face-hacking-charges; https://www.washingtonpost.com/news/worldviews/wp/2013/04/23/syrian-hackers-claim-ap-hack-that-tipped-stock-market-by-136-billion-is-it-terrorism/?noredirect=on&utm_term=.b4388c4184ad; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html; https://www.ap.org/ap-in-the-news/2016/us-indicts-3-it-ties-to-syrian-electronic-army-for-hacking; https://www.theguardian.com/business/2013/apr/23/ap-tweet-hack-wall-street-freefall,2022-08-15,2022-11-02
463,Syrian Electronic Army vs. Guardian,"Syrian Electronic Army hackers capture twitteraccounts of the Guardian ,post pro-Assad messages.",2013-04-30,2013-04-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Media,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,559,2013-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested",https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.independent.co.uk/news/media/press/syrian-electronic-army-hackers-attack-guardian-twitter-accounts-8597629.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html,2022-08-15,2022-11-02
464,Australia Theft of Spy Headquarters,Chinese hackers have stolen the blueprints of a new multi-million-dollar Australian spy headquarters and other confidential information from the Australian Secret Intelligence Service.,2013-05-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,Australia,OC,State institutions / political system,Intelligence agencies,,China,Unknown - not attributed,,1,560,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-australia-hacking-idUSBRE94R02A20130528?feedType=RSS; https://www.theguardian.com/world/2013/may/28/china-asio-australian-spy-hq-hacking-claims,2022-08-15,2022-11-02
465,RedHack vs. Government of Istanbul,"Turkish hackergroup RedHack defaces webpage of the Government of Istanbul, leaves anti-government messages.",2013-05-06,2013-05-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,RedHack,Turkey,Non-state-group,Hacktivist(s),1,561,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,System / ideology; National power,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.ehackingnews.com/2013/05/istanbul-government-website-hacked-by.html,2022-08-15,2022-11-02
466,Anonymous attacks Romanias Authority for Qualifications,The website of Romania's National Authority for Qualifications is hacked and user and admin passwords are leaked. The website is later defaced by hackers of the hacker collective Anonymous.,2013-05-11,2013-05-11,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Romania,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system,Civil service / administration,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,562,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Romania-s-National-Authority-for-Qualifications-Hacked-User-Data-Leaked-352508.shtml,2022-08-15,2022-11-02
467,DDOS vs. Phillipines,"Taiwanese hackers launch DDoS attacks and deface Philippino websites, leak government data, in response to the Philippino coast guard opening fire on a Taiwanese vessel.",2013-05-13,2013-05-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,,Taiwan,Non-state-group,Hacktivist(s),1,563,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Taiwan,Non-state-group,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Filipino-Government-Sites-Attacked-After-Philippines-Refuses-to-Apologize-to-Taiwan-352522.shtml,2022-08-15,2022-11-02
469,Anonymous vs. Phillipine National Telecommunication,"Filipino hackers, affiliated with Anonymous, deface the website of the Philippines National Telecommunications Commission, urging the government to ""defend it s sovereignity against Malaysian airstrikes in Sabah.",2013-05-18,2013-05-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Anonymous,Philippines,Non-state-group,Hacktivist(s),1,565,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Philippines,Non-state-group,,National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Philippines-National-Telecommunications-Commission-Defaced-by-Anonymous-Hackers-338062.shtml,2022-08-15,2022-11-02
477,Anonymous vs. Phillipine President,Hacker collective Anonymous Philippines publishes unverified phone numbers of the Philippino President.,2013-06-15,2013-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Anonymous,Philippines,Non-state-group,Hacktivist(s),1,574,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Philippines,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Anonymous-Hacker-Leaks-Philippine-President-s-Phone-Numbers-361189.shtml,2022-08-15,2022-11-02
470,Syrian Electronic Army vs. Saudi Arabian Ministry of Defense,Hackers from Syrian Electronic Army known for their hard core support for Syrian President Bashar Ul Assad have claimed to have breached the Saudi Arabian Ministry of Defense Email system and as a result number of secret emails correspondence have been leaked online.,2013-05-19,2013-05-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,566,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,https://www.hackread.com/saudi-arabian-defense-ministry-mail-system-breached-secret-emails-leaked-by-syrian-electronic-army/; https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/saudi-arabian-defense-ministry-mail-system-breached-secret-emails-leaked-by-syrian-electronic-army/; https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
471,Op Saudi,"Saudi branch of Anonymous hacktivist has launched cyberattack on Saudi Government websites, the operation has been named as ""#Op Saudi"".",2013-05-25,2013-05-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system; State institutions / political system,Government / ministries; Civil service / administration,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,567,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.ehackingnews.com/2013/05/opsaudi-anonymous-launched-cyber-attack.html,2022-08-15,2022-11-02
472,HpHack vs. Syrian Ministry of Legal Affairs,Saudi hackergroup Hp-Hack defaces website of Syrian Ministry of Legal Affairs in support of anti-government protests.,2013-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,HpHack,Saudi Arabia,Non-state-group,Hacktivist(s),1,568,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,HpHack,Saudi Arabia,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Saudi-Arabian-Hackers-Breach-Syrian-Ministry-of-Legal-Affairs-Website-357738.shtml,2022-08-15,2022-11-02
473,Iran vs. USNavy,Iranian hackers enter non-classified navy computer systems.,2013-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Military,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,569,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.theverge.com/2013/9/27/4778400/us-officials-say-iranian-hackers-compromised-navy-computers,International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theverge.com/2014/2/18/5421636/us-navy-hack-by-iran-lasted-for-four-months-say-officials; https://www.theverge.com/2013/9/27/4778400/us-officials-say-iranian-hackers-compromised-navy-computers,2022-08-15,2022-11-02
474,Op Turkey,Turkish hackers take down two government websites in solidarity with anti-government protests.,2013-06-05,2013-06-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),1,570,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/turkish-govt-hacked-by-turk-hack-team/,2022-08-15,2022-11-02
499,Afghan Cyber Army attack on Pakistan Part II,Afghan hackers hack the webpage of the Pakistani National Database and Registration Authority in retaliation against airstrikes in Kunar and Jalalabad.,2013-08-03,2013-08-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Civil service / administration,Afghan Cyber Army,Afghanistan,Non-state-group,Hacktivist(s),1,602,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Afghan Cyber Army,Afghanistan,Non-state-group,,Territory,Territory; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.ehackingnews.com/2013/08/nadra-pk-hacked-by-afghan-hackers.html,2022-08-15,2022-11-02
476,Anonymous vs. Zimbabwe 2013,"Hacker collective Anonymous Africa attacks Zimbabwean Ministry of Defence, media outlets and South Africa's ANC to protest Robert Mugabe.",2013-06-14,2013-06-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,Zimbabwe; South Africa,AFRICA; SSA - AFRICA; SSA,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Political parties;  - Government / ministries; Political parties; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,573,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Anonymous-Africa-Attacks-African-National-Congress-Website-361073.shtml,2022-08-15,2023-03-13
498,Op Myanmar,Website of Myanmar's president experiences DDoS attack.,2013-08-02,2013-08-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Myanmar,ASIA; SEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,601,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Official-Website-of-Myanmar-President-s-Office-Disrupted-by-Anonymous-Hackers-372683.shtml; https://twitter.com/780thC/status/1621464181152141312; https://twitter.com/Cyber_O51NT/status/1621313406367309825,2022-08-15,2023-03-13
500,Hack of TwitterAccount of AEC,"Twitter account of the Australian Electoral Commission hacked, phishing messages sent.",2013-08-06,2013-08-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Australia,OC,State institutions / political system; State institutions / political system,Civil service / administration; Election infrastructure / related systems,,Unknown,Non-state-group,Criminal(s),1,603,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Twitter-Account-of-Australian-Electoral-Commission-Hacked-373292.shtml,2022-08-15,2022-11-02
459,Anonymous vs. North Korea,"Hacker collective Anonymous repeatedly hacks into North Korean propaganda websites and online accounts, posts pictures that mock Kim Jong Un.",2013-04-04,2013-04-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"Korea, Democratic People's Republic of",ASIA; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,554,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/anonymous-again-hacks-into-north-korean-web-sites/; https://arstechnica.com/information-technology/2013/04/anonymous-hackers-take-control-of-north-korean-propaganda-sites/,2022-08-15,2022-11-02
501,Anonymous vs. Gabon,"All government websites of Gabon are disrupted by hacktivists, as part of an offensive against the government.",2013-08-08,2013-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Gabon,AFRICA; SSA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,604,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/All-Gabon-Government-Websites-Disrupted-by-Anonymous-374149.shtml,2022-08-15,2022-11-02
524,Pak Mad Hunters deface Pakistani government Data,"Hackergroup PakMad Hunters defaces 18 Pakistani government websites to ""send a  message""to the government.",2013-10-19,2013-10-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Pak Mad Hunters,Pakistan,Non-state-group,Hacktivist(s),1,627,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Mad Hunters,Pakistan,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/18-Pakistani-Government-Sites-Taken-Offline-After-Being-Hacked-392680.shtml,2022-08-15,2022-11-02
525,Over-X vs. Algerian ministry of housing,"Algerian hacker Over-X hacks and defaces Algerian ministry of housing and urban planning over corruption and lack of housing, jobs.",2013-10-21,2013-10-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Algeria,AFRICA; NAF; MENA,State institutions / political system,Government / ministries,Over-X,Algeria,Individual hacker(s),,1,628,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Over-X,Algeria,Individual hacker(s),,System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Algeria-s-Ministry-of-Housing-and-Urban-Development-Hacked-392910.shtml,2022-08-15,2022-11-02
526,Dbuzz attacking Blog of US Embassy,Indonesian hacker hacks website of the US State Department.,2013-10-22,2013-10-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Dbuzz,Indonesia,Individual hacker(s),,1,629,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Dbuzz,Indonesia,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/dbuzz-hacks-us-embassy-website-blog/,2022-08-15,2022-11-02
527,TuNoVaTo attack on Paraguay National Police,"HackeTuNoVaTo defaces the website of Paraguay's National police, leaving revolutionary, anti-government remarks.",2013-10-22,2013-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Paraguay,SOUTHAM,State institutions / political system,Police,TuNoVaTo,Paraguay,Non-state-group,Hacktivist(s),1,630,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,TuNoVaTo,Paraguay,Non-state-group,,System / ideology; National power,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Paraguay-s-National-Police-Hacked-and-Defaced-393322.shtml,2022-08-15,2022-11-02
528,Anonymous vs. Ukrainian Ministry of Foreign Affaris,Hacker collective leaks sensible data from the Ukranian Ministry of Foreign Affairs.,2013-10-23,2013-10-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,631,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Anonymous-Hacks-Ukraine-s-Ministry-of-Foreign-Affairs-Documents-Leaked-393521.shtml,2022-08-15,2023-03-13
529,Team HackingArgentino defaces Website of Argentinian Opposition Leader,"Hacktivists of Team HackingArgentino have breached and defaced the official website of Sergio Massa, the leader of the opposition in Argentina, leaving a message that he should keep his promises.",2013-10-27,2013-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Argentina,SOUTHAM,State institutions / political system; Social groups,Political parties; Political opposition / dissidents / expats,Team Hacking Argentino,Argentina,Non-state-group,Hacktivist(s),1,632,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Hacking Argentino,Argentina,Non-state-group,,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Argentinian-Opposition-Leader-Sergio-Massa-Hacked-394772.shtml,2022-08-15,2022-11-02
530,Syrian Electronic Army vs. Obama Campaign,"The Syrian ElectronicArmy announced that it had compromised the emailaccounts of several staffmembers of Organizing For Action (OFA), a non-profit organization that also maintains the US President’s website. They also compromised the URL shortening service account that the President used to share links through socialmedia and redirected users to a videocalled “Syria Facing Terrorism”.",2013-10-27,2013-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing; Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,634; 633,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
531,Anonymous vs. Honduras 2013,"The official website of the Ministry of Industry and Trade in Honduras (sic.gob.hn) has been hacked by Anonymous hacktivists, who left anti-government statements.",2013-10-28,2013-10-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Honduras,CENTAM,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,635,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Honduras-Ministry-of-Industry-and-Trade-Hacked-394713.shtml,2022-08-15,2022-11-02
532,MoroccanGhosts vs. Nigerian Ministry of Defense,Hackers of the MoroccanGhosts collective have breached and defaced the official website of Nigeria’s Ministry of Defense (mod.gov.ng). The attack seems to be related to a territorial dispute over Western Sahara.,2013-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Nigeria,AFRICA; SSA,State institutions / political system,Government / ministries,Moroccan Ghosts,Morocco,Non-state-group,Hacktivist(s),1,636,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Ghosts,Morocco,Non-state-group,,National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Nigeria-s-Ministry-of-Defense-Hacked-by-Moroccan-Ghosts-396205.shtml,2022-08-15,2022-11-02
533,Blue Termite APT,"In October 2014, Kaspersky Lab began investigating the APT ""Blue Termite"", which mainly targets Japan. It has been active since at least November 2013 and has targeted hundreds of organisations, from government agencies to banks.",2013-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Japan,ASIA; SCS; NEA,State institutions / political system; Critical infrastructure; Media; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Government / ministries; Energy; ; Transportation; Health; Chemicals; Telecommunications; Food; Finance,Blue Termite/Cloudy Omega,China,Unknown - not attributed,,1,6605,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Blue Termite/Cloudy Omega,China,Unknown - not attributed,https://securelist.com/new-activity-of-the-blue-termite-APT /71876/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.securityweek.com/blue-termite-APT-targets-japanese-organizations; https://securelist.com/new-activity-of-the-blue-termite-APT /71876/,2022-08-15,2023-02-08
534,Bitten by Rats,Pakistan Government Officials Targeted with RATs in Cyber-Espionage Campaign,2013-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,638,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/pakistan-government-officials-targeted-with-rats-in-cyber-espionage-campaign-509529.shtml,2022-08-15,2022-11-02
535,Anonymous Ukraine vs. Estonia,The official website of Estonia’s Ministry of Defense (kaitseministeerium.ee) has been disrupted by hackers of Anonymous Ukraine in support of Ukrainian independence.,2013-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Estonia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Anonymous,Ukraine,Non-state-group,Hacktivist(s),1,639,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Ukraine,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Ukraine-Disrupts-Website-of-Estonia-s-Ministry-of-Defense-396183.shtml,2022-08-15,2023-03-13
536,RBG Homs and Silent Injector vs. Syrian government,"A group of hackers allegedly based in Syria have breached and defaced three Syrian government websites and a few hundred commercial websites. On the defaced pages, the hackers posted a Syrian flag, a video that depicts violence in Syria, and an anti-government message.",2013-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Syria,ASIA; MENA; MEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,RBG Homs; Silent Injector,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,640; 640,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,RBG Homs; Silent Injector,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Three-Government-Websites-from-Syria-Hacked-and-Defaced-396126.shtml,2022-08-15,2022-11-02
537,Anonymous vs. Cambodia,"The official website of the Cambodia Tribunal, or the Extraordinary Chambers in the Courts of Cambodia (ECCC.gov.kh), has been disrupted by hackers of Anonymous Cambodia. The hackers say they’ve targeted the ECCC because it has tried to silence victims of crimes against humanity.",2013-11-02,2013-11-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Cambodia,ASIA; SEA,State institutions / political system,Judiciary,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,641,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,System/ideology; National power; Resources,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Cambodia-Tribunal-Website-Disrupted-by-Anonymous-Hackers-396496.shtml,2022-08-15,2023-02-08
538,Anonymous Defaces Phillipine Pages,"A group of hackers claiming ties with international activist group Anonymous defaced Philippine government websites on Sunday, calling for support for a planned anti-corruption protest in congress this week.",2013-11-03,2013-11-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,642,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://uk.reuters.com/article/uk-philippines-hacking/hackers-deface-philippine-websites-back-anti-corruption-protest-idUKBRE9A204P20131103,2022-08-15,2022-11-02
539,OP Syria,"Anonymous hackers have leaked several files allegedly taken from the systems of the Syrian Customs, as part of Op Syria.",2013-11-04,2013-11-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,643,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Hackers-Leak-Data-Stolen-from-Syrian-Customs-Website-396729.shtml,2022-08-15,2022-11-02
540,Fake NATO Defacement,"Four Ukranian government websites are defaced, showing a message that they were hacked by the NATO's CCDCOE, while the NATO denies having executed the attack.",2013-11-04,2013-11-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system; State institutions / political system,Government / ministries; Legislative,,Unknown,Unknown - not attributed,,1,644,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Ukrainian-Government-Websites-Apparently-Hacked-by-NATO-396784.shtml,2022-08-15,2023-02-01
541,Anonymous vs. NATO CCDC,Anonymous Ukraine has disrupted the official website of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). The hackers kept the website offline for close to two hours in response to NATO hacking a number of Ukrainian government websites.,2013-11-07,2013-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,NATO (institutions),,International / supranational organization,,Anonymous Ukraine,Ukraine,Non-state-group,Hacktivist(s),1,645,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Ukraine,Ukraine,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Ukraine-Launches-DDOS-Attack-on-NATO-s-CCDCOE-Website-398063.shtml,2022-08-15,2022-11-02
542,BMPoC vs. Brazilian Military,"Hacker group BMPoC hacks and defaces 21 sub-domains of the Brazilian military, leaving anti-government statements.",2013-11-10,2013-11-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Brazil,SOUTHAM,State institutions / political system,Military,BMPoC,Unknown,Non-state-group,Hacktivist(s),1,646,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,BMPoC,Unknown,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/bmpoc-hacks-brazilian-military-domains/,2022-08-15,2022-11-02
523,Anonymus attack on various Venezuelean Government Pages,"Anonymous Venezuela hacks and defaces websites of police, military and leaves anti-government remarks.",2013-10-16,2013-10-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Venezuela,SOUTHAM,State institutions / political system; State institutions / political system,Military; Police,Anonymous,Venezuela,Non-state-group,Hacktivist(s),1,626,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Venezuela,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-defaces-venezuela-army-sites/,2022-08-15,2022-11-02
522,RedHack attack on Turkish Enterprises Website,"Hackergroup Red Hack defaced the Union of Public Turkish Enterprises' website, in protest against the Turkish government and police violence.",2013-10-15,2013-10-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,RedHack,Unknown,Non-state-group,Hacktivist(s),1,625,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Unknown,Non-state-group,,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Union-of-Turkish-Public-Enterprises-Hacked-by-RedHack-391160.shtml,2022-08-15,2022-11-02
521,Op GoldenDawn,Anonymous hacks Greek Ministry of Foreign Affairs and OSCE.,2013-10-14,2013-10-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,None - None,Greece; Organization for Security and Cooperation in Europe,EUROPE; NATO; EU(MS); BALKANS - ,State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization,Government / ministries;  - Government / ministries; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,624,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Leaks-3-700-Documents-Stolen-From-Greek-Government-and-OSCE-390752.shtml,2022-08-15,2022-11-02
510,Kimsuky vs. SouthKorea,North Korean hackers are suspected of launching a covert cyber-espionage campaign against the South Korean government in an attempt to steal highly classified intelligence on defence and security.,2013-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Government / ministries; ,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,613,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2013/sep/11/north-korean-hackers-cyber-espionage; https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html,2022-08-15,2023-04-26
502,DDOS against Egypt,"Several Egyptian government websites were hit by DDoS attacks, with the attackers showing solidarity with anti-government protesters.
Their targets were the websites of the National Bank of Egypt, the State Information Service, the Ministry of Foreign Affairs, the Supreme Constitutional Court of Egypt, the Ministry of Information, the Cabinet Information and Decision Support Centre and the Egyptian Armed Forces.",2013-07-14,2013-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,National Bank (Egypt),Egypt,MENA; MEA; AFRICA; NAF,State institutions / political system; Critical infrastructure,Government / ministries; Finance,,Unknown,Non-state-group,Hacktivist(s),1,6610,NaT,"Attribution given, type unclear",Media-based attribution,,Not available,,,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Several-Egyptian-Government-Sites-Disrupted-by-Hackers-as-Violence-Continues-375441.shtml,2022-08-15,2023-03-13
503,Hacker disrupt AlQaida Forums,Three Al-Qaida forums are disrupted by DDoS attacks from anonymous attackers.,2013-08-16,2013-08-19,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Unknown,,Social groups,Terrorist,,Unknown,Unknown - not attributed,,1,606,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Three-Major-Al-Qaida-Forums-Disrupted-by-DDOS-Attack-376443.shtml,2022-08-15,2022-11-02
504,Azerbaijan vs. Armenia August,An organization ran by Azerbaijani hackers known as ANTI-ARMENIA.ORG has hacked and defaced high profile Armenian government ministries websites.,2013-08-23,2013-08-23,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Armenia,ASIA; CENTAS; CSTO,State institutions / political system,Government / ministries,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),1,607,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anti-Armenia Team,Azerbaijan,Non-state-group,https://www.hackread.com/aateam-hacks-armenian-ministries-websites/,Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/aateam-hacks-armenian-ministries-websites/,2022-08-15,2022-11-02
505,DDOS vs. Pirate Party,Website of the German party Piratenpartei becomes victim of DDoS attack.,2013-08-25,2013-08-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Political parties,,Unknown,Unknown - not attributed,,1,608,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Pirate-Party-of-Germany-Targeted-with-DDOS-Attack-378080.shtml,2022-08-15,2022-11-02
506,China-DNS-Attack,The CINIC confirmed that China suffered a DDoS attack over the weekend causing the Internet inaccessibility for hours.,2013-08-25,2013-08-25,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure,Telecommunications,,Unknown,Unknown - not attributed,,1,609,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/17327/cyber-crime/chinas-hit-ddos-attack.html,2022-08-15,2022-11-02
507,Anonymous Support of Farmen Protest,Hackers deface page of Colombian regional government in support of farmers' protests.,2013-08-26,2013-08-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Colombia,SOUTHAM,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,610,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Resources,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Colombian-Government-Website-Hacked-in-Support-of-Boyaca-Protests-378237.shtml,2022-08-15,2022-11-02
508,Anonymous attack austrian MPS,Hacker group Anonymous Salzburg hacks the websites of four Austrian members of parliament.,2013-08-27,2013-08-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Austria,EUROPE; EU(MS); WESTEU,State institutions / political system,Political parties,Anonymous Salzburg,Austria,Non-state-group,Hacktivist(s),1,611,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Salzburg,Austria,Non-state-group,,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.vienna.at/anonymous-salzburg-hackte-abgeordneten-websites-verfassungsschutz-ermittelt/3682537,2022-08-15,2022-11-02
509,Operation Ghost-->The Dukes aka CozyBear aka APT29 - 2019,ESET discovered an espionage-campaign conducted by APT 29 against European ministries of foreign affairs from 2013 until at least october 2019. This rejects the hither to existing notion of them being in active since their intervention into the US elections 2016.,2013-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Europe (region),,State institutions / political system,Government / ministries,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,4802,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/,2022-08-15,2024-01-17
511,Anonymous attack on Mexican House of representatives,"Anonymous hackers have interrupted service of the Mexican House of Representatives' website and doxed personal data allegedly stolen from the Mexican state-owned petroleum company, in protest of privatization.",2013-09-02,2013-09-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Mexico,,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Legislative; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,614,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Mexico-s-House-of-Representatives-Attacked-by-Anonymous-Hackers-379826.shtml,2022-08-15,2022-11-02
520,LulzSecPeru Data leake age,"Hackinggroup LulzSec Peru gains root access to Venezuelan army computer, leaks confidential documents.",2013-10-09,2013-10-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Venezuela,SOUTHAM,State institutions / political system,Military,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),1,623,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,,System / ideology,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Hackers-of-LulzSec-Peru-Leak-Files-Allegedly-Stolen-from-Venezuelan-Army-389574.shtml,2022-08-15,2022-11-02
512,€Wagn3r leaks data of US Intelligence Officer,"Hacker publishes e-mail correspondence of US Intelligence Colonel, which shows that Syrian chemical weapon attack was staged.",2013-09-03,2013-09-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Military,€Wagn3r,Unknown,Individual hacker(s),,1,615,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,€Wagn3r,Unknown,Individual hacker(s),,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/hacked-email-us-chemical-attack/,2022-08-15,2022-11-02
513,Anonymous vs. Brazilian Airforce,"Hacker group Anonymous Brazil defaces website of Brazilian air force, calling for protest against the government.",2013-09-03,2013-09-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Brazil,SOUTHAM,State institutions / political system,Military,Anonymous,Brazil,Non-state-group,Hacktivist(s),1,616,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Brazil,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Brazilian-Air-Force-Website-Hacked-and-Defaced-by-Anonymous-380015.shtml,2022-08-15,2023-11-23
514,Shutdown of TollSystem,"Tollsystem of a tunnel in Haifa is shutdown by TrojanHorse, attackers unidentified.",2013-09-08,2013-10-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,Critical infrastructure,Transportation,,Unknown,Non-state-group,Hacktivist(s),1,617,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.haaretz.com/expert-haifa-tunnel-hit-by-cyberattack-1.5280642; https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/,2022-08-15,2022-11-02
515,Anonymous DDOS vs. Cambodia,"Over the past days, hackers of Anonymous Cambodia have launched distributed denial-of-service (DDOS) attacks against several local government websites in protest against the recent elections, which they call unfair.",2013-09-10,2013-09-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Cambodia,ASIA; SEA,State institutions / political system; State institutions / political system,Government / ministries; Political parties,Anonymous,Cambodia,Non-state-group,Hacktivist(s),1,618,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Cambodia,Non-state-group,,System / ideology; National power,System/ideology; National power; Resources,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Cambodia-Attacks-Government-Websites-Video-382780.shtml,2022-08-15,2022-11-02
516,Bangladesh Black HAT Hackers vs. India,"Private Indian websites are hacked, message against Indian border brutality against Bengalis is left.",2013-09-18,2013-09-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,Bangladesh BlackHAT Hackers,Bangladesh,Non-state-group,Ethnic actors,1,619,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh BlackHAT Hackers,Bangladesh,Non-state-group,,Subnational predominance; Territory,Subnational predominance,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/india-bangladesh-cyber-war-hacked/,2022-08-15,2023-01-04
517,Anonymous Cambodia vs. Cambodia Government,"Anonymous Cambodia hacks government websites and publishes state anti-corruption unit data and credit card details to protest against the government. The list of targets includes the Press and Quick Reaction Unit, the Ministry of Foreign Affairs, the Ministry of Economy and Finance, and the National Bank of Cambodia.",2013-09-27,2013-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Cambodia,ASIA; SEA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Finance; ,Anonymous,Cambodia,Non-state-group,Hacktivist(s),1,6608,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous,Cambodia,Non-state-group,,System / ideology; National power,System/ideology; National power; Resources,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Cambodia-Continues-Operations-Against-Government-386745.shtml,2022-08-15,2023-03-13
518,Free Kashmir Defacement,"Pakistani hackers deface over 20000 Indian websites, leaving messages that call for a free Kashmir.",2013-09-29,2013-09-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,Dr@cul@; Muhammad Bilal,Pakistan; Pakistan,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,621; 621,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Dr@cul@; Muhammad Bilal,Pakistan; Pakistan,Non-state-group; Non-state-group,,Secession,Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/pakistani-hackers-hack-20k-indian-sites/,2022-08-15,2022-11-02
519,OnionDog,"The HeliosTeam at 360 SkyEyeLabs recently revealed that a hackergroup named OnionDog has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet. According to big data correlation analysis, OnionDog's first activity can be traced back to October, 2013 and in the following two years it was only active between late July and early September.",2013-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,OnionDog,Unknown,Unknown - not attributed,,1,622,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OnionDog,Unknown,Unknown - not attributed,https://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html; https://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml,2022-08-15,2022-11-02
460,Anonymous attack on Israel (Holocaust Remebrance Day),"Anonymous attacks Israeli websites, twitter and bank accounts on Holocaust memorial day, to protest its policy towards Palestine. Israeli officials say that not much damage has been done.",2013-04-07,2013-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,Government / ministries; ; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,555,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Territory; International power,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theatlantic.com/international/archive/2013/04/anonymous-hits-israel-massive-cyber-attack-israel-attacks-back/316538/,2022-08-15,2022-11-02
457,Anonymous and RedHack Leak,"Hackers of Anonymous and RedHack published the personal details of more than 30,000 people, including politicians, government employees, military and police officials.",2013-03-23,2013-03-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Israel,ASIA; MENA; MEA,State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Military; Police,RedHack; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,550; 550,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,RedHack; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
458,Shutdown of Pakistan Electoral Commission,"Website of Pakistan's Electoral Commission Website is attacked, probably by""Russian and Asianhackers"", and inaccessable.",2013-03-29,2013-03-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Civil service / administration; Election infrastructure / related systems,Not available,India; Russia; Asia (region),Unknown - not attributed,,3,8552; 8552; 8552; 8551; 8551; 8551; 8553; 8553; 8553,NaT; NaT; NaT; NaT; NaT; NaT; NaT; NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Attribution given, type unclear; Attribution given, type unclear; Attribution given, type unclear",Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Media-based attribution; Media-based attribution; Media-based attribution; Contested attribution; Contested attribution; Contested attribution,; ; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,India; Russia; Asia (region); India; Russia; Asia (region); India; Russia; Asia (region),Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/massive-cyber-attack-on-election-commission-of-pakistan-servers-by-asian-russian-hackers/; https://advox.globalvoices.org/2013/04/01/cyber-attack-on-pakistans-electoral-commission-website/,2022-08-15,2023-03-23
391,Website of Al-Jazeera hacked,Al-Jazeera websites hacked,2012-09-05,2012-09-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Qatar,ASIA; MENA; MEA; GULFC,Media,,,Syria,Non-state-group,Hacktivist(s),1,472,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Syria,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://phys.org/news/2012-09-al-jazeera-websites-hacked.html,2022-08-15,2022-11-02
393,Anonymous vs. NTC Phillipines,ANONYMOUS BRINGS GOVERNMENT SITES OFFLINE IN PHILIPPINES,2012-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,474,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/anonymous-brings-government-sites-offline-philippines-petition-cybercrime-law-100112/77064/,2022-08-15,2022-11-02
394,Kosova Hacker’s Security vs. Us_weather.gov,"US Weather.Gov hacked, Data leaked by Kosova Hacker’s Security",2012-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Kosova Hacker’s Security,United Kingdom,Non-state-group,Hacktivist(s),1,475,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kosova Hacker’s Security,United Kingdom,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/us-weather-gov-hacked-data-leaked-by-kosova-hackers-security/,2022-08-15,2022-11-02
395,CapoO_TunisiAnoO hack vs. Israel,86 Israeli websites hacked by CapoO_TunisiAnoO,2012-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Unknown,,CapoO_TunisiAnoO,Tunisia,Individual hacker(s),,1,476,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,CapoO_TunisiAnoO,Tunisia,Individual hacker(s),,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/86-israeli-websites-hacked-by-capoo_tunisianoo/,2022-08-15,2022-11-02
396,BGHH defaces pages,54 Israeli Sites Defaced by Bangladesh Grey Hat Hackers,2012-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),1,477,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/54-Israeli-Sites-Defaced-by-Bangladesh-Grey-Hat-Hackers-303008.shtml,2022-08-15,2022-11-02
397,LolSec leak Nigerian National Assembly Data,"Nigerian National Assembly Hacked, Huge Database Leaked by @LolSec",2012-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Nigeria,AFRICA; SSA,State institutions / political system,Government / ministries,LolSec,Unknown,Non-state-group,Hacktivist(s),1,478,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LolSec,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/nigerian-national-assembly-hacked-huge-database-leaked-by-lolsec/; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2022-08-15,2024-02-19
398,Mike Mullen Hacked,US Ex-Military Head Mike Mullen Computers Hacked by Unknown hackers,2012-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,United States,NATO; NORTHAM,State institutions / political system,Military,,China,State,,1,479,2012-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,State,,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/us-ex-military-head-mike-mullen-computers-hacked-by-unknown-hackers/,2022-08-15,2022-11-02
399,US Media Outlets hacked by the Chinese,"The networks of the WashingtonPost, NewYork Times, Wall Street Journal and Bloomberg have been attacked by Chinese hackers",2012-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Media,,,China,State,,1,480,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,State,https://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?mtrref=undefined&gwh=7F43CD54F8B386F686DA4E46DE17163F&gwt=pay; https://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html,2022-08-15,2022-11-02
400,Op Israel 2012 Bangladeshi Part,Bangladeshi Hackers Deface 20 Israeli Websites in Support for the People of Palestine,2012-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Unknown,,Pakistan Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),1,481,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Grey Hat Hackers,Bangladesh,Non-state-group,,System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Bangladeshi-Hackers-Deface-20-Israeli-Websites-in-Support-for-the-People-of-Palestine-308272.shtml,2022-08-15,2022-11-02
401,Zcompany Hacking Crew hacks government pages in Israel,"Hackers Breach Israeli Vice PM's Twitter, Facebook, YouTube and Blogger Accounts",2012-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Zcompany Hacking Crew,Unknown,Non-state-group,Hacktivist(s),1,482,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Unknown,Non-state-group,,Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Hackers-Breach-Israeli-Vice-PM-s-Twitter-Facebook-YouTube-and-Blogger-Accounts-308464.shtml,2022-08-15,2022-11-02
402,Muslim Liberation Army vs. Israel,Israel’s Ministry of National Infrastructures Websites Hacked by Muslim Liberation Army,2012-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Muslim Liberation Army,Unknown,Non-state-group,Hacktivist(s),1,483,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Muslim Liberation Army,Unknown,Non-state-group,,Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/israels-ministry-of-national-infrastructures-webites-hacked-by-muslim-liberation-army/,2022-08-15,2022-11-02
403,Yourikan counter attack OP Israel,Pro-Israel Hacker Disrupts Palestinian Hamas Websites,2012-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Palestine,ASIA; MENA; MEA,Critical infrastructure,Telecommunications,Yourikan,Israel,Individual hacker(s),,1,484,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Yourikan,Israel,Individual hacker(s),,Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Pro-Israel-Hacker-Disrupts-Palestinian-Hamas-Websites-308821.shtml,2022-08-15,2022-11-02
404,Op Syria,Anonymous Leak Confidential Emails from Syrian Ministry of Foreign Affairs for #Op Syria,2012-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,485,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-leak-emails-from-syrian-government/,2022-08-15,2022-11-02
405,Anonymous Cyberwar vs. Israel,Anonymous declares 'cyberwar' on Israel,2012-11-12,2012-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,Government / ministries; Intelligence agencies; ; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,486,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.huffingtonpost.com/2012/11/17/anonymous-hacks-israel-all-your-base_n_2150881.html; https://edition.cnn.com/2012/11/19/tech/web/cyber-attack-israel-anonymous/index.html; https://www.hackread.com/anonymous-destroys-israel-by-hacking-websites-destroying-databases-leaking-emails-passwords-for-opisrael/,2022-08-15,2022-11-02
406,Accidental Syrian Internet Blackout,The NSA accidentally took down the syrian internet in an attempt to infiltrate the syrian telecommunication provider.,2012-11-29,2012-11-29,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Syria,ASIA; MENA; MEA,Critical infrastructure,Telecommunications,NSA/Equation Group,United States,State,,2,488; 487,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2014/aug/13/snowden-nsa-syria-internet-outage-civil-war#maincontent,2022-08-15,2022-11-02
407,Pakistan CyberArmy vs. Bangladesh,"Pakistan CyberArmy declares war on Chinese, Bangladeshi sites",2012-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,China; Bangladesh,ASIA; SCS; EASIA; NEA; SCO - ASIA; SASIA,State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,Bangladesh Cyber Army,Pakistan,Non-state-group,Hacktivist(s),1,489,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Pakistan,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2012/12/10/pakistan_cyber_army_hack_bangladesh_china/,2022-08-15,2022-11-02
408,MoroccanGhosts attack South Africa,100 South African Websites hacked by MoroccanGhosts,2012-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,South Africa,AFRICA; SSA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,Moroccan Ghosts,Morocco,Non-state-group,Hacktivist(s),1,490,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Ghosts,Morocco,Non-state-group,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/100-south-african-websites-hacked-by-moroccan-ghosts/,2022-08-15,2022-11-02
409,BGHH vs. Sri Lanka,22 Sri Lankan Ministry Websites Hacked by Bangladesh Gray Hat Hackers,2012-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Sri Lanka,ASIA; SASIA,State institutions / political system,Government / ministries,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),1,491,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/22-srilankan-ministry-websites-hacked-by-bangladesh-gray-hat-hackers/,2022-08-15,2022-11-02
410,BGHH vs. Pakistan,"Bangladeshi Hackers Fight Back, Hack Pakistani Government Sites",2012-12-01,2012-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system; State institutions / political system; Media,Judiciary; Military; Government / ministries; ,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),1,492,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Bangladeshi-Hackers-Fight-Back-Hack-Pakistani-Government-Sites-313309.shtml,2022-08-15,2022-11-02
411,H4ksniper vs. SouthAfrica,Three SA government websites hacked,2012-12-09,2012-12-09,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,South Africa,AFRICA; SSA,State institutions / political system,Government / ministries,H4ksniper,Morocco,Non-state-group,Hacktivist(s),1,493,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,H4ksniper,Morocco,Non-state-group,,Subnational predominance,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://mg.co.za/article/2012-12-09-three-government-websites-hacked,2022-08-15,2022-11-02
392,Anonymous revenge for Pirate Bay,"Hackers Protest Against Arrest of TPB Co-Founder, 5,000 Documents Leaked",2012-09-11,2012-09-11,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Cambodia,ASIA; SEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,473,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Hackers-Protest-Against-Arrest-of-TPB-Co-Founder-5-000-Documents-Leaked-291495.shtml,2022-08-15,2022-11-02
390,PennState University Hack,"Hackers from China infiltrated the computer systems of Pennsylvania State University‘s College of Engineering, gaining usernames and passwords in what investigators described as a sophisticated cyberattack that lasted more than two years.",2012-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by victim,Data theft,Penn State University,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,,China,Unknown - not attributed,,1,10760,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,Unknown - not attributed,https://bits.blogs.nytimes.com/2015/05/15/penn-states-college-of-engineering-hit-by-cyberattack/?mtrref=www.google.com,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://bits.blogs.nytimes.com/2015/05/15/penn-states-college-of-engineering-hit-by-cyberattack/?mtrref=www.google.com,2022-08-15,2023-06-18
544,LulzSec Peru vs. President of Peru,"Hackers of LulzSecPeru have breached and defaced the official website of Peru’s President, being unhappy about how Peru is governed.",2013-11-17,2013-11-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Peru,SOUTHAM,State institutions / political system,Government / ministries,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),1,648,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,,System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Peru-s-President-Hacked-and-Defaced-by-LulzSec-Peru-401074.shtml,2022-08-15,2022-11-02
389,RedHack leak Data of Turkish Ministry of Culture,Turkish Ministry of Culture & Tourism Website Taken Down by RedHack Hackers,2012-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,RedHack,Turkey,Non-state-group,Hacktivist(s),1,470,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/turkish-ministry-of-culture-tourism-website-taken-down-by-redhack-hackers/,2022-08-15,2023-03-13
370,Hitcher vs. Knesset,Israeli Government Site Hacked,2012-06-26,2012-06-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Hitcher,Pakistan,Individual hacker(s),,1,449,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hitcher,Pakistan,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Israeli-Government-Site-Hacked-in-Protest-Against-Mr-Badoo-s-Arrest-277842.shtml,2022-08-15,2022-11-02
371,Iran Hack Security Team Hacks Israeli Pages,45 Israeli Websites hacked by Iran Hack SecurityTeam,2012-06-27,2012-06-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Iran Hack Security Team,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),1,450,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Iran Hack Security Team,"Iran, Islamic Republic of",Non-state-group,,System / ideology,Subnational predominance,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/45-israeli-websites-hacked-by-iran-hack-security-team/,2022-08-15,2022-11-02
372,Anonymous vs. Tamil Cyber Crime Cell,Tamil Nadu’s Cyber Crime Cell website taken by Anonymous,2012-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,451,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/tamil-nadus-cyber-crime-cell-website-taken-by-anonymous/,2022-08-15,2023-10-20
373,Poltergeist h4cker hacks Iranian and Chinese Websites,66 Iranian and Chinese websites hacked by Poltergeist h4cker,2012-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,"Iran, Islamic Republic of; China",ASIA; MENA; MEA - ASIA; SCS; EASIA; NEA; SCO,Unknown - Unknown, - ,Poltergeisth4cker,Netherlands,Non-state-group,Hacktivist(s),1,452,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Poltergeisth4cker,Netherlands,Non-state-group,,System / ideology,Third-party intervention / third-party affection,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/66-iranian-and-chinese-websites-hacked-by-poltergeisth4cker-from-netherlands/,2022-08-15,2022-11-02
374,NullCrew vs. PBS and WHO,"PBS and World Health Organization Hacked, User Details Leaked",2012-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,International / supranational organization; Media,,Null Crew,Unknown,Non-state-group,Hacktivist(s),1,453,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Null Crew,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/PBS-and-World-Health-Organization-Allegedly-Hacked-User-Details-Leaked-281123.shtml,2022-08-15,2022-11-02
375,Sharp-Cyber-Group vs. Indian Websites,216 Indian Websites hacked by Hcrack2ofSharp-CyberGroup,2012-07-13,2012-07-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; Other,Political parties; ,Sharp-Cyber-Group,Pakistan,Non-state-group,Hacktivist(s),1,454,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Sharp-Cyber-Group,Pakistan,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/216-indian-websites-hacked-by-hcrack2-of-sharp-cyber-group/,2022-08-15,2022-11-02
376,OP Free Assange Part II,"Anonymous Attacks UK Home Office, DWP, Ministry of Justice in Op Free Assange",2012-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system,; Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,455,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,http://www.bbc.com/news/uk-wales-19381444; https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Anonymous-Attacks-UK-Home-Office-DWP-Ministry-of-Justice-in-OpFreeAssange-287189.shtml; http://www.bbc.com/news/uk-wales-19381444; https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange,2022-08-15,2022-11-02
377,Anonymous vs. Uganda,"Uganda Government Websites Hacked By Anonymous In Defense Of Gay Pride, LGBT Rights",2012-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Uganda,AFRICA; SSA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,456,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
378,SEA vs. Reuters Round I 2012,Disinformation flies in Syria's growing cyberwar: Reuters Twitter Account hacked allegedly by Assad-supporters.,2012-08-03,2012-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Media,,,Unknown,Unknown - not attributed,,1,457,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-syria-crisis-hacking/disinformation-flies-in-syrias-growing-cyber-war-idUSBRE8760GI20120807,2022-08-15,2022-11-02
379,Saudi Aramco/Shamoon,"Cyberattack on Saudi Firm Saudi Aramco, by the self-proclaimed Hacking Group ""Cutting Sword of Justice"". The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.",2012-08-15,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,None - None,Saudi Arabia; Qatar,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC,Critical infrastructure - Critical infrastructure,Energy - Energy,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,458; 459,2012-01-01 00:00:00; 2012-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten; APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=281521ea-2d18-4bf9-9e88-8b1dc41cfdb6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months; https://cyberscoop.com/iran-peach-sandstorm-apt33/; https://www.darkreading.com/dr-global/mideast-oil-gas-facilities-could-face-cyber-energy-disruptions; https://www.wired.com/2012/08/hack-attack-strikes-rasgas/; https://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html; https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=281521ea-2d18-4bf9-9e88-8b1dc41cfdb6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/; https://www.reuters.com/article/saudi-attack-idUSL5E8N91UE20121209; https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/; https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/; https://twitter.com/780thC/status/1618571785276100609; https://twitter.com/DarkReading/status/1620558295672012807,2022-08-15,2023-06-28
380,Anonymous defaces Page of Pritish Prime Minister,Hackers Deface website of former British cabinet minister,2012-08-25,2012-08-25,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Anonymous,United Kingdom,Non-state-group,Hacktivist(s),2,461; 460,NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,Anonymous; Anonymous,United Kingdom; United Kingdom,Non-state-group; Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2012/08/hackers-deface-website-of-former.html,2022-08-15,2022-11-02
381,HonkerUnion attacks Japan,Chinese cyberattacks hit Japan over islands dispute,2012-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,State institutions / political system; State institutions / political system,Government / ministries; Judiciary,Honker Union,China,Non-state-group,Hacktivist(s),1,462,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Honker Union,China,Non-state-group,,Territory,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theglobeandmail.com/news/world/chinese-cyber-attacks-hit-japan-over-islands-dispute/article4553048/,2022-08-15,2022-11-02
382,BedU33N vs. UN Department of Agriculture,US Department of Agriculture Sites Hacked by BedU33N against Anti-Islamic Movie,2012-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,BedU33N,Bangladesh,Non-state-group,Hacktivist(s),1,463,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,BedU33N,Bangladesh,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/us-department-of-agriculture-sites-hacked-by-bedu33n-against-anti-islamic-movie/,2022-08-15,2022-11-02
383,Phillipines CyberArmy vs. Government of Phillipines,Government of Philippines Hacked by Philippines CyberArmy,2012-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Philippines Cyber Army,Philippines,Non-state-group,Hacktivist(s),1,464,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Philippines Cyber Army,Philippines,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/government-of-philippines-hacked-by-philippines-cyber-army/,2022-08-15,2022-11-02
384,Domainer and Anonymous Leak Data of the South African Police Department,South African Police Database Hacked and Leaked by Domainer & Anonymous,2012-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,South Africa,AFRICA; SSA,State institutions / political system,Police,Anonymous; Domainer,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,465; 465,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; Domainer,Unknown; Unknown,Non-state-group; Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/south-african-police-database-hacked-and-leaked-by-domainer-anonymous/,2022-08-15,2023-11-21
385,Sizzling Soulhacks Mexican Regional Governments,Three Mexican Government Websites Hacked by SizzlingSoul Against Anti-Islamic Movie,2012-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Mexico,,State institutions / political system,Government / ministries,Sizzling Soul (Pakistan Cyber Army),Pakistan,Individual hacker(s),,1,466,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Sizzling Soul (Pakistan Cyber Army),Pakistan,Individual hacker(s),,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/three-mexican-government-websites-hacked-by-sizzling-soul-against-anti-islamic-movie/,2022-08-15,2022-11-02
386,Bangladesh Cyber Army attacks Israeli and Bangladeshi Sites,"25 Israeli and 118 British, Including Government Websites Hacked by Bangladesh Cyber Army",2012-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None,Israel; United Kingdom,ASIA; MENA; MEA - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; ;  - Government / ministries; ; ,Bangladesh Cyber Army,Bangladesh,Non-state-group,Hacktivist(s),1,467,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/25-israeli-and118-british-websites-hacked-by-bangladesh-cyber-army/,2022-08-15,2022-11-02
387,TurkHackTeam vs. UN and UNESCO,UNESCO Cuba and UN Philippine Hacked By SaMuRa! Of TurkHackTeam,2012-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None,Philippines; Cuba,ASIA; SCS; SEA - ,International / supranational organization - International / supranational organization, - ,Turk Hack Team,Turkey,Individual hacker(s),,1,468,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/unesco-cuba-and-un-philippine-hacked-by-samura-of-turk-hack-team/,2022-08-15,2022-11-02
388,Godzilla pentrated Database of Pakistan Army,IndianHacker Claims to Leak Database of Pakistan Army and KSE Websites,2012-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,India,ASIA; SASIA; SCO,State institutions / political system,Military,Godzilla,Pakistan,Individual hacker(s),,1,469,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Godzilla,Pakistan,Individual hacker(s),,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/indian-hacker-claims-to-leak-database-of-pakistan-army-and-kse-websites/,2022-08-15,2022-11-02
412,OP India,"#Op India: BSNL Server Hacked, Database Leaked by Anonymous India",2012-12-13,2012-12-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,Media,,Anonymous,India,Non-state-group,Hacktivist(s),1,494,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,India,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/op_india-bsnl-server-hacked-database-leaked-by-anonymous-india/,2022-08-15,2022-11-02
413,Brazil HackTeam vs. Interpol,Interpol Indonesia Hacked and Defaced by HighTech Brazil HackTeam,2012-12-25,2012-12-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Indonesia,ASIA; SCS; SEA,International / supranational organization,,Brazil Hack Team,Brazil,Non-state-group,Hacktivist(s),1,495,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Brazil Hack Team,Brazil,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/interpol-indonesia-hacked-and-defaced-by-hightech-brazil-hackteam/,2022-08-15,2023-11-23
414,Guatemala state surveillance,"The Guatemalan government purchased surveillance tools (Pegasus, Circles) in order to monitor political opponents, activists and journalists.",2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,Guatemala,CENTAM,Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Political opposition / dissidents / expats; ; ,General Directoral of Civil Intelligence (DIGICI),Guatemala,State,,2,497; 496,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by third-party; Media-based attribution,,,,General Directoral of Civil Intelligence (DIGICI); General Directoral of Civil Intelligence (DIGICI),Guatemala; Guatemala,State; State,https://translate.google.com/translate?sl=auto&tl=de&u=https%3A%2F%2Fnomada.gt%2Fpais%2Fla-corrupcion-no-es-normal%2Fespionaje-ilegal-del-gobierno-aqui-esta-la-investigacion-de-nuestro-diario-parte-i%2F,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/; https://translate.google.com/translate?sl=auto&tl=de&u=https%3A%2F%2Fnomada.gt%2Fpais%2Fla-corrupcion-no-es-normal%2Fespionaje-ilegal-del-gobierno-aqui-esta-la-investigacion-de-nuestro-diario-parte-i%2F,2022-08-15,2024-02-06
415,Moroccan government vs. Human rights organization,"The Moroccan human rights activist Hisham Almiraat accuses the moroccan government of compromising his organization ""Mamfakinch"" after it won the Google-Global Voices Breaking Border award for promoting dialogue and democratic values.",2012-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Morocco,AFRICA; NAF; MENA,Social groups,Advocacy / activists (e.g. human rights organizations),,Morocco,State,,2,499; 498,2016-01-01 00:00:00; 2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker; Attribution by third-party,,,,,Morocco; Morocco,State; State,https://www.amnesty.org/en/latest/research/2016/12/how-a-hacking-campaign-helped-shut-down-an-award-winning-news-site/,System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.amnesty.org/en/latest/research/2016/12/how-a-hacking-campaign-helped-shut-down-an-award-winning-news-site/,2022-08-15,2022-11-02
438,LulzSec Peru vs. Chilean Army,Hackergroup LulzSec Peru hacks the website of the Chilean army.,2013-01-15,2013-01-15,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Chile,SOUTHAM,State institutions / political system,Military,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),1,529,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Army-of-Chile-Website-Hacked-by-LulzSec-Peru-321097.shtml,2022-08-15,2022-11-02
439,DavyJones vs. Government of SriLanka,"Website of Sri Lankan Minister of Sports hacked,website data published.",2013-01-26,2013-01-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Sri Lanka,ASIA; SASIA,State institutions / political system,Government / ministries,Davy Jones,Unknown,Individual hacker(s),,1,530,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Davy Jones,Unknown,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/sri-lankas-minister-of-sports-website-hacked-data-leaked-by-davy-jones/,2022-08-15,2022-11-02
440,Japan MFA leak,Unidentified hackers steal non-confidential data from Japan's Ministry of Foreign Affairs.,2013-01-28,2013-01-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,Japan,ASIA; SCS; NEA,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,531,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/20-Documents-Stolen-by-Hackers-from-Japan-s-Ministry-of-Foreign-Affairs-327205.shtml,2022-08-15,2022-12-13
441,Anonymous vs. Egypt government Part II,Hacker collective Anonymous takes down several Egyptian government websites with DDoS attacks to protest police violence against protesters.,2013-02-03,2013-02-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Egypt,MENA; MEA; AFRICA; NAF,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,532,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.ehackingnews.com/2013/02/opegypt-egyptian-government-websites.html,2022-08-15,2022-11-02
442,Anonymous leaks Data of Fed,The hacker collective Anonymous obtains and publishes personal data of 4000 employees of the US central bank 'Federal Reserve Bank'.,2013-02-03,2013-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Federal Reserve Bank (United States),United States,NATO; NORTHAM,Critical infrastructure,Finance,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,6617,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.reuters.com/article/net-us-usa-fed-hackers/fed-says-internal-site-breached-by-hackers-no-critical-functions-affected-idUSBRE91501920130206,2022-08-15,2023-02-08
443,Anonymous vs. Mongolian National Police,Anonymous-affiliated hacker defaces website of the Mongolian National Police.,2013-02-16,2013-02-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Mongolia,ASIA; EASIA; NEA,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,534,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Website-of-Mongolian-National-Police-Hacked-by-Viru-Noir-330201.shtml,2022-08-15,2022-11-02
444,Malaysia Deparment of Information attacked by Hacker,Hackers gain access to the Malaysian Department of Information and post a notice on the PM's resignation.,2013-02-18,2013-02-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Malaysia,ASIA; SCS; SEA,State institutions / political system,Government / ministries,,Unknown,Non-state-group,Hacktivist(s),1,535,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Hackers-Publish-PM-Resignation-Notice-on-Malaysian-Government-Website-330327.shtml,2022-08-15,2022-11-02
445,Anonymous vs. US State Department,"Anonymous hacks and publishes data from the US State Department's website, defaces the website of George K. Baum & Company, in anti-US offensive.",2013-02-19,2013-02-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,United States,NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,536,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.rt.com/usa/anonymous-hacks-state-department-617/,2022-08-15,2022-11-02
446,Kuwaiti Hackers vs. Lebanese Parliaments,"Hacking team KuwaitiHackers defaces webpage of the Lebanese parliament, accusing the government of supporting Assad in the Syrian civilwar.",2013-02-23,2013-02-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Lebanon,ASIA; MENA; MEA,State institutions / political system,Legislative,Kuwaiti Hackers,Kuwait,Non-state-group,Ethnic actors,1,537,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kuwaiti Hackers,Kuwait,Non-state-group,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.dailystar.com.lb/News/Local-News/2013/Feb-23/207634-lebanese-parliament-website-hacked.ashx; https://www.hackread.com/lebanon-parliament-website-hacked-by-team-kuwaiti-hackers/,2022-08-15,2023-01-30
447,Chinese Attack on DRDO,"Indian Defence Research and Development Organization (DRDO,part of the Ministry of Defense) was hacked.Highly sensitive , strategic data was stolen and collected on a server in China.",2013-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system; Science,Government / ministries; Military; ,,China,Unknown - not attributed,,1,538,NaT,"Attribution given, type unclear",Media-based attribution,,,,,China,Unknown - not attributed,,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.newindianexpress.com/nation/2013/mar/14/chinese-hack-drdo-computers-antony-seeks-report-458371.html; https://www.hackread.com/indian-defence-organisation-drdo-servers-hacked-china-among-the-suspects/; https://timesofindia.indiatimes.com/india/DRDO-computers-hacked/articleshow/18955837.cms,2022-08-15,2022-11-02
448,phr0zen myst pakistani dataleak,"Hacker publishes databases and login data,after breaching the websites of the Bangladeshi Ministry of Agriculture and the Supreme Court, in protest against violence at demonstrations.",2013-03-06,2013-03-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Bangladesh,ASIA; SASIA,State institutions / political system; State institutions / political system,Government / ministries; Judiciary,phr0zenmyst,Unknown,Non-state-group,Hacktivist(s),1,539,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,phr0zenmyst,Unknown,Non-state-group,,System / ideology,System/ideology; Other,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/bangladeshi-supreme-court-ministry-of-agriculture-websites-breached-user-accounts-leaked-phr0zenmyst/,2022-08-15,2022-11-02
449,OP BlackSummer,"With support of Chinese hackers, hackers of the Tunisian CyberArmy and the Al-Qaeda ElectronicArmy steal data from the website of the Pentagon and other US-American government websites.",2013-03-10,2013-03-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Tunisian Cyber Army; Al-Qaeda Electronic Army,China; Tunisia; China; Tunisia,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,540; 540; 540; 540,NaT; NaT; NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,; ; ; ,; ; ; ,; ; ; ,Tunisian Cyber Army; Tunisian Cyber Army; Al-Qaeda Electronic Army; Al-Qaeda Electronic Army,China; Tunisia; China; Tunisia,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://blog.sensecy.com/tag/opblacksummer/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.ehackingnews.com/2013/03/al-qaeda-electronic-army-hack-us-government.html; http://www.ehackingnews.com/2013/03/hackers-infect-pentagon-admin-by.html; https://blog.sensecy.com/tag/opblacksummer/,2022-08-15,2023-03-13
450,Godzilla vs. Pakistani Government,"After gaining access to an important government server, an Indian hacker shuts down several Pakistani government websites. He later also publishes admin login data for several servers. He accuses Pakistan of supporting and executing terrorism.",2013-03-11,2013-03-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Godzilla,India,Non-state-group,Hacktivist(s),1,541,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Godzilla,India,Non-state-group,,System / ideology; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Indian-Hacker-Causes-Several-Pakistani-Government-Sites-to-Become-Inaccessible-336159.shtml,2022-08-15,2022-11-02
451,Anti-NK DDOS,"North Korea has been hit by a massive cyber attack according the declaration of a South Korean government official that also added the government of Seoul is investigating on the event denying every responsibility. Russia’s ITAR-TASS news agency, which has an office in Pyongyang, reported the events on Wednesday night, all web sites of the country went offline until late Thursday afternoon.",2013-03-13,2013-03-14,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,"Korea, Democratic People's Republic of",ASIA; NEA,Critical infrastructure; Media,Telecommunications; ,,"Korea, Republic of; United States",State,,1,542; 542,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,,"Korea, Republic of; United States",State; State,,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/13005/security/n-korea-hit-by-large-scale-cyber-attackrepercussions-in-cyberspace.html,2022-08-15,2023-03-11
452,Anonymous vs. Iranian Parliament,"Hacker affiliated with Anonymous takes down Iranian websites of parliament, Economic Research Institute and Aerospace Industries Organization.",2013-03-14,2013-03-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Legislative; ; ,Cyper (Anonymous),Unknown,Non-state-group,Hacktivist(s),1,543,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyper (Anonymous),Unknown,Non-state-group,,System / ideology,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/OpIran-Hacktivists-Launch-DDOS-Attacks-Against-Major-Iranian-Sites-337585.shtml,2022-08-15,2022-11-02
453,Going Greyhat,German hacker publishes login data of Turkish Ministry of Economy and Central Finance and Contracts Unit's websites to show their vulnerabilities.,2013-03-18,2013-03-18,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,D35m0nd142,Germany,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,1,544,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,D35m0nd142,Germany,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Turkey-s-Ministry-of-Economy-and-Central-Finance-and-Contracts-Unit-Hacked-338107.shtml,2022-08-15,2022-11-02
454,Operation Dark Seoul 2013 part I,"Two South Korean banks and television broadcasters experience disruption after ""logic bomb"" is (allegedly) placed by North Korea.",2013-03-20,2013-03-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,,2,16706; 16705,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,Not available; ,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","State; Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-sony-cybersecurity-northkorea/for-north-koreas-cyber-army-long-term-target-may-be-telecoms-utility-grids-idUSKBN0JX0JW20141219; https://www.wsj.com/articles/SB10001424127887324136204578639540757695644,System / ideology,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://twitter.com/securityaffairs/status/1661438436912295936; https://twitter.com/securityaffairs/status/1661671109014564864; https://home.treasury.gov/news/press-releases/jy1498; https://www.wired.com/2013/03/logic-bomb-south-korea-attack/; https://www.reuters.com/article/us-sony-cybersecurity-northkorea/for-north-koreas-cyber-army-long-term-target-may-be-telecoms-utility-grids-idUSKBN0JX0JW20141219; https://www.wsj.com/articles/SB10001424127887324136204578639540757695644; https://www.theguardian.com/world/2013/mar/20/south-korea-under-cyber-attack; https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/,2022-08-15,2024-02-01
455,Syrian Electronic Army vs. BBCs Twitter,Hackers from 'Syrian Electronic Army' post tweets on BBC account apparently backing Basharal-Assad,2013-03-21,2013-03-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Media,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,547; 548,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/media/2013/mar/21/bbc-weather-twitter-syrian-regime; https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html,2022-08-15,2022-11-02
456,Sector404 vs. Mossad,"The hacktivist group ""Sector404"" has launched a distributed denial-of-service (DDOS) attack against mossad.gov.il, the official website of the Israeli Secret Intelligence Service.",2013-03-23,2013-03-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Intelligence agencies,Sector 404,Unknown,Non-state-group,Hacktivist(s),1,549,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Sector 404,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Hackers-Take-Down-Official-Mossad-Website-Details-of-30-000-Israeli-Officials-Leaked-339742.shtml,2022-08-15,2022-11-02
437,RedHack vs. Turkish Council of Higher Education,Turkish hackergroup RedHack gains access to a database of Turkey's Council of Higher Education. They publish data which they claim proves corruption incidents at several Turkish universities.,2013-01-10,2013-01-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Turkey,ASIA; NATO; MEA,Science,,RedHack,Turkey,Non-state-group,Hacktivist(s),1,528,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Turkey-s-Council-of-Higher-Education-Hacked-by-RedHack-60-000-Documents-Leaked-319958.shtml,2022-08-15,2023-06-18
436,Bangladesh Cyber Army vs. India,"The Bangladesh Cyber Army claims to have defaced over 1,000 Indian websites, including India's biggest telecommunications providers BSNL, as a form of protest against the country’s Border Security Force (BSF).",2013-01-07,2013-01-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Bangladesh Cyber Army,Bangladesh,Non-state-group,Ethnic actors,1,527,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,,Subnational predominance; Territory,Subnational predominance,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Bangladesh-Cyber-Army-Attacks-Indian-Sites-in-Memory-of-15-Year-Old-Girl-Video-319234.shtml,2022-08-15,2022-11-02
435,Iron Tiger Attack(related to OPMhack),Chinese HackerGroup IronTiger leakes sensitive data from several defence contractors,2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,526,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://threatpost.com/APT -group-gets-selective-about-data-it-steals/114103/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,Yes,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/#28d21d12694f%C2%A0; https://threatpost.com/APT -group-gets-selective-about-data-it-steals/114103/,2022-08-15,2023-03-02
424,APT  41,"FireEye Intelligence released a comprehensive report detailing APT 41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,1,509,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://content.fireeye.com/APT -41/website-APT 41-blog,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://content.fireeye.com/APT-41/website-APT41-blog; https://content.fireeye.com/APT -41/website-APT 41-blog,2022-08-15,2022-11-02
416,North Korea espionage campaign,"North Korean state-sponsored hacking group APT37 conducted a perennial espionage campaign on South Korea, Japan, Vietnam and the Middle East.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,"Korea, Republic of; Japan; Vietnam; Middle East (region)",ASIA; SCS; NEA - ASIA; SCS; NEA - ASIA; SCS; SEA - ,State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Social groups; Media,Government / ministries; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats;  - Government / ministries; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats;  - Government / ministries; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats;  - Government / ministries; Military; Transportation; Health; Telecommunications; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,500,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf,System / ideology; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf,2022-08-15,2023-03-06
417,ShiqiangGroup vs. Taiwan,"Targeted Attack On Taiwanese Government & Tibetan Activists Open, allegedly by the Chinese Shiqianggang.",2013-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Taiwan; China,ASIA; SCS - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries; ,Shiqiang Group,China,Unknown - not attributed,,1,501,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Shiqiang Group,China,Unknown - not attributed,https://www.nytimes.com/2014/05/23/world/asia/us-case-offers-glimpse-into-chinas-hacker-army.html; https://www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2014/05/23/world/asia/us-case-offers-glimpse-into-chinas-hacker-army.html; https://www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html,2022-08-15,2023-03-28
418,Operation WiltedTulip,Espionage Campaign by the allegedly Iranian APT Copykittens,2013-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,Israel; United States; Turkey; Saudi Arabia; Germany; Jordan,ASIA; MENA; MEA - NATO; NORTHAM - ASIA; NATO; MEA - ASIA; MENA; MEA; GULFC - EUROPE; NATO; EU(MS); WESTEU - ASIA; MENA; MEA,State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Military; Defence industry; ;  - Government / ministries; Military; Defence industry; ;  - Government / ministries; Military; Defence industry; ;  - Government / ministries; Military; Defence industry; ;  - Government / ministries; Military; Defence industry; ;  - Government / ministries; Military; Defence industry; ; ,CopyKittens/Slayer Kitten/G0052,"Iran, Islamic Republic of",Unknown - not attributed,,1,502,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,CopyKittens/Slayer Kitten/G0052,"Iran, Islamic Republic of",Unknown - not attributed,https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/copykittens-iran-linked-cyber-espionage-group-lacks-sophistication-still-successful-1632024; https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf,2022-08-15,2023-07-31
419,ThripGroup,"A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None,Southeast Asia (region); United States, - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications,Thrip,China,Unknown - not attributed,,1,503,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Thrip,China,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-china-usa-cyber/china-based-campaign-breached-satellite-defense-companies-symantec-idUSKBN1JF2X0; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets,2022-08-15,2024-04-23
420,Operation Iron Tiger Part2/Emissary Panda,"In 2013, Iron Tiger’s targets individuals in US defense-and technology-related fields like a erospace, energy, etc. It’s important to note that research has not shown an explicit, state-sponsored connection but the case shows that attackers don’t need to be connected to a state to engage in politically motivated activities.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Telecommunications; Defence industry; ,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,504,2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177; https://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.erai.com/CustomUploads/ca/wp/2015_12_wp_operation_iron_tiger.pdf; https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177; https://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states; https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html,2022-08-15,2023-05-16
421,Ajax Security Team aka Rocket Kitten 2013-2014,With the aim of cyber-espionage the at least state-encouraged Iranian hacking group  Ajax Security Team have attacked companies in the U.S. and domestic users of anti-censorship technology.,2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,"United States; Iran, Islamic Republic of",NATO; NORTHAM - ASIA; MENA; MEA,Critical infrastructure; End user(s) / specially protected groups - Critical infrastructure; End user(s) / specially protected groups,Defence industry;  - Defence industry; ,Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130; Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,505,2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf,System / ideology; National power; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf; https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf,2022-08-15,2022-11-02
422,Operation SnowMan-->DeputyDog aka APT 17,"Hackers from APT 17, an alleged Chinese state-proxy, according to Proofpoint and Intrusion Truth years later, are using a zero day vulnerability in Microsoft's Internet Explorer webbrowser and targeting US military personnels in an active attack campaign via the US Veterans of Foreign Wars website.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,United States,NATO; NORTHAM,State institutions / political system; End user(s) / specially protected groups,Military; ,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,507; 506,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://intrusiontruth.wordpress.com/2019/07/24/APT 17-is-run-by-the-jinan-bureau-of-the-chinese-ministry-of-state-security/; https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-APT -actors-use-fake-game-thrones-leaks-lures,System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html; https://intrusiontruth.wordpress.com/2019/07/24/APT 17-is-run-by-the-jinan-bureau-of-the-chinese-ministry-of-state-security/; https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-APT -actors-use-fake-game-thrones-leaks-lures,2022-08-15,2022-11-02
423,Operation“Kimsuky”,"The Kimsuky cyberespionage campaign appears to be originated in NorthKorea and hit numerous organizations, eleven of which located in the South Korea and two in China. The attackers infected victims with a malware able to remote controls the PC, loggingkey strokes, stealing HWP documents.",2013-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,"Korea, Republic of; China",ASIA; SCS; NEA - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Government / ministries; ;  - Government / ministries; Government / ministries; ; ,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of",Unknown - not attributed,,1,508,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of",Unknown - not attributed,https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/,2022-08-15,2022-11-02
425,Attor Spyplatform,"Unknown actors developed an spyplatform that managed to misuse various sites in the Russian language space, to force an targeted espionage campaign",2013-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Russia; Ukraine; Slovakia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU - EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Telecommunications;  - Government / ministries; Telecommunications;  - Government / ministries; Telecommunications; ,,Unknown,Unknown - not attributed,,1,510,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2019/10/10/eset-discovers-attor-spy-platform/,2022-08-15,2022-11-02
434,DOE breach,"US Energy Department was breached, no sensitive data stolen.",2013-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,China,State,,1,525,2013-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,,China,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.businessinsider.com/doe-attack-by-chinese-hackers-2013-2?IR=T,2022-08-15,2022-11-02
426,Finnish MFA Hacked by Turla,Finnish Foreign Ministry hacked by Turla,2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,Finland,EUROPE; EU(MS); NORTHEU,State institutions / political system,Government / ministries,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,2,512; 511,2016-01-01 00:00:00; 2016-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.scmagazine.com/finlands-foreign-ministry-hacked-by-russian-or-chinese-spies/article/528907/; https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548,2022-08-15,2022-11-02
427,Anonymous vs. Azerbaijani Government,Anonymous leaked internal data of the Special State Protection Service of Azerbaijan,2013-01-01,2013-01-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Azerbaijan,ASIA; CENTAS,State institutions / political system; State institutions / political system,Police; Intelligence agencies,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,513,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.databreaches.net/1-7gb-documents-leaked-from-special-state-protection-service-of-azerbaijan/,2022-08-15,2022-11-02
428,Operation Toohash,"Targeted attack campaign against various governments and companies in the Great Chinese Area, reported by German IT Company G data.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,Unknown - not attributed,,1,514,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf,2022-08-15,2022-11-02
429,Guccifer Affair Leak,The Romanian Hacker Guccifer leaked Emails between Colin Powell and MEP Corina Cretu,2013-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing, Diplomat Corina Cretu - Goverment officials,Romania; United States,EUROPE; BALKANS; NATO; EU(MS) - NATO; NORTHAM,State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups,Legislative;  - Legislative; ,Guccifer,Romania,Individual hacker(s),,2,14721; 14720,2014-01-01 00:00:00; 2013-12-01 00:00:00,"Domestic legal action; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attribution by receiver government / state entity; Attacker confirms,Romanian Directorate for Investigating Organized Crime and Terrorism; ,Not available; Not available,Romania; Romania,Guccifer; Guccifer,Romania; Romania,Individual hacker(s); Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nbcnews.com/news/world/guccifer-hacker-who-leaked-bush-paintings-sentenced-jail-n124556; https://www.ilpost.it/2024/02/21/julian-assange-storia-wikileaks/,2022-08-15,2024-02-22
430,Cobalt Dickens (Mabna Institute),"US Department of Justice accuses Iranian hackers going by the handle ""Cobalt Dickens""(Secure works) of stealing data from universities in the US, Germany and 20 other countries.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,None - None - None - None - None - None - None - None - None - None,Germany; Denmark; United Kingdom; Israel; United States; Canada; Australia; China; Italy; Japan,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - ASIA; MENA; MEA - NATO; NORTHAM - NATO; NORTHAM - OC - ASIA; SCS; EASIA; NEA; SCO - EUROPE; NATO; EU(MS) - ASIA; SCS; NEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,; ;  - ; ;  - ; ;  - ; ;  - ; ;  - ; ;  - ; ;  - ; ;  - ; ;  - ; ; ,COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,13890; 13890; 13889; 13889,2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00,"Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,Not available; Not available; ; ,United States; United States; ; ,COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute); Islamic Revolutionary Guard Corps (IRGC); COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities; https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary,International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/US-Justizministerium-beschuldigt-Iraner-massiver-Hackerangriffe-4003100.html; https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities; https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary,2022-08-15,2023-10-26
431,OPM Hack,"US Office of Personal Management is hacked twice by Chinese hackers. Personal information of about 21 million US government employees and former applicants is compromised, including fingerprints. The APT  Group DeepPanda has been blamed for it, Fire Eye however, claimed that DeepPanda was not responsible for the OPM Hack, but another Chinese group, later be named as Turbine Panda. Hackers involved have been arrested by the FBI in 2017.",2013-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,"APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,3,520; 520; 521; 521; 519; 519,2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00,"Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Not available; Not available",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Contested attribution; Contested attribution,; ; ; ; ; ,; ; ; ; ; ,; ; ; ; ; ,"APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD; APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD; APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD",China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/; https://freebeacon.com/national-security/fbi-alert-reveals-groups-behind-opm-hack/; https://www.vox.com/2015/6/19/11563730/fireeye-identifies-chinese-group-behind-federal-hack; https://australiancybersecuritymagazine.com.au/new-intelligence-report-from-crowdstrike-turbine-panda/; https://securityaffairs.co/wordpress/92649/APT /turbine-panda-aerospace-espionage.html; https://edition.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/; https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html; https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html; https://www.c4isrnet.com/opinion/2023/08/08/why-the-china-cyber-threat-demands-an-airtight-public-private-response/; https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/; https://abcnews.go.com/US/exclusive-25-million-affected-opm-hack-sources/story?id=32332731#:~:text=The%20attack%20on%20OPM%20began%20in%20late%202013%2C,to%20two%20days%20of%20testimony%20on%20Capitol%20Hill.; https://freebeacon.com/national-security/fbi-alert-reveals-groups-behind-opm-hack/; https://www.vox.com/2015/6/19/11563730/fireeye-identifies-chinese-group-behind-federal-hack; https://australiancybersecuritymagazine.com.au/new-intelligence-report-from-crowdstrike-turbine-panda/; https://securityaffairs.co/wordpress/92649/APT /turbine-panda-aerospace-espionage.html; https://edition.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html; https://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances; https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/; https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/",2022-08-15,2023-01-26
432,APT32/Ocean Lotus Group,"Espionage-Hacks against Vietnamese Dissidents and Journalists, as well as foreign governments.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None,Vietnam; Southeast Asia (region); China,ASIA; SCS; SEA -  - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media,Government / ministries; Political opposition / dissidents / expats;  - Government / ministries; Political opposition / dissidents / expats;  - Government / ministries; Political opposition / dissidents / expats; ,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",,2,522; 523,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH; APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html; https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html; https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal,2022-08-15,2022-11-02
433,National Inventory of Dams Hack,"U.S. intelligence agencies traced a recent cyber intrusion into a sensitive infrastructure database on vulnerabilities of US Dams to the Chinese government or military cyberwarriors, according to U.S.officials.",2013-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Military,,China,"Non-state actor, state-affiliation suggested",,1,524,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtontimes.com/news/2013/may/1/sensitive-army-database-us-dams-compromised-chines/; https://securityaffairs.co/wordpress/14089/security/us-army-corps-engineers-national-inventory-of-dams-nid-hacked.html,2022-08-15,2022-11-02
543,Op Killing Bay,"Anonymous continues  Op KillingBay, the campaign launched by hacktivists in protest against the Japanese government, particularly against the killing of dolphins in the town of Taiji. They disrupted service of government websites with DDoS attacks and published information on the alleged government program""DevoX"", in which dolphin meat is exported as tuna.",2013-11-15,2013-11-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Japan,ASIA; SCS; NEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,647,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/OpKillingBay-Hackers-Expose-Details-of-Japanese-Tuna-Exports-Program-400499.shtml,2022-08-15,2023-06-16
545,Op GreenRights,"Anonymous hackers have launched distributed denial-of-service (DDOS) attacks against a number of Russian website in protest against the arrests of 30 Greenpeace activists, known as the Arctic 30. The attacks are part of Op GreenRights.",2013-11-18,2013-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Civil service / administration; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,649,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Attacks-Russian-Websites-for-the-Arrests-of-Greenpeace-Activists-Video-401262.shtml,2022-08-15,2022-11-02
368,Project Hell Fire Leak,Massive Leak: Project Hell Fire Hackers Dump 1 Million Accounts from 100 Sites,2012-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Team Ghostshell,Unknown,Non-state-group,Hacktivist(s),1,447,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Ghostshell,Unknown,Non-state-group,https://www.imperva.com/blog/analyzing-the-team-ghostshell-attacks/,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.csoonline.com/article/2223032/microsoft-subnet/massive-leak--project-hellfire-hackers-dump-1-million-accounts-from-100-sites.html; https://www.imperva.com/blog/analyzing-the-team-ghostshell-attacks/,2022-08-15,2022-11-02
658,US/GB/CAN-Media-HackSEA,"Syrian Electronic Army hacks several websites, Forbes, Ferrari, Independent, Daily Telegraph and many other websites hijacked",2014-11-27,2014-11-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None - None - None,United States; France; United Kingdom; Canada,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,;  - ;  - ;  - ; ,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,783,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.techworm.net/2014/11/syrian-electronic-army-hacks-several-websites-forbes-ferrari-independent-daily-telegraph-many-websites-hijacked.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
660,Kimsuky vs. SK nuclear authority,"Hackers stole blueprints, employee data, and threatened ""destruction"" if demands not met. South Korea claims North hacked nuclear data",2014-12-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Energy,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of",Unknown - not attributed,,1,785,NaT,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of",Unknown - not attributed,https://en.yna.co.kr/view/AEN20150326007300320?section=search; https://en.yna.co.kr/view/AEN20150317005552315?section=search,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2015/03/south-korea-claims-north-hacked-nuclear-data/; https://en.yna.co.kr/view/AEN20150326007300320?section=search; https://en.yna.co.kr/view/AEN20150317005552315?section=search; https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html; https://securityaffairs.com/149698/apt/kimsuky-war-simulation-centre.html; https://www.jpost.com/international/article-755426; https://www.bleepingcomputer.com/news/security/us-govt-sanctions-north-koreas-kimsuky-hacking-group/,2022-08-15,2023-08-21
661,Takedown of Oakland Website,Several websites for the city of Oakland were knocked out in a likely cyberattack.,2014-12-10,2014-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,786,NaT,"Attribution given, type unclear",Media-based attribution,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.latimes.com/local/crime/la-me-bay-area-protests-20141211-story.html,2022-08-15,2023-03-09
662,Fancy Bear vs. Westinghouse,Fancy Bear accessed the internal networks of the company Westinghouse- a nuclear energy company- and stole sensitive data,2014-12-10,2015-11-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,Critical infrastructure,Energy,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,1,787; 787,2018-01-01 00:00:00; 2018-01-01 00:00:00,Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.justice.gov/opa/page/file/1098481/download,2022-08-15,2022-11-02
663,"Perennial espionage-campaign by Chinese Winnti/WickedPanda vs. Various German Companies in the Chemical, Pharma and Technology Sector.","Allegedly the Chinese statesponsored Group WickedPanda aka WinNTI stole technical trade secrets of the German steelmaker ThyssenKrupp in early 2016 and from other German industry targets during the period 2016-2019, according to the German Federal Office for the Protection of the Constitution (BfV).",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft; Hijacking with Misuse,ThyssenKrupp - None,Germany; Japan,EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; NEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Health; ; Chemicals - Health; ; Chemicals,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,2,14750; 14749,2019-01-01 00:00:00; 2019-04-01 00:00:00,"Statement in media report and political statement/technical report; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,Bundesamt für Verfassungsschutz; DCSO,Not available; DCSO,Germany; Germany,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://401trg.com/burning-umbrella/; https://www.dw.com/en/bayer-points-finger-at-wicked-panda-in-cyberattack/a-48196004; https://www.verfassungsschutz.de/embed/vsbericht-2019.pdf; https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte/vsbericht-2019,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://401trg.com/burning-umbrella/; https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341; https://www.dw.com/en/bayer-points-finger-at-wicked-panda-in-cyberattack/a-48196004; https://www.verfassungsschutz.de/embed/vsbericht-2019.pdf; https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte/vsbericht-2019,2022-08-15,2023-12-04
664,RedFoxtrot aka PLA Unit 69010 vs. Central Asian Countries,"Recorded Future reported a wide espionage-campaign by the Chinese APT  RedFoxtrot, aligned with PLA Unit 69010, against central asian government, defense and telecommunication entities.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,India; Pakistan; Afghanistan; Kazakhstan,ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; SASIA - ASIA; CSTO; SCO,State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure,Government / ministries; Telecommunications; Defence industry - Government / ministries; Telecommunications; Defence industry - Government / ministries; Telecommunications; Defence industry - Government / ministries; Telecommunications; Defence industry,Red Foxtrot; PLA Unit 69010,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,790; 790,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Red Foxtrot; PLA Unit 69010,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/,2022-08-15,2022-11-02
665,Chinese Ministry of State Security campaign 2014,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2014-12-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,,1,791; 791,2020-01-01 00:00:00; 2020-01-01 00:00:00,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,2022-08-15,2022-11-02
666,Operation Manul,"A probably state-sponsored espionage campaign by the Kazakh government against critical journalists, disclosed by the Electronic Frontier Foundation (EFF) in a report in August 2016. After the EFF originally attributed the campaign to the Indian hacking-for-hire company Appin, a follow-up joint report by threat intelligence company Lookout and the EFF from 2018 indicated the responsibility of an actor that uses the same infrastructure like the threat actor dubbed Dark Caracal, believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Kazakhstan,ASIA; CSTO; SCO,Social groups; End user(s) / specially protected groups; Media,Political opposition / dissidents / expats; ; ,Appin Security Group,Kazakhstan,"Non-state actor, state-affiliation suggested",,2,14347; 14346,2018-01-01 00:00:00; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); ",Attribution by third-party; ,,Not available; Not available,,Appin Security Group; ,Kazakhstan; ,"Non-state actor, state-affiliation suggested; ",https://www.eff.org/files/2018/01/29/operation-manul.pdf,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.eff.org/files/2018/01/29/operation-manul.pdf,2022-08-15,2023-11-20
667,Grey Energy,"New malware discovered by ESET, possibly linked to Blackenergy and Russian-state-sponsored attributed Telebots. Espionage as preparatory step for potential subsequent sabotage discovered.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Ukraine; Poland,EUROPE; EASTEU - EUROPE; NATO; EU(MS); EASTEU,Critical infrastructure - Critical infrastructure,Energy - Energy,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,2,794; 793,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Media-based attribution,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Unknown; Russia,"Unknown - not attributed; Non-state actor, state-affiliation suggested",https://www.zdnet.com/article/greyenergy-new-malware-campaign-targets-critical-infrastructure-companies/; https://www.zdnet.com/article/russian-military-behind-notpetya-attacks-uk-officially-names-and-shames-kremlin/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/; https://www.zdnet.com/article/greyenergy-new-malware-campaign-targets-critical-infrastructure-companies/; https://www.zdnet.com/article/russian-military-behind-notpetya-attacks-uk-officially-names-and-shames-kremlin/; https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/; https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html; https://twitter.com/DarkReading/status/1620558295672012807,2022-08-15,2023-01-30
668,"Quasar, Sobaken and Vermin","Cybercriminals spied on Ukrainian government actors by using three different malwares, according to ESET.",2015-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,,Unknown,Non-state-group,Criminal(s),1,795,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Non-state-group,https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf,2022-08-15,2022-11-02
669,"""The Big Hack""","According to Bloomberg, a Chinese PLA unit managed to infiltrate the Chip production of the company SuperMicro, opening up entrance paths into the systems of important American companies, including Amazon and Google",2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Telecommunications; ,PLA,China,State,,1,796,2018-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,PLA,China,State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
670,Arid Viper aka Desert Falcons,"Arid Vipers hackers infected various computers via a infected video, Arid Viper aka Desert Falcons in 2018 attributed to Hamas.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,"Korea, Republic of; Israel; Kuwait",ASIA; SCS; NEA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Science; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Science; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Science; State institutions / political system; Critical infrastructure,Government / ministries; Transportation; ; Military; Telecommunications - Government / ministries; Transportation; ; Military; Telecommunications - Government / ministries; Transportation; ; Military; Telecommunications,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Palestine,Non-state-group,Criminal(s),1,17163,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Palestine,Non-state-group,https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View; https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=124258120; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,2022-08-15,2024-02-15
671,Inception aka RedOctober 2015,"The APT Inception, allegedly the same actor as the RedOctober Group continued its attacks on various actors with a refined attack vector, after being exposed by an IT company in 2014.",2015-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,"Russia; Moldova, Republic of; Global (region)",EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU - ,State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Energy; Defence industry;  - ; Energy; Defence industry;  - ; Energy; Defence industry; ,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,1,798; 798,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-12-21
672,Uzbekistan attack on dissidents,"Actors tied to the uzbek secret service used various zero-days to spy on different dissident groups in Uzbekistan, reportedly with the help of israeli based IT-company Candiru and its spyware.",2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Uzbekistan,ASIA; CENTAS; CSTO; SCO,Social groups; Media,Advocacy / activists (e.g. human rights organizations); ,Sand Cat; Unit 02616 SSS,Uzbekistan; Uzbekistan,State; State,,1,799; 799,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Sand Cat; Unit 02616 SSS,Uzbekistan; Uzbekistan,State; State,https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/; https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/?sh=64766ae75a39,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-uzbekistan-cyber/uzbek-spies-attacked-dissidents-with-off-the-shelf-hacking-tools-idUSKBN1WI0YL; https://www.kaspersky.com/about/press-releases/2019_kaspersky-lab-uncovers-windows-zero-day-exploited; https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec; https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/; https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/?sh=64766ae75a39,2022-08-15,2022-11-02
673,Russia vs. Lithuanian Government,Russia targets Lithuanian government computers,2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,Not available,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,Not available,Russia,State,,1,8539,2016-12-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Rimtautas Cerniauskas (Head of National Cyber Security Centre of Lithuania 2015-2017),Not available,Lithuania,Not available,Russia,State,https://www.reuters.com/article/us-lithuania-cyber-idUSKBN14B1PC,International power,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,State actors,,,https://www.reuters.com/article/us-lithuania-cyber-idUSKBN14B1PC,2022-08-15,2023-03-11
674,Anthem Hack,"The 2015 breach at Anthem compromised some of the most intimate data belonging to nearly 80 million Americans, and U.S. security companies quickly linked the breach to hacking groups based in China. An US-Indictment from 2019 did not invoke state-involvement, but security researchers say, espionage seems the more proper motivation for the attack than cyber-crime. The infrastructure naming convention in use also indicates a potential link to the OPM Hack. Crowdstrike & Symantec link the attack to Deep Panda aka Black Vine.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,801; 801; 802; 802,2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00,"Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,; ; ; ,; ; ; ,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA; APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://foreignpolicy.com/2019/05/10/the-enduring-mystery-of-who-hacked-anthem-hackers-spies-china/; https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/; https://www.computerworld.com/article/2954715/symantec-wellheeled-hacking-group-black-vine-behind-anthem-breach.html; https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china/; https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://foreignpolicy.com/2019/05/10/the-enduring-mystery-of-who-hacked-anthem-hackers-spies-china/; https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/; https://www.computerworld.com/article/2954715/symantec-wellheeled-hacking-group-black-vine-behind-anthem-breach.html; https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china/; https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including; https://eu.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/; https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html; https://www.it-business.de/armis-vorhersage-die-kriminelle-landschaft-veraendert-sich-a-fcb4fadd4fd2d60441e313ebf6c659ac/,2022-08-15,2024-01-17
675,Operation Transparent Tribe/Operation C-Major,"Proofpoint discovered an espionage-campaign against Indian military personnel, including spear-phishing and watering hole attacks. Trend micro reported about the same actor in the Operation C-Major report. APT36 aka Transparent Tribe is associated with the Pakistani military. ",2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Military,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,State,,1,5208,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,State,https://malpedia.caad.fkie.fraunhofer.de/actor/operation_c-major,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://news.softpedia.com/news/indian-officials-under-a-barrage-of-ongoing-cyber-attacks-501440.shtml; http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf; https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf; https://malpedia.caad.fkie.fraunhofer.de/actor/operation_c-major,2022-08-15,2023-07-12
676,Conflict around South Chinese Sea,"Nanhaishu hackers target Philippine Justice Department, APE Cand intl. Lawfirm, all involved in South China Sea dispute",2015-01-01,2015-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Philippines,ASIA; SCS; SEA,State institutions / political system; International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ; ,Nanhaishu/APT 40/Leviathan; MSS,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,804; 804,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Nanhaishu/APT 40/Leviathan; MSS,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf,2022-08-15,2022-11-02
677,Rocket-Kitten vs. Israel,Irans Revolutionary Guards managed to hack the private computers of israeli seniorsecurity official in 2015.,2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,Israel,ASIA; MENA; MEA,State institutions / political system,Military,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,805,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jpost.com/Middle-East/Report-Iran-hacked-former-IDF-chiefs-computer-444401,2022-08-15,2022-11-02
678,Spying in the Moonlight,Moonlight APT Uses H-Worm Backdoor to Spy on Middle Eastern Targets,2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,"Iran, Islamic Republic of; Egypt; Jordan; Libya; Israel; Palestine",ASIA; MENA; MEA - MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA - AFRICA; MENA; MEA; NAF - ASIA; MENA; MEA - ASIA; MENA; MEA,End user(s) / specially protected groups; Media; Other - End user(s) / specially protected groups; Media; Other - End user(s) / specially protected groups; Media; Other - End user(s) / specially protected groups; Media; Other - End user(s) / specially protected groups; Media; Other - End user(s) / specially protected groups; Media; Other,; ;  - ; ;  - ; ;  - ; ;  - ; ;  - ; ; ,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,Terrorist(s),1,17166,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://news.softpedia.com/news/moonlight-apt-uses-h-worm-backdoor-to-spy-on-middle-eastern-targets-509667.shtml; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,2022-08-15,2024-02-15
659,UMPDDPS,"Internet hackers have disrupted the ballot to elect a new leader of France's main opposition party, the UMP.",2014-11-28,2014-11-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system,Intelligence agencies; Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,784,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.connexionfrance.com/Archive/Hackers-slow-down-UMP-leader-ballot,2022-08-15,2022-11-02
657,Anonymous KKK Data leak,Anonymous posts KKK leader’s personal data online,2014-11-26,2014-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,End user(s) / specially protected groups,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,782,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.rt.com/usa/209875-anonymous-kkk-leader-dox/,2022-08-15,2022-11-02
546,LulzSecPeru vs. Peruvian Police Force,"Peruvian hackergroup LuzSec hacks and defaces Peruvion policeforces 'webseite, accusing law enforcement authorities of being corrupt and inefficient and condemning police officials for taking money without “the slightest sense of shame.”",2013-11-19,2013-11-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Peru,SOUTHAM,State institutions / political system,Police,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),1,650,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,,System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Peru-s-National-Police-Hacked-by-LulzSec-Peru-401451.shtml,2022-08-15,2022-11-02
656,Anonymous DDOS vs. Toronto,"Hacker claiming ties to Anonymous targets Toronto, Ottawa Police with DDoS attack",2014-11-21,2014-11-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Canada,NATO; NORTHAM,State institutions / political system,Military,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,781,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://globalnews.ca/news/1689115/hacker-claiming-ties-to-anonymous-targets-toronto-ottawa-police-with-ddos-attack/,2022-08-15,2022-11-02
637,Saudi Embassy Hack,"An Saudi Embassy was hacked and threatened with an terrorist attack if they wouldn't pay 35 Million to the attacker. The attacker claimed to be associated with ISIS, but it was later on revelead that he was an insider.",2014-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system,,,Saudi Arabia,Individual hacker(s),,4,756; 757; 755; 758,NaT; NaT; NaT; NaT,"Attribution given, type unclear; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; IT-security community attributes attacker; Attacker confirms; Contested attribution,; ; ; ,; ; ; ,; ; ; ,; ; ; ,Saudi Arabia; Saudi Arabia; Saudi Arabia; Saudi Arabia,Individual hacker(s); Individual hacker(s); Individual hacker(s); Individual hacker(s),https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html,2022-08-15,2022-11-02
638,Anonymous vs. Mossad,Anonymous hackers take down Mossad website against Gaza attacks,2014-08-02,2014-08-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,759,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Secession,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hackers-mossad-website/,2022-08-15,2023-11-14
639,Hack of Russian Prime Ministers Twitter,"Someone hacked the Twitter account of Russia's Prime Minister Dmitry Medvedev, posting a series of fake messages including are signation announcement.",2014-07-14,2014-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Shaltai Boltai,Russia,Non-state-group,Hacktivist(s),1,760,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Shaltai Boltai,Russia,Non-state-group,https://www.washingtonpost.com/news/worldviews/wp/2017/03/16/the-fbi-just-indicted-a-russian-official-for-hacking-but-why-did-russia-charge-him-with-treason/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://mashable.com/2014/08/14/russias-prime-minister-twitter-account-gets-hacked/#14s8LOmTpgqH; https://www.washingtonpost.com/news/worldviews/wp/2017/03/16/the-fbi-just-indicted-a-russian-official-for-hacking-but-why-did-russia-charge-him-with-treason/,2022-08-15,2022-11-02
640,CyberBerkut vs. Poland,"The hacker group CyberBerkut said it blocked the sites, both down on Thursday afternoon, in response to what it said were Poland's actions as""sponsors off a scismin Ukraine"".",2014-07-14,2014-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Poland,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Cyber Berkut,Ukraine,Non-state-group,Hacktivist(s),1,761,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Cyber Berkut,Ukraine,Non-state-group,https://www.securityweek.com/ukrainian-hackers-claim-attack-polish-websites,System / ideology; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/ukrainian-hackers-claim-attack-polish-websites,2022-08-15,2022-11-02
641,Anonymous Takedown of israeli pages part II,Hackers operating under the banners of Anonymous have taken offline important Israeli government websites as a reaction to the alleged shutdown of various social media accounts of the group.,2014-08-24,2014-08-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,762,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Key-Israeli-Websites-Hacked-By-Anonymous-456302.shtml,2022-08-15,2022-11-02
642,Anonymous Data Leak Pakistan 2014,"Anonymous Pakistan' take down government sites, leak bank records",2014-08-31,2014-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,763,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.dawn.com/news/1129212,2022-08-15,2022-11-02
643,HongKong-Protest-Fake-App,Protesters in Hong Kong are being targeted by a social engineering campaign aiming to infect Android devices with an advanced surveillance mRAT.,2014-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Hong Kong,ASIA,End user(s) / specially protected groups,,,China,State,,1,764,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,State,https://blog.checkpoint.com/2014/09/30/chinese-government-targets-hong-kong-protesters-android-mrat-spyware/,System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.checkpoint.com/2014/09/30/chinese-government-targets-hong-kong-protesters-android-mrat-spyware/,2022-08-15,2022-11-02
644,The North Korean Threat Actor Lazarus Carried Out A Cyber Attack Against US Company Sony Pictures Entertainment And Leaked Stolen Personal Data In 2014,"The American media and entertainment studio group Sony Pictures Entertainment fell victim to a large-scale cyber attack in mid to late 2014, carried out by a group called Guardians of Peace, more commonly known as the Lazarus Group, which has been linked to North Korea. The attack, a meticulously planned intrusion, targeted Sony's network and culminated in the theft of extensive confidential data. The hackers strategically disseminated parts of the stolen information, both directly and through the media. They also demanded to stop the release of ""The Interview"", a satirical film depicting the assassination of North Korean leader Kim Jong Un by two American characters.
Sony Pictures became aware of the hack on 24 November 2014. However, there are indications that the perpetrators had already gained access to Sony's networks months before the attack. The FBI's subsequent investigation led them to attribute the attack to the North Korean government, although they did not officially disclose their evidence. North Korea vehemently denied any involvement.
The main target of the cyber attack was Sony Pictures Entertainment in New York, with the attackers exploiting Microsoft Windows-based systems. The malware responsible for the intrusion, after physically infiltrating Sony's networks, spread as a Windows service and exploited Microsoft Windows' administrative and network file sharing features. This allowed the hackers to connect to the Sony network and enable the theft and destruction of data.
The cyber-attack was in retaliation for Sony's refusal to comply with an earlier request to stop the release of said film. The consequences included the leaking of unreleased films and scripts, the theft of employees' personal information such as national insurance numbers and medical records, and the publication of payrolls and sensitive email correspondence. Sony was forced to suspend all online activities and shut down its network for several days.
As a result, on 19 December 2014, President Obama promised ""appropriate action against the perpetrators"", particularly the North Korean government. This cyber attack not only caused harm to Sony employees and their families, but also undermined the economic and social well-being of American citizens. In response, the US government may have responded with cyber attacks on critical infrastructure in North Korea, resulting in temporary internet outages in the country. If confirmed, this was the first instance of the United States responding to a cyberattack on its soil with such measures.",2014-01-01,2014-11-24,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,Sony Pictures Entertainment,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State; State; State; State; State",; ; ; ; ; ; ; ,4,16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704; 16704,2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00; 2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Contested attribution; Contested attribution; Contested attribution; Contested attribution; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Contested attribution; Contested attribution; Contested attribution; Contested attribution; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Contested attribution; Contested attribution; Contested attribution; Contested attribution; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Contested attribution; Contested attribution; Contested attribution; Contested attribution; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/; https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf; https://arstechnica.com/information-technology/2018/09/us-indicts-north-korean-agents-for-wannacry-sony-attacks/; https://www.schneier.com/essays/archives/2014/12/did_north_korea_real.html,System / ideology; International power,System/ideology; International power; Other,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193; https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/; https://securitymea.com/2023/02/28/apt-group-lazarus-likely-using-winordll64-backdoor-to-exfiltrate-data/; https://www.darkreading.com/vulnerabilities-threats/lazarus-group-deathnote-cluster-pivots-defense-sector; https://www.govinfosecurity.com/north-korean-apt-group-now-deploying-linux-malware-variant-a-21737; https://www.nytimes.com/2023/04/24/us/politics/justice-dept-cryptocurrency-north-korea.html; https://therecord.media/nickelodeon-alleged-data-breach; https://www.hackread.com/nickelodeon-data-leak-interview-with-ghostytongue/; https://elpais.com/https:/elpais.com/economia/negocios/2023-07-22/codigo-rojo-nos-han-hackeado-asi-son-los-ciberataques-empresariales.html; https://therecord.media/paramount-data-breach-cyberattack; https://www.bleepingcomputer.com/news/security/sony-investigates-cyberattack-as-hackers-fight-over-whos-responsible/; https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace; https://www.hackread.com/ransomedvc-ransomware-quit-sell-infrastructure/; https://www.darkreading.com/vulnerabilities-threats/defending-against-attacks-on-vulnerable-iot-devices; https://www.forbes.com.mx/el-costo-oculto-de-los-ciberataques-cuando-la-tecnologia-amenaza-la-existencia-empresarial/; https://www.forbes.com.mx/el-costo-oculto-de-los-ciberataques-cuando-la-tecnologia-amenaza-la-existencia-empresarial/; https://www.ht4u.net/news/alarmstufe-rot-im-cyberspace-der-unaufhaltsame-anstieg-von-cyberangriffen-und-datenbruechen-erreicht-neue-hoehen/; https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/; https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/; https://therecord.media/more-than-2000-cybersecurity-patent-applications-filed-since-2010-report/; https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf; https://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=0; https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/; https://www.nytimes.com/roomfordebate/2014/12/23/when-does-a-cyberattack-warrant-a-military-response; https://twitter.com/MischaHansel/status/1623012083854979083; https://www.schneier.com/essays/archives/2014/12/did_north_korea_real.html; https://arstechnica.com/information-technology/2018/09/us-indicts-north-korean-agents-for-wannacry-sony-attacks/; https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit/,2022-08-15,2024-02-26
645,Anonymous vs. Romania,"The home page of the General Inspectorate of Romanian Police was hacked by the local Anonymous group, who posted a message on the News Section.",2014-09-17,2014-09-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Romania,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,769,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Romania-Hacks-Local-Police-Website-459347.shtml,2022-08-15,2022-11-02
646,German Website Defacement,Hackers post IS-messages on German websites.,2014-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption,,Germany,EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Team System Dz,Unknown,Non-state-group,Hacktivist(s),1,770,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team System Dz,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.zeit.de/digital/2014-10/hacker-angriff-is-botschaften,2022-08-15,2022-11-02
647,Op Orwah Hammad,Anonymous has taken down 43 top Israeli government websites against shooting and killing of a 14-year-old U.S. citizen Orwah Hammad by Israeli Defence Forces.,2014-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,771,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hackers-orwah-hammad-israel-idf/,2022-08-15,2022-11-02
648,CyberBerkut Billboard Hack,"CyberBerkut hacked billboards in the Ukrainian capital, Kiev, displaying anti-Ukrainian propaganda images of“war crimes.”",2014-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Ukraine,EUROPE; EASTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Cyber Berkut,Russia,Non-state-group,Hacktivist(s),2,773; 772,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,Non-state-group; Non-state-group,https://www.recordedfuture.com/cyber-berkut-analysis/,System / ideology; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.recordedfuture.com/cyber-berkut-analysis/,2022-08-15,2022-11-02
649,SEA vs. UNICEF,Syrian Electronic Army hacked the Twitteraccount of the UNICEF to share the news of bomb blast in a Syrian school which killed 49 children,2014-10-02,2014-10-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,UNICEF,,International / supranational organization,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,13621,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Syrian Electronic Army,Syria,Non-state-group,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,System / ideology; Resources,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.techworm.net/2014/10/unicef-twitter-account-hacked.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2023-10-12
650,MalluSoldiers vs. PakistanEnergy,Cyberattackers have hacked the websites of Pakistan People's Party,2014-10-09,2014-10-09,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Intelligence agencies,Mallu Cyber Soldiers,India,Non-state-group,Hacktivist(s),1,775,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Mallu Cyber Soldiers,India,Non-state-group,,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.in/mohanlal-fans-hack-pakistan-website-post-actors-picture-dialogue-610930,2022-08-15,2022-11-02
651,OP HongKong,Anonymous Leaks Chinese Government Website Data Over  HongKong Protests,2014-10-12,2014-10-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,776,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Autonomy,System/ideology; Autonomy; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://gadgets.ndtv.com/internet/news/anonymous-leaks-chinese-government-website-data-over-hong-kong-protests-605910; https://www.techworm.net/2014/10/operation-hong-kong-anonymous-hacks-chinese-government-website.html,2022-08-15,2022-11-02
652,Serbian Hackers vs. Albania,Serbian hackers deface the site of the Albanian state television and put the picture of Albanian flag on fire,2014-10-18,2014-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Albania,EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system,Government / ministries,,Serbia,Non-state-group,Hacktivist(s),1,777,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Serbia,Non-state-group,,Secession,Secession,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.techworm.net/2014/10/serbian-hackers-deface-rtsh.html,2022-08-15,2022-11-02
653,Attack on Ukrainian Voting System,Hackers attacked Ukraine's election commission website,2014-10-25,2014-10-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system; State institutions / political system,Civil service / administration; ,,Unknown,Unknown - not attributed,,1,778,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/hackers-target-ukraines-election-website; https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/,2022-08-15,2024-04-26
654,Egypt Cyber Army vs. ISIS,"Last week, less than 24 hours after ISIS socialmedia accounts posted a threatening message from the group's leader, the audio recording was replaced with a song and its transcript with a logo resembling that of the Egyptian military, accompanied by a writing in Arabic that read""Egyptian Cyber Army.""",2014-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Syria,ASIA; MENA; MEA,Social groups,Terrorist,Egypt Cyber Army,Egypt,Non-state-group,Hacktivist(s),1,779,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Egypt Cyber Army,Egypt,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://mashable.com/2014/11/23/egyptian-cyber-army-isis-baghdadi-hack/?europe=true#6rdxCB7jemqs,2022-08-15,2022-11-02
655,DeepPanda G20 Attack,A Chinese hacking group believed to be affiliated with the Chinese government has penetrated Australian media organisations ahead of this weekend's G20 meeting,2014-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,Australia,OC,Media,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,780; 780,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.abc.net.au/news/2014-11-13/g20-china-affliliated-hackers-breaches-australian-media/5889442,2022-08-15,2022-11-02
679,Group5 vs. Syrian Opposition,"Group 5 targets Syrian opposition, background unknown, but state sponsorship suggested",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Syria,ASIA; MENA; MEA,Social groups; End user(s) / specially protected groups,Political opposition / dissidents / expats; ,Group5,"Iran, Islamic Republic of",Unknown - not attributed,,1,807,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Group5,"Iran, Islamic Republic of",Unknown - not attributed,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2016/08/group5-syria/,2022-08-15,2022-11-02
680,Australia's Bureau of Meteorology Attack 2015,Probably Chinese Spies leaked sensitive Data of Australias govermental systems,2015-01-01,2015-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,Australia,OC,State institutions / political system,Government / ministries,,China,State,,1,808,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,China,State,https://www.cnet.com/au/news/foreign-spies-behind-bureau-of-meteorology-hack-cyber-security-report/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-australia-cybersecurity/china-behind-massive-cyber-attack-on-australian-government-abc-idUSKBN0TL08M20151202; https://www.cnet.com/au/news/foreign-spies-behind-bureau-of-meteorology-hack-cyber-security-report/; http://www.abc.net.au/news/2016-10-12/bureau-of-meteorology-bom-cyber-hacked-by-foreign-spies/7923770,2022-08-15,2022-11-02
681,Leak of Saudi Ministry of Foreign Affairs 2015,Yemeni Hackergroup Yemeni Cyber Army leaked and published sensitive Data of Saudi Ministry of Foreign Affairs,2015-01-01,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing; Disruption,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,Yemen Cyber Army,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,3,810; 809; 811,2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attacker confirms; Contested attribution,; ; ,; ; ,; ; ,Yemen Cyber Army; Yemen Cyber Army; Yemen Cyber Army,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian; https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD,System / ideology; National power,National power; Subnational predominance; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/saudi-ministry-of-foreign-affairs-hacked/; https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian; https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD,2022-08-15,2022-11-02
682,Army National Guard Breach,"Army National Guard breach affects 850K, not related to OPM",2015-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Military,,Unknown,Unknown - not attributed,,1,812,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,https://eu.montgomeryadvertiser.com/story/news/military/2015/07/10/army-national-guard-announces-data-breach/29984897/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.scmagazine.com/breach-may-have-compromised-personal-info-on-850k-national-guard-members/article/532630/; https://eu.montgomeryadvertiser.com/story/news/military/2015/07/10/army-national-guard-announces-data-breach/29984897/,2022-08-15,2022-11-02
705,Anonymous vs. Chinese Police Forces,"Anonymous Hacks Chinese Police, Govt. Websites",2015-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Police,Anonymous Globo,Unknown,Non-state-group,Hacktivist(s),1,839,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Globo,Unknown,Non-state-group,,System / ideology; Autonomy,System/ideology; Autonomy; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/operationchina-anonymous-hacks-chinese-police-govt/,2022-08-15,2022-11-02
706,Yemen CyberArmy vs. Al-hayat,"Pro-Houthi Hackers ""YemenCyberArmy"" hacked the London-based, saudi-owned arab Newspaper al-Hayat.",2015-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,Saudi Arabia; United Kingdom,ASIA; MENA; MEA; GULFC - EUROPE; NATO; EU(MS); NORTHEU,Media - Media, - ,Yemen Cyber Army,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,3,842; 841; 840,2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attacker confirms; Contested attribution,; ; ,; ; ,; ; ,Yemen Cyber Army; Yemen Cyber Army; Yemen Cyber Army,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian; https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD,System / ideology; National power,National power; Subnational predominance; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.breitbart.com/national-security/2015/04/14/arab-newspaper-hacked-by-pro-houthi-yemen-cyber-army/; https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian; https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD,2022-08-15,2022-11-02
707,Armenian-Turk Cyberwar Armenian Side,"Armenian groups involved in cyber attacks against Turkish government include Anonymous Armenia, Monte Melkonian Cyber Army, Caucasus cyber army and ASALA",2015-04-01,2015-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,Monte Melkonian Cyber Army; Anonymous,Armenia; Armenia,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,843; 843,NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,,,,Monte Melkonian Cyber Army; Anonymous,Armenia; Armenia,Non-state-group; Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/armenia-turkish-hackers-cyberwar/,2022-08-15,2022-11-02
708,Armenian-Turk Cyberwar Turkish Side,The groups of Turkish hackers conducting cyber attacks on Armenian government are Anonymous Tuak and Turk Hack Team (THT),2015-04-01,2015-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Armenia,ASIA; CENTAS; CSTO,State institutions / political system,Government / ministries,Anonymous; TurkHackTeam,Turkey; Turkey,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,844; 844,NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,,,,Anonymous; TurkHackTeam,Turkey; Turkey,Non-state-group; Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
709,Blocking of Al-Arabiya,Houthi Rebels blocked the arabian version of the website of Al-Arabiya in the Yemeni Internet,2015-04-07,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United Arab Emirates,ASIA; MENA; MEA; GULFC,Media,,Houthi Militias,Yemen,Non-state-group,Religious actors,1,845,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Houthi Militias,Yemen,Non-state-group,,National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://english.alarabiya.net/en/media/digital/2015/04/08/Houthis-block-Al-Arabiya-s-Arabic-language-website-in-Yemen-.html,2022-08-15,2022-11-02
710,IS hackers vs. Embassy,Turkmen Embassy In Minsk Hacked Apparently ByIS,2015-04-09,2015-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkmenistan,ASIA,State institutions / political system,,El Moujahidine,Unknown,Non-state-group,Terrorist(s),1,846,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,El Moujahidine,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.rferl.org/a/turkmen-embassy-in-minsk-hacked/26947114.html,2022-08-15,2022-11-02
711,Iran State Television Twitter Hacked,"Hackers took over the official Twitter account of Iran’s state Television ‘Al-Alam’, leaving material supportive of the Saudi-led airwar against Iran-backed rebels in Yemen",2015-04-13,2015-04-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Media,,,Saudi Arabia,Non-state-group,Hacktivist(s),1,847,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Saudi Arabia,Non-state-group,,System / ideology; National power; Subnational predominance,National power; Subnational predominance; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/irani-state-tv-social-media-hacked-saudi-hackers/,2022-08-15,2022-11-02
712,Russian hacker group APT 28 suspected of hacking into the German Bundestag system in May 2015,"The Russian hacker group ATP 28 aka Fancybear, which is linked to the Russian military intelligence service GRU, hacked into the German Bundestag system in May 2015 and captured gigabytes of sensitive data. It is suspected that the attackers gained access to the system via a phishing email that they sent to employees of the ""Die Linke"" party in the Bundestag. The link in the email led to a compromised website that installed malware on the system. With the help of the malware, the attackers later managed to gain access to the administrator rights of the Bundestag's Microsoft environment. Around 50 IT systems were affected, including the server of then Chancellor Angela Merkel's office. Shortly after the hack was discovered, ""Die Linke"" (the left-wing party) asked cyber security officer Claudio Guarnieri to investigate the cyber incident. In his technical report from June 2015, he attributed the attack to the Russian hacker group ATP 28 alias Fancybear. In the same year, the President of the Federal Intelligence Service declared that a foreign intelligence service was allegedly behind the cyberattack. In May 2016, he publicly attributed the Bundestag hack to Russia. In 2020, the German Federal Public Prosecutor's Office issued an arrest warrant for one of the suspected Russian attackers. In October 22 2020, the Council of the European Union sanctioned, within the framework of the EU Cyber Diplomacy Toolbox, a Main Spe­cial Services Centre of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU) and its military intelligence officers Dmitry Badin and Igor Kostyukov for the attack.",2015-04-13,2015-05-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,Bundestag,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Legislative,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,2,16213; 16213; 16212; 16212,2016-05-01 00:00:00; 2016-05-01 00:00:00; 2015-06-01 00:00:00; 2015-06-01 00:00:00,"Statement in media report and indictment / sanctions; Statement in media report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,Bundesamt für Verfassungsschutz; Bundesamt für Verfassungsschutz; Claudio Guarnieri; Claudio Guarnieri,Not available; Not available; ; ,Germany; Germany; ; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU; Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia; Russia; Russia,"State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",http://www.zeit.de/2017/20/cyberangriff-bundestag-fancy-bear-angela-merkel-hacker-russland; https://www.welt.de/politik/deutschland/article142372328/Verfassungsschutz-verfolgt-Spur-nach-Russland.html; https://www.zdnet.com/article/german-authorities-charge-russian-hacker-for-2015-bundestag-hack/; https://netzpolitik.org/2020/haftbefehl-gegen-mutmasslichen-russischen-geheimdienst-hacker/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://twitter.com/Cyber_O51NT/status/1633131784568463361; https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/; https://www.lastampa.it/esteri/2023/07/24/news/i_droni_esplodono_a_pochi_passi_dalla_sede_degli_hacker_del_gruppo_fancy_bear_legati_ai_servizi_militari_russi_del_gru_l-12962354/; https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag; https://www.bbc.com/news/technology-36284447; https://www.kyivpost.com/post/28885; https://www.heise.de/security/meldung/Bundestags-Hack-Angreifer-sollen-gigabyteweise-E-Mails-kopiert-haben-2715881.html; http://www.zeit.de/2017/20/cyberangriff-bundestag-fancy-bear-angela-merkel-hacker-russland; https://www.welt.de/politik/deutschland/article142372328/Verfassungsschutz-verfolgt-Spur-nach-Russland.html; https://www.zdnet.com/article/german-authorities-charge-russian-hacker-for-2015-bundestag-hack/; https://netzpolitik.org/2020/haftbefehl-gegen-mutmasslichen-russischen-geheimdienst-hacker/; https://www.securityweek.com/german-cybersecurity-chief-sacked-over-alleged-russia-ties,2022-08-15,2024-01-12
713,THT Herakles DDOS vs. The Pope,"Hacker ""THTHerakles"" ShutDown Vatican City Website Against Pope’s Comment using the word ""genozied"" about turk mass killing of Armenians",2015-04-13,2015-04-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Holy See (Vatican City State),EUROPE,State institutions / political system,Government / ministries,THT Herakles,Turkey,Non-state-group,Hacktivist(s),1,850,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,THT Herakles,Turkey,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/hackers-shut-down-vatican-city-website/,2022-08-15,2022-11-02
714,Anonymous vs. Chilean Government,"Anonymous Hacks Chile Govt in support of student protests, against police brutality",2015-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Chile,SOUTHAM,State institutions / political system,Government / ministries,Anonymous,Chile,Non-state-group,Hacktivist(s),1,851,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Chile,Non-state-group,,System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-chile-government/,2022-08-15,2022-11-02
715,United-Airlines-Hack,"A group of China-backed hackers believed to be responsible for high-profile databreaches, including the U.S. Office of Personnel Management and the insurance giant Anthem, has now hit another high-profile target–United Airlines.",2015-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,852; 852,2015-01-01 00:00:00; 2015-01-01 00:00:00,"Attribution given, type unclear; Attribution given, type unclear",Media-based attribution; Media-based attribution,,,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2015/07/united-airlines-hacked.html; https://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines; https://formiche.net/2024/04/minacce-ibride-intervista-gregory-f-treverton/,2022-08-15,2024-04-02
716,Unknown hackers vs. ChiOnwurahs,Unknown hackers got access to sensitive data of the MP Chi Onwurahs parliamentary work,2015-05-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Legislative,,Unknown,Non-state-group,Criminal(s),1,853,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/british-parliament-computers-ransomware-infected/; https://www.express.co.uk/life-style/science-technology/618063/Parliament-Hacked-Files-MP-Ransom; https://www.thetimes.co.uk/article/labours-digital-shadow-is-hacked-ggqpd0gp9tz,2022-08-15,2022-11-02
717,Japan Pension System Hack,Japan’s pension system has been hacked and more than a million cases of personal data leaked.,2015-05-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing,,Japan,ASIA; SCS; NEA,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,854,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown; System/ideology,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-japan-pensions-attacks-idUSKBN0OH1OP20150601?mod=djemCIO_h,2022-08-15,2022-11-02
718,Anonymous vs. Italian Ministry of Defense,"Anonymous leaked data, especially E-Mail-adresses of military personnel, of italian ministry of defence",2015-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),State institutions / political system; State institutions / political system,Government / ministries; Military,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,855,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.lastampa.it/2015/05/19/italia/cronache/anonymous-colpisce-il-ministero-della-difesa-qlFNgswyvu20wnQiNYK1kL/pagina.html,2022-08-15,2022-12-30
719,Operation DustySky Part 1,"Espionage campaign by the MoleRATs Group (also known as the Gaza Cybergang Group), an Arabic-speaking, politically motivated group that has been operating in the Middle East since 2012.",2015-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,United States; Middle East (region); Europe (region),NATO; NORTHAM -  - ,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure,Government / ministries; Finance; ; ; Defence industry - Government / ministries; Finance; ; ; Defence industry - Government / ministries; Finance; ; ; Defence industry,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Unknown,Unknown - not attributed,,1,17165,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Unknown,Unknown - not attributed,https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf; https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,2022-08-15,2024-02-15
720,RxRHaCker vs. Iranian Ministry of Defense,"Iran Ministry of Defense Website Hacked by Saudi Hackergroup ""RxRHaCker""",2015-05-14,2015-05-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,Military,RxRHaCker,Saudi Arabia,Non-state-group,Hacktivist(s),1,857,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RxRHaCker,Saudi Arabia,Non-state-group,,System / ideology; National power; Subnational predominance,National power; Subnational predominance; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/saudi-hackers-iran-defense-ministry-website/,2022-08-15,2022-11-02
721,DNC-Hack (Cozy Bear) - 2016,Russian government hackers from state-sponsored group Cozy Bear/APT29 penetrated the computer network of the Democratic National Committee and monitored the DNC`s email and chat communications.,2015-06-01,2016-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Political parties,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,,3,4801; 4799; 4800,2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,; ; ,Not available; ; Not available,; ; ,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia; Russia; Russia,State; State; State,https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/; https://www.cnbc.com/2020/07/17/fancy-bear-cozy-bear-russia.html; https://abcnews.go.com/International/russia-linked-hackers-accused-stealing-covid-vaccine-data/story?id=71819152; https://www.csmonitor.com/World/Passcode/2016/0615/Meet-Fancy-Bear-and-Cozy-Bear-Russian-groups-blamed-for-DNC-hack; https://us-cert.cisa.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-; https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/; https://www.cnbc.com/2020/07/17/fancy-bear-cozy-bear-russia.html; https://abcnews.go.com/International/russia-linked-hackers-accused-stealing-covid-vaccine-data/story?id=71819152; https://www.csmonitor.com/World/Passcode/2016/0615/Meet-Fancy-Bear-and-Cozy-Bear-Russian-groups-blamed-for-DNC-hack; https://us-cert.cisa.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf; https://www.wired.com/story/leaked-pentagon-documents-ukraine-discord/; https://www.jpost.com/international/article-743680; https://www.defenseone.com/technology/2023/05/space-force-will-look-how-hack-targets-space/386755/; https://securityaffairs.com/149103/apt/apt29-microsoft-teams-phishing-attacks.html; https://www.wired.com/story/cloudzy-state-sponsored-hackers-roundup/; https://www.channelnewsasia.com/world/us-presidential-election-2024-threats-hostile-countries-conspiracy-cyberattacks-4014931; https://www.wired.com/story/gop-secretaries-of-state-cisa-controversy/; https://www.kyivpost.com/post/28885; https://www.usine-digitale.fr/article/microsoft-reconnait-que-des-pirates-russes-lui-ont-vole-du-code-source-et-des-documents-sensibles.N2209713; https://securityaffairs.com/160405/intelligence/russia-svr-warns-interference-presidential-elections.html; https://formiche.net/2024/04/minacce-ibride-intervista-gregory-f-treverton/,2022-08-15,2023-04-13
722,Iran vs. Satellite Companies,"Between 2015 and 2019 hackers attributed to be part of the IRG hacked various companies, and government agencies, most related to the production and operation of satellites",2015-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None - None,United States; Singapore; United Kingdom; Israel; Australia,NATO; NORTHAM - ASIA - EUROPE; NATO; EU(MS); NORTHEU - ASIA; MENA; MEA - OC,State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,; ; Telecommunications; ; Defence industry - ; ; Telecommunications; ; Defence industry - ; ; Telecommunications; ; Defence industry - ; ; Telecommunications; ; Defence industry - ; ; Telecommunications; ; Defence industry,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of",State,,1,13899,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,Not available,United States,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of",State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/108449/cyber-warfare-2/iranian-hackers-satellite-companies.html,2022-08-15,2023-10-26
723,"Trojan ""Bookworm"" vs. Thailand","A trojan called ""Bookworm"" targeted the government of Thailand, in order to infiltrate its networks.",2015-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Thailand,ASIA; SEA,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,862,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,https://unit42.paloaltonetworks.com/bookworm-trojan-a-model-of-modular-architecture/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/; https://unit42.paloaltonetworks.com/bookworm-trojan-a-model-of-modular-architecture/,2022-08-15,2022-11-02
704,Anonymous vs. Chinese Government,Anonymous Philippines Hacks Chinese Govt. Websites over Territorial Disputes,2015-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system,Government / ministries,Anonymous Philippines,Philippines,Non-state-group,Hacktivist(s),1,838,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Philippines,Philippines,Non-state-group,,Territory,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-philippines-hacks-chinese-govt-websites-over-territorial-disputes/,2022-08-15,2022-11-02
703,Sandworm vs. Ukrainian Company StarLight Media - 2015,"The disruptive malware KillDisk was detected in several ukrainian company networks, deleting critical data and making multiple computers unusable, this case refers to the company StarLight Media as a victim. The attacks have been attributed to Sandworm, allegedly run by Russian military intelligence service GRU.",2015-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,2,3247; 3248,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; IT-security community attributes attacker,,Not available; Not available,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48),System / ideology; Resources; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.wired.com/story/russian-hackers-attack-ukraine/; https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48),2022-08-15,2023-07-05
702,Houthi Internet Outages 2015,Houthi Rebels took down the internet various times through out late march until early may 2015,2015-03-31,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Yemen,ASIA; MENA; MEA,Critical infrastructure; End user(s) / specially protected groups; Other,Telecommunications; ; ,Houthi Militias,Yemen,Non-state-group,Religious actors,1,835,NaT,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,Houthi Militias,Yemen,Non-state-group,,National power,National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2015/10/information-controls-military-operations-yemen/,2022-08-15,2022-11-02
691,Cyber Caliphate CENTCOM Twitter and Youtube,Cyber Caliphate took control about the Twitter Account and Youtube Channel of U.S. Central Command(CENTCOM),2015-01-13,2015-01-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Military,Cyber Caliphate,Unknown,Non-state-group,Terrorist(s),1,824,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Caliphate,Unknown,Non-state-group,,System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Pro-ISIS-Group-Hijacks-Social-Accounts-of-US-Central-Command-469793.shtml,2022-08-15,2022-11-02
683,Yahoo Hack II,"The same hackers as in 2014 gained access to Yahoo User Accounts in 2015, says the company.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,FSB; Not available,Russia; Canada; Russia,"Non-state actor, state-affiliation suggested; Individual hacker(s)",,2,8561; 8561; 8561; 8561; 8561; 8561; 8561; 8561; 8560; 8560; 8560; 8560; 8560; 8560; 8560; 8560,2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00,"Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available; FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available,Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada,"Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s)",https://techcrunch.com/2017/02/15/yahoo-notifying-users-of-malicious-account-activity-as-verizon-deal-progresses/?_ga=2.211912413.832030079.1550578062-1170144247.1549987749; https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://techcrunch.com/2017/02/15/yahoo-notifying-users-of-malicious-account-activity-as-verizon-deal-progresses/?_ga=2.211912413.832030079.1550578062-1170144247.1549987749; https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions; https://techcrunch.com/2017/02/27/yahoo-offers-new-details-on-breaches-to-senate-committee/; https://www.rferl.org/a/32472306.html; https://www.ht4u.net/news/alarmstufe-rot-im-cyberspace-der-unaufhaltsame-anstieg-von-cyberangriffen-und-datenbruechen-erreicht-neue-hoehen/,2022-08-15,2024-03-04
684,DragonOK vs. Japanese Organizations,Unit 42 Identifies New Dragon OK Backdoor Malware Deployed Against JapaneseTargets. The group is sometimes connected to the Chinese state.,2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,Japan,ASIA; SCS; NEA,Unknown,,DragonOk,Unknown,Unknown - not attributed,,1,815,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DragonOk,Unknown,Unknown - not attributed,https://www.phnompenhpost.com/national/kingdom-targeted-new-malware,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; https://www.phnompenhpost.com/national/kingdom-targeted-new-malware,2022-08-15,2022-11-02
685,The Ukraine-based hacking group Bad Magic aka Red Stinger compromised individuals of the separatist organizations as well as government officials in eastern Ukraine beginning in April 2012,"#Operation Groundbait: Ukraine-based hacking group Bad Magic aka Red Stinger compromised individuals belonging to separatist organizations as well as government officials, politicians and journalists in eastern Ukraine - more specifically in the contested regions of Donetsk and Luhansk - from April 19, 2012, to May 5, 2016, reported the Slovakian IT security firm ESET on May 17, 2016.
The technical report mentioned that they could identify at least 33 victims, most of them in eastern Ukraine, but a small unspecified part also in Kiev or Russia. Only the political party ""Right Sector"" was given an exact name as one of the receivers. In addition to the above targets, a ""religious institute"" is also said to have been targeted.
The hacker group used the Prikormka malware and intended to gather intelligence.
In 2023, the Russian IT company discovered the two cyber operations CommonMagic and CloudWizard and found that the actors behind them are the same actors as the actors behind Operation BugDrop and Operation Groundbait. In their technical report of May 19, 2023, they dubbed the responsible hacker group Bad Magic.",2012-04-19,2016-05-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Right Sector - Not available,Russia; Ukraine; Ukraine,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU - EUROPE; EASTEU,Social groups - State institutions / political system - State institutions / political system; Social groups; Media; State institutions / political system; Social groups,Religious - Political parties - Government / ministries; Ethnic; ; Civil service / administration; Religious,Red Stinger / Bad Magic,Ukraine,Unknown - not attributed,,2,10230; 10229,2023-05-19 00:00:00; 2016-05-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Kaspersky; ESET,Kaspersky; ESET,Russia; Slovakia,Red Stinger / Bad Magic; Not available,Ukraine; Ukraine,Unknown - not attributed; Unknown - not attributed,https://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf; https://securelist.com/cloudwizard-apt/109722/,System / ideology; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf; https://twitter.com/Arkbird_SOLG/status/1659910150306557953; https://www.darkreading.com/attacks-breaches/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine; https://twitter.com/e_kaspersky/status/1659523123111243776; https://web.archive.org/web/20171202045106/https:/cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/; https://securelist.com/cloudwizard-apt/109722/,2022-08-15,2023-12-09
686,Open Society Foundation Tainted Leaks,"Russian-state-sponsored hackers attacked the OSF by creating ""TaintedLeaks"".",2015-01-01,2015-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,None - None - None,United States; Europe (region); Russia,NATO; NORTHAM -  - EUROPE; EASTEU; CSTO; SCO,Social groups - Social groups - Social groups,Other social groups - Other social groups - Other social groups,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,817,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/,2022-08-15,2022-11-02
687,Mexican Journalists targeted via government-exlusive NSO Spyware.,Mexican Journalists targeted via government-exlusive NSO Spyware.,2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Mexico,,End user(s) / specially protected groups; Media,,,Unknown,State,,1,818,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Unknown,State,https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/; https://elpais.com/https:/elpais.com/mexico/2023-03-10/lopez-obrador-dice-que-el-ejercito-no-espio-con-pegasus-a-periodistas-y-activistas-sino-que-se-hizo-investigacion.html,2022-08-15,2023-04-19
688,Sowbug Group,Sowbug: Cyberespionage group targets South American and Southeast Asian governments,2015-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,Ecuador; Peru; Brazil; Malaysia; Argentina; Brunei, - SOUTHAM - SOUTHAM - ASIA; SCS; SEA - SOUTHAM - ASIA; SCS,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries,Sowbug,Unknown,Unknown - not attributed,,1,819,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Sowbug,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
689,ZooPark,"KasperskyLab researchers have discovered ZooPark, a sophisticated cyberespionage campaign that has been targeting Android device users based in Middle Eastern countries for several years. An unknown hacker provided evidence to motherboard that should show that the group ZooPark is an Iranian state-sponsored Group. Kaspersky couldn`t tell which kind of actor is behind ZooPark.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,"Iran, Islamic Republic of; Lebanon; Egypt; Morocco; Jordan",ASIA; MENA; MEA - ASIA; MENA; MEA - MENA; MEA; AFRICA; NAF - AFRICA; NAF; MENA - ASIA; MENA; MEA,End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups, -  -  -  - ,Zoopark,Unknown,"Non-state actor, state-affiliation suggested",,2,820; 821,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by third-party,,,,Zoopark; Zoopark,"Unknown; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.vice.com/en_us/article/qvn4kq/vigilante-hacks-government-zoopark-cyberespionage,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://usa.kaspersky.com/about/press-releases/2018_zoopark-new-android-based-malware; https://www.vice.com/en_us/article/qvn4kq/vigilante-hacks-government-zoopark-cyberespionage,2022-08-15,2022-11-02
690,Post-Charlie Hebdo Islamist CyberAttack,"Up to 20k French websites got hit by cyberattacks; ISIS claims responsibility, but also algerian anonymus groups and al-Qaida",2015-01-10,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,Government / ministries; Religious; ; ,Anonymous Algeria,Unknown,Non-state-group,Hacktivist(s),2,822; 823,NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Contested attribution,,,,Anonymous Algeria; Anonymous Algeria,Unknown; Unknown,Non-state-group; Non-state-group,https://www.huffingtonpost.com/2015/01/13/charlie-hebdo_n_6464318.html https://www.cbsnews.com/news/france-hit-by-19000-cyber-attacks-after-charlie-hebdo-terror-attacks/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://money.cnn.com/2015/01/15/technology/security/french-websites-hacked/index.html; https://www.huffingtonpost.com/2015/01/13/charlie-hebdo_n_6464318.html https://www.cbsnews.com/news/france-hit-by-19000-cyber-attacks-after-charlie-hebdo-terror-attacks/,2022-08-15,2022-11-02
692,Le Monde-SEA-Hack,The Twitter Channel of Le Monde was hacked by the SEA.,2015-01-21,2015-01-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,Media,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,825,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-cybercrime-lemonde/french-newspaper-le-monde-says-twitter-account-hacked-idUSKBN0KU07820150121,2022-08-15,2024-01-04
701,Git-Hub-DDoS-Attack,Authorities from the Chinese mainland are suspected to be behind the cyberattack that first knocked the popular U.S. coding site GitHub offline.,2015-03-19,2015-03-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,China,"Non-state actor, state-affiliation suggested",,1,834,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",https://www.ibtimes.com/chinese-government-suspected-github-hack-evidence-links-ddos-attack-censorship-push-1863556,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/github-suffers-largest-ddos-attack-in-sites-history/; https://www.ibtimes.com/chinese-government-suspected-github-hack-evidence-links-ddos-attack-censorship-push-1863556,2022-08-15,2022-11-02
693,Cyber Caliphate /Lizard Squad,ISIS Hacker group LizardSquad hacked Malaysian Airlines Website,2015-01-26,2015-01-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Malaysia,ASIA; SCS; SEA,Critical infrastructure,Transportation,Lizard Squad; Cyber Caliphate,Unknown; Unknown,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),1,826; 826,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Lizard Squad; Cyber Caliphate,Unknown; Unknown,Non-state-group; Non-state-group,https://www.reuters.com/article/us-malaysia-airline-cybercrime/malaysia-airlines-website-targeted-by-hacker-group-cyber-caliphate-idUSKBN0KZ08E20150126,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/news/morning-mix/wp/2015/01/26/lizard-squad-hacks-malaysia-airlines-claiming-link-to-islamic-state/?utm_term=.f1d1ebca1622; https://www.reuters.com/article/us-malaysia-airline-cybercrime/malaysia-airlines-website-targeted-by-hacker-group-cyber-caliphate-idUSKBN0KZ08E20150126; http://www.computerweekly.com/news/2240238817/Lizard-Squad-hijacks-Malaysia-Airlines-website https://techcrunch.com/2015/01/25/malaysia-airlines-site-hacked-by-lizard-squad/,2022-08-15,2022-11-02
694,Anonymous vs. Philiipines,Anonymus hacked philipine Goverment Websites,2015-01-31,2015-01-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,827,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Subnational predominance; Secession,Subnational predominance; Secession; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.gmanetwork.com/news/scitech/technology/422037/hackers-deface-gov-t-websites-to-demand-justice-for-slain-saf-officers/story/,2022-08-15,2022-11-02
695,Fancy Bear vs. Bellingcat,"ThreatConnect reviews activity by Fancy Bear targeting Bellingcat, a key contributor in the MH17 investigation.",2015-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Media,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,1,828,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,https://threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/,2022-08-15,2022-11-02
696,Attack on Dutch Government,Unknown hackers hacked several dutch gov websites,2015-02-10,2015-02-10,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Netherlands,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,829,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.zdnet.com/article/ddos-attack-leaves-dutch-websites-offline-for-hours/,2022-08-15,2022-11-02
697,Cyber Caliphate leak of Russian Data,Cyber Caliphate hacked up to 600 Russian Websites,2015-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Cyber Caliphate,Unknown,Non-state-group,Terrorist(s),1,830,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Caliphate,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
698,Principal Controller of Defence Account (Officers) Hack 2015,Unknown hackers leaked sensitive personal Data about indian Army Officers,2015-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,India,ASIA; SASIA; SCO,State institutions / political system,Military,,China; Pakistan,Unknown - not attributed,,1,831; 831,NaT; NaT,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution,,,,,China; Pakistan,Unknown - not attributed; Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://timesofindia.indiatimes.com/india/Army-officers-panic-as-hackers-steal-secret-data/articleshow/46856789.cms,2022-08-15,2023-03-13
699,Fancy Bear vs. Denmark,"Danish armed forces personnel have had their email shacked from 2015 to 2017, Denmark’s security service said. The hack has been attributed to‘Fancy Bear,’ a hacking group said to have connections to Russia.",2015-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,Denmark,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Military,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,1,832,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,https://www.rt.com/viral/385987-danish-hack-fancy-bear/; https://www.reuters.com/article/us-denmark-security-russia/russia-hacked-danish-defense-for-two-years-minister-tells-newspaper-idUSKBN17P0NR,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.rt.com/viral/385987-danish-hack-fancy-bear/; https://www.reuters.com/article/us-denmark-security-russia/russia-hacked-danish-defense-for-two-years-minister-tells-newspaper-idUSKBN17P0NR,2022-08-15,2023-03-13
700,Ontario Ministry of Education Leak,Unknown hackers leaked up to 5k E-Mail-adresses from Ontario Ministry of Education,2015-03-05,2015-03-05,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing,,Canada,NATO; NORTHAM,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,833,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.insidehalton.com/news-story/5476951-thousands-of-email-addresses-leaked-from-government-website/,2022-08-15,2022-11-02
636,Gamma International Hack 2014,A hacker claims to have hacked a network of the surveillance technology company Gamma International and has published 40 gigabytes of internal data.,2014-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,Individual hacker(s),,1,754,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://netzpolitik.org/2014/gamma-finfisher-hacked-40-gb-of-internal-documents-and-source-code-of-government-malware-published/,2022-08-15,2022-11-02
635,Monitoring of Exil-Bahraini Activists,Rightsgroup Privacy International files complaint that officials illegally monitored devices of pro-democracy trio in UK,2014-08-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None,United Kingdom; Bahrain,EUROPE; NATO; EU(MS); NORTHEU - ASIA; MENA; MEA; GULFC,Social groups - Social groups,Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations),,Bahrain,State,,1,753,2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,,Bahrain,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2014/oct/13/uk-police-investigate-alleged-bahraini-hacking-exiles-computers,2022-08-15,2023-05-15
634,Anonymous leak of Pakistani Data,Anonymous Leaks Sensitive Data on Pakistani Government and Army in Solidarity With Protestors,2014-08-01,2014-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Military,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1787,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/anonymous-leaks-sensitive-data-pakistani-government-army-solidarity-protestors-1464015,2022-08-15,2022-11-02
589,APT32/Ocean Lotus Group,"Espionage-Hacks against  private companies in the US, China, Germany, the Philippines and Vietnam.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None,Germany; China; United States; Philippines; Vietnam,EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; EASIA; NEA; SCO - NATO; NORTHAM - ASIA; SCS; SEA - ASIA; SCS; SEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  -  - ,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",,2,698; 699,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH; APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html; https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html; https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal,2022-08-15,2023-08-13
569,Svobod a defacement of Ukrainian Website,Hacktivists from Ukrainian neo-fascist ‘Svoboda’ party hacked and defaced more than 30 Ukrainian government and mediawebsites.,2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system; Media,Government / ministries; ,Svoboda,Ukraine,Non-state-group,Hacktivist(s),1,673,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Svoboda,Ukraine,Non-state-group,,System / ideology; National power,System/ideology; National power; Other,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/ukrainian-government-websites-hacked-by-new-nazi-hackers/,2022-08-15,2022-11-02
570,North korea prepare to attack against SK,Northkorea hacks several targets in SouthKorea in order to prepare larger strike. Sensitive defense data stolen and systems hijacked without being misused until recovery.,2014-01-01,2014-01-02,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; Critical infrastructure,; Defence industry,,"Korea, Democratic People's Republic of",State,,1,674,2016-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.reuters.com/article/us-northkorea-southkorea-cyber/north-korea-mounts-long-running-hack-of-south-korea-computers-says-seoul-idUSKCN0YZ0BE?mod=djemCIO_h,2022-08-15,2022-11-02
571,US Postal Breach,"U.S. Postal Service hacked, allegedly by China.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,China,"Non-state actor, state-affiliation suggested",,2,675; 676,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://arstechnica.com/information-technology/2014/11/all-us-postal-service-employees-personal-data-exposed-by-hackers/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.usatoday.com/story/tech/2014/11/10/us-postal-service-post-office-hacked/18795289/; https://arstechnica.com/information-technology/2014/11/all-us-postal-service-employees-personal-data-exposed-by-hackers/,2022-08-15,2022-11-20
572,Duqu 2.0,"Kaspersky, as well as Hotels where the P5 + 1 Nuclear Talks with the Iran took place, got hacked by a Malware called Duqu-2.0, which is assumed to be the work of the Israeli Unit 8200.",2014-01-01,2015-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Europe (region); Russia, - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,Unit 8200,Unknown,Unknown - not attributed,,1,677,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Unit 8200,Unknown,Unknown - not attributed,https://resources.infosecinstitute.com/duqu-2-0-the-most-sophisticated-malware-ever-seen/#gref; https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks; https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/70504/,International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://resources.infosecinstitute.com/duqu-2-0-the-most-sophisticated-malware-ever-seen/#gref; https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks; https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/70504/; https://www.wired.com/story/kaspersky-apple-ios-zero-day-intrusion/,2022-08-15,2023-06-02
573,IRS Hack,"Cyberhack got access to over 700,000 IRS accounts. The assumed Russian cyberthieves gained access to taxpayer accounts between January 2014, the launch for the GetTranscriptfunction, and May 2015, the IRS said.",2014-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Russia,Unknown - not attributed,,1,678,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Russia,Unknown - not attributed,https://www.cnet.com/news/russian-hackers-behind-50-million-irs-hack-report-says/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://eu.usatoday.com/story/money/2016/02/26/cyber-hack-gained-access-more-than-700000-irs-accounts/80992822/; https://www.cnet.com/news/russian-hackers-behind-50-million-irs-hack-report-says/,2022-08-15,2022-11-02
574,Yahoo Hack I,"Yahoo says that the user account information was stolen from its network in late 2014 by what it now believes to be a state-sponsored actor. In 2017, the us indicted Russian agents for the hack.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,FSB; Not available,Russia; Canada,"Non-state actor, state-affiliation suggested; Individual hacker(s)",,2,8559; 8559; 8559; 8559; 8559; 8559; 8559; 8559; 8558; 8558; 8558; 8558; 8558; 8558; 8558; 8558,2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00,"Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ,FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available; FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available,Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada,"Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s)",https://techcrunch.com/2016/09/22/yahoo-confirms-state-sponsored-attacker-stole-personal-data-of-at-least-500-million-users/?_ga=2.215474910.832030079.1550578062-1170144247.1549987749; https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html; https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://techcrunch.com/2016/09/22/yahoo-confirms-state-sponsored-attacker-stole-personal-data-of-at-least-500-million-users/?_ga=2.215474910.832030079.1550578062-1170144247.1549987749; https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html; https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions; https://techcrunch.com/2017/02/27/yahoo-offers-new-details-on-breaches-to-senate-committee/; https://www.rferl.org/a/32472306.html; https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177; https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177,2022-08-15,2024-03-04
575,RedHack Defacement of Turkish Parliament,"First, the hackers exploited across-site scripting (XSS) vulnerability on the Parliament’s website (tbmm.gov.tr) to send a message to the government",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Turkey,ASIA; NATO; MEA,State institutions / political system; State institutions / political system,Legislative; Political parties,RedHack,Turkey,Non-state-group,Hacktivist(s),1,681,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/RedHack-Hacks-Turkish-Contractors-Association-and-State-Railways-415876.shtml,2022-08-15,2022-11-02
576,Redhack Disturbance of various Turkish government institutions,"The Redhack group disrupted the official website of the Turkish Central Bank to protest the fact that the central bank has allowed the Turkish lira to lose its value against foreign currencies.
The Ministry of Family and Social Policy was also targeted by the hacktivists to protest against ""child marriages and the death of women"".",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Central Bank (Turkey)  - Ministry of Family and Social Policy (Turkey) ,Turkey; Turkey,ASIA; NATO; MEA - ASIA; NATO; MEA,State institutions / political system; Critical infrastructure; State institutions / political system - State institutions / political system,"Government / ministries; Finance; Other (e.g., embassies) - Government / ministries",,Turkey,Non-state-group,Hacktivist(s),1,6606,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Turkey-s-Central-Bank-Disrupted-by-RedHack-417821.shtml,2022-08-15,2023-02-08
577,OP Fullerton,#Op Fullerton: Anonymous takes down Fullerton police website against protesters arrest and Kelly Thomas tribute,2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,683,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-takes-down-fullerton-police-website-against-arrest/,2022-08-15,2022-11-02
578,Chinese hacking group APT suspected of MSP Theft Campaign Operation Cloud Hopper between 2014-2018,"The Chinese hacking group APT 10 is believed to be responsible for the 2014-2018 cyber espionage campaign Operation Cloud Hopper, which affected management service providers (MSPs) and MSP customers worldwide. The targeted MSPs, including IBM and Hewlett Packard Enterprise, that managed the victims' application, network and system infrastructure were compromised in order to infiltrate the MSPs' customers. The affected companies operate in the technology, industrial manufacturing, retail, energy, pharmaceutical and telecoms sectors. The attack also hit government agencies, including the US Navy and NASA. The attack was technically skilful. In 2018, the US Department of Justice issued an arrest warrant for two Chinese nationals and publicly attributed the attack to APT 10 aka MenuPass, POTASSIUM, Stone Panda, Red Apollo or CVNX. The Five Eyes, Japan and Germany publicly endorsed this attribution. In October 2020, the EU imposed sanctions against two Chinese citizens and the company Huaying Haitai, which were held responsible for the ""Cloud Hopper"" operation. In July 2020, the Council of the European Union decided to sanction Chinese nationals Gao Qiang and Zhang Shilong and the Chinse company Huaying Haitai for the Operation Cloud Hopper within the framework of the EU Cyber Diplomacy Toolbox.  ",2014-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Dimension Data - IBM - None - None - CGI - NTT Data - Fujitsu - None - Ericsson - Hewlett Packard Enterprise - Tata Consultancy Services  - Valmet - None,South Africa; United States; Brazil; France; Canada; Japan; Japan; United Arab Emirates; Sweden; United States; India; Finland; Germany,AFRICA; SSA - NATO; NORTHAM - SOUTHAM - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - ASIA; SCS; NEA - ASIA; SCS; NEA - ASIA; MENA; MEA; GULFC - EUROPE; EU(MS); NORTHEU - NATO; NORTHAM - ASIA; SASIA; SCO - EUROPE; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure - Critical infrastructure - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - Digital Provider -  -  -  - Digital Provider -  -  - Digital Provider - Digital Provider -  -  - ,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,State,,2,16211; 16210,2018-12-20 00:00:00; 2017-01-01 00:00:00,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,US Department of Justice (DoJ); BAE Systems,Not available; BAE Systems,United States; United States,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China,State; State,https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.msspalert.com/cybersecurity-breaches-and-attacks/APT%2010-attacked-msp-visma/; https://www.recordedfuture.com/APT%2010-cyberespionage-campaign/; https://baesystemsai.blogspot.com/2017/04/APT%2010-operation-cloud-hopper_3.html; https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion; https://therecord.media/uk-cyberattack-msp-cts-law-firms; https://www.trendmicro.com/vinfo/pl/security/news/cyber-attacks/operation-cloud-hopper-what-you-need-to-know; https://www.gov.uk/government/news/uk-and-allies-reveal-global-scale-of-chinese-cyber-campaign; https://baesystemsai.blogspot.com/2017/04/apt10-operation-cloud-hopper_3.html,2022-08-15,2024-04-02
579,Marriott Hack,"The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,MSS,China,"Non-state actor, state-affiliation suggested",,2,687; 686,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,MSS; MSS,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html; https://www.eff.org/deeplinks/2023/08/fourth-circuit-decision-marriott-data-breach-case-kicks-can-down-road; https://www.ht4u.net/news/alarmstufe-rot-im-cyberspace-der-unaufhaltsame-anstieg-von-cyberangriffen-und-datenbruechen-erreicht-neue-hoehen/; https://www.wired.com/story/marriott-hack-china-2014-opm-anthem/; https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html; https://www.reuters.com/article/us-marriott-intnl-cyber-china-exclusive/exclusive-clues-in-marriott-hack-implicate-china-sources-idUSKBN1O504D; https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/; https://thehackernews.com/2023/01/is-once-yearly-pen-testing-enough-for.html,2022-08-15,2024-02-13
580,Pacifier APT aka Turla,"Bitdefender detected an ongoing cyber-espionage campaign against Romanian institutions and other foreign targets. The attacks started in 2014, with the latest reported occurrences in May of 2016. Later on, the campaign has been tied to the Russian state-sponsored group Turla.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None,"Romania; Iran, Islamic Republic of; India",EUROPE; BALKANS; NATO; EU(MS) - ASIA; MENA; MEA - ASIA; SASIA; SCO,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,688,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",https://labs.bitdefender.com/2017/09/three-new-pacifier-apt-components-point-to-russian-linked-turla-group/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender-Whitepaper-PAC-A4-en_EN1.pdf; https://labs.bitdefender.com/2017/09/three-new-pacifier-apt-components-point-to-russian-linked-turla-group/,2022-08-15,2022-11-02
581,Leviathan aka APT 40,"Espionage efforts against US, western europe and south Chinese sea located targets, especially in the naval industry sector, but also research institutions and government entities. APT 40 is allegedly a Chinese state-proxy, according to Fire eye and the mysterious group Intrustion Truth.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,United States; Western Europe; South China Sea (region),NATO; NORTHAM -  - ,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Defence industry; ;  - Government / ministries; Defence industry; ;  - Government / ministries; Defence industry; ; ,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,689,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets,2022-08-15,2023-05-02
582,Dutch agency hacked CozyBear,"Hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections. For years, AIVD had access to the infamous Russian hacker group CozyBear.That's what de Volkskrant and Nieuwsuur have uncovered in their investigation.",2014-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Intelligence agencies,AVID,Netherlands,State,,1,690,2018-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,AVID,Netherlands,State,https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/?referer=https%3A%2F%2Fwww.google.com%2F; https://www.irishtimes.com/news/world/europe/the-spies-who-beat-russian-hackers-at-their-own-game-1.3455014,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/?referer=https%3A%2F%2Fwww.google.com%2F; https://www.irishtimes.com/news/world/europe/the-spies-who-beat-russian-hackers-at-their-own-game-1.3455014,2022-08-15,2022-11-02
583,TajMahal,"In the fall of 2018, Kaspersky detected an attack on a diplomatic organization belonging to a Central Asian country. The spyware called Taj Mahal has been in operation for the past five years and allows for all kinds of attack scenarios using various tools. The framework cannot be linked to any known threatactor.",2014-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Central Asia (region),,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,691,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,https://securelist.com/project-tajmahal/90240/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/security/meldung/Nach-fuenf-Jahren-unter-dem-Radar-Spionage-Malware-TajMahal-aufgetaucht-4370966.html; https://securelist.com/project-tajmahal/90240/,2022-08-15,2022-11-02
584,RUAG-Hack,"The Swiss government says that hackers used ""Turla"" malware to steal data from a state-owned defense firm RUAG, based in Bern, since 2014. In addition to the defense sector, state-owned RUAG operates in aerospace, aviation and other sectors. Where as the Swiss report does not attribute the hack to a specific actor, other actors have analyzed the used malware.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,Switzerland,EUROPE; WESTEU,Critical infrastructure,Defence industry,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,2,693; 692,2016-01-01 00:00:00; 2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity; Media-based attribution,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.bankinfosecurity.com/swiss-government-ruag-hack-ties-to-turla-malware-a-9128,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html; https://www.bankinfosecurity.com/swiss-government-ruag-hack-ties-to-turla-malware-a-9128; https://www.swissinfo.ch/eng/parliament-committee_defence-ministry-criticised-over-cyberattack/44106062; https://socradar.io/apt-profile-turla/; https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/,2022-08-15,2023-07-06
585,ISIS vs. Russia,"The hacking division associated with ISIS (Islamic State of Iraq and Syria) extremist rebels CyberCaliphate has been hammering Russian online resources since autumn 2014, posting messages related to their cause.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,; ; ,Cyber Caliphate,ISIS,Non-state-group,Terrorist(s),1,694,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Caliphate,ISIS,Non-state-group,https://news.softpedia.com/news/Cyber-Caliphate-Hackers-Deface-600-Russian-Internet-Resources-476718.shtml,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Cyber-Caliphate-Hackers-Deface-600-Russian-Internet-Resources-476718.shtml,2022-08-15,2022-11-02
586,Fancy Bear Ukraine Military App,"Fancy Bear which is linked to the Russian government and high-profile cyberattacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a report by Crowd strike.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system,Military,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,695,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/,System / ideology; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-cyber-ukraine-idUSKBN14B0CU; https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/,2022-08-15,2022-11-02
587,ELMachete-PartII,"Unidentified hackers, attributed to be of Brazilian origin attacked various high-profile targets - mostly in Latin America - with phishing attacks. Unlike the first phase of ElMachete, their targets also were Energy system providers.",2014-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,"Ecuador; Venezuela; Peru; Argentina; Colombia; Korea, Republic of; United States; Bolivia; United Kingdom; Canada", - SOUTHAM - SOUTHAM - SOUTHAM - SOUTHAM - ASIA; SCS; NEA - NATO; NORTHAM - SOUTHAM - EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals;  - Government / ministries; Military; Intelligence agencies; ; Energy; Chemicals; ,El Machete,Brazil,Unknown - not attributed,,1,696,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,El Machete,Brazil,Unknown - not attributed,https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html; https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html,2022-08-15,2023-11-23
568,Anti-Armenia Team vs. Armenia,"The total number of targeted websites is 64, which includes high profile Armenian government ministries such as Ministry of Education, police, city districts, Artsakh State University, Youth For Achievements” Educational NGO, Football Federation of Armenia and several other Armenian website.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,Ministry of Education (Armenia) - Youth For Achievements  - Artsakh State University - Football Federation of Armenia - None,Armenia; Armenia; ; Armenia; Armenia,ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO -  - ASIA; CENTAS; CSTO - ASIA; CENTAS; CSTO,State institutions / political system - Social groups - State institutions / political system; Critical infrastructure; Education - Other - State institutions / political system; Science; Other; State institutions / political system,Government / ministries - Advocacy / activists (e.g. human rights organizations) - Civil service / administration; Research;  -  - Government / ministries; ; ; Police,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),1,10759,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anti-Armenia Team,Azerbaijan,Non-state-group,,Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/armenian-govt-websites-hacked-by-azerbaijan-hackers/,2022-08-15,2023-06-18
567,Molerats vs Israeli Ministry of Defense,Hackers broke into a Defense Ministry computer via an email attachment tainted with malicious software,2014-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,,Palestine,Unknown - not attributed,,1,671,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Palestine,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jpost.com/Defense/Cyber-hackers-breach-Defense-Ministry-computer-339439,2022-08-15,2022-11-02
566,Cozy Bear State Department Hack,"Cozybear hacked into the US State Department 2014, according to US officials. In 2018, it was revealed that they had their attribution information by the Dutch Intelligence Service AIVD, which had hacked into CozyBears server and linked it to Russian SVR.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,670; 670,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party.html,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/world/national-security/new-details-emerge-about-2014-russian-hack-of-the-state-department-it-was-hand-to-hand-combat/2017/04/03/d89168e0-124c-11e7-833c-503e1f6394c9_story.html; https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party.html,2022-08-15,2022-11-02
555,Anonymous vs. Honduras 2013 Part II,Several high-profile websites from Honduras have been breached and defaced by Anonymous hackers in protest against the alleged election fraud that took place during the November 24 presidential vote.,2013-12-03,2013-12-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Honduras,CENTAM,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Police; Political parties; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,659,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Honduras-Protests-Against-Election-Fraud-by-Hacking-Government-Sites-405379.shtml,2022-08-15,2022-11-02
547,Code-Newbie Defacement of Chinese Agriculture Pages,A group of Indonesian and Malaysian hacker going with the handle of Code-Newbie has hacked and defaced 44 Chinese government sub-domains belonging to Fifth Agriculture Division of the country.,2013-11-21,2013-11-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system,Government / ministries,Code-Newbie,Indonesia; Malaysia,Non-state-group,Hacktivist(s),1,651; 651,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Code-Newbie; Code-Newbie,Indonesia; Malaysia,Non-state-group; Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/code-newbie-hacks-44-chinese-govt-sites/,2022-08-15,2023-03-13
548,Pakistan Hax or Crew vs. India Armed Force,The official website o f India‘s Armed Forces Tribunal (Regional Bench Jaipur) has been hacked and defaced by a Pakistani hacker going with the handle of Hunter from Pakistani Haxors Crew.,2013-11-22,2013-11-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Military,Pakistan Haxor Crew,Pakistan,Non-state-group,Hacktivist(s),1,652,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Haxor Crew,Pakistan,Non-state-group,,Cyber-specific,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/indias-armed-forces-tribunal-website-hacked/,2022-08-15,2022-11-02
549,Wifi of EP copied,"The European Parliament has shut down ist public Wi-Fi network in Strasbourg after a hacker was found to have ""captured the communication"" between smartphones and tablets.",2013-11-28,2013-11-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,EU (institutions),,International / supranational organization,,,Unknown,Individual hacker(s),,1,653,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),https://www.spiegel.de/netzwelt/netzpolitik/sicherheitsluecke-im-europaparlament-e-mails-von-abgeordneten-gehackt-a-934947.html,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/european-parliaments-network-hacked-public-wi-fi-shutdown/; https://www.spiegel.de/netzwelt/netzpolitik/sicherheitsluecke-im-europaparlament-e-mails-von-abgeordneten-gehackt-a-934947.html,2022-08-15,2023-05-07
550,Hack Argentino team vs. Venezuela Government,"A hacker with twitter handle ""Libero america Mu"" from HackArgentinoteam, has gained access to multiple Venezuela Government websites and defaced them, leaving anti-government slogans.",2013-11-30,2013-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Venezuela,SOUTHAM,State institutions / political system,Government / ministries,Hack Argentino Team,Unknown,Non-state-group,Hacktivist(s),1,654,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hack Argentino Team,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.ehackingnews.com/2013/12/venezuela-government-site-hacked-anonymous.html,2022-08-15,2022-11-02
551,Moroccan Islamic Union-Mail vs. Embassy of Angola,The online hacktivist group ‘Moroccan Islamic Union-Mail’(MIUM) have hacked and defaced the official website of Republic of Angola Embassy in Abu Dhabi–U.A.E against alleged decision from the government of Angola to ban religion of Islam and shutdown all the mosques in the country.,2013-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Angola,AFRICA; SSA,State institutions / political system,,Moroccan Islamic Union-Mail,Morocco,Non-state-group,Religious actors,1,655,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Islamic Union-Mail,Morocco,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/opangola-angolan-embassy-hacked-by-mium/,2022-08-15,2022-11-02
552,Anonymous vs. Angola,"Over the past couple of days, hacktivists have been launching distribute denial-of-service attacks against all Angola government websites, coinciding with nation-wide anti-government protests.",2013-12-01,2013-12-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Angola,AFRICA; SSA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,656,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Hackers-Take-Down-Angola-Government-Websites-Amid-Protests-406000.shtml,2022-08-15,2022-11-02
553,DRDO attacked by unknown forces,"In a major security breach, around 50 computers belonging to the armed forces and the DRDO were hacked sometime back and classified files could have been compromised. Readmoreat: //economictimes.indiatimes.com/articleshow/31550861.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst",2013-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Military,,Unknown,Unknown - not attributed,,1,657,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://economictimes.indiatimes.com/tech/internet/computers-of-armed-forces-and-drdo-hacked/articleshow/31550861.cms,2022-08-15,2022-11-02
554,Anonymous vs. Ukrainian Government - Kiev Protest,Hackers of Anonymous Disrupt Ukrainian Government Websites During Kiev Protests,2013-12-02,2013-12-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,658,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Hackers-Disrupt-Ukrainian-Government-Websites-During-Kiev-Protests-405132.shtml,2022-08-15,2023-02-06
556,MoroccanGhosts vs. Nigerian Ministry of Finance,"Hackers of the MoroccanGhosts group have breached and defaced the official website of the Federal Ministry of Finance in Nigeria, leaving messages that ""the Sahara is Moroccan"":",2013-12-14,2013-12-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Nigeria,AFRICA; SSA,State institutions / political system,Government / ministries,Moroccan Ghosts,Morocco,Non-state-group,Hacktivist(s),1,660,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Ghosts,Morocco,Non-state-group,,National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Moroccan-Hackers-Deface-Site-of-Nigeria-s-Federal-Ministry-of-Finance-409243.shtml,2022-08-15,2022-11-02
565,CyberBerkut NATO DDOS,Ukrainian hacktivists hit NATO websites with DDoS attack,2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,NATO (institutions),,International / supranational organization,,Cyber Berkut,Ukraine,Non-state-group,Hacktivist(s),1,669,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Berkut,Ukraine,Non-state-group,,System / ideology; Secession; Cyber-specific,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/23097/cyber-warfare-2/nato-websites-hit-ddos-attack.html,2022-08-15,2022-11-02
557,Islamic Cyber Resistance Group attack concerning assasination,A hacker collective calling itself the Islamic Cyber Resistance Group has leaked information on Israeli and Saudi military officials in response to the assassination of Hezbollah commander Hassan Lakkisin Beirut.,2013-12-16,2013-12-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,None - None,Israel; Saudi Arabia,ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC,State institutions / political system - State institutions / political system,Military - Military,Islamic Cyber Resistance Group,Unknown,Non-state-group,Religious actors,1,661,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Islamic Cyber Resistance Group,Unknown,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Hackers-Avenge-Death-of-Hezbollah-Commander-by-Leaking-Al-Qaeda-Files-409520.shtml,2022-08-15,2022-11-02
558,Anonymous vs. Cambodia DDOS,Hackers of Anonymous Cambodia have launched distributed denial-of-service (DDOS) attacks against over two dozen government and government-related websites.,2013-12-23,2013-12-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Cambodia,ASIA; SEA,State institutions / political system; State institutions / political system,Government / ministries; Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,662,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power; Cyber-specific,System/ideology; National power; Resources,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Attacks-Cambodian-Government-Sites-During-Massive-Street-Protests-411788.shtml,2022-08-15,2023-03-13
559,LulzSec Peru Leak of Peruvian Data,"Hacktivists of the LulzSec Peru group published various files, including documents, emails and screenshots, many of the which appear to be classified, to prove the government's vulnerability to cyberattacks.",2013-12-27,2013-12-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Peru,SOUTHAM,State institutions / political system,Government / ministries,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),1,663,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Hackers-of-LulzSec-Peru-Leak-Data-from-Peru-s-Ministry-of-Interior-412052.shtml,2022-08-15,2022-11-02
560,Moroccan Islamic Union-Mail vs. South African Department of Health,"The official website of South Africa’s Department of Health (doh.gov.za) has been breached and its homepage defaced by hackers of a group called Moroccan Islamic Union-Mail, who left a message accusing South Africa of supporting the Polisario Front and stating that""the Sahara is Moroccan"".",2013-12-27,2013-12-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,South Africa,AFRICA; SSA,State institutions / political system,Government / ministries,Moroccan Islamic Union-Mail,Morocco,Non-state-group,Hacktivist(s),1,664,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Islamic Union-Mail,Morocco,Non-state-group,,National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Moroccan-Hackers-Deface-Website-of-South-Africa-s-Department-of-Health-412121.shtml,2022-08-15,2022-11-02
561,OP Bangladesh,"Hackers of Anonymous have launched distributed denial-of-service (DDOS) attacks against the websites of the Prime Minister’s Office (pmo.gov.bd), the Election Commission Bangladesh (ecs.gov.bd), and the country’s government portal (Bangladesh.gov.bd) in ""Op Bangladesh"".",2013-12-30,2013-12-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Bangladesh,ASIA; SASIA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,665,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Anonymous-Hackers-Target-Website-of-Prime-Minister-in-Operation-Bangladesh-412749.shtml,2022-08-15,2022-11-02
562,BITTER vs. Pakistan,BITTER is a hacking campaign against pakistani nationals.,2013-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Pakistan,ASIA; SASIA; SCO,State institutions / political system; Social groups,Government / ministries; Ethnic,BITTER,Unknown,Unknown - not attributed,,1,666,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,BITTER,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan,2022-08-15,2023-03-27
563,Android spyware tools used by undefined Chinese APT against Uyghurs and Tibetans since at least 2015,"Four new Android spyware tools (SilkBean, DoubleAgent, CarbonSteal and GoldenEagle) have been used in a widespread APT campaign to spy on the Uyghurs, Tibetans and possibly wider Muslim communities since at least 2015, according to IT-company Lookout. ",2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Ethnic,Unknown,China,State,,1,4296,2020-06-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Lookout,,United States,Unknown,China,State,https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf,System / ideology; International power,System/ideology; Subnational predominance; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html; https://threatpost.com/four-android-spyware-tools-surveillance-campaign/157063/; https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf,2022-08-15,2022-11-14
564,Desert Falcons MEA Campaigns,"The Arab hacking group ""Desert Falcons"" compromised the network systems of a variety of victims, especially in the Middle East. In 2018, the group was attributed to the terrorist group ""Hamas"".",2013-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,Palestine; Jordan; Israel; Egypt,ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - MENA; MEA; AFRICA; NAF,State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups,Government / ministries; Energy; Religious; ; Military; Transportation; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations) - Government / ministries; Energy; Religious; ; Military; Transportation; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations) - Government / ministries; Energy; Religious; ; Military; Transportation; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations) - Government / ministries; Energy; Religious; ; Military; Transportation; Finance; Defence industry; Advocacy / activists (e.g. human rights organizations),Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Middle East (region),Non-state-group,Criminal(s),1,17154,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Middle East (region),Non-state-group,https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf; https://socradar.io/threat-actor-profile-aridviper/,2022-08-15,2024-02-15
588,Chinese state-sponsored group APT3 (aka Gothic Panda) spied on the Siemens AG in the US from May 2014 until August 2015,"Chinese state-sponsored group APT3 (aka Gothic Panda), spied on the German company Siemens from May  until August 2015, according to an US Department of Justice Indictment from September 2016 against three members of APT3 which were employees of the Chinese IT-company Boyusec, a front for the Ministry of State Security (MSS). APT3 stole at least 407 gigabytes of data from the company in the Western District of Pennsylvania and elsewhere, which included files from Siemens' energy, technology, and transportation businesses. APT3`s usual initial access vector as described in the indictment was spear phishing. The same indictment also detailed APT3 attacks on Trimble Inc. and Moody`s. Notably, the US DoJ indictment did only name the indicted individuals and their official positions within Boyusec, but neither their membership with APT3, nor Boyusec`s reported affiliation with the MSS, which was already publicly known at that time, especially due to the blog posts by the anonymous threat intelligence collective Intrusion Truth. ",2014-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Siemens AG,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Energy; Transportation,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested",,2,11678; 11677; 11677; 11677; 11677; 11677; 11677; 11677; 11677; 11677; 11677; 11677; 11677,2017-05-09 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action",Attribution by third-party; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Intrusion Truth; US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Ministry of Foreign Affairs; Ministry of Foreign Affairs; Ministry of Foreign Affairs; Ministry of Foreign Affairs; Ministry of Foreign Affairs; Ministry of Foreign Affairs,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec)",China; China; China; China; China; China; China; China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/; https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=92a4528c-2bdb-498f-85c8-4273bfdc66aa&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments; https://www.justice.gov/opa/press-release/file/1013866/download,International power,International power,China – USA,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/; https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=92a4528c-2bdb-498f-85c8-4273bfdc66aa&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments; https://www.justice.gov/opa/press-release/file/1013866/download,2022-08-15,2024-02-23
590,Bridging the AirGap with USBFerry,"An APT, believed to be linked to the Chinese government, developed a malware specifically designed to access airborne networks and deployed it against Taiwanese and Philippine military networks.",2014-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Taiwan; Philippines,ASIA; SCS - ASIA; SCS; SEA,State institutions / political system; Critical infrastructure; State institutions / political system - State institutions / political system; Critical infrastructure; State institutions / political system,Government / ministries; Finance; Military - Government / ministries; Finance; Military,Tropic Trooper/Key Boy,Unknown,Unknown - not attributed,,1,6593,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Tropic Trooper/Key Boy,Unknown,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/; https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf,2022-08-15,2023-03-13
633,Godzilla vs. Pakistan,"An Indian patriotic hacker targeted 43 major Pakistani Government official websites, including ‘President of Pakistan’, ‘Government of Pakistan’, 'Ministry of Defence’, and whole Ministry of Pakistan.",2014-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Godzilla,Unknown,Non-state-group,Hacktivist(s),1,13622,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Godzilla,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://thehackernews.com/2014/08/godzilla-hacker-takes-down-several_1.html,2022-08-15,2023-10-12
591,Rampant Kitten,A new threatactor-Rampant Kitten-was identified with an longterm espionage campaign against iranian regime critics,2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,"Iran, Islamic Republic of; Azerbaijan",ASIA; MENA; MEA - ASIA; CENTAS,Social groups; Social groups - Social groups; Social groups,Political opposition / dissidents / expats; Other social groups - Political opposition / dissidents / expats; Other social groups,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,701,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/,2022-08-15,2022-11-02
614,Indian hackers retaliation for attack on BCP,"The hacktivists have targeted the National Portal of Pakistan (Pakistan.gov.pk), and the websites of the Cabinet Ministry (cabinet.gov.pk), the Pakistan Manpower Institute (pmi.gov.pk), the Ministry of Defense (mod.gov.pk), the government’s Establishment Division (establishment.gov.pk), and the Ministry of Railways (railways.gov.pk).",2014-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Bl@ckDr@gon; HaxorT0du,India; India,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,730; 730,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Bl@ckDr@gon; HaxorT0du,India; India,Non-state-group; Non-state-group,,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Pakistani-National-Portal-Cabinet-Ministry-and-Ministry-of-Defense-Hacked-439248.shtml,2022-08-15,2022-11-02
615,Suckfly vs. India,"A cyber-espionage group called Suckfly is targeting governments and big enterprises, mainly located in India",2014-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,India; Saudi Arabia,ASIA; SASIA; SCO - ASIA; MENA; MEA; GULFC,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries; ,Suckfly,Unknown,"Non-state actor, state-affiliation suggested",,1,731,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Suckfly,Unknown,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/suckfly-cyber-espionage-group-targets-indian-government-and-private-companies-504183.shtml,2022-08-15,2022-11-02
616,OP Israel Counterattack,"In a counter-attack against Op Israel, local hackers hijacked the webcams of attackers of Israeli sites",2014-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,Unknown,,Social groups,Hacktivist,Israeli Elite Force,Israel,Non-state-group,Hacktivist(s),1,732,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Israeli Elite Force,Israel,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.timesofisrael.com/israeli-group-posts-photos-of-not-so-anonymous-hackers/,2022-08-15,2022-11-02
617,Anonymous attack on Israel,"Anonymous hacktivists from several countries have launched a new campaign against Israel. Hundreds of websites were attacked as part of the pro-Palestinian campaign called Operation Israel (OpIsrael). Various types of cyberattacks were launched, from DDoS attacks to defacements. ",2014-04-07,2014-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system; Critical infrastructure,Government / ministries; Finance,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,6592,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous,Unknown,Non-state-group,,System / ideology; Secession,Resources; Secession; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://news.softpedia.com/news/OpIsrael-Anonymous-Hackers-Target-Websites-of-Israeli-Banks-and-Government-436235.shtml; http://www.timesofisrael.com/israeli-sites-shuttered-in-advance-of-cyber-attack/,2022-08-15,2023-03-13
618,Redhack Blame Muncipality,"On Tuesday, around 700 workers were trapped in a lignite mine in Soma, at own in Turkey’s Manisa Province, following an explosion. Hacktivists blame authorities for the incident, so they’ve defaced the official website of the Soma Municipality.",2014-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Civil service / administration,RedHack,Turkey,Non-state-group,Hacktivist(s),1,734,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/RedHack-Hacks-Website-of-Soma-Municipality-Following-Death-of-Hundreds-of-Miners-442076.shtml,2022-08-15,2022-11-02
619,Belgium Data Leak,"Hackers stole data related to the Ukraine crisis from Belgian foreign ministry servers, prompting a security crackdown which has left diplomats without Internet or email, the ministry said.",2014-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,735,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology; Resources; Secession,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-belgium-cybercrime-ukraine/hackers-steal-ukraine-crisis-data-from-belgian-foreign-ministry-idUSBREA4B0EB20140512,2022-08-15,2022-11-02
620,Red October aka Inception Framework: Cloud Atlas,"The APT Red October reemerged with new attacks, closely based on their attacks in 2012. With office vulnerabilities, they managed to access confident data, across various countries.",2014-05-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,"Russia; Ukraine; Moldova, Republic of; Belgium; Iran, Islamic Republic of; France; Bulgaria; United States; Turkey; Georgia",EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EU(MS); NATO; WESTEU - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU - EUROPE; BALKANS; NATO; EU(MS) - NATO; NORTHAM - ASIA; NATO; MEA - ASIA; CENTAS,State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry;  - Government / ministries; ; Energy; Telecommunications; Finance; Defence industry; ,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,1,736; 736,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/; https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies,2022-08-15,2023-03-13
621,Premera Blue Cross Hack,Health insurer Premera Blue Cross said it was a victim of a cyberattack that that began in May 2014 and may have exposed medical data and financial information of 11 million customers. Media reveals that there are indications that this operation may be the work of a state-sponsored Chinese espionage group.,2014-05-05,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Critical infrastructure,Health,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,737; 737,2015-01-01 00:00:00; 2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/,Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-cyberattack-premera-idUSKBN0MD2FF20150317; https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/,2022-08-15,2022-11-02
622,Pro Taliban Group vs. Pakistan Police,The official website of the Rawalpindi police in Pakistan(rawalpindi police.gov.pk) was hacked and defaced on Thursday by a group that appears to support the Taliban.,2014-05-15,2014-05-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Police,,Pakistan,Non-state-group,Hacktivist(s),1,738,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Pakistan,Non-state-group,,Cyber-specific,System/ideology; Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Pakistani-Police-Website-Hacked-By-Supporters-of-the-Taliban-442482.shtml,2022-08-15,2022-11-02
623,Anonymous Fighting in the Phillipinian Sea,Anonymous Philippines claimed responsibility for defacing more than 200 Chinese websites in retaliation for Beijing's aggressive actions in the West Philippine Sea,2014-05-19,2014-05-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Anonymous Philippines,Philippines,Non-state-group,Hacktivist(s),1,739,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous Philippines,Philippines,Non-state-group,,System / ideology; Territory; Resources,System/ideology; Territory; Resources; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2014/05/anonymous-philippines-hacks-hundreds-of.html,2022-08-15,2022-11-02
624,Vietnam Ministry Hack,Malware has been specifically crafted for the systems used by the employees at the Vietnamese Ministry of Natural Resources and Environment,2014-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,,Vietnam,ASIA; SCS; SEA,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,740,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Government-Employees-Targeted-by-Phishing-Campaign-447692.shtml,2022-08-15,2022-11-02
625,DDOS vs. Hong Kong Voting Site,"Largest DDoS attack hit PopVote, Hong Kong Democracy voting site",2014-06-14,2014-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Hong Kong,ASIA,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,741,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology; National power,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/26030/cyber-crime/popvote-largest-ddos-attack.html,2022-08-15,2022-11-02
626,SEA vs. mediasites,Syrian ElectronicArmy attacked several Media websites,2014-06-22,2014-06-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,United Kingdom; United States,EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM,Media - Media, - ,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,742,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://theconversation.com/syrian-electronic-armys-attack-on-reuters-makes-a-mockery-of-cyber-security-again-28415; https://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/#62139039c522; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
627,Anti-Armenia Team vs. Armenian President,Azerbaijani hackers hack Armenian President and Ministry websites,2014-06-26,2014-06-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Armenia,ASIA; CENTAS; CSTO,State institutions / political system,Government / ministries,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),1,743,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anti-Armenia Team,Azerbaijan,Non-state-group,,Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/azerbaijani-hackers-hack-armenian-president-website/,2022-08-15,2022-11-02
628,Background Investigations Firm Hack,"A cyber attack at a firm that performs background checks for U.S. government employees compromised data of at least 25,000 workers, including some undercover investigators, and that number could rise, agency officials said.",2014-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,"Non-state actor, state-affiliation suggested",,1,744,2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,"Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-usa-security-contractor/u-s-homeland-security-contractor-reports-computer-breach-idUSKBN0G62N420140807,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-usa-security-contractor-cyberattack/u-s-undercover-investigators-among-those-exposed-in-data-breach-idUSKBN0GM1TZ20140822; https://krebsonsecurity.com/2014/01/dhs-alerts-contractors-to-bank-data-theft/; https://www.reuters.com/article/us-usa-security-contractor/u-s-homeland-security-contractor-reports-computer-breach-idUSKBN0G62N420140807; https://edition.cnn.com/2014/08/06/tech/hackers-security-contractor-usis/index.html,2022-08-15,2022-11-02
629,Tunesia-Election-Hack 2014,"In July 2014, the electronic voter registration system for the then-upcoming Tunisian presidential election suffered a cyberattack, rendering registrations impossible for an unknown amount of time.",2014-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption,,Tunisia,AFRICA; NAF; MENA,State institutions / political system; State institutions / political system,Government / ministries; Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,745,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf,2022-08-15,2022-11-02
630,Twitter of Kenyan Defense Force Hacked,The Twitter accounts of the Kenyan defence forces and its spokesman have been hacked by activists protesting about corruption.,2014-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Kenya,AFRICA; SSA,State institutions / political system,Military,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,746,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/world-africa-28398976,2022-08-15,2022-11-02
631,Chafer aka APT39 1.0,"Chafer, an Iranian based Espionage group focusses heavily on the theft of personal information, via telecommunications companies and Airlines in the Middle East and also Individuals in Iran.",2014-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,"Iran, Islamic Republic of; Saudi Arabia; Afghanistan",ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; SASIA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,;  - ;  - ; ,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,747,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html,2022-08-15,2022-11-02
632,SEA vs IDF,"SEA hacks Israeli Defence Force Twitteraccount, posts bogus nuclear warning",2014-07-03,2014-07-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Military,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,748; 749,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state-group",https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,Unknown,Unknown; Third-party intervention / third-party affection,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://nakedsecurity.sophos.com/2014/07/04/sea-hacks-israeli-defence-force-twitter-account-posts-bogus-nuclear-warning/; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
613,CyberBerkut-US-PMC-Hack,"CyberBerkut claimed responsibility for defacing the websites of several private military companies–Greystone, TripleCanopy, and Academi–that they claimed were operating on the ground in Ukraine.",2014-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Defence industry; ,Cyber Berkut,Russia,"Non-state actor, state-affiliation suggested",,2,729; 728,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf,System / ideology; Autonomy; Secession,System/ideology; Autonomy; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf; https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf,2022-08-15,2022-11-02
612,AnonGhost vs. Israeli ministry of Agriculture,Israeli Ministry of Agriculture and Rural Development Domain Hacked by AnonGhost,2014-03-29,2014-03-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,AnonGhost,Unknown,Non-state-group,Hacktivist(s),1,727,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,AnonGhost,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonghost-hacks-israeli-ministry-website/,2022-08-15,2022-11-02
611,Anonymous DDOS on Kremlin Round 2,"Anonymous Russia likely launched a powerful DDoS attack that temporarily knocked out websites belonging to the Kremlin, the Russian central bank, and Foreign Ministry. It is unknown if this is related to the war in Ukraine, but in their first round of DDoS attacks on the Kremlin, the attack was considered a response to Russian censorship.",2014-03-14,2014-03-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,2717,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,https://twitter.com/twitter/status/1517983764458184704,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.businessinsider.com/russia-cyberattack-ukraine-2014-3?IR=T; https://twitter.com/twitter/status/1517983764458184704,2022-08-15,2022-11-10
600,Pakistan Haxor Crew vs. West Bengal Area,Indian Public Health Engineering Department Targeted by Pakistani Hackers,2014-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Civil service / administration,Pakistan Haxor Crew,Pakistan,Non-state-group,Hacktivist(s),1,711,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Haxor Crew,Pakistan,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Indian-Public-Health-Engineering-Department-Targeted-by-Pakistani-Hackers-423623.shtml,2022-08-15,2022-11-02
592,Community Health Systems Breach,"Dynamite Panda breached the US-American health provider Community Health, and exfiltrated 4.5 Millions  of confidential patient data. The attribution of Dynamite Panda is at that point unclear ,some seeing them as cyber-criminals, others seeing the operation as an independent action of a state-sponsored operator without the backing of their superiors.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Critical infrastructure,Health,APT 18/Dynamite Panda/Wekby,China,"Non-state actor, state-affiliation suggested",,2,702; 703,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,APT 18/Dynamite Panda/Wekby; APT 18/Dynamite Panda/Wekby,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.venafi.com/blog/infographic-how-an-attack-by-a-cyber-espionage-operator-bypassed-security-controls; https://www.pri.org/stories/2014-08-21/even-your-medical-records-arent-safe-chinese-group-hacks-hospitals-patienthttps://threatpost.com/APT -gang-branches-out-to-medical-espionage-in-community-health-breach/107828/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.venafi.com/blog/infographic-how-an-attack-by-a-cyber-espionage-operator-bypassed-security-controls; https://threatpost.com/APT%20-gang-branches-out-to-medical-espionage-in-community-health-breach/107828/; https://www.pri.org/stories/2014-08-21/even-your-medical-records-arent-safe-chinese-group-hacks-hospitals-patienthttps://threatpost.com/APT -gang-branches-out-to-medical-espionage-in-community-health-breach/107828/,2022-08-15,2022-11-02
593,Nemesis Gemina,"The APT Miniduke continued their campaign, broadening the focus to further countries and new sectors, starting data-theft attacks against governments, militaries and energy companies",2014-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None,United States; Australia; Germany; Ukraine; Belgium; France; Spain; Hungary; Netherlands,NATO; NORTHAM - OC - EUROPE; NATO; EU(MS); WESTEU - EUROPE; EASTEU - EUROPE; EU(MS); NATO; WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure,; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications - ; Government / ministries; Civil service / administration; Military; Energy; Telecommunications,Miniduke,Unknown,Unknown - not attributed,,1,704,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Miniduke,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/miniduke-is-back-nemesis-gemina-and-the-botgen-studio/64107/,2022-08-15,2022-11-02
594,Reaper/APT37 vs. South Korean Targets,"APT37 focuses on targeting the public and private sectors primarily in South Korea, but also North Korean Dissidents with Espionage. Wiper Malware was found,but at the time of writing not executed.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,None - None,"Korea, Republic of; Korea, Democratic People's Republic of",ASIA; SCS; NEA - ASIA; NEA,State institutions / political system; State institutions / political system; Critical infrastructure; Social groups - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups,Government / ministries; Military; Defence industry; Political opposition / dissidents / expats - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067; Group123,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,705; 705,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067; Group123,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://twitter.com/cybersecboardrm/status/1626663903995256836; https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf; https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf; https://www.bleepingcomputer.com/news/security/new-windows-malware-scans-victims-mobile-phones-for-data-to-steal/,2022-08-15,2022-12-05
595,MSS 2020 Indictment Case 2015,"MSS supported hackers have stolen sensitive data by different companies and research entities in the US, Europe and Korea in 2015, according to a 2020 indictment.",2014-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Energy; Defence industry; ,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,1,706,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.justice.gov/opa/press-release/file/1295981/download,2022-08-15,2022-11-02
596,OP Fun Kill,"Anonymous hackers launched Op Fun Kill, a campaign that aims to protest against the killing of animals. The operation was initiated after Dallas Safari Club announced that’s it was auctioning the chance to kill a black rhino in Namibia.",2014-01-08,2014-01-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Namibia,AFRICA; SSA,State institutions / political system; Media,Government / ministries; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,707,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Hackers-Launch-DDOS-Attack-on-Namibian-Government-Portal-in-OpFunKill-414769.shtml,2022-08-15,2022-11-02
597,SEA vs. Saudi Websites,16 Saudi Arabian Government Websites Hacked by Syrian ElectronicArmy,2014-01-16,2014-01-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,708,2014-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; http://news.softpedia.com/news/16-Saudi-Arabian-Government-Websites-Hacked-by-Syrian-Electronic-Army-417751.shtml; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
598,Block of Court System,"Unidentified hackers temporarily blocked access to the federal court system’s public website on Friday, preventing lawyers from filing legal documents",2014-01-24,2014-01-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,United States,NATO; NORTHAM,State institutions / political system,Judiciary,,Unknown,Unknown - not attributed,,1,709,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-usa-courts-hack/u-s-court-system-targeted-in-cyber-attack-report-idUSBREA0O03W20140125; https://news.softpedia.com/news/Websites-of-the-US-Federal-Court-System-Disrupted-by-Cyberattacks-420595.shtml,2022-08-15,2022-11-02
599,Nigerian CyberArmy attack on the Nigerian Ministry of Police Affairs,The official website of Nigeria’s Ministry of Police Affairs (police affairs .gov.ng) has been breached and defaced by hackers of the Nigerian CyberArmy,2014-01-26,2014-01-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Nigeria,AFRICA; SSA,State institutions / political system,Government / ministries,Nigerian Cyber Army,Nigeria,Non-state-group,Hacktivist(s),1,710,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Nigerian Cyber Army,Nigeria,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Nigeria-s-Ministry-of-Police-Affairs-Hacked-and-Defaced-422104.shtml,2022-08-15,2022-11-02
601,Sands-Casino-Hack,"Las Vegas Casino Hacked by Iranians in 2014 , according to intelligence chief Clapper in 2015.",2014-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,"Iran, Islamic Republic of",State,,3,11664; 11663; 11665,2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Attribution given, type unclear; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution; Attribution by third-party,; ; ,Not available; Not available; Not available,; ; ,; ; ,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of",State; State; State,https://news.softpedia.com/news/Las-Vegas-Casino-Hacked-By-Iranians-in-2014-Bloomberg-474440.shtml; https://www.bloomberg.com/news/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=technology#p2; https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Las-Vegas-Casino-Hacked-By-Iranians-in-2014-Bloomberg-474440.shtml; https://www.bloomberg.com/news/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=technology#p2; https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html,2022-08-15,2023-07-17
610,Anonymous DDOS on Kremlin,Kremlin gets DDoS’d by Anonymous Caucasus,2014-03-14,2014-03-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,725,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/tech-policy/2014/03/kremlin-gets-ddosd-by-anonymous-caucasus/; https://twitter.com/twitter/status/1517983764458184704,2022-08-15,2022-11-13
602,RedHack Police Dataleak,RedHack leaked data of police men and hacked several websites of different organizations including gov-websites to protest against a new internetlaw,2014-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system; State institutions / political system,Government / ministries; Police,RedHack,Turkey,Non-state-group,Hacktivist(s),1,715,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/RedHack-Begins-Hack-Attacks-in-Protest-Against-Turkey-s-New-Internet-Law-425418.shtml,2022-08-15,2023-11-21
603,DDOS vs. British Ministry of Justice,Website of British Ministry of Justice and GCHQ disrupted by DDOS Attack,2014-02-12,2014-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system,Government / ministries; Police,,Unknown,Non-state-group,Hacktivist(s),1,716,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-British-Ministry-of-Justice-Disrupted-by-DDOS-Attack-426652.shtml,2022-08-15,2022-11-02
604,Falling Dominos,Several Hacker Groups defaced and hacked websites of venezuelan Gov. and military Websites to support opposition during protests,2014-02-15,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Venezuela,SOUTHAM,State institutions / political system; State institutions / political system,Government / ministries; Military,Anonymous; LulzSec Peru,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),2,717; 717; 718; 718,NaT; NaT; NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Receiver attributes attacker; Attacker confirms; Attacker confirms,; ; ; ,; ; ; ,; ; ; ,Anonymous; LulzSec Peru; Anonymous; LulzSec Peru,Unknown; Unknown; Unknown; Unknown,Non-state-group; Non-state-group; Non-state-group; Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.pri.org/stories/2014-02-17/global-hackers-hit-venezuelan-government-servers-falling-dominoes,2022-08-15,2022-11-02
605,Rucyborg vs. Russian Investment Fond,"Hacktivists of the Russian Cyber Command (Rucyborg) group have announced another dataleak. This time, they’ve targeted the Russian Industrial Investment Fund, a semi-governmental investment company established by a decree of the president of Russia.",2014-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Rucyborg,Russia,Non-state-group,Hacktivist(s),1,719,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Rucyborg,Russia,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Hacktivists-Leak-Data-from-Personal-PC-of-Russian-Industrial-Investment-Fund-President-432552.shtml,2022-08-15,2022-11-02
606,Kuwait Defacement,Website of Kuwait’s Ministry of Interior Hacked and Defaced,2014-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Kuwait,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,Shmook Amer; Dr.Hjd.,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,720; 720,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Shmook Amer; Dr.Hjd.,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/Website-of-Kuwait-s-Ministry-of-Interior-Hacked-and-Defaced-435068.shtml,2022-08-15,2022-11-02
607,SEA vs. Opposition,The Syrian Electronic Army has breached and defaced the official website of the NationalCoalition for Syrian Revolutionary and Opposition Forces (etilaf.org). A number of other sites related to the organization have also been targeted.,2014-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Syria,ASIA; MENA; MEA,Social groups,Political opposition / dissidents / expats,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,721,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-Syrian-National-Coalition-432473.shtml; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
608,CyberBerkut vs. NATO,"On the eve of a crucial vote ove rCrimea’s would-be succession from the Ukraine, a group of purported pro-Russian Ukrainians launched three successful denial-of-service attacks against NATO websites.",2014-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,NATO (institutions),,International / supranational organization,,Cyber Berkut,Russia,Non-state-group,Hacktivist(s),2,722; 723,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,Non-state-group; Non-state-group,https://www.recordedfuture.com/cyber-berkut-analysis/; https://www.zeit.de/politik/ausland/2014-03/hacker-nato-websites-ukraine,System / ideology; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.vice.com/en_us/article/jp5mxd/pro-russia-ukranians-hack-nato-websites; https://www.recordedfuture.com/cyber-berkut-analysis/; https://www.zeit.de/politik/ausland/2014-03/hacker-nato-websites-ukraine,2022-08-15,2023-11-01
609,Seoul Subway Hack,"According to the Government of Seoul, the NorthKorea is the mainsuspect for a cyberattack that 2014 hit the South Korean capital’s subwaysystem. The attack, staged between March and August 2014, affected several servers of Seoul Metro.",2014-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Transportation,,"Korea, Democratic People's Republic of",State,,1,724,2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,https://securityaffairs.co/wordpress/40764/hacking/is-the-north-korea-behind-the-attack-on-the-seoul-subway-operator.html,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/north-korea-suspected-hacking-seoul-subway-operator-mp; https://www.vice.com/en_us/article/vb8bp8/cyber-attack-on-south-korean-subway-system-could-be-a-sign-of-nastier-things-to-come; https://securityaffairs.co/wordpress/40764/hacking/is-the-north-korea-behind-the-attack-on-the-seoul-subway-operator.html,2022-08-15,2022-11-02
369,Myanmar CyberArmy strikes back against Bangladesh,92 Bangladeshi Government Sites Taken Down,2012-06-19,2012-06-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Bangladesh,ASIA; SASIA,State institutions / political system; Media; Other,Government / ministries; ; ,Myanmar Cyber Army,Myanmar,Non-state-group,Hacktivist(s),1,448,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Myanmar Cyber Army,Myanmar,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Myanmar-Hackers-Fight-Back-92-Bangladeshi-Government-Sites-Taken-Down-276714.shtml,2022-08-15,2022-11-02
367,Anonymous vs. ARE,The hacking group Anonymous leaked data from the netfilter server of the United Arab Emirates,2012-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,United Arab Emirates,ASIA; MENA; MEA; GULFC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,446,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Anonymous-Hackers-Leak-Data-from-United-Arab-Emirates-Netfilter-Servers-278274.shtml,2022-08-15,2022-11-02
725,IS Hackers vs. SyriaHumanRights,Islamic State supporters hack website of Syria rights watch dog,2015-06-08,2015-08-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Social groups,Advocacy / activists (e.g. human rights organizations),The Cyber Army of the Khilafah,Unknown,Non-state-group,Terrorist(s),1,864,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Cyber Army of the Khilafah,Unknown,Non-state-group,,System / ideology,System/ideology; Resources; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.yahoo.com/news/islamic-state-supporters-hack-website-syria-rights-watchdog-144857500.html,2022-08-15,2022-11-02
119,Operation Dreadnought,The NSA spied on the iranian leader Ayatollah Khamenei.,2009-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,Government / ministries,NSA/Equation Group; GCHQ,United States; United Kingdom,State; State,,2,8545; 8545; 8545; 8545; 8544; 8544; 8544; 8544,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nytimes.com/2013/11/03/world/no-morsel-too-minuscule-for-all-consuming-nsa.html?_r=0&pagewanted=all,2022-08-15,2023-07-03
121,Melbourne Film Festival Hack,Chinese hack Melbourne film festival site to protest at Uighur documentary,2009-07-25,2009-07-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Australia,OC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,China,Non-state-group,Hacktivist(s),1,163,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Non-state-group,https://www.theguardian.com/world/2009/jul/26/rebiya-kadeer-melbourne-film-china; https://freedomhouse.org/sites/default/files/FOTN2011.pdf,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2009/jul/26/rebiya-kadeer-melbourne-film-china; https://freedomhouse.org/sites/default/files/FOTN2011.pdf,2022-08-15,2023-03-13
122,Russian DDOS against US companies,"Anti-Georgia Russian hackers may have been behind yesterday's global cyberattacks on Google, Facebook and Twitter. The organised webassaults completely shutdown socialnetworking site Twitter and disrupted access to Facebook—nearly a year to the day since the outbreak of the Georgia-Russia war.",2009-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Russia,Unknown - not attributed,,1,164,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Russia,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.foxnews.com/story/russian-hackers-eyed-in-attack-on-twitter-google-and-facebook,2022-08-15,2023-03-13
123,Longterm Proxy Hacking Campaign,"Two Chinese hackers were charged in 2020 to have operated a longterm hacking campaign against various targets in the western world, but mostly against the United States. Some of their attacks were on behalf of the Chinese MSS",2009-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,"Spain; Germany; Japan; Sweden; Belgium; United Kingdom; Australia; United States; Korea, Republic of; Lithuania",EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; NEA - EUROPE; EU(MS); NORTHEU - EUROPE; EU(MS); NATO; WESTEU - EUROPE; NATO; EU(MS); NORTHEU - OC - NATO; NORTHAM - ASIA; SCS; NEA - EUROPE; NATO; EU(MS); NORTHEU,Unknown - Unknown - Unknown - Unknown - Unknown - Unknown - Unknown - Unknown - Unknown - Unknown, -  -  -  -  -  -  -  -  - ,MSS,China,"Non-state actor, state-affiliation suggested",,1,13898,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,Not available,United States,MSS,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.cyberdefensemagazine.com/us-doj-charged-two-chinese-hackers-working-with-mss/,2022-08-15,2023-10-26
124,Climategate: Russia's security service presumably leaked University of East Anglia emails about climate change data manipulation in November 2009,"In November 2009, the controversial ""Climategate"" emails were leaked, potentially jeopardizing the upcoming Copenhagen summit on global warming. These emails, believed to be leaked by Russian security services, originated from a small web server in Tomsk, Siberia, and implicated the Climatic Research Unit (CRU) and its director, Professor Phil Jones, in manipulating climate change data. The incident involved hackers breaching the CRU server at the University of East Anglia, copying and distributing thousands of emails and files. Although climate change denialists claimed a scientific conspiracy, subsequent investigations found no evidence of fraud or misconduct. The mainstream media covered the story, and experts affirmed the unchanged scientific consensus on human-caused global warming. The investigation into the security breach revealed that it appeared to be a remote internet attack that was unrelated to the university. Furthermore, no perpetrator could be identified with absolute certainty.",2009-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by attacker,Data theft & Doxing,University of East Anglia (UEA),United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,,Russia,"Non-state actor, state-affiliation suggested",,1,10765,2009-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,Not available,,,Russia,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.dailymail.co.uk/news/article-1233562/Emails-rocked-climate-change-campaign-leaked-Siberian-closed-city-university-built-KGB.html,2022-08-15,2023-06-18
125,Operation Aurora,China hacks into Gmail accounts to steal intellectual property and to spy on Chinese humanrights activists. Later attributed to APT 17 aka DeputyDog.,2009-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,None - None,United States; China,NATO; NORTHAM - ASIA; SCS; EASIA; NEA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China,"Non-state actor, state-affiliation suggested",,3,14782; 14781; 14783,2010-01-01 00:00:00; 2010-01-01 00:00:00; 2010-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Receiver attributes attacker; IT-security community attributes attacker,; Google; ,Not available; Not available; ,; United States; ,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Unknown - not attributed",https://401trg.com/burning-umbrella/; https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China; https://securityaffairs.co/wordpress/62376/APT /APT 17-hbo-hack.html; https://www.infopoint-security.de/medien/the-elderwood-project.pdf,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns; https://new.qq.com/rain/a/20240402A00R3900; https://401trg.com/burning-umbrella/; https://www.darkreading.com/attacks-and-breaches/google-aurora-hack-was-chinese-counterespionage-operation/d/d-id/1110060; https://googleblog.blogspot.com/2010/01/new-approach-to-china.html; https://www.wired.com/2010/01/operation-aurora/; https://www.theguardian.com/technology/2011/mar/01/morgan-stanley-chinese-hackers; https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China; https://securityaffairs.co/wordpress/62376/APT /APT 17-hbo-hack.html; https://www.infopoint-security.de/medien/the-elderwood-project.pdf; https://web.archive.org/web/20100116101958/http://www.state.gov/secretary/rm/2010/01/135105.htm; https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/,2022-08-15,2023-12-04
126,IXESHE,Numbered Panda spied on multiple east asian governments and companies. The campaign was characterized by a high usage of Zero-Days,2009-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Taiwan; Eastern Asia (region),ASIA; SCS - ,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Telecommunications;  - ; Telecommunications; ,,China,Unknown - not attributed,,1,170,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf,2022-08-15,2023-03-13
127,The Flame,"The Stuxnet-related, yet much more sophisticated espionage virus programme ""The Flame"" is massively gathering cellphone data from individuals , state-related organizations or educational institutions",2010-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,"Iran, Islamic Republic of; Palestine; Sudan; Syria; Lebanon; Saudi Arabia; Egypt",ASIA; MENA; MEA - ASIA; MENA; MEA - AFRICA; MEA; NAF - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - MENA; MEA; AFRICA; NAF,State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups,Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,,Unknown,"Non-state actor, state-affiliation suggested",,3,172; 171; 171; 173; 173,2012-01-01 00:00:00; 2012-01-01 00:00:00; 2012-01-01 00:00:00; 2012-01-01 00:00:00; 2012-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Attribution given, type unclear; Attribution given, type unclear; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Media-based attribution; Media-based attribution; Attribution by third-party; Attribution by third-party,; ; ; ; ,; ; ; ; ,; ; ; ; ,; ; ; ; ,Unknown; Israel; United States; Israel; United States,"Non-state actor, state-affiliation suggested; State; State; State; State",https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.d186a7b2276a; https://www.bbc.com/news/technology-18253331; https://www.nytimes.com/2012/05/30/world/middleeast/iran-confirms-cyber-attack-by-new-virus-called-flame.html,International power,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cbsnews.com/news/flame-computer-virus-strikes-middle-east-israel-speculation-continues/; https://securelist.com/the-flame-questions-and-answers-51/34344/; https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.d186a7b2276a; https://www.bbc.com/news/technology-18253331; https://www.nytimes.com/2012/05/30/world/middleeast/iran-confirms-cyber-attack-by-new-virus-called-flame.html,2022-08-15,2023-03-13
128,US-FDIC Hack,"The FBI is investigating how hackers infiltrated computers at the Federal Deposit Insurance Corporation for several years beginning in 2010 in a breach senior FDIC officials believe was sponsored by China’s military, people with knowledge of the matter said.",2010-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,,,China,"Non-state actor, state-affiliation suggested",,1,174,2016-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-usa-cyber-china-exclusive-idUSKBN14C1UJ,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-usa-cyber-china-exclusive-idUSKBN14C1UJ,2022-08-15,2023-03-13
129,Malaysian Opposition Attacks,"Opposition websites such as the official site of the People’s Justice Party and the blog of its leader, Anwar Ibrahim, suffered DDoS attacks in 2010.",2010-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Malaysia,ASIA; SCS; SEA,State institutions / political system; Social groups; Social groups,Political parties; Political opposition / dissidents / expats; Other social groups,,Malaysia,"Non-state actor, state-affiliation suggested",,1,175,2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Malaysia,"Non-state actor, state-affiliation suggested",https://freedomhouse.org/sites/default/files/FOTN2011.pdf,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://freedomhouse.org/sites/default/files/FOTN2011.pdf,2022-08-15,2023-03-13
130,Turla aka Uroburos aka Snake 2010,"A cyberespionage campaign involving malware known as Wipbot and Turla has systematically targeted the governments and embassies of a number of former Eastern Bloc countries. It was linked by Gdata to the Russian attack named ""agent.btz"" on the US in 2008.",2010-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,Eastern Europe,,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Military; ; ; ,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,1,176,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln; https://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats?SID=100098X1555750Xdf4d5a6a4ef66a0739b0faac73a709c2&API1=100&API2=3641000&cjid=3641000&cjevent=f3f3d539e9d811e981cb00950a180512; https://www.reuters.com/article/us-russia-cyberespionage-insight/suspected-russian-spyware-turla-targets-europe-united-states-idUSBREA260YI20140307,International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2014/12/powerful-highly-stealthy-linux-trojan-may-have-infected-victims-for-years/; https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln; https://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats?SID=100098X1555750Xdf4d5a6a4ef66a0739b0faac73a709c2&API1=100&API2=3641000&cjid=3641000&cjevent=f3f3d539e9d811e981cb00950a180512; https://www.reuters.com/article/us-russia-cyberespionage-insight/suspected-russian-spyware-turla-targets-europe-united-states-idUSBREA260YI20140307; https://www.hackread.com/fbi-gchq-foil-russian-malware-hacking-tool/,2022-08-15,2023-07-06
131,ISI-India Military Major-Hack,"A serving Inter-Services Intelligence (ISI) officer Major Sameer Ali hacked an Indian Army major's e-mail account in 2010 and extracted many sensitive documents, intelligence sources said.",2010-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,India,ASIA; SASIA; SCO,State institutions / political system,Military,Inter-Services Intelligence,Pakistan,State,,1,177,2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,Inter-Services Intelligence,Pakistan,State,,Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/05/isi-pakistan-hack-email-account-of.html,2022-08-15,2023-03-13
132,Operation Iron TigerPart1/Emissary Panda,"The Iron Tiger actors targeted the education industry in China, political dissidents in Hong Kong, government agencies in the Philippines, and political targets in Tibet back to 2010. The evidence revealed that they can be Chinese-speaking individuals. The choice of nickname shows ties to traditional cybercrime.",2010-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None,China; Hong Kong; Philippines,ASIA; SCS; EASIA; NEA; SCO - ASIA - ASIA; SCS; SEA,State institutions / political system; Social groups; Social groups; Other - State institutions / political system; Social groups; Social groups; Other - State institutions / political system; Social groups; Social groups; Other,; Ethnic; Political opposition / dissidents / expats;  - ; Ethnic; Political opposition / dissidents / expats;  - ; Ethnic; Political opposition / dissidents / expats; ,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,178,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.erai.com/CustomUploads/ca/wp/2015_12_wp_operation_iron_tiger.pdf; https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177; https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html,2022-08-15,2023-05-16
133,TurbinePanda,"Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years. The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbo fan engine used in commercial airliners. Crowdstrike dubbed the Group ""TurbinePanda"".",2010-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None,United Kingdom; France; Germany; United States,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Transportation; ; Defence industry - Transportation; ; Defence industry - Transportation; ; Defence industry - Transportation; ; Defence industry,"APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,13902; 13902; 13901; 13901,2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00,"Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,Not available; Not available; ; ,United States; United States; ; ,"APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD; APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal; https://www.justice.gov/opa/press-release/file/1106491/download,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://eromang.zataz.com/2013/01/02/capstone-turbine-corporation-also-targeted-in-the-cfr-watering-hole-attack-and-more/; https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/; https://www.csoonline.com/article/3445230/china-supported-c919-airliner-development-through-cyberespionage.html; https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal; https://www.justice.gov/opa/press-release/file/1106491/download; https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns,2022-08-15,2023-10-26
134,SqueakyDolphin,The british GCHQ spied on the users of the platforms of YouTube and Facebook,2010-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,United States,NATO; NORTHAM,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Telecommunications; ,GCHQ,United Kingdom,State,,2,181; 182,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://investigations.nbcnews.com/_news/2014/01/27/22469304-snowden-docs-reveal-british-spies-snooped-on-youtube-and-facebook,2022-08-15,2023-03-13
135,Chinese Military Espionage against US Chamber of Commerce,Chinese hackers with connection to the Chinese military eavesdrop the US Chamber of Commerce,2010-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,China,"Non-state actor, state-affiliation suggested",,1,183,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://abcnews.go.com/International/chinese-hack-us-chamber-commerce-authorities/story?id=15207642,2022-08-15,2023-05-02
136,ElMachete,“Machete”is a targeted attack campaign with Spanish speaking roots. We believe this campaign started in 2010 and was renewed with an improved infrastructure in 2012.,2010-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None,Venezuela; Ecuador; Spain; Russia; Cuba; Colombia; Peru,SOUTHAM -  - EUROPE; NATO; EU(MS) - EUROPE; EASTEU; CSTO; SCO -  - SOUTHAM - SOUTHAM,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Military; Intelligence agencies;  - Government / ministries; Military; Intelligence agencies;  - Government / ministries; Military; Intelligence agencies;  - Government / ministries; Military; Intelligence agencies;  - Government / ministries; Military; Intelligence agencies;  - Government / ministries; Military; Intelligence agencies;  - Government / ministries; Military; Intelligence agencies; ,El Machete,Brazil,Unknown - not attributed,,1,184,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,El Machete,Brazil,Unknown - not attributed,https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/el-machete/66108/; https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html,2022-08-15,2023-11-23
137,Belgacom-Hack,"Documents from the archive of whistleblower Edward Snowden indicate that Britain's GCHQ intelligence service was behind a cyber attack against Belgacom, a partly state-owned Belgian telecoms company.",2010-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Telecommunications,GCHQ,United Kingdom,State,,2,186; 185,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html; https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/,2022-08-15,2023-03-13
138,Operation DustStorm,"Multi-year, multi-attack campaign against critical Infrastrucure companies mostly in Japan last years since 2015, but also in South Korea, U.S., Europe and countries in Southeast Asia, revealed by Cylance, partly using vulnerabilities, with purpose of long-term data exfiltration and theft. APT 1 has been attributed as a possible suspect.",2010-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None,"Japan; Korea, Republic of; United States; Europe (region); Southeast Asia (region)",ASIA; SCS; NEA - ASIA; SCS; NEA - NATO; NORTHAM -  - ,Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Energy; Transportation; Finance;  - Energy; Transportation; Finance;  - Energy; Transportation; Finance;  - Energy; Transportation; Finance;  - Energy; Transportation; Finance; ,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,1,187; 187,2016-01-01 00:00:00; 2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,https://threatpost.com/five-year-dust-storm-APT -campaign-targets-japanese-critical-infrastructure/116436/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.helpnetsecurity.com/2016/02/24/japanese-critical-infrastructure-under-targeted-attack/; https://threatpost.com/five-year-dust-storm-APT -campaign-targets-japanese-critical-infrastructure/116436/,2022-08-15,2023-03-13
139,Operation Hangover,Private hackers spy on targets with national security interests and privatesector,2010-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None,"Pakistan; Iran, Islamic Republic of; United States; Norway; United Arab Emirates",ASIA; SASIA; SCO - ASIA; MENA; MEA - NATO; NORTHAM - EUROPE; NATO; NORTHEU - ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Telecommunications;  - ; Telecommunications;  - ; Telecommunications;  - ; Telecommunications;  - ; Telecommunications; ,,India,Non-state-group,Criminal(s),1,188,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,India,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Norman_HangOver%20report_Executive%20Summary_042513.pdf; https://www.symantec.com/connect/blogs/operation-hangover-qa-attacks,2022-08-15,2023-03-13
120,Fourth of July Incident,Presumably North Korea or pro-North Korean group(s) temporarily jams South Korean and US government and commercial websites.,2009-07-04,2009-07-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,National Intelligence Service (South Korea) - New York Stock Exchange - Korean Ministry of Public Administration and Security - White House - Korean Blue House - Pentagon - NASDAQ - Korean National Assembly - US State Department - Korean Ministry of Public Administration and Security,"Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of",ASIA; SCS; NEA - NATO; NORTHAM - ASIA; SCS; NEA - NATO; NORTHAM - ASIA; SCS; NEA - ASIA; SCS; NEA - NATO; NORTHAM - ASIA; SCS; NEA - NATO; NORTHAM - ASIA; SCS; NEA,State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure - State institutions / political system - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Intelligence agencies - Finance - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Finance - Government / ministries - Government / ministries;  - Government / ministries; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,14702; 14701,2009-07-01 00:00:00; 2009-07-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,National Intelligence Service (South Korea); Korea Communications Commission ,Not available; ,"Korea, Republic of; Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/; https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nytimes.com/2009/07/09/technology/09cyber.html; https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/; https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,2022-08-15,2023-11-30
118,Power Grid US Incident,"According to a Wall Street Journal report citing details from anonymous current and former US security officials, cyber spies have infiltrated the US power grid and left behind software programmes that could be used to disrupt the grid.
The threat actors are believed to have been on a mission to navigate the US power grid and its controls. While the intruders did not attempt to damage the power grid or other critical infrastructure, officials warned that they could try to do so in the event of a crisis or war.
The intruders were not detected by the companies responsible for the infrastructure, but by US intelligence agencies, officials said.
Officials said other infrastructure systems, such as water or sewage systems, were also at risk. 
",2009-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking without Misuse,Not available,United States,NATO; NORTHAM,Critical infrastructure,Energy,Not available,China; Russia,"Non-state actor, state-affiliation suggested",,1,8799; 8799,2009-04-08 00:00:00; 2009-04-08 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Not available; Not available,Not available; Not available,United States; United States,Not available; Not available,China; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fbiic.gov/public/2009/april/ElectricityGrid_in_U.S.PenetratedBySpies-WSJ.com.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://www.wsj.com/articles/SB123914805204099085; https://twitter.com/vmyths/status/1626657235047702543; https://www.computerworld.com/article/2524012/report--cybercriminals-have-penetrated-u-s--electrical-grid.html; https://www.fbiic.gov/public/2009/april/ElectricityGrid_in_U.S.PenetratedBySpies-WSJ.com.pdf,2022-08-15,2023-03-16
96,Gaza Offense Attack,"Israel's government website paralyzed by hackergroup, Israeli officials believe it may have been carried out by a criminal organization from the former Soviet Union, and paid for by Hamas or Hezbollah.",2009-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,,Unknown,Non-state-group,Criminal(s),1,128,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Unknown,Non-state-group,,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.haaretz.com/1.5065382,2022-08-15,2023-03-13
117,Retaliation for 2chan Hack,Japanese Internet warriors assaulted the Website of the South Korea’s Presidential Office.,2009-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,,,Japan,Non-state-group,Hacktivist(s),1,157,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Japan,Non-state-group,http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html,2022-08-15,2023-03-13
98,Platinum Group,"Platinum has been targeting its victims since at least as early as 2009, and may have been active for several year sprior. Like many such groups, Platinum seeks to steal sensitive intellectual property related to government interests, but its range of preferred targets is consistently limited to specific governmental organizations, defense institutes, intelligence agencies, diplomatic institutions, and telecommunication providers in South and Southeast Asia.",2009-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None,Malaysia; Indonesia; China; Singapore; India; Thailand,ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS; EASIA; NEA; SCO - ASIA - ASIA; SASIA; SCO - ASIA; SEA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Defence industry; ;  - Government / ministries; Defence industry; ;  - Government / ministries; Defence industry; ;  - Government / ministries; Defence industry; ;  - Government / ministries; Defence industry; ;  - Government / ministries; Defence industry; ; ,Platinum,Unknown,Unknown - not attributed,,1,130,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Platinum,Unknown,Unknown - not attributed,https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf; https://www.microsoft.com/security/blog/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc,Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf; https://www.microsoft.com/security/blog/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc,2022-08-15,2023-03-13
99,Winnti Umbrella aka Axiom aka DeputyDog,Chinese State-Espionage Group Winnti Umbrella conducted espionage against targets since 2009.,2009-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None,"United States; Japan; Korea, Republic of; Thailand; China",NATO; NORTHAM - ASIA; SCS; NEA - ASIA; SCS; NEA - ASIA; SEA - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; Advocacy / activists (e.g. human rights organizations); ; ,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China,"Non-state actor, state-affiliation suggested",,1,131,2018-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China,"Non-state actor, state-affiliation suggested",https://401trg.com/burning-umbrella/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://401trg.com/burning-umbrella/,2022-08-15,2023-03-13
100,NSA vs. Credit Card Companies,The NSA spied on various worldwide creditcard companies,2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Global (region),,Critical infrastructure,Finance,NSA/Equation Group,United States,State,,2,133; 132,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-03-13
101,Project Mystic,The NSA accessed various worldwide communication networks and wire tapped the corresponding communications,2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None - None,Bahamas; Afghanistan; Mexico; Kenya; Philippines, - ASIA; SASIA -  - AFRICA; SSA - ASIA; SCS; SEA,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications - Telecommunications - Telecommunications - Telecommunications,NSA/Equation Group,United States,State,,2,135; 134,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://theintercept.com/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/,2022-08-15,2023-03-13
102,DarkUniverse,Various civilian and military institutions were hacked by the Duke campaign via spear-phishing,2009-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None - None,"Syria; Iran, Islamic Republic of; Afghanistan; Tanzania; Ethiopia; Sudan; Russia; Belarus; United Arab Emirates",ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; SASIA - AFRICA; SSA - AFRICA; SSA - AFRICA; MEA; NAF - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO - ASIA; MENA; MEA; GULFC,State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Military; Criminal;  - Military; Criminal;  - Military; Criminal;  - Military; Criminal;  - Military; Criminal;  - Military; Criminal;  - Military; Criminal;  - Military; Criminal;  - Military; Criminal; ,DarkUniverse,Unknown,Unknown - not attributed,,1,136,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkUniverse,Unknown,Unknown - not attributed,https://threatpost.com/darkuniverse-apt-targeted-spy-attacks/149927/; https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/darkuniverse-apt-targeted-spy-attacks/149927/; https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/,2022-08-15,2023-03-13
103,Operation Troy: North Korean State Sponsored Lazarus Group Conducts DDoS Attacks Against US and South Korean Targets in July 2009,"Operation Troy is one of the earliest known cyber espionage campaigns by the Lazarus Group, which took place between 2009 and 2012. It was primarily directed against the South Korean government in Seoul, but also against American targets and mostly utilised DDoS attacks, which were already considered unsophisticated but effective at the time. 
The first major incident in this operation, often referred to as the first wave, occurred on 4 July 2009 (on the Independence Day in the United States) and affected both the US and South Korea, hitting sites such as government entities like the White House and the Pentagon, but also the New York Stock Exchange, the Washington Post, NASDAQ and Amazon. 
On 7 and 9 July (unofficially the second and third waves), mainly targeted South Korean entities such as the Ministry of Defence, National Intelligence Service, National Assembly and South Korean banks, but also the US State Department. 
The attacks were carried out using the malware programmes Mydoom and Dozer, which attacked numerous websites and marked the ""Independence Day reminder"" in the master boot record (MBR) of the affected systems.",2009-07-04,2009-07-09,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse,None - None,"United States; Korea, Republic of",NATO; NORTHAM - ASIA; SCS; NEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; ; Legislative; Civil service / administration; Judiciary; Intelligence agencies - Government / ministries; Finance; ; Legislative; Civil service / administration; Judiciary,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,,1,15004,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,https://www.group-ib.com/blog/lazarus; https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,Yes,One,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf; https://www.group-ib.com/blog/lazarus; https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,2022-08-15,2023-12-08
104,Chinese Attack on South Korea 2009,South Korea’s primary intelligence agency claimed that China-based hackers stole confidential material from the country’s diplomatic and security services,2009-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; State institutions / political system,Government / ministries; Intelligence agencies,,China,Unknown - not attributed,,1,138,NaT,"Political statement / report (e.g., on government / state agency websites)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fastcompany.com/1696014/south-koreas-power-structure-hacked-digital-trail-leads-china,2022-08-15,2023-03-13
105,Duqu,"Stuxnet- related  malware Duqu targets industrial infrastructure targets around the world, especially in Iran.",2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,None - None - None - None - None - None - None - None - None - None,"Iran, Islamic Republic of; France; Ukraine; Australia; Hungary; Netherlands; Indonesia; Spain; India; Switzerland",ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU - EUROPE; EASTEU - OC - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; SEA - EUROPE; NATO; EU(MS) - ASIA; SASIA; SCO - EUROPE; WESTEU,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),;  - ;  - ;  - ;  - ;  - ;  - ;  - ;  - ;  - ; ,,Unknown,State,,1,139,2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,State,https://theintercept.com/2014/11/12/stuxnet/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf; https://www.crysys.hu/publications/files/bencsathPBF11duqu.pdf; https://theintercept.com/2014/11/12/stuxnet/,2022-08-15,2023-03-13
106,"Campaign ""Sandworm"" - 2009","A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners.",2009-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None,United States; Poland; Slovakia; Ukraine; Belgium,NATO; NORTHAM - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; EASTEU - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Other - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Other - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Other - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Other - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Other,Military; ; Defence industry; Advocacy / activists (e.g. human rights organizations);  - Military; ; Defence industry; Advocacy / activists (e.g. human rights organizations);  - Military; ; Defence industry; Advocacy / activists (e.g. human rights organizations);  - Military; ; Defence industry; Advocacy / activists (e.g. human rights organizations);  - Military; ; Defence industry; Advocacy / activists (e.g. human rights organizations); ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,1,3249,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,Not available,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.wired.com/2014/10/russian-sandworm-hack-isight/,2022-08-15,2024-01-17
107,"Operation ""Snowglobe""","A collection of computer trojans that have been used since 2009 to steal data from government agencies, military contractors, media organizations and other companies is tied to cyber espionage malware possibly created by French intelligence agencies, according to a presentation by the Communications Security Establishment of Canada (until 2014 reffered to as CSEC), created in 2011 and revealed by Edward Snowden.",2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None - None - None - None - None - None - None,"United States; Netherlands; Syria; Germany; Algeria; Russia; Spain; Iran, Islamic Republic of; China; Norway",NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU - AFRICA; NAF; MENA - EUROPE; EASTEU; CSTO; SCO - EUROPE; NATO; EU(MS) - ASIA; MENA; MEA - ASIA; SCS; EASIA; NEA; SCO - EUROPE; NATO; NORTHEU,State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ;  - ; Defence industry; Advocacy / activists (e.g. human rights organizations); ; ,Snowglobe/Animal Farm,France,State,,3,6176; 6177; 6178,2011-01-01 00:00:00; 2015-03-06 00:00:00; 2015-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; IT-security community attributes attacker; Attribution by third-party,Communications Security Establishment Canada (CSEC); Kaspersky; ,Not available; ; Not available,Canada; Russia; ,Snowglobe/Animal Farm; Snowglobe/Animal Farm; Snowglobe/Animal Farm,France; Unknown; France,State; Unknown - not attributed; State,https://www.computerworld.com/article/2894379/cyberespionage-arsenal-could-be-tied-to-french-intelligence.html; https://www.cfr.org/interactive/cyber-operations/search?keys=Animal,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.computerworld.com/article/2894379/cyberespionage-arsenal-could-be-tied-to-french-intelligence.html; https://www.cfr.org/interactive/cyber-operations/search?keys=Animal,2022-08-15,2023-10-27
108,NSA vs. Chinese telecommunication (Operation Shotgiant),"The United States government (NSA) is hacking Chinese mobile phone companies, amongst others Huawei, since 2009 to gather data from millions of text messages",2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,China,ASIA; SCS; EASIA; NEA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,NSA/Equation Group,United States,State,,2,145; 144,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.telegraph.co.uk/news/worldnews/asia/hongkong/10137215/Edward-Snowden-claims-US-hacks-Chinese-phone-messages.html; https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html; https://www.wired.com/story/kia-hyundai-car-thefts-us-security-roundup/,2022-08-15,2023-09-22
109,NSA vs. Tshinghua University (Operation Shotgiant),"The NSA is also hacking Tsinghua University, ""which is home to one of the mainland's six major backbone networks from where Internetdata from millions of Chinese citizens can be gathered""",2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,Tsinghua University,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,2,10767; 10767; 10767; 10767,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Media-based attribution; Attribution by third-party; Media-based attribution; Attribution by third-party,; ; ; ,Not available; Not available; Not available; Not available,; ; ; ,NSA/Equation Group; NSA/Equation Group; NSA/Equation Group; NSA/Equation Group,United States; United States; United States; United States,State; State; State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,,2022-08-15,2023-06-30
110,NSA vs. Pacnet (Operation Shotgiant),The NSA was hacking Asia Pacific fibre-optic network operator Pacnet to steal millions of text messages,2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,China,ASIA; SCS; EASIA; NEA; SCO,Critical infrastructure,Telecommunications,NSA/Equation Group,United States,State,,2,149; 148,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-03-13
111,Panama-Pegasus-Software,The president from Panama used the Pegasus Spyware to spy on members of the opposition in congress.,2009-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Panama,CENTAM,State institutions / political system; Social groups; Social groups,Legislative; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats,,Panama,State,,2,150; 151,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,,Panama; Panama,State; State,https://www.univision.com/univision-news/latin-america/growing-scandal-in-latin-america-over-pegasus-spy-hacking-program,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.univision.com/univision-news/latin-america/growing-scandal-in-latin-america-over-pegasus-spy-hacking-program,2022-08-15,2023-04-05
112,DDOS against Kyrgyz Internet,Presumably Russian hackers conduct DDoS attack against Kyrgyz Internet server provider website,2009-01-18,2009-01-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption,,Kyrgyzstan,ASIA; CENTAS; CSTO; SCS,Critical infrastructure,Telecommunications,,Russia,"Non-state actor, state-affiliation suggested",,1,152,2009-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Russia,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.secureworks.com/blog/research-20957,2022-08-15,2023-03-13
113,Chinese Attack against Bill Nelson,Chinese Hackers break into US Senator Bill Nelson's office computers,2009-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Legislative,,China,Unknown - not attributed,,1,153,NaT,Statement in media report and political statement/technical report,Receiver attributes attacker,,,,,China,Unknown - not attributed,https://www.govinfosecurity.com/senator-office-computers-breached-a-1305,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cfr.org/interactive/cyber-operations/compromise-office-senator-ben-nelson; http://web.archive.org/web/20090323095526/http://www.cqpolitics.com/wmspage.cfm?docid=news-000003080993; https://www.govinfosecurity.com/senator-office-computers-breached-a-1305,2022-08-15,2023-03-13
114,FAA-Hack 2009,"FAA Computer Hacked, 45,000 Names Accessed, culprit unknown.",2009-02-04,2009-02-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,154,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,https://fcw.com/articles/2009/02/23/faa-data-breach.aspx,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.crn.com/news/security/213402688/faa-computer-hacked-45000-names-accessed.htm?itc=refresh; https://fcw.com/articles/2009/02/23/faa-data-breach.aspx,2022-08-15,2023-03-13
115,Attack on US DHS,Unknown hackers steal personal data from US Homeland Security Information Network,2009-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,155,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://fcw.com/articles/2009/05/13/web-dhs-hsin-intrusion-hack.aspx,2022-08-15,2023-03-13
116,2chan Hack,"In march 2009, the Korean netizens mounted an attack on Japan’s largest Internet site, 2ch(www.2ch.net).",2009-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,"Korea, Republic of",Non-state-group,Hacktivist(s),1,156,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,"Korea, Republic of",Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html,2022-08-15,2023-03-13
140,Anonymous vs. Australian Parliament,Anonymous disrupts Australian Parliament website in protest of online filter,2010-02-10,2010-02-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Australia,OC,State institutions / political system,Legislative,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,189,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.pcworld.com/article/189023/article.html,2022-08-15,2023-03-13
141,Bauxit War,"Vietnamese malware infects Vietnamese computers to disrupt and spy on their owners trying to squelch opposition to Chinese bauxite mining efforts in Vietnam, according to Human Rights Watch and McAfee.",2010-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Disruption; Hijacking with Misuse,,Vietnam,ASIA; SCS; SEA,Social groups; Social groups,Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats,,Vietnam,Non-state-group,Hacktivist(s),3,192; 190; 191,2010-01-01 00:00:00; 2010-01-01 00:00:00; 2010-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Political statement / report (e.g., on government / state agency websites)",IT-security community attributes attacker; Media-based attribution; Attribution by third-party,; ; ,; ; ,; ; ,; ; ,Vietnam; Vietnam; Vietnam,Non-state-group; State; State,https://www.hrw.org/news/2010/05/26/vietnam-stop-cyber-attacks-against-online-critics,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://security.googleblog.com/2010/03/chilling-effects-of-malware.html; https://www.hrw.org/news/2010/05/26/vietnam-stop-cyber-attacks-against-online-critics,2022-08-15,2023-03-13
142,RioTinto hacks,"Chinese hackers into RioTinto IT system to target key employees and to steal valuable company information, allegedly to gain competition advantage",2010-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft,None - None,United Kingdom; Australia,EUROPE; NATO; EU(MS); NORTHEU - OC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,,China,State,,2,14718; 14717,2018-01-01 00:00:00; 2010-04-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution,; Abc,Not available; Not available,; United States,,China; China,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.itnews.com.au/news/abc-fingers-china-over-cyber-attacks-172554,2022-08-15,2023-12-04
143,Government Income Leak,Hackers leak the real incomes of Latvian government officals,2010-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Latvia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,People’s Army of the Fourth Awakening (Latvia),Latvia,Non-state-group,Hacktivist(s),1,195,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,People’s Army of the Fourth Awakening (Latvia),Latvia,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://hackertarget.com/when-neo-hacked-the-latvian-srs-database/,2022-08-15,2023-03-13
166,Winnti vs. Korean Social Media,South Korea has blamed Chinese hackers (according to an IT company the Winnti Group) for stealing data from 35 million accounts on a popular social network.,2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,222; 221,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://401trg.com/burning-umbrella/; https://securelist.com/winnti-more-than-just-a-game/37029/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://401trg.com/burning-umbrella/; https://securelist.com/winnti-more-than-just-a-game/37029/; https://www.bbc.com/news/technology-14323787,2022-08-15,2023-03-13
167,Chinese state-sponsored group APT3 (aka Gothic Panda) spied on Moody`s Analytics from 2011 until January 2014,"Chinese state-sponsored group APT3 (aka Gothic Panda), spied on Moody`s Analytics from 2011 until January 2014, according to an US Department of Justice Indictment from September 2016 against three members of APT3 which were employees of the Chinese IT-company Boyusec, a front for the Ministry of State Security (MSS). APT3 stole communications, which contained proprietary and confidential economic analyses,
findings, and opinions from an employee`s email account that was redirected to a fraudulent email account, controlled by one of the indicted Boyusec employees. APT3`s usual initial access vector as described in the indictment was spear phishing. The same indictment also detailed APT3 attacks on Trimble Inc. and the Siemens AG in the US. Notably, the US DoJ indictment did only name the indicted individuals and their official positions within Boyusec, but neither their membership with APT3, nor Boyusec`s reported affiliation with the MSS, which was already publicly known at that time, especially due to the blog posts by the anonymous threat intelligence collective Intrusion Truth.",2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft,Moody`s Analytics,United States,NATO; NORTHAM,Critical infrastructure,Finance,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec)",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Private technology companies / hacking for hire groups without state affiliation / research entities; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Private technology companies / hacking for hire groups without state affiliation / research entities; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Private technology companies / hacking for hire groups without state affiliation / research entities",2,11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680; 11680,2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00; 2017-05-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; Intrusion Truth; US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; United States; United States; United States; United States; United States; United States; United States; United States,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec)",China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/; https://www.justice.gov/opa/press-release/file/1013866/download,International power,International power,China – USA,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations; https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/; https://www.justice.gov/opa/press-release/file/1013866/download,2022-08-15,2023-09-26
168,MagicKitten vs. Iranian Activists outside Iran,"The Iranian APT MagicKitten started a phishing campaign against Iranian exile activists, trying to access their data. Those attacks continued at least until mid 2013.",2011-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None,United States; Canada; Europe (region); Mena Region (region),NATO; NORTHAM - NATO; NORTHAM -  - ,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,; Telecommunications - ; Telecommunications - ; Telecommunications - ; Telecommunications,Magic Kitten/Group 42,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,225,2013-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,Magic Kitten/Group 42,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://carnegieendowment.org/files/Iran_Cyber_Final_Full_v2.pdf; https://security.googleblog.com/2013/06/iranian-phishing-on-rise-as-elections.html; https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/,2022-08-15,2023-03-13
169,Dagger Pandas East Asian Campaign,"A new APT-Dagger Panda-emerged against the nations of South Korea, Japan and Taiwan, attacking their government(espacially)military networks with spearphishing",2011-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,"Taiwan; Korea, Republic of; Japan",ASIA; SCS - ASIA; SCS; NEA - ASIA; SCS; NEA,State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Media; Science - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Media; Science - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Media; Science,Government / ministries; Military; Telecommunications; Defence industry; ;  - Government / ministries; Military; Telecommunications; Defence industry; ;  - Government / ministries; Military; Telecommunications; Defence industry; ; ,,Unknown,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,1,226,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/,2022-08-15,2023-10-20
170,BlackEnergy usage against American SCADA Systems,"The U.S. Department of Homeland Security issued an updated alert last week stating that a variant of the BlackEnergy malware had infiltrated the SCADA systems that control critical infrastructure, including oil and gas pipelines, water distribution systems and the power grid. ABC News reported that national security experts believe hackers sponsored by the Russian government are responsible.",2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Hijacking without Misuse,,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Energy; Water,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,1,227,2014-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",https://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.greentechmedia.com/articles/read/dhs-russian-hackers-infiltrated-us-energy-infrastructure#gs.fWFJYmqF; https://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476; https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/,2022-08-15,2023-12-21
171,Operation Ababil,"The hackergroup Cyberfighters of IzzAd-Din AlQassam attacks US American banks in a third wave of attacks, protesting an islamophobic video on youtube. The alleged hackers indicted in 2016 are believed to be responsible for the distributed denial-of-service (DDoS) attacks launched against 46 U.S. banks between late 2011 and mid-2013. One of the suspects, Hamid Firoozi, has also been charged in connection to a hackerattack targeting the Bowman DaminRye, NewYork. Authorities said here peatedly breached the dam's computersystems between August and September 2013, allowing him to obtain information about the status and operation of the facility.",2011-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption; Hijacking without Misuse,,United States,NATO; NORTHAM,Critical infrastructure; Critical infrastructure,Energy; Finance,Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,11686; 11685,2012-01-01 00:00:00; 2012-01-01 00:00:00,"Statement in media report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,Not available; ,,Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC); Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.justice.gov/opa/file/834996/download; https://www.recordedfuture.com/iran-hacker-hierarchy/; http://www.startribune.com/group-halts-bank-cyberattacks/188944711/?refer=y; https://www.forbes.com/sites/thomasbrewster/2017/09/20/iran-hacker-crew-apt33-heading-for-destructive-cyberattacks/#38b0b8454a48; https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html,System / ideology; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.justice.gov/opa/file/834996/download; https://www.recordedfuture.com/iran-hacker-hierarchy/; http://www.startribune.com/group-halts-bank-cyberattacks/188944711/?refer=y; https://www.forbes.com/sites/thomasbrewster/2017/09/20/iran-hacker-crew-apt33-heading-for-destructive-cyberattacks/#38b0b8454a48; https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html; https://www.darkreading.com/attacks-breaches/to-safeguard-critical-infrastructure-go-back-to-basics,2022-08-15,2023-07-17
172,Countering the Hacktivists,Hacker collectives Anonymous and LulzSec have both been the targets of cyber attacks by UK government spy agency GCHQ,2011-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Unknown,,Social groups,Hacktivist,GCHQ,United Kingdom,State,,2,230; 231,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/technology-26049448; http://www.wired.co.uk/article/gchq-ddos-attack-anonymous,2022-08-15,2023-03-13
173,E-Mail Theft of Australian Parliament,Hackers have broken into Federal Parliamentary email accounts to gain access to emails between ministers and Australian companies mining in China.,2011-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,Australia,OC,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system,Government / ministries; ; Legislative,,Unknown,Unknown - not attributed,,1,8673,NaT,"Attribution given, type unclear",Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.australianmining.com.au/news/chinese-hack-australian-miners-emails/,2022-08-15,2023-03-13
174,Operation Newscaster (aka CharmingKitten),"Iranian hackers use social engineering tactics and other hacking tools to access socialmedia accounts and accounts on other platforms of high-ranking officials, personnel and communityleader, accessing vast amounts of confidential data.The group has been later linked to the Iranian government under the name CharmingKitten.",2011-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,Saudi Arabia; Israel; Yemen; Venezuela; United States; Iraq; United Kingdom; Afghanistan; Kuwait; Egypt,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; MENA; MEA - SOUTHAM - NATO; NORTHAM - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); NORTHEU - ASIA; SASIA - ASIA; MENA; MEA; GULFC - MENA; MEA; AFRICA; NAF,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military;  - Government / ministries; Legislative; Military; ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,233,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://cyber-peace.org/wp-content/uploads/2014/08/NEWSCASTER-An-Iranian-Threat-Inside-Social-Media-iSIGHT-Partners.pdf; https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/iran-hackers/rpt-iranian-hackers-use-fake-facebook-accounts-to-spy-on-u-s-others-idUSL1N0OF06R20140529; https://www.timesofisrael.com/iran-spied-on-israel-saudi-arabia-with-major-cyberattack/; https://cyber-peace.org/wp-content/uploads/2014/08/NEWSCASTER-An-Iranian-Threat-Inside-Social-Media-iSIGHT-Partners.pdf; https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf,2022-08-15,2023-03-13
175,RSA breached,"RSA is hacked with a Trojanhorse and Secure ID Token, its security technology in use by several governments and private firms around the globe. RSA later states that two probably state-sponsored groups intiated the attack, U.S. government and parts of the IT security community make China responsible.",2011-01-01,2011-03-17,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,China,State,,2,234; 235,2011-01-01 00:00:00; 2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Receiver attributes attacker,,,,,China; China,State; State,https://nakedsecurity.sophos.com/2011/10/11/rsa-blames-nation-state-attack/; https://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409; https://www.security-insider.de/so-knackten-hacker-die-sicherheit-bei-rsa-und-lockheed-martin-a-393338/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://searchsecurity.techtarget.com/magazineContent/The-RSA-breach-One-year-later; https://nakedsecurity.sophos.com/2011/10/11/rsa-blames-nation-state-attack/; https://nakedsecurity.sophos.com/2011/03/18/security-firm-rsa-warns-that-its-servers-have-been-hacked/; https://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409; https://www.vanityfair.com/news/2011/09/chinese-hacking-201109; https://www.security-insider.de/so-knackten-hacker-die-sicherheit-bei-rsa-und-lockheed-martin-a-393338/,2022-08-15,2023-08-07
176,Phishing Norways National Security Authority,"Norway's National Security Authority (NSM) on Friday confirmed that systems associated with the country's energy and defence sectors were hit with a cyber attack, resulting in a loss of sensitive information.",2011-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,Norway,EUROPE; NATO; NORTHEU,Critical infrastructure; Critical infrastructure,Energy; Defence industry,,Unknown,Unknown - not attributed,,1,236,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://uk.pcmag.com/news/114528/norway-cyber-attack-targets-countrys-oil-gas-systems,2022-08-15,2024-01-17
177,Citigroup hacked,"Citigroup Inc. C 0.01% plans to send replacement credit cards to about 100,000 North American customers after its systems were breached by a hacking attack affecting about 200,000 accounts. Possibly the attack was even worse, leading to a breach of up to 300.000 Creditcards",2011-01-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,,Unknown,Non-state-group,Criminal(s),1,237,NaT,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.huffingtonpost.com/2011/06/27/citigroup-hack_n_885045.html; https://www.reuters.com/article/us-citi/regulators-pressure-banks-after-citi-data-breach-idUSTRE7580TM20110609,2022-08-15,2023-03-13
178,APT 6 vs. US government,"The feds warned that ""a group of malicious cyber actors,"" whom security experts believe to be the government-sponsored hacking group known as APT 6, ""have compromised and stolen sensitive information from various government and commercial networks"" since at least 2011, according to an FBI alert obtained by Motherboard.",2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,APT 6,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",3,239; 238; 240,2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Attribution given, type unclear; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Media-based attribution; IT-security community attributes attacker,; ; ,; ; ,; ; ,APT 6; APT 6; APT 6,China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://motherboard.vice.com/en_us/article/qkjkxv/fbi-flash-alert-hacking-group-has-had-access-to-us-govt-files-for-years,2022-08-15,2023-03-13
179,Attack on various Australian Networks,Australian government computer networks breached in cyber attacks by Chinese hackers,2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,Australia,OC,State institutions / political system,Government / ministries,,China,"Non-state actor, state-affiliation suggested",,2,241; 242,2016-01-01 00:00:00; 2016-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Attribution given, type unclear",Attribution by receiver government / state entity; Media-based attribution,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.abc.net.au/news/2016-08-29/chinese-hackers-behind-defence-austrade-security-breaches/7790166,2022-08-15,2023-03-13
180,IMF Hack,"The International Monetary Fund (IMF) is investigating a serious cyber-attack in which some of its systems were compromised and used to access internal data. Security experts said the source seemed to be a ""nation state""aiming to gain a ""digital insider presence""on the network of the IMF",2011-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,International Monetary Fund (IMF) ,United States,NATO; NORTHAM,International / supranational organization,,,Unknown,"Non-state actor, state-affiliation suggested",,1,8674,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,Not available,,,Unknown,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-imf-cyberattack/imf-cyber-attack-aimed-to-steal-insider-information-expert-idUSTRE75A20720110612; https://www.theguardian.com/business/2011/jun/12/imf-cyber-attack-hack; https://www.nytimes.com/2011/06/12/world/12imf.html?_r=3; https://www.bolsamania.com/noticias/empresas/economia--el-fmi-confirma-haber-sufrido-un-ciberataque--16451389.html,2022-08-15,2024-03-19
181,PutterPanda cyberespionage vs. Canada,"Chinas hackers gain access to highly classified federal information of the Canadian Finance Department, Treasury Board and a defense research institution through hijacking government computers. The named institutions are forced offline.",2011-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,Canada,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Science,Government / ministries; Defence industry; ,Putter Panda/APT 2,China,State,,2,245; 244,2011-01-01 00:00:00; 2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,Putter Panda/APT 2; Putter Panda/APT 2,China; China,"State; Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-china-canada-cybersecurity/hacking-attack-in-canada-bears-signs-of-chinese-army-unit-expert-idUSKBN0G13X220140801,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618; https://www.cbc.ca/news/politics/hackers-stole-secret-canadian-government-data-1.990875; https://www.reuters.com/article/us-china-canada-cybersecurity/hacking-attack-in-canada-bears-signs-of-chinese-army-unit-expert-idUSKBN0G13X220140801,2022-08-15,2023-03-13
182,Anonymous vs. Tunisian Government,Anonymous attacks several Tunisian government websites.,2011-01-01,2011-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Tunisia,AFRICA; NAF; MENA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,246,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/01/anonymous-hacktivists-attack-african.html,2022-08-15,2023-03-13
183,FatalErrorCrew vs. President of Brazil,Hackers attack several Brazilian government websites.,2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Brazil,SOUTHAM,State institutions / political system,Government / ministries,Fatal Error Crew,Unknown,Non-state-group,Hacktivist(s),1,247,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Fatal Error Crew,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/01/police-probe-hacker-attack-on-brazil.html,2022-08-15,2023-03-13
184,PakBugs vs. Kerala Pradesh Congress Commitee,Website of the Indian party Kerala Pradesh Congress Committee is hacked and pro-Pakistani remarks are left.,2011-01-02,2011-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Political parties,PakBugs,Pakistan,Non-state-group,Hacktivist(s),1,248,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,PakBugs,Pakistan,Non-state-group,,International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/01/kerala-pradesh-congress-committee-kpcc.html,2022-08-15,2023-03-13
165,Winnti vs. Gaming Industry,"According to Kasperskys estimations, the Chinese Winnti Group has been active for several years and specializes in cyberattacks against the online video game industry. The group’s main objective is to steal sourcecodes for online game projects as well as the digital certificates of legitimate software vendors. In addition, they are very interested in how network infrastructure (including the production of gaming servers) is setup, and new developments such as conceptual ideas, design and more.",2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,Global (region),,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,220,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://401trg.com/burning-umbrella/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://401trg.com/burning-umbrella/; https://securelist.com/winnti-more-than-just-a-game/37029/,2022-08-15,2023-03-13
164,The Jasmine Revolution,"Tunisia’s Jasmine Revolution included the hacking of user names and passwords for the entire online population of Tunisia by AMMAR, the country’s government-run Internet Services Provider.",2011-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft,,Tunisia,AFRICA; NAF; MENA,End user(s) / specially protected groups,,AMMAR,Tunisia,State,,1,219,2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,AMMAR,Tunisia,State,http://web.mit.edu/smadnick/www/wp/2017-10.pdf,National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://web.mit.edu/smadnick/www/wp/2017-10.pdf; https://cpj.org/blog/2011/01/tunisia-invades-censors-facebook-other-accounts.php,2022-08-15,2023-03-13
163,First Phase Dragonfly aka EnergeticBear (2011-2014),"The Dragonfly group, which is also known by other vendors as EnergeticBear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013. In their campaign against companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies. they used the malware ""Havex"". 
An US indictment from August 26, 2021 charged three Russian hackers from the Military Unit 71330 or “Center 16” of the FSB for the campaign. ",2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse, - ,United States; Canada,NATO; NORTHAM - NATO; NORTHAM,Critical infrastructure - Critical infrastructure,Defence industry - Defence industry,"Pavel Aleksandrovich Akulov (FSB, Center 16, Military Unit 71330); Mikhail Mikhailovich Gavrilov (FSB Centre 16, Military Unit 71330); Marat Valeryevich Tyukov (FSB, Center 16, Military Unit 71330)",Russia; Russia; Russia,State; State; State,; ; ,2,2339; 2339; 2339; 2340,2022-03-24 00:00:00; 2022-03-24 00:00:00; 2022-03-24 00:00:00; 2014-07-07 00:00:00,"Domestic legal action; Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Symantec,Not available; Not available; Not available; ,United States; United States; United States; United States,"Pavel Aleksandrovich Akulov (FSB, Center 16, Military Unit 71330); Mikhail Mikhailovich Gavrilov (FSB Centre 16, Military Unit 71330); Marat Valeryevich Tyukov (FSB, Center 16, Military Unit 71330); Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330))",Russia; Russia; Russia; Not available,State; State; State; Unknown - not attributed,https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3; https://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical; https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3; https://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html; https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks; https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers,2022-08-15,2023-03-13
152,Anonymous Copyright Operation,Piracy activists have carried out coordinated attacks on websites owned by the music and film industry. The attacks were declared on notorious message-board 4chan and were reportedly in retaliation for anti-piracy efforts against file-sharing websites.,2010-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None - None - None,United States; United Kingdom; Australia; Spain,NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - OC - EUROPE; NATO; EU(MS),Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  - ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,206,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2010/10/07/anonymous_ent_biz_ddos_hits_spain/; https://www.theregister.co.uk/2010/10/04/ministry_of_sound_ddos/; https://www.theregister.co.uk/2010/09/22/acs_4chan/; https://www.bbc.com/news/technology-11371315; https://www.itnews.com.au/news/operation-payback-directs-ddos-attack-at-afact-233573,2022-08-15,2023-03-13
144,Chinese Espionage against US-Mail,"China's cyber spies have accessed the private emails of “many”top Obama administration officials ,according to a senior U.S. intelligence official and a top secret document obtained by NBC News,and have been doing so since at least April 2010.",2010-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Dancing Panda/Legion Amethyst,China,"Non-state actor, state-affiliation suggested",,1,196,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,Dancing Panda/Legion Amethyst,China,"Non-state actor, state-affiliation suggested",https://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2015/aug/10/chinese-national-security-officials-hack; https://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046,2022-08-15,2023-05-02
145,The great SIM Heist,The British GCHQ and the American NSA stole certificates from the most important sim manufacturer.,2010-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Telecommunications,NSA/Equation Group; GCHQ,United States; United Kingdom,State; State,,2,8672; 8672; 8672; 8672; 8671; 8671; 8671; 8671,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://theintercept.com/2015/02/19/great-sim-heist/,2022-08-15,2023-03-13
146,Shadow Network,Chinese spies steel topsecret files from the Indian Defence Ministry and obtain emails from Dalai Lama office servers,2010-04-02,2010-04-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None,India; China; United Nations Organization,ASIA; SASIA; SCO - ASIA; SCS; EASIA; NEA; SCO - ,State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,; ; Religious; ;  - ; ; Religious; ;  - ; ; Religious; ; ,,China,Unknown - not attributed,,1,199,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,China,Unknown - not attributed,https://citizenlab.ca/wp-content/uploads/2017/05/shadows-in-the-cloud.pdf,System / ideology; Resources; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2010/apr/06/cyber-spies-china-target-india; https://economictimes.indiatimes.com/tech/internet/china-rejects-allegations-of-hacking-indian-defence-websites/articleshow/5767336.cms; https://citizenlab.ca/wp-content/uploads/2017/05/shadows-in-the-cloud.pdf,2022-08-15,2023-03-13
147,Chinese Hack into South Korean military networks 2010,"Chinese computer hackers last June gained access to secret South Korean military files on a planned spy plane purchase from the United States, a Seoul law maker says.",2010-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Military,,China,"Non-state actor, state-affiliation suggested",,1,200,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/03/china-hackers-hacked-into-secret-south.html,2022-08-15,2023-03-13
148,GCHQ vs. Al-Qaida newspaper,"White hall sources have revealed that British intelligence officers successfully sabotaged the launch of the first English language website set up by an al-Qaida affiliate. The officers, understood to be based at Government Communications Headquarters (GCHQ) in Cheltenham, attacked an online jihadist magazine in English called Inspire, devised by supporters of al-Qaida in the Arabian Peninsula.",2010-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption,,Yemen,ASIA; MENA; MEA,Social groups,Terrorist,GCHQ,United Kingdom,State,,1,201,2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,GCHQ,United Kingdom,State,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/uk/2011/jun/02/british-intelligence-ruins-al-qaida-website,2022-08-15,2023-03-13
149,Turkey Censor Protest,"The websites of the Ministry of Transportation, the Information and Communication Technologies Authority and the Telecommunications Communication Presidency have been inaccessible. These three state bodies are responsible for internet censorship and have been the principal actors behind attempts to block access to YouTube and Google-related services in Turkey.",2010-06-18,2018-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Civil service / administration; ,,Turkey,Non-state-group,Hacktivist(s),1,202,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Turkey,Non-state-group,https://freedomhouse.org/sites/default/files/FOTN2011.pdf,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://freedomhouse.org/sites/default/files/FOTN2011.pdf; https://www.theregister.co.uk/2010/06/18/turkey_dos_attack/,2022-08-15,2023-03-13
150,Italian Intelligence agency steals sensitive defence data from Indian Embassy,Italian Intelligence agency steals sensitive defence data from Indian Embassy,2010-06-22,2010-06-22,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,India,ASIA; SASIA; SCO,State institutions / political system,,Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC),Italy,State,,2,203; 204,2011-01-01 00:00:00; 2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC); Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC),Italy; Italy,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/08/italian-intelligence-agency-cnaipic.html,2022-08-15,2023-03-13
151,BKA Doxxing,Unknown hackers hack into German Federal Police and Customs computers and publish stolen documents online,2010-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Military,noname-crew,Unknown,Unknown - not attributed,,1,205,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,noname-crew,Unknown,Unknown - not attributed,https://www.focus.de/digital/computer/tid-22964/angriff-auf-zoll-computer-hacker-ueberlisten-antiviren-software_aid_646219.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.infosecurity-magazine.com/news/hackers-infiltrate-german-police-and-customs/; https://www.heise.de/security/meldung/Server-der-Bundespolizei-ausspioniert-1276055.html; https://www.focus.de/digital/computer/tid-22964/angriff-auf-zoll-computer-hacker-ueberlisten-antiviren-software_aid_646219.html,2022-08-15,2023-03-13
153,Myanmar Election DDoS,"An ongoing computerattack has knocked Burma off the internet, just days ahead of its first election in 20 years. More over, Burmese exiled mediagroups are calling for international support in ending cyberattacks that have crippled two news websites over the past week.The Democratic Voice of Burma (DVB) and TheIrrawaddy magazine, which provide independent coverage of current affairs in Burma,have been the target of intense attacks which it is believed originate from the Burmese government.",2010-09-27,2010-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,None - None,Myanmar; Thailand,ASIA; SEA - ASIA; SEA,State institutions / political system; Critical infrastructure; Media - State institutions / political system; Critical infrastructure; Media,Government / ministries; Telecommunications;  - Government / ministries; Telecommunications; ,,Myanmar,State,,1,207,2010-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,Myanmar,State,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/technology-11693214,2022-08-15,2023-03-13
162,Longhorn Group,"Spying tools and operational protocols of the CIA, detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn, Chinese IT Company Qi'anxin Threat Intelligence Center directly refers to it in its report as the CIA tools.",2011-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,EU (institutions); Mena Region (region); Asia (region); Africa; China, -  -  -  - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ; ,Longhorn/The Lamberts; CIA,United States; United States,State; State,,1,217; 217,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Longhorn/The Lamberts; CIA,United States; United States,State; State,https://www.bankinfosecurity.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824; https://www.bleepingcomputer.com/news/security/longhorn-cyber-espionage-group-is-actually-the-cia/,International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bankinfosecurity.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824; https://www.bleepingcomputer.com/news/security/longhorn-cyber-espionage-group-is-actually-the-cia/,2022-08-15,2024-02-05
154,Stealing the NASDAQ,"Hackers, most likely from Russia, manage to hack into NASDAQ and plant malware that let several hackergroups operate freely ;another allegations states that the Russian hackers tried to clone the NASDAQ",2010-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking without Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Finance,,Russia,"Non-state actor, state-affiliation suggested",,2,209; 208,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution,,,,,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2014/07/how-elite-hackers-almost-stole-the-nasdaq/; https://www.wired.com/2011/03/nsa-investigates-nasdaq-hack/; https://web.archive.org/web/20170712031930/https://www.bloomberg.com/news/articles/2014-07-17/how-russian-hackers-stole-the-nasdaq,2022-08-15,2023-03-13
155,Wikileaks DDoS,It's possible that the DDoS against Wikileaks was orchestrated by a government in effort to retaliate against the leak and disrupt access to the documents.,2010-11-30,2010-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Disruption,,Sweden,EUROPE; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,,Unknown,"Non-state actor, state-affiliation suggested",,1,210,2010-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2010/11/wikileaks-moves-to-amazons-cloud-to-evade-massive-ddos/,2022-08-15,2023-06-13
156,[EU] Unknown threat actors targeted French Ministry of Finance in December 2010,"Unknown threat actors targeted the French Ministry of Finance in December 2010, budget minister Francois Baron and a ministry spokesperson confirmed after media reporting about the incident.
The attack was only detected in January 2011 and aimed to gain access to information related to the G20 summit in 2011 — the stolen documents related to international finance and world trade.",2010-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,,China,"Non-state actor, state-affiliation suggested",,1,16502,2011-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,Not available,,,China,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://spectrum.ieee.org/riskfactor/telecom/internet/spectacular-cyber-attack-gains-access-to-frances-g20-files; https://www.france24.com/en/20110307-cyber-attack-french-finance-ministry-g20-presidency-target-baroin,2022-08-15,2024-01-25
157,Infiltration of British Foreign Office,Unknown hackers infiltrates British Foreign Office's staff computers with a data-stealing viruses,2010-12-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,212,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2011/feb/06/hacking-william-hague-munich,2022-08-15,2023-03-13
158,Pakistani Hackers vs. India,Pakistani hackergroup shuts down Indian Central Bureau of Investigation website,2010-12-03,2010-12-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Police,Pakistani Cyber Army,Pakistan,Non-state-group,Hacktivist(s),1,213,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistani Cyber Army,Pakistan,Non-state-group,,Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.aljazeera.com/news/asia/2010/12/20101241373583977.html,2022-08-15,2023-03-13
159,"Operation ""Payback""","Hackers attack Mastercard, Visa and Postfinance in the so-called ""Operation Payback"" because of the banks refusal to transfer money to Wikileaks accounts.",2010-12-08,2010-12-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,United States; Switzerland,NATO; NORTHAM - EUROPE; WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,Anonymous/4Chan,Unknown,Non-state-group,Hacktivist(s),1,214,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous/4Chan,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.spiegel.de/netzwelt/web/operation-payback-hacker-grossangriff-auf-mastercard-visa-co-a-733520.html,2022-08-15,2023-03-13
160,Retaliation for Kim Jong Il Hack,"In recent days hackers from the South have poked fun at the Kim dynasty, rulers of NorthKorea for more than 60 years, and their Northern counter parts retaliated by temporarily disabling a popular South Korean website suspected of being behind the attacks.",2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"Korea, Republic of",ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,"Korea, Democratic People's Republic of",State,,1,215,2011-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,"Korea, Democratic People's Republic of",State,https://www.theguardian.com/world/2011/jan/11/korea-hackers-mount-cyber-skirmishes,System / ideology,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2011/jan/11/korea-hackers-mount-cyber-skirmishes,2022-08-15,2023-03-13
161,Ke3chang aka APT 15,"As the crisis in Syria escalates, Fire Eye researchers have discovered a cyberespionage campaign, which is called “Ke3chang,” that falsely advertises information updates about the ongoing crisis to compromise MFA networks in Europe",2011-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,Europe (region),,State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Energy; Defence industry; ,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,Unknown - not attributed,,1,216,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf,2022-08-15,2023-03-13
97,Insurgent Drone Hack,"Iraqi insurgents hack US drones and intercept live video feeds, backing by Iran suggested",2009-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Military,,Iraq,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,1,129,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,Iraq,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2009/dec/17/skygrabber-american-drones-hacked,2022-08-15,2023-03-13
95,French embassy in Beijing Hack,"The website of the French embassy in Beijing has apparently come under a cyber-attack after President Nicolas Sarkozy outraged China by meeting Tibetan spiritual leader, the Dalai Lama.",2008-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,,,China,Non-state-group,Hacktivist(s),1,127,NaT,"Attribution given, type unclear",Media-based attribution,,,,,China,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://zeenews.india.com/news/world/french-embassy-website-in-china-hacked_490316.html,2022-08-15,2023-03-13
366,Danish Car Register Hacked,Hackers have got into the identity register,2012-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,Denmark,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Police,,Unknown,Unknown - not attributed,,1,445,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://politiken.dk/newsinenglish/art5450702/Hackers-have-got-into-the-identity-register,2022-08-15,2023-10-20
26,APT 10/Technology Theft Campaign,"Beginning in or about 2006, members of the APT 10 Group, engaged in an intrusion campaign to obtain unauthorized access to the computers and computer networks of commercial and defense technology companies and U.S. Government agencies in order to steal information and data concerning a number of technologies",2006-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,None - None - None - None - None - None - None - None - None - None,Canada; Japan; Switzerland; India; Germany; United Arab Emirates; Brazil; United States; United Kingdom; France,NATO; NORTHAM - ASIA; SCS; NEA - EUROPE; WESTEU - ASIA; SASIA; SCO - EUROPE; NATO; EU(MS); WESTEU - ASIA; MENA; MEA; GULFC - SOUTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure; Critical infrastructure,Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry - Government / ministries; Energy; ; Telecommunications; Defence industry,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,2,13892; 13891,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by third-party,,Not available; Not available,United States; ,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.justice.gov/opa/press-release/file/1121706/download; https://intrusiontruth.wordpress.com/2018/08/15/APT 10-was-managed-by-the-tianjin-bureau-of-the-chinese-ministry-of-state-security/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.wired.com/story/doj-indictment-chinese-hackers-APT%2010/; https://www.justice.gov/opa/press-release/file/1121706/download; https://intrusiontruth.wordpress.com/2018/08/15/APT 10-was-managed-by-the-tianjin-bureau-of-the-chinese-ministry-of-state-security/,2022-08-15,2023-10-26
28,Denmark Cartoon Hack,Hackers break into about 600 Danish Websites to post threats and protest against satirical cartoons of the Prophet Mohammad,2006-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Denmark,EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Other,; ; ,,Unknown,Non-state-group,Hacktivist(s),1,38,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/danish-web-sites-hacked-over-mohammad-cartoons/,2022-08-15,2023-12-11
29,DOS Asia Department Hack,The State Department is recovering from large-scale computer break-ins worldwide over the past several weeks that appeared to be directed at its headquarters and at offices dealing with Asia.,2006-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking without Misuse,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,China,Unknown - not attributed,,2,40; 39,NaT; NaT,"Attribution given, type unclear; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,,China; China,Unknown - not attributed; Unknown - not attributed,"https://books.google.de/books?id=bpgq3nwxU2EC&pg=PA71&lpg=PA71&dq=Dawn+Onley,+Dawn+and+Patience+Wait,+“Red+Storm+Rising:+DoD’s+Efforts+to+Stave+Off+Nation-+State+Cyber+Attacks+Begin+with+China,”+Government+Computer+News,+August+2006.&source=bl&ots=awl6HiyumB&sig=ACfU3U0RTfaKYx8TP4qt3qLNQSbmCoGOmQ&hl=de&sa=X&ved=2ahUKEwinsuDJgLzjAhVBEVAKHZyNBAsQ6AEwAHoECAUQAQ#v=onepage&q=Dawn%20Onley%2C%20Dawn%20and%20Patience%20Wait%2C%20“Red%20Storm%20Rising%3A%20DoD’s%20Efforts%20to%20Stave%20Off%20Nation-%20State%20Cyber%20Attacks%20Begin%20with%20China%2C”%20Government%20Computer%20News%2C%20August%202006.&f=false(S.71)",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://www.nytimes.com/2006/07/12/washington/12hacker.html; https://books.google.de/books?id=bpgq3nwxU2EC&pg=PA71&lpg=PA71&dq=Dawn+Onley,+Dawn+and+Patience+Wait,+“Red+Storm+Rising:+DoD’s+Efforts+to+Stave+Off+Nation-+State+Cyber+Attacks+Begin+with+China,”+Government+Computer+News,+August+2006.&source=bl&ots=awl6HiyumB&sig=ACfU3U0RTfaKYx8TP4qt3qLNQSbmCoGOmQ&hl=de&sa=X&ved=2ahUKEwinsuDJgLzjAhVBEVAKHZyNBAsQ6AEwAHoECAUQAQ#v=onepage&q=Dawn%20Onley%2C%20Dawn%20and%20Patience%20Wait%2C%20“Red%20Storm%20Rising%3A%20DoD’s%20Efforts%20to%20Stave%20Off%20Nation-%20State%20Cyber%20Attacks%20Begin%20with%20China%2C”%20Government%20Computer%20News%2C%20August%202006.&f=false(S.71)",2022-08-15,2023-03-13
30,BND vs. Spiegel & Afghan Minister,The German BND spied on the email conversation between an Afghani minister and a German Spiegel Journalist.,2006-06-08,2006-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,None - None,Germany; Afghanistan,EUROPE; NATO; EU(MS); WESTEU - ASIA; SASIA,State institutions / political system; Media - State institutions / political system; Media,Government / ministries;  - Government / ministries; ,BND,Germany,State,,1,8667,2008-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,Not available,,BND,Germany,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.spiegel.de/spiegel/print/d-56756328.html,2022-08-15,2023-03-17
31,"Republican Frank Wolf, Chris Smith Hack","The office of the Republican Frank Wolf was hacked by China because of its longstanding critical attitude towards its human rights abuses, he said.",2006-08-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system; End user(s) / specially protected groups,Legislative; ,,China,State,,1,42,2008-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nysun.com/foreign/china-critic-says-congressional-computers-hacked/79782/,2022-08-15,2023-03-13
32,BIS Hack,An attack against the US Bureau of Industry and Security (BIS) forced the agency to turn off Internet access in early September 2006. Hundreds of computers must be replaced to cleanse the agency of malicious code.,2006-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking without Misuse,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,China,"Non-state actor, state-affiliation suggested",,2,44; 43,2006-01-01 00:00:00; 2006-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://custom.crn.com/news/security/193105261/chinese-hackers-hit-commerce-department.htm?itc=refresh,Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2006/10/09/chinese_crackers_attack_us/; https://custom.crn.com/news/security/193105261/chinese-hackers-hit-commerce-department.htm?itc=refresh,2022-08-15,2023-03-13
33,US Naval War College Hack 2006,"Computer and e-mail systems were off-line at the Naval War College following a network intrusion Nov.15. According to newsreports, hackers in China attacked the Website of the college, which trains senior Navy officers and develops cyberspace strategies.",2006-11-15,2006-12-04,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption,,United States,NATO; NORTHAM,State institutions / political system; Science,Military; ,,China,"Non-state actor, state-affiliation suggested",,1,45,2006-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,,China,"Non-state actor, state-affiliation suggested",https://fcw.com/articles/2006/12/04/china-is-suspected-of-hacking-into-navy-site.aspx?sc_lang=en,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://fcw.com/articles/2006/12/04/china-is-suspected-of-hacking-into-navy-site.aspx?sc_lang=en,2022-08-15,2023-03-13
34,APT  1 Campaign 2006-2013,"In its seminal report about APT  1, IT-company Mandiant exposed this group as being PLA Unit 61398, conducting economic cyber-espionage against targets wordlwide. One year later, the US released its first indictment against forein hackers, in this case from the Chinese APT  1.",2006-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,United States; India; Belgium; Taiwan; United Kingdom; Switzerland; Japan; Israel; Canada; Singapore,NATO; NORTHAM - ASIA; SASIA; SCO - EUROPE; EU(MS); NATO; WESTEU - ASIA; SCS - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; WESTEU - ASIA; SCS; NEA - ASIA; MENA; MEA - NATO; NORTHAM - ASIA,State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science,Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ;  - Civil service / administration; ; ; ; ; ,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,2,13896; 13896; 13895; 13895,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,Not available; Not available; ; ,United States; United States; ; ,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China; China; China,State; State; State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-APT%201-report.pdf; https://books.google.de/books?id=KNlEWdlTxYYC&pg=PA5&lpg=PA5&dq=APT +1+report+mandiant+senator&source=bl&ots=3Vjtz3BJHM&sig=ACfU3U35FSxtDFVHjIwB-4M0St6m8FAatg&hl=de&sa=X&ved=2ahUKEwiNzICc_LLyAhXxhf0HHcYJDyoQ6AF6BAglEAM#v=onepage&q=APT %201%20report%20mandiant%20senator&f=false,2022-08-15,2023-10-27
35,Operation RedOctober,"Kaspersky found 2013 a campaign of espionage/stealing of confidential information in many countries, mostly in Eastern Europe, but also in Western Europe and America, specifically targeting ""Cryptofiler""files. Some evidence point to Russian and Chinese hackers,while precisely the origin could not be identified",2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None - None - None,"Russia; Kazakhstan; Azerbaijan; Belgium; India; Afghanistan; Armenia; Iran, Islamic Republic of; Turkmenistan; Ukraine",EUROPE; EASTEU; CSTO; SCO - ASIA; CSTO; SCO - ASIA; CENTAS - EUROPE; EU(MS); NATO; WESTEU - ASIA; SASIA; SCO - ASIA; SASIA - ASIA; CENTAS; CSTO - ASIA; MENA; MEA - ASIA - EUROPE; EASTEU,State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy;  - Government / ministries; Military; Energy; ,,China; Russia,Unknown - not attributed,,1,48; 48,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,,China; Russia,Unknown - not attributed; Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/the-red-october-campaign/57647/; https://www.bbc.com/news/technology-21013087; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies,2022-08-15,2023-03-13
36,Operation Byzantine Hades (Lockheed Martin) - 2007,"Documents leaked by Edward Snowden are the first public confirmation that Chinese hackers have been able to extrapolate top secret data on the F-35 Lightning II joint strike fighter jet. According to sources, the data breach already took place in 2007 at the prime subcontractor Lockheed Martin.",2007-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,,China,State,,2,3284; 3283,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,Not available; Not available,,,China; China,State; State,https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/; https://de.reuters.com/article/usa-fighter-hacking/theft-of-f-35-design-data-is-helping-u-s-adversaries-pentagon-idUSL2N0EV0T320130619,2022-08-15,2024-02-22
37,Turkish Hacker vs. Sweden,Attacks on Swedish Web hosts and Web sites following the publication of a satirical drawing by Lars Vilks portraying the Muslim Prophet Mohammed as a roundabout dog by turkish hackers,2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Sweden,EUROPE; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Other,; ; ,,Turkey,Non-state-group,Hacktivist(s),1,51,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Turkey,Non-state-group,https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html,2022-08-15,2023-03-13
38,Swedish Hackers vs. Turkey,A group of swedish hackers has chosen to leak these user details in response to the many recent attacks on Swedish Web hosts and Web sites following the publication of a satirical drawing by Lars Vilks portraying the Muslim Prophet Mohammed as a roundabout dog.,2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other,; ; ,,Sweden,Non-state-group,Hacktivist(s),1,52,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Sweden,Non-state-group,https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html,2022-08-15,2023-03-13
39,Infy/Prince of Persia,"Prince of Persia Campaign used InfyMalware for almost ten years to spy on government and corporate entities, also known as Operation Mermaid.",2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None,"Iran, Islamic Republic of; United States; Denmark; Israel; Saudi Arabia; Pakistan; Afghanistan; Iraq",ASIA; MENA; MEA - NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; SASIA; SCO - ASIA; SASIA - ASIA; MENA; MEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ; ,Infy,Unknown,Unknown - not attributed,,1,53,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Infy,Unknown,Unknown - not attributed,http://blogs.360.cn/post/operation-mermaid.html; https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf,National power; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/; http://blogs.360.cn/post/operation-mermaid.html; https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf,2022-08-15,2023-03-13
40,Darkhotel APT,DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests,2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None,"Korea, Democratic People's Republic of; Japan; India; United States; Asia (region)",ASIA; NEA - ASIA; SCS; NEA - ASIA; SASIA; SCO - NATO; NORTHAM - ,State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Other - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Other - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Other - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Other - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Other,Military; Intelligence agencies; Defence industry; ; ;  - Military; Intelligence agencies; Defence industry; ; ;  - Military; Intelligence agencies; Defence industry; ; ;  - Military; Intelligence agencies; Defence industry; ; ;  - Military; Intelligence agencies; Defence industry; ; ; ,Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux,"Korea, Republic of","Non-state actor, state-affiliation suggested",,1,54,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux,"Korea, Republic of","Non-state actor, state-affiliation suggested",https://www.wired.com/2014/11/darkhotel-malware/; https://labs.bitdefender.com/2017/07/inexsmar-an-unusual-darkhotel-campaign/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/the-darkhotel-apt/66779/; https://www.wired.com/2014/11/darkhotel-malware/; https://labs.bitdefender.com/2017/07/inexsmar-an-unusual-darkhotel-campaign/,2022-08-15,2024-02-22
41,CozyBear vs. Obama Campaign,"State-sponsored Russian hackers systematically targeted the campaign of Barack Obama and close government officials in 2007 and thus immediately before his first candidacy in 2008. Mainly phishing attacks are said to have been involved. According to the Area 1 Security report, however, Chinese influence cannot be ruled out entirely, as they carried out a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain.",2007-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Government / ministries; Election infrastructure / related systems,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,1,8679,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.newsweek.com/russia-hacking-trump-clinton-607956,2022-08-15,2023-03-14
42,Poison Ivy APT,"Through research, 360 Helios Team has found that, since 2007, the PoisonIvy Group has carried out 11 years of cyberespionage campaigns against Chinese key units and departments, such as national defense, government, science and technology, education and maritime agencies. The group seems to have similar interests as OceanLotus.",2007-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system; Science; Other,Government / ministries; Military; ; ,PoisonIvy/APT-C-01,Unknown,Unknown - not attributed,,1,56,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,PoisonIvy/APT-C-01,Unknown,Unknown - not attributed,http://blogs.360.cn/post/APT_C_01_en.html,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://blogs.360.cn/post/APT_C_01_en.html,2022-08-15,2023-03-13
43,Careto aka The Mask,The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers.,2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None,Morocco; Brazil; United Kingdom; Spain; France; Switzerland; Libya; United States,AFRICA; NAF; MENA - SOUTHAM - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); WESTEU - EUROPE; WESTEU - AFRICA; MENA; MEA; NAF - NATO; NORTHAM,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Other,Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ; ,Careto/The Mask,Unknown,"Non-state actor, state-affiliation suggested",,1,57,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Careto/The Mask,Unknown,"Non-state actor, state-affiliation suggested",https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/,2022-08-15,2023-03-13
44,Putter Panda aka APT 2,"Crowdstrike has been tracking the activity of a cyber espionage group operating out of shanghai, China, with connections to the People’s liberation army third General staff department (Gsd) 12th Bureau Military Unit Cover designator (MUCd) 61486, since 2012, active at least since 2007. The group shows similarities to the conduct of APT 1 aka Comment Crew/Panda, which is aligned with PLA Unit 61398.",2007-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,None - None,United States; Europe (region),NATO; NORTHAM - ,State institutions / political system; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; Critical infrastructure; Critical infrastructure; Science,Military; Telecommunications; Defence industry;  - Military; Telecommunications; Defence industry; ,Putter Panda/APT 2,China,State,,1,58,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Putter Panda/APT 2,China,State,http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf,International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf,2022-08-15,2023-03-13
45,The Mobile Surge,"According to documents leaked by Edward Snowden, the American NSA and the British Government Communications Headquarters allegedly collected and stored dozens of pieces of data from smartphone apps in a joint initiative called The Mobile Surge until 2007. The main purpose of this was the systematic exchange of ways to obtain information, but information was also tapped, especially from apps that had been around for a while. Publicly, this initiative has been used to gain a better understanding of potential security vulnerabilities that could improve the privacy of citizens' sensitive data in the long term. The UK authority relies on the fact that it would therefore be in compliance with the law. However, it is not known how many users are affected by this action. ",2007-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Global (region),,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,NSA/Equation Group; GCHQ,United Kingdom; United States; United Kingdom; United States,State; State,,2,8683; 8683; 8683; 8683; 8682; 8682; 8682; 8682,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United Kingdom; United States; United Kingdom; United States; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html,2022-08-15,2023-11-01
46,Stuxnet,US and Israeli created worm Stuxnet infiltrates Iranian nuclear facility which leads to destruction of uranium centrifuges.,2007-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system; Critical infrastructure,Military; Defence industry,NSA/Equation Group,Israel; United States,State,,2,17378; 17378; 17377,2011-01-01 00:00:00; 2011-01-01 00:00:00; 2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,; ; ,Not available; Not available; ,; ; ,NSA/Equation Group; NSA/Equation Group; NSA/Equation Group,Israel; United States; United States,State; State; State,https://www.cbsnews.com/news/iran-blames-us-israel-for-stuxnet-malware/; https://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/; https://archive.f-secure.com/weblog/archives/00002791.html; https://web.archive.org/web/20150217023145/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,Hardware Additions; Replication Through Removable Media; Trusted Relationship,Data Manipulation,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Long lasting effects (> 24h; incident scores 2 points in intensity),7,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",11.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.jpost.com/international/article-731254; https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months; https://www.malwarebytes.com/blog/news/2023/03/ransomware-gunning-for-transport-sectors-ot-systems-next; https://www.justsecurity.org/86548/honey-im-hacked-ethical-questions-raised-by-ukrainian-cyber-deception-of-russian-military-wives/; https://nakedsecurity.sophos.com/2023/06/26/uk-hacker-busted-in-spain-gets-5-years-over-twitter-hack-and-more/; https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/; https://www.darkreading.com/vulnerabilities-threats/defending-against-attacks-on-vulnerable-iot-devices; https://www.rferl.org/a/iran-gas-stations-disruption/32735223.html; https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/; https://socradar.io/enhancing-iot-security-with-cyber-threat-intelligence-cti/; https://www.haaretz.com/israel-news/2024-01-09/ty-article/a-dutch-national-sabotaged-irans-nuclear-program-in-2008-new-investigation-reveals/0000018c-ee18-d0b4-a7ce-ff7bc9ec0000; https://www.heise.de/news/Stuxnet-Niederlaendischer-Geheimdienst-half-wohl-bei-Sabotage-im-Iran-9596851.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag; https://www.wired.com/story/ebay-criminal-charge-bloody-pig-mask/; https://www.futura-sciences.com/tech/actualites/piratage-revelations-surprenantes-sabotage-programme-nucleaire-iranien-110787/; https://www.politico.com/newsletters/weekly-cybersecurity/2024/02/26/irans-cyber-menace-sanctioned-but-not-stirred-00143230; https://www.lexpress.fr/economie/high-tech/destabilisation-desinformation-sabotages-les-cyberattaques-de-plus-en-plus-performantes-de-liran-L55EFKXOIZHHDLYWSJEOJTD2QU/; https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/; https://www.tagesschau.de/ausland/asien/chronik-konflikt-iran-israel-100.html; https://www.diepresse.com/18369299/der-lange-konflikt-zwischen-israel-und-dem-iran; https://www.techuk.org/resource/reducing-the-attack-surface-within-cni-ot-environments-using-revbits-native-security-solutions.html; https://news.ifeng.com/c/8ZCjLXLQVOl; https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&pagewanted=2&seid=auto&smid=tw-nytimespolitics&pagewanted=all; https://www.cbsnews.com/news/iran-blames-us-israel-for-stuxnet-malware/; https://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/; https://archive.f-secure.com/weblog/archives/00002791.html; https://web.archive.org/web/20150217023145/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf; https://therecord.media/more-than-2000-cybersecurity-patent-applications-filed-since-2010-report/,2022-08-15,2024-05-02
27,NSA vs. SWIFT,The NSA hacked the global payment system SWIFT,2006-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Belgium,EUROPE; EU(MS); NATO; WESTEU,Critical infrastructure,Finance,NSA/Equation Group,United States,State,,2,36; 37,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.spiegel.de/international/world/how-the-nsa-spies-on-international-bank-transactions-a-922430.html,2022-08-15,2023-10-27
25,Operation Shady RAT,"Operation Shady RAT is the name given to hacker attacks in which at least 72 companies, organizations and governments around the world were systematically spied out between 2006 and 2011, attributed by Dimitri Alperovitch, a former employee of McAfee.",2006-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None - None,"United States; Canada; Korea, Republic of; Taiwan; Vietnam; Germany; India; Japan; United Kingdom",NATO; NORTHAM - NATO; NORTHAM - ASIA; SCS; NEA - ASIA; SCS - ASIA; SCS; SEA - EUROPE; NATO; EU(MS); WESTEU - ASIA; SASIA; SCO - ASIA; SCS; NEA - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ;  - Government / ministries; ; Energy; Telecommunications; Defence industry; Other social groups; ; ,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,"Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",; Criminal(s); ; Criminal(s),3,31; 31; 31; 31; 33; 33; 32; 32,2011-01-01 00:00:00; 2011-01-01 00:00:00; 2011-01-01 00:00:00; 2011-01-01 00:00:00; 2011-01-01 00:00:00; 2011-01-01 00:00:00; 2011-01-01 00:00:00; 2011-01-01 00:00:00,"Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Contested attribution; Contested attribution; Attribution by third-party; Attribution by third-party,; ; ; ; ; ; ; ,; ; ; ; ; ; ; ,; ; ; ; ; ; ; ,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China; China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/; https://www.washingtonpost.com/national/national-security/report-identifies-widespread-cyber-spying/2011/07/29/gIQAoTUmqI_story.html?utm_term=.f1ca0cb01882; https://www.darkreading.com/attacks-and-breaches/shady-rat-no-china-smoking-gun/d/d-id/1099506?=&piddl_msgorder=thrd; https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&; https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://web.archive.org/web/20110804083836/http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf; https://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/; https://www.washingtonpost.com/national/national-security/report-identifies-widespread-cyber-spying/2011/07/29/gIQAoTUmqI_story.html?utm_term=.f1ca0cb01882; https://www.darkreading.com/attacks-and-breaches/shady-rat-no-china-smoking-gun/d/d-id/1099506?=&piddl_msgorder=thrd; https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&; https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China; https://www.foxnews.com/tech/u-s-cybercops-caught-flat-footed-by-massive-global-cyberattack; https://tecnogazzetta.it/smart-office/2024-04-22-misure-di-sicurezza-olimpiadi-parigi.html,2022-08-15,2024-04-23
94,Operation CastLead,"Israel began a military assault on Hamas’s infrastructure in Gaza on December 27, 2008, called “Operation CastLead.” A cyberbacklash by Arabic hackers targeted thousands of Israeli government and civilian Websites. In a later stage of the conflict, Anonymous was also involved.",2008-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system; Other,,Anonymous/Arabic Hackers,Unknown,Non-state-group,Hacktivist(s),1,126,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous/Arabic Hackers,Unknown,Non-state-group,http://web.mit.edu/smadnick/www/wp/2017-10.pdf,System / ideology; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://web.mit.edu/smadnick/www/wp/2017-10.pdf; http://web.mit.edu/smadnick/www/wp/2017-10.pdf,2022-08-15,2023-03-13
24,Red Storm Rising,"China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD's Non-Classified IP Router Network),' said Maj. Gen. William Lord, director of information, services and integration in the Air Force's Office of Warfighting Integration and Chief Information Officer.",2006-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Government / ministries; Military,,China,State,,1,30,2006-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,https://gcn.com/Articles/2006/08/17/Red-storm-rising.aspx?Page=1,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://gcn.com/Articles/2006/08/17/Red-storm-rising.aspx?Page=1,2022-08-15,2023-03-13
4,Chinese hacktivists targeted Taiwanese government websites after Taiwanese elections in May 2000,"Chinese hackers succeeded in attacking several Taiwanese government websites after Mr Chen was sworn in as the new Taiwanese President on May 20, 2000.",2000-05-20,2000-05-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Not available,Taiwan,ASIA; SCS,State institutions / political system,Government / ministries,Not available,China,Non-state-group,Hacktivist(s),1,17418,2000-05-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,China,Not available,China,Non-state-group,https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf,National power,National power,,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,http://www.hartford-hwp.com/archives/55/105.html; https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf,2022-08-15,2024-02-23
5,Honker Union of China defaced US government and corporate websites in April 2001,"After the collision of an American spy plane and a Chinese jet, Chinese hacker group ""Honkers Union of China"" targeted more than 80 government and corporate websites in the United States in April 2001 with defacement operations, according to the British computer security firm Mi2g.",2001-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Disruption,Not available,United States,NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Honker Union of China,China,Non-state-group,Hacktivist(s),1,17421,2001-04-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Honker Union of China,Not available,China,Honker Union of China,China,Non-state-group,https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html; https://www.theguardian.com/technology/2001/may/04/china.internationalnews; https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf,Other,Other,,Unknown,,0,,Not available,,Not available,Not available,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html; https://www.theguardian.com/technology/2001/may/04/china.internationalnews; https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf; https://www.upi.com/Defense-News/2002/10/29/China-prevented-repeat-cyber-attack-on-US/51011035913195/,2022-08-15,2024-02-23
6,"""First Sino-US-Cyber-War"" II","After the collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific.",2001-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,Other,,,United States,Non-state-group,Hacktivist(s),1,6,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,United States,Non-state-group,https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html,Other,Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html; https://www.theguardian.com/technology/2001/may/04/china.internationalnews; https://www.upi.com/Defense-News/2002/10/29/China-prevented-repeat-cyber-attack-on-US/51011035913195/,2022-08-15,2023-03-28
7,Textbook Hack South Korea vs. Japan,DDoS retaliatory campaign over a revisionist WWII Japanese history textbook,2001-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,; ; ,Antijapan,"Korea, Republic of",Non-state-group,Hacktivist(s),1,7,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Antijapan,"Korea, Republic of",Non-state-group,https://cmsw.mit.edu/mit2/Abstracts/ducke1.pdf,System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://cmsw.mit.edu/mit2/Abstracts/ducke1.pdf,2022-08-15,2023-03-13
8,Prior 9/11 Taliban Hack,"A couple of weeks bevor 9/11 pro Taliban websites have been defaced by western activists, claiming to do so because of the Taliban`s threats to internet users.",2001-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Afghanistan,ASIA; SASIA,Critical infrastructure,Health,Not available,Unknown,Non-state-group,Hacktivist(s),1,8661,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Not available,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://books.google.de/books?id=WfIFiEs0HQ8C&pg=PA89&lpg=PA89&dq=Pro-Palestinian+Hackers++AT%26T+2000&q=Pro-Palestinian%20Hackers%20%20AT%26T%202000&f=false,2022-08-15,2023-03-13
9,ZeeNews/India Today Hack 2001,"Website-defacements of Indian news outlets over the criticism of militant groups operating inside Pakistan, and Pakistani-controlled Kashmir.",2001-10-22,2001-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Not available,India,ASIA; SASIA; SCO,Media,,Not available,Pakistan,Non-state-group,Hacktivist(s),1,8662,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Not available,Pakistan,Non-state-group,http://news.bbc.co.uk/2/hi/south_asia/1617478.stm,System / ideology; Territory; Resources,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://news.bbc.co.uk/2/hi/south_asia/1617478.stm,2022-08-15,2023-03-13
10,NSA vs. US muslims,The NSA spied on prominent muslims in the US,2002-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Science,Legislative; Civil service / administration; Election infrastructure / related systems; Religious; ; ,NSA/Equation Group,United States,State,,1,10,2013-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,NSA/Equation Group,United States,State,,National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://theintercept.com/2014/07/09/under-surveillance/,2022-08-15,2023-03-13
11,Titan Rain,"Titan Rain was the designation given by the federal government of the United States to a series of coordinated attacks on American computer systems since 2003; they were known to have been ongoing for at least three years.[1] The attacks were labeled as Chinese in origin, although their precise nature, e.g., state-sponsored espionage, corporate espionage, or random hacker attacks, and their real identities – masked by proxy, zombie computer, spyware/virus infected – remain unknown.",2003-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,None - None,United States; United Kingdom,NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Military; Defence industry - Government / ministries; Military; Defence industry,,China,"Non-state actor, state-affiliation suggested",,2,11; 12,2005-01-01 00:00:00; 2005-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.symantec.com/content/en/us/enterprise/articles/b-cxo_how_to_combat_cyber_espionage_somaini_ART_21032685.en-us.pdf; https://www.theguardian.com/technology/2014/may/19/us-accusations-chinese-hacking-eight-years; https://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"http://content.time.com/time/subscriber/article/0,33009,1098961,00.html; https://www.symantec.com/content/en/us/enterprise/articles/b-cxo_how_to_combat_cyber_espionage_somaini_ART_21032685.en-us.pdf; https://www.theguardian.com/technology/2014/may/19/us-accusations-chinese-hacking-eight-years; https://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html; https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns",2022-08-15,2024-03-13
13,DDoS North Korea 2004,"A total of 314 PCs were hacked, including servers at the Ministry of Maritime Affairs and Fisheries, enterprises and universities. The attack was attributed to North Korea by the Korea Economic Institute of America.",2004-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Military; Police; ; ,,"Korea, Democratic People's Republic of",State,,1,15,2009-01-01 00:00:00,"Attribution given, type unclear",Attribution by third-party,,,,,"Korea, Democratic People's Republic of",State,,System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.keia.org/sites/default/files/publications/kei_aps_mansourov_final.pdf,2022-08-15,2023-06-18
14,Taiwan's Kuomintang Hack 2004,"Attacks against Taiwan continued in 2004 targeting Websites belonging to Taiwan's Ministry of Finance, the Kuomintang Party, the Democratic Progressive Party (DPP) and the Ministry of National Defense’s (MND) Military News Agency.",2004-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Taiwan,ASIA; SCS,State institutions / political system; State institutions / political system,Government / ministries; Political parties,,China,Individual hacker(s),,2,8666; 8665,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Attribution given, type unclear",Attacker confirms; Media-based attribution,,Not available; Not available,,,China; China,Individual hacker(s); Individual hacker(s),https://books.google.de/books?id=APT eCwAAQBAJ&pg=PT122&lpg=PT122&dq=china+taiwan+2004+hacks+party&source=bl&ots=3sWN_ujpJn&sig=ACfU3U1lbym48HyjivjwwQzcJHCMcESvRQ&hl=de&sa=X&ved=2ahUKEwj-99T1i77jAhXD_KQKHeRZDYMQ6AEwB3oECAgQAQ#v=onepage&q=china%20taiwan%202004%20hacks%20party&f=false,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf; https://books.google.de/books?id=APT eCwAAQBAJ&pg=PT122&lpg=PT122&dq=china+taiwan+2004+hacks+party&source=bl&ots=3sWN_ujpJn&sig=ACfU3U1lbym48HyjivjwwQzcJHCMcESvRQ&hl=de&sa=X&ved=2ahUKEwj-99T1i77jAhXD_KQKHeRZDYMQ6AEwB3oECAgQAQ#v=onepage&q=china%20taiwan%202004%20hacks%20party&f=false,2022-08-15,2023-03-13
15,ROK Hack 2004,"An attack, that has been attributed to the Chinese PLA was sophisticated and surprisingly successful, infecting at least 278 computers at 10 South Korean government agencies with Trojan horse-type viruses that allowed hackers to access computer data when the user opens the files.",2004-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Government / ministries,,China,"Non-state actor, state-affiliation suggested",,1,18,2004-01-01 00:00:00,"Attribution given, type unclear",Attribution by third-party,,,,,China,"Non-state actor, state-affiliation suggested",http://cc.pacforum.org/2004/10/turning-point-china-korea-relations/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://cc.pacforum.org/2004/10/turning-point-china-korea-relations/,2022-08-15,2023-03-13
16,Athens Affair,"Vodafone Greeces services were hacked by an group, later attributed to the American NSA. They wiretapped the phones of parts of the greek government and of greek civil society for 5 months, via the ""lawful intercept"" system of Vodafone.",2004-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,,Greece,EUROPE; NATO; EU(MS); BALKANS,State institutions / political system; International / supranational organization; Other,Political parties; ; ,NSA/Equation Group,United States,State,,2,8677; 8676,2015-01-01 00:00:00; 2015-01-01 00:00:00,"Political statement/report and indictment / sanctions; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution,,Not available; Not available,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://spectrum.ieee.org/telecom/security/the-athens-affair; https://www.theguardian.com/commentisfree/2015/sep/30/athens-affair-encryption-backdoors; https://www.schneier.com/blog/archives/2007/07/story_of_the_gr_1.html; https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/,2022-08-15,2023-03-13
17,Korea vs. Japan 2005,A series of attacks believed to have originated from China and South Korea hit numerous Japanese university and industrial Websites. The attacks may have been caused by a rise in tensions between the countries over the Japanese Education Ministry‘s alleged omission of key historical facts pertaining to Japan’s actions in World War II and China’s opposition to Japan’s attempt to be a permanent member of the UN Security Council.,2005-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Japan,ASIA; SCS; NEA,State institutions / political system; Social groups; End user(s) / specially protected groups; Science; State institutions / political system,Government / ministries; Religious; ; ; Police,Not available; Not available,"China; Korea, Republic of",Not available; Not available,,1,8371; 8371,NaT; NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution; Media-based attribution,,Not available; Not available,,Not available; Not available,"China; Korea, Republic of",Not available; Not available,http://www.crime-research.org/news/11.05.2005/1227/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.crime-research.org/news/11.05.2005/1227/,2022-08-15,2023-06-18
18,"APT  30 aka Naikon, PLA Unit 78020, Lotus Panda","The Chinese government is accused of being behind a newly discovered set of cyber attacks waged against government agencies, corporate companies and journalists across India and Southeast Asia between 2005 and 2015.",2005-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None - None,"India; United States; Vietnam; Myanmar; Philippines; Korea, Republic of; Singapore; Saudi Arabia; Thailand",ASIA; SASIA; SCO - NATO; NORTHAM - ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS; SEA - ASIA; SCS; NEA - ASIA - ASIA; MENA; MEA; GULFC - ASIA; SEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ; ,"APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,22; 22,2015-01-01 00:00:00; 2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2015/04/APT _30_and_the_mecha.html; http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://techcrunch.com/2015/04/12/fireeye-APT%20-30-southeast-asia-india-report/; https://www.fireeye.com/blog/threat-research/2015/04/APT _30_and_the_mecha.html; http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf; https://twitter.com/elinanoor/status/1630983893573566481,2022-08-15,2023-03-13
19,PoseidonGroup: The Boutique,"Kaspersky identified Poseidon; a Brazilian, Portuguese-speaking APT active since at least 2005 and involved in numerous espionage operations until 2016. The targets are companies in energy and utilities, telecommunications, public relations, media, financial institutions, governmental institutions, services in general and manufacturing.",2005-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,United States; Brazil; France; Kazakhstan; United Arab Emirates; India; Russia,NATO; NORTHAM - SOUTHAM - EUROPE; NATO; EU(MS); WESTEU - ASIA; CSTO; SCO - ASIA; MENA; MEA; GULFC - ASIA; SASIA; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure,Government / ministries; Energy; ; ; Finance - Government / ministries; Energy; ; ; Finance - Government / ministries; Energy; ; ; Finance - Government / ministries; Energy; ; ; Finance - Government / ministries; Energy; ; ; Finance - Government / ministries; Energy; ; ; Finance - Government / ministries; Energy; ; ; Finance,Poseidon Group,Brazil,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,1,6712,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Poseidon Group,Brazil,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/; https://securityaffairs.co/wordpress/44402/cyber-crime/poseidon-group-attacks.html,2022-08-15,2023-10-27
20,Tulip Revolution Kyrgyzstan,"Websites belonging to political parties and independent media were subject to unexplained technical failures and deliberate hacking during Kyrgyzstan's recent Parliamentary elections. Attacks included flooding journalist e-mailaccounts with large amounts of spam, and spoofing of e-mail from Kyrgyz websites located in the US. Several political websites were deliberately defaced.",2005-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Kyrgyzstan,ASIA; CENTAS; CSTO; SCS,State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media,Political parties; Election infrastructure / related systems; Advocacy / activists (e.g. human rights organizations); ; ,,Kyrgyzstan,Unknown - not attributed,,1,24,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Kyrgyzstan,Unknown - not attributed,https://opennet.net/special/kg/,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://web.mit.edu/smadnick/www/wp/2017-10.pdf; https://opennet.net/special/kg/,2022-08-15,2023-03-13
21,NSA vs. Al Jazeera,The NSA hacked the arab Al-Jazeera,2006-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Qatar,ASIA; MENA; MEA; GULFC,Media,,NSA/Equation Group,United States,State,,2,25; 26,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.spiegel.de/international/world/nsa-spied-on-al-jazeera-communications-snowden-document-a-919681.html,2022-08-15,2023-03-13
22,NSA vs. Aeroflot,The NSA hacked the Russian airline Aeroflot,2006-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Transportation,NSA/Equation Group,United States,State,,2,27; 28,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2024-03-13
23,PLA vs. Westinghouse Electric & US Steel,Chinese-government backed hackers steal e-mails from a US electric company containing the company's strategy. The US unsealed an indictment against the PLA hackers in 2014.,2006-01-01,2014-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Advocacy / activists (e.g. human rights organizations); ,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,1,1750; 1750,2014-01-01 00:00:00; 2014-01-01 00:00:00,Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,Not available; Not available,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://time.com/106319/heres-what-chinese-hackers-actually-stole-from-u-s-companies/; https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor; https://twitter.com/NCSCgov/status/1659565751806709761,2022-08-15,2023-05-23
48,Perdido,"According to the in 2013 by Snowden leaked NSA 2007 document, US intelligence services are spying on the European Union mission in New York and its embassy in Washington. One document lists 38 embassies and missions. Germany's justice minister, Sabine Leutheusser-Schnarrenberger, Robert Madelin, one of Britain's most senior officials in the European commission, a spokesman for the European commission, Guy Verhofstadt, the former Belgian primeminister and others have commented on the incident.",2007-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None - None - None - None - None - None,"EU (institutions); France; Greece; Italy; Mexico; Korea, Republic of; Turkey; Japan; India", - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); BALKANS - EUROPE; NATO; EU(MS) -  - ASIA; SCS; NEA - ASIA; NATO; MEA - ASIA; SCS; NEA - ASIA; SASIA; SCO,State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization,;  - ;  - ;  - ;  - ;  - ;  - ;  - ;  - ; ,NSA/Equation Group,United States,State,,2,64; 65,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2013/jun/30/nsa-spying-europe-claims-us-eu-trade; https://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies,2022-08-15,2023-04-20
49,Support of Bundeswehr Presence in Congo,The German BND hacked computers in the Democratic Republic of Congo with the goal of gathering information to support the Bundeswehr presence there,2007-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,"Congo, the Democratic Republic of the",AFRICA; SSA,Unknown,,BND,Germany,State,,1,66,2008-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,BND,Germany,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-03-13
50,Operation Pawn Storm 2007,"Fancy Bear attacked the military and defense contractors of the US and some of their allies in a longterm espionage campaign, with the usage of some Zerodays",2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None,United States; France; Russia; Pakistan; Holy See (Vatican City State); Austria; Hungary; Poland,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - EUROPE; EASTEU; CSTO; SCO - ASIA; SASIA; SCO - EUROPE - EUROPE; EU(MS); WESTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Media,Government / ministries; Military; Defence industry; Political opposition / dissidents / expats;  - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats;  - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats;  - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats;  - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats;  - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats;  - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats;  - Government / ministries; Military; Defence industry; Political opposition / dissidents / expats; ,,Unknown,Unknown - not attributed,,1,67,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf,2022-08-15,2023-10-30
51,Russian Anti-Kasparov Campaign,"Pro-Russian hackers bombarded the sites of opposition leaders like Garry Kasparov in the midst of his 2007 campaign for president, keeping Kasparov's site offline or sluggish at key moments during the campaign season",2007-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; State institutions / political system,Political parties; Election infrastructure / related systems,,Russia,Non-state-group,Hacktivist(s),1,68,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Russia,Non-state-group,,System / ideology; National power,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/story/russia-election-hacking-playbook/,2022-08-15,2023-03-13
75,Pinch duke,"The campaign of Pinch Duke is malware toolset attributed to the Dukes, a Russian state-sponsored cyberespionage operation with the joint goal of gathering intelligence on the sentiments of the targeted countries.",2008-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None,Georgia; Turkey; Kazakhstan; Azerbaijan; Uzbekistan; Kyrgyzstan,ASIA; CENTAS - ASIA; NATO; MEA - ASIA; CSTO; SCO - ASIA; CENTAS - ASIA; CENTAS; CSTO; SCO - ASIA; CENTAS; CSTO; SCS,State institutions / political system; International / supranational organization; Social groups - State institutions / political system; International / supranational organization; Social groups - State institutions / political system; International / supranational organization; Social groups - State institutions / political system; International / supranational organization; Social groups - State institutions / political system; International / supranational organization; Social groups - State institutions / political system; International / supranational organization; Social groups,Government / ministries; ; Criminal - Government / ministries; ; Criminal - Government / ministries; ; Criminal - Government / ministries; ; Criminal - Government / ministries; ; Criminal - Government / ministries; ; Criminal,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,1,104,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf,2022-08-15,2023-03-13
76,Project Chanology,"Anonymous attacks (with DDoS and other disruption-oriented attacks) the Church of Scientology firstly in response to the take-down of the Tom Cruise video, against Scientology's actions viewed as Internet censorship.",2008-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups,Religious,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,105,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2008/feb/04/news; http://artofthemooc.org/wiki/project-chanology/; https://www.cnet.com/news/anonymous-hackers-take-on-the-church-of-scientology/; https://tarnkappe.info/artikel/hintergrundberichte/beruehmte-hacker-die-uns-noch-lange-in-erinnerung-bleiben-werden-teil-4-273234.html,2022-08-15,2023-04-20
77,Tibetean Activists Attacked,Pro-Tibet activist groups attacked through e-mails allegedly from China on the background of increased protests,2008-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft,None - None,China; United States,ASIA; SCS; EASIA; NEA; SCO - NATO; NORTHAM,Social groups - Social groups,Advocacy / activists (e.g. human rights organizations) - Advocacy / activists (e.g. human rights organizations),,China,Unknown - not attributed,,1,106,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2008/03/22/pro_tibetan_groups_targeted/; http://www.washingtonpost.com/wp-dyn/content/article/2008/03/21/AR2008032102605.html,2022-08-15,2023-03-13
78,"""Chinese Civil Militia"" attack on Pentagon","A group of Chinese hackers, belonging to what Western experts say is ""civilian cyber militia"" in China, has claimed to gain unauthorized entry to several high-protected computer systems of the US including the servers of the Pentagon and downloaded information. The hackers' group also said that the Chinese government sometimes pays it secretly.",2008-03-07,2008-03-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,China,Unknown - not attributed,,1,107,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.spamfighter.com/News-10011-Chinese-Hackers-Claim-Gaining-Unauthorized-Entry-into-Pentagon.htm; http://edition.cnn.com/2008/TECH/03/07/china.hackers/index.html,2022-08-15,2023-03-13
79,Byzantine Candor,More than 50 megabytes of email messages and a complete list of user names and passwords from an unspecified US government agency were stolen according to a State Department cable made public by WikiLeaks. At least some of the attacks originated from a Shanghai-based hacker group linked to the People’s Liberation Army’s Third Department,2008-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,United States,NATO; NORTHAM,State institutions / political system,Election infrastructure / related systems,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,1,108; 108,2011-01-01 00:00:00; 2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Attribution by third-party,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-china-usa-cyberespionage/special-report-in-cyberspy-vs-cyberspy-china-has-the-edge-idUSTRE73D24220110414; https://www.nytimes.com/2010/12/05/world/asia/05wikileaks-china.html; https://venturebeat.com/2010/12/04/wikileaks-documents-lay-bare-vast-hacking-attempts-by-chinese-leaders/; https://www.smh.com.au/technology/beijing-used-hackers-to-find-us-secrets-20101205-18lf8.html,2022-08-15,2023-03-13
80,Belgium State Department Hack 2008,Belgium officials said that government computer networks are targeted by attacks from China which could benefit Chinese government,2008-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Government / ministries,,China,"Non-state actor, state-affiliation suggested",,1,109,2008-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.sophos.com/en-us/press-office/press-releases/2008/05/belgium.aspx; https://www.theregister.co.uk/2008/05/08/belgium_india_china_warnings/,2022-08-15,2023-03-13
81,Chinese Hacktivist Attack on CNN,Chinese hackers organised several attacks on CNN and later other websites.,2008-04-17,2008-05-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,United States,NATO; NORTHAM,Media,,,China,Non-state-group,Hacktivist(s),1,110,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://chinascope.org/archives/6680; https://www.pcworld.com/article/144809/article.html; https://news.netcraft.com/archives/2008/04/22/cnn_site_bears_the_brunt_of_chinese_attackers.html; https://www.zdnet.com/article/chinese-hackers-disable-cnn-com-for-three-hours/,2022-08-15,2023-03-13
82,DDOS on RFE - 2008,"Primarily Radio Free Europe in Belarus (though also in some other countries) was targeted with DDoS allegedly related to its coverage of a rally organized by opposition to the Belarusian opposition. RFE provided no solid evidence, but said the Belarusian government was most likely behind the attacks. Other Belarusian websites including Charter97 were also hit. The botnet behind the attacks was a Russian-language botnet that had been active in other politically motivated attacks in there centpast.",2008-04-26,2008-04-28,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,None - None - None - None - None,Belarus; Serbia; Russia; Tajikistan; United States,EUROPE; EASTEU; CSTO - EUROPE; BALKANS; WBALKANS - EUROPE; EASTEU; CSTO; SCO - ASIA; CENTAS; CSTO; SCO - NATO; NORTHAM,Media - Media - Media - Media - Media, -  -  -  - ,,Belarus,State,,1,3271,2008-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,Not available,,,Belarus,State,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2008/04/29/radio_free_europe_ddos_attacks/,2022-08-15,2023-03-13
83,Chilean Education Data Leak,"The Education Ministry, Electoral Service and military servers used by the Chilean government have been infiltrated by a hacker. ""Confidential"" personal records of over 6 million Chileans were published then. The hacker claimed the reason was to show the lack of overall data protection there exists in Chile.",2008-05-12,2008-05-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Chile,SOUTHAM,State institutions / political system; State institutions / political system,Government / ministries; Military,,Chile,Individual hacker(s),,1,112,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Chile,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.bbc.co.uk/2/hi/americas/7395295.stm,2022-08-15,2023-03-13
84,Anti-Lithuanian Defacement 2008,"300 Lithuanian official and private websites were defaced with communist symbols after the ban on communist symbols in the country, but the Government didn't accused Russia directly",2008-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Political parties; ,,Russia,Non-state-group,Hacktivist(s),1,113,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Russia,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2008/07/01/world/europe/01baltic.html; https://www.irishtimes.com/news/lithuania-accuses-russian-hackers-of-cyber-assault-after-collapse-of-over-300-websites-1.942155; https://www.zdnet.com/article/300-lithuanian-sites-hacked-by-russian-hackers/,2022-08-15,2023-03-13
85,GhostNet,Chinese hacker network GhostNet steals information from South and South East Asian government servers and from the Office of the Dalai Lama,2008-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None - None - None - None - None - None,China; United States; India; Vietnam; Taiwan; Bangladesh; Philippines; Hong Kong; Laos,ASIA; SCS; EASIA; NEA; SCO - NATO; NORTHAM - ASIA; SASIA; SCO - ASIA; SCS; SEA - ASIA; SCS - ASIA; SASIA - ASIA; SCS; SEA - ASIA - ASIA; SEA,State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other - State institutions / political system; State institutions / political system; International / supranational organization; Media; Other,Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ;  - Government / ministries; ; ; ; ,Ghostnet,China,Unknown - not attributed,,1,114,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Ghostnet,China,Unknown - not attributed,http://www.nartv.org/mirror/ghostnet.pdf; https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://de.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; http://www.nartv.org/mirror/ghostnet.pdf; https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf,2022-08-15,2023-03-13
86,Longtime CIA campaign against China,"Chinese antivirus firm Qihoo 360 said CIA hackers have spent more than a decade breaking into the Chinese airline industry and other targets, a blunt allegation of American espionage from a Beijing-based firm.",2008-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Science; Critical infrastructure; Critical infrastructure; Critical infrastructure,Government / ministries; ; Telecommunications; Chemicals; Transportation,CIA,United States,State,,1,115,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,CIA,United States,State,https://blogs.360.cn/post/APT-C-39_CIA_EN.html,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-china-usa-cia-idUSKBN20Q2SI; https://blogs.360.cn/post/APT-C-39_CIA_EN.html,2022-08-15,2024-02-19
87,Cyberdomain Russia-Georgia War,"Different targets in Georgia were attacked, mostly with DDoS, in parallel with the Russo-Georgian War over South Ossetia and Abkhazia. Georgia accused Russia, but involvement of Russian government was contested at that time. The website of the Georgian Foreign Ministry was also affected, according to the ministry.",2008-07-20,2008-08-14,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Georgia,ASIA; CENTAS,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure,Government / ministries; Energy; ; Legislative; Military; Telecommunications; Finance,,Russia,State,,3,6711; 6709; 6710,2008-01-01 00:00:00; 2008-01-01 00:00:00; 2008-01-01 00:00:00,"Statement in media report and political statement/technical report; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,; ; ,Not available; ; Not available,; ; ,; ; ,Russia; Russia; Russia,"State; Non-state actor, state-affiliation suggested; State",https://www.nytimes.com/2008/08/13/technology/13cyber.html; https://www.reuters.com/article/us-georgia-ossetia-hackers/georgia-says-russian-hackers-block-govt-websites-idUSLB2050320080811; http://www.fistfulofgold.com/Documents/ProjectGreyGoose.pdf,International power,International power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nytimes.com/2008/08/13/technology/13cyber.html; http://www.cybertalkblog.co.uk/unlikely-that-russians-hacked-georgia-though-attacks-were-political/; https://www.newsweek.com/how-russia-may-have-attacked-georgias-internet-88111; https://www.reuters.com/article/us-georgia-ossetia-hackers/georgia-says-russian-hackers-block-govt-websites-idUSLB2050320080811; http://www.fistfulofgold.com/Documents/ProjectGreyGoose.pdf; https://www.telegraph.co.uk/news/worldnews/europe/georgia/2553058/Russia-continues-cyber-war-on-Georgia.html,2022-08-15,2023-06-28
88,Georgia vs. Russian Media 2008,DDoS attacks against RT and RIA Novosty in the middle of the Georgian Conflict 2008.,2008-08-10,2008-08-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Media,Government / ministries; ,,Georgia,Non-state-group,Hacktivist(s),1,1756,NaT,Statement in media report and political statement/technical report,Receiver attributes attacker,,Not available,,,Georgia,Non-state-group,,International power; Secession,International power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/?mtrref=www.google.com,2022-08-15,2023-03-13
89,APT-C-39 campaign against China,The American CIA spied on various companies in China over the years between 2008 and 2019,2008-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science,Government / ministries; Energy; Telecommunications; Defence industry; ,APT-C-39/CIA,United States,State,,1,120,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-39/CIA,United States,State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blogs.360.cn/post/APT-C-39_CIA_EN.html,2022-08-15,2023-03-13
90,Palin Doxxing,Alaska Governor and vice presidential candidate Sarah Palin's email account hacked by student David Kernell during the 2008 presidential election campaign and the gained materials posted.,2008-09-16,2008-09-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,Sarah Palin,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Political parties; ,David Kernell,United States,Individual hacker(s),,1,8668,NaT,"Attribution given, type unclear",Media-based attribution,,Not available,,David Kernell,United States,Individual hacker(s),,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.telegraph.co.uk/news/worldnews/sarah-palin/7750050/Sarah-Palin-vs-the-hacker.html; http://news.bbc.co.uk/2/hi/americas/7631225.stm; https://nypost.com/2008/09/19/dem-pols-son-was-hacker/; https://www.foxnews.com/us/palin-set-to-take-stand-in-tenn-hacking-trial,2022-08-15,2023-03-13
91,Agent.btz - US; Operation Buckshot Yankee (against the breach),"Classified and unclassified U.S. military networks were infected with worm Agent.btz, which spread at the computers of the DOD and CENTCOM. The worm is attributed to Russia, specifically by US Intelligence, and is associated with Turla, according to Kasperski lab analysis, though members of the US military involved in Operation Buckshot Yankee are reluctant to call agent.btz the work of a hostile government.",2008-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Military,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,State,,2,123; 122,2008-01-01 00:00:00; 2008-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia,State; State,https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf; https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/; https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html; https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html?utm_term=.3da4823e8b45; http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28; https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/; https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf; https://www.technewsworld.com/story/70699.html; https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/; https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html; https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln; https://www.wired.com/story/turla-history-russia-fsb-hackers/; https://www.databreaches.net/the-underground-history-of-russias-most-ingenious-hacker-group/; https://socradar.io/apt-profile-turla/,2022-08-15,2023-05-22
92,Indian Hacktivists vs. Pakistan,"OGRAs Website hacked by Indian Hackers, named HMG.",2008-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,,Hindu Militant Group,India,Non-state-group,Hacktivist(s),1,124,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hindu Militant Group,India,Non-state-group,,System / ideology,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://propakistani.pk/2008/11/18/ogra-defacement-or-welcome/,2022-08-15,2023-03-13
93,Pakistan Hacktivists vs. India,"In response to an action by HMG, Indian scriptkiddie, who hacked OGRA’s website, A Pakistani Group called PCA (Pakistan CyberArmy) has reportedly hacked at least five Indian websites",2008-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; ,Pakistan Cyber Army,Pakistan,Non-state-group,Hacktivist(s),1,125,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Cyber Army,Pakistan,Non-state-group,,System / ideology,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://propakistani.pk/2008/11/24/here-we-go-again/,2022-08-15,2023-03-13
73,Chinese Attack against Alcoa,"Chinese military hackers accessed the network of Alcoa, with the goal of getting access to commercial secrets",2008-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,1,100; 100,2014-01-01 00:00:00; 2014-01-01 00:00:00,Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor; https://twitter.com/NCSCgov/status/1659565751806709761,2022-08-15,2023-05-23
72,GCHQ vs. Journalists,"The british GCHQ wiretapped emails of journalists, seeing them as a serious security threat",2008-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None,United Kingdom; United States; France,EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU,Media - Media - Media, -  - ,GCHQ,United Kingdom,State,,2,99; 98,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/uk-news/2015/jan/19/gchq-intercepted-emails-journalists-ny-times-bbc-guardian-le-monde-reuters-nbc-washington-post,2022-08-15,2023-03-13
71,World of Spycraft,"The NSA and CIA gathered information on online gamers via various methods, including infiltrating online communities and data mining.",2008-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Global (region),,End user(s) / specially protected groups,,NSA/Equation Group,United States,State,,2,96; 97,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.propublica.org/article/world-of-spycraft-intelligence-agencies-spied-in-online-games,2022-08-15,2023-03-13
60,DHS breach 2007,"Sensitive information from Department of Homeland Security was exfiltrated on Chinese-language websites, the contractor charged with network security was suspected. They""don't know what was taken"", but to the best of our knowledge there was no classified information [taken].""",2007-09-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,80,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://edition.cnn.com/2007/US/09/24/homelandsecurity.computers/index.html?eref=,2022-08-15,2023-03-13
52,Azerbaijani-Armenian Cybewar 2007 Armenian Attack,Hackers identifying themselves to be connected to the Armenian state service hacked and defaced the website of the Azerbaijani state television,2007-01-22,2007-01-22,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Azerbaijan,ASIA; CENTAS,State institutions / political system; Media,Election infrastructure / related systems; ,Armenian State Service,Armenia,State,,1,69,2007-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Armenian State Service,Armenia,State,,Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-03-13
53,Azerbaijani-Armenian Cybewar 2007 Azerbaijani Counterattack,Bacioglu counter attacked and defaced five Armenian websites,2007-01-29,2007-01-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Armenia,ASIA; CENTAS; CSTO,Social groups; Other,Advocacy / activists (e.g. human rights organizations); ,Bacioglu,Azerbaijan,Individual hacker(s),,1,70,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bacioglu,Azerbaijan,Individual hacker(s),,Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-03-13
54,Azerbaijani-Armenian Cyberwar 2007 Axteam intevenes,"Axteam, an Armenian hackergroup retaliated for Bacioglus attack and took down Azerbaijani websites",2007-02-05,2007-02-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Azerbaijan,ASIA; CENTAS,Media,,Axteam,Armenia,Non-state-group,Hacktivist(s),1,71,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Axteam,Armenia,Non-state-group,,Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-03-13
55,Chemical Hack,"By stealing the password the North Korean hacker unit could excess information including data on organizations that manufacture toxic chemical substances, and the information on types of toxic chemical substances.",2007-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; Science,Military; ,,"Korea, Democratic People's Republic of",State,,2,72; 73,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker; Attribution by third-party,,,,,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State,https://www.hsdl.org/?view&did=790510,System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hsdl.org/?view&did=790510,2022-08-15,2023-03-13
56,Estonia 2007,"Different targets in Estonia attacked on the background of tensions with Russia and Russian minority in Estonia over removal of Soviet war memorial. Estonia accused Russia, but involvement of Russian government is contested and doubted by experts from the IT sector.",2007-04-27,2007-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Disruption,,Estonia,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; Legislative; Political parties; ; ,,Russia,"Non-state actor, state-affiliation suggested",,3,75; 74; 76,2007-01-01 00:00:00; 2007-01-01 00:00:00; 2007-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Attribution given, type unclear",Attribution by receiver government / state entity; IT-security community attributes attacker; Contested attribution,; ; ,; ; ,; ; ,; ; ,Russia; Unknown; Russia,"Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested",https://www.theguardian.com/world/2007/may/17/topstories3.russia; http://www.spiegel.de/international/world/old-wars-and-new-estonians-accuse-kremlin-of-cyberwarfare-a-483394.html; https://searchsecurity.techtarget.com/news/1255548/Experts-doubt-Russian-government-launched-DDoS-attacks; http://www.internetnews.com/security/article.php/3678606,System / ideology; Autonomy,Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.defenseone.com/threats/2023/10/estonia-sent-offensive-cyber-tools-ukraine-after-russia-invaded/390985/; https://english.elpais.com/international/2024-04-18/estonian-prime-minister-its-a-question-of-when-they-will-start-the-next-war.html; http://news.bbc.co.uk/2/hi/europe/6665195.stm; https://www.theguardian.com/world/2007/may/17/topstories3.russia; http://foreignpolicy.com/2010/12/07/who-was-behind-the-estonia-cyber-attacks/; http://www.spiegel.de/international/world/old-wars-and-new-estonians-accuse-kremlin-of-cyberwarfare-a-483394.html; https://searchsecurity.techtarget.com/news/1255548/Experts-doubt-Russian-government-launched-DDoS-attacks; http://www.internetnews.com/security/article.php/3678606; https://www.rferl.org/a/bulgaria-soviet-war-memorials-ghosts-art-nft-brezunek/32038555.html,2022-08-15,2023-10-20
57,DoD Systems Outage,"China accused of attack on the Office of the Secretary of Defense, according to what US Secretary of Defense Robert Gatest old reporters it was unclassified OSD emailsystem.",2007-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Government / ministries; Military,,China,State,,1,77,2007-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://web.archive.org/web/20070625081555/http://www.theregister.co.uk/2007/06/22/department_of_defense_email_hacked/; http://news.bbc.co.uk/2/hi/americas/6977533.stm; https://www.telegraph.co.uk/news/worldnews/1562149/Chinese-military-hacked-into-Pentagon.html; https://www.ft.com/content/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac,2022-08-15,2023-03-13
58,Chinese Espionage in Germany,"Der Spiegel reports based on BfV-report attacks from China on Germany like Chinese espionage attacks on other countries , Merkel didn't comment it directly on the summit ,while ""German officials believe the hackers were being directed by the People's Liberation Army "". Later German politicians asked Government to make direct remonstrations with Chinese officials, inparticular SPD politician Rolf Muetzenich, FDP expert of internal affairs Max Stadler and others.",2007-08-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,,China,State,,1,78,2007-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf; http://www.spiegel.de/netzwelt/tech/computerspionage-chinesische-trojaner-auf-pcs-im-kanzleramt-a-501954.html; http://www.spiegel.de/international/world/espionage-report-merkel-s-china-visit-marred-by-hacking-allegations-a-502169.html; http://www.spiegel.de/politik/ausland/computer-spionage-fdp-will-chinesische-hacker-angriffe-in-den-bundestag-bringen-a-502253.html; https://www.heise.de/newsticker/meldung/Politiker-fordern-Aufklaerung-ueber-chinesische-Trojaner-Angriffe-Update-167417.html,2022-08-15,2023-07-25
59,UN website Defacement,"The hackers, who named themselvesas ""kerem125"", ""Gsy"" and ""M0sted"", one of which claimed to be Turkish, defaced main UN website with logos against the US and Israel killing children, as well as claimed having hacked many other sites including the webpages for the Economic and Social Council and the Paris website of the UN Environment Program, Harvard, Norfolk and Norwich University Hospital in Britain and other US and Israeli universities, Toyota, Nestle, Yahoo Korea, MSN Italy, CocaCola, Sony, Renault.",2007-08-12,2007-08-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None - None - None - None - None,United Nations; United Nations Economic and Social Council; United Nations Environment Programme; United States; Israel; United Kingdom, -  -  - NATO; NORTHAM - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); NORTHEU,International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,; ;  - ; ;  - ; ;  - ; ;  - ; ;  - ; ; ,,Turkey,Non-state-group,Hacktivist(s),1,79,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.dailytelegraph.com.au/news/world/united-nations-website-hacked/news-story/13e8a7ae2ea91870029e1ab1c594c57f?sv=98f5643b01e22cb449ca41be1a1ce43a; https://www.computerworld.com/article/2543082/security0/-hackers--deface-un-site.html; https://www.iol.co.za/business-report/technology/un-hackers-used-sql-injection-901265; http://news.bbc.co.uk/2/hi/technology/6943385.stm,2022-08-15,2023-06-18
61,Chinese Attack on french systems,"Francis Delon,the secretary general of France's National Defence Office ,confirmed that Chinese hackers had ""penetrated outer levels"" of state computer systems,but French gov. has no proof that Chinese government is behind the attacks,even though have some evidence of Chinese invorlvement.",2007-09-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system,Government / ministries; Military,,China,Unknown - not attributed,,1,81,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,China,Unknown - not attributed,https://www.theregister.co.uk/2007/09/12/french_cyberattacks/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://web.archive.org/web/20080118141424/http://www.france24.com/france24Public/en/news/france/20070909-Internet-piracy-france-secuirty-china-hacker.html; https://www.theregister.co.uk/2007/09/12/french_cyberattacks/,2022-08-15,2023-03-13
70,Optic Nerve,The british GCHQ spied on the webcams of millions of Yahoo users,2008-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Global (region),,End user(s) / specially protected groups,,GCHQ,United Kingdom,State,,2,95; 94,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo,2022-08-15,2023-03-13
62,Operation Orchard,"Israel reportedly used electronic warfare to take over Syrian air-defenses and feed them a false-skypicture, for the entire period of time that the Israeli fighter jets needed to cross Syria, bomb their target and return.",2007-09-06,2007-09-07,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,Syria,ASIA; MENA; MEA,State institutions / political system,Military,,Israel,State,,1,82,2009-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Israel,State,,Territory; International power; Other,Territory; Other,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/2007/10/how-israel-spoo/; http://www.spiegel.de/international/world/the-story-of-operation-orchard-how-israel-destroyed-syria-s-al-kibar-nuclear-reactor-a-658663.html,2022-08-15,2023-03-13
63,Satellite Hack,"US commission claimed in the draft of an annual report that in October 2007, July (and October) 2008 hackers used a groundstation to interfere with the operation of two US government satellites used for earth observation. The commission did not explicitly accuse the Chinese government of orchestrating the attacks, but said they were consistent with Chinese military protocol.",2007-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,Science,,,China,"Non-state actor, state-affiliation suggested",,1,83,2011-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2011/oct/27/chinese-hacking-us-satellites-suspected; https://www.theguardian.com/technology/2011/oct/31/china-us-claims-satellite-hacking,2022-08-15,2023-07-06
64,Taiwan vs. Chinese Government 2007,"The Chinese government accused Taiwan's intelligence agency of compromising Chinese government, military and defence industrial networks. A secret agent named Lee Fang-jung was accused of gaining access to information related to political, military, diplomatic, economic, medical and health affairs. Some Taiwanese officials indirectly confirmed, some denied the incident or claimed no awareness of it.",2007-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,Not available,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Critical infrastructure; State institutions / political system; State institutions / political system,Government / ministries; Defence industry; Civil service / administration; Military,Not available,Taiwan,State,,1,12775,2007-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,Not available,China,Not available,Taiwan,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.scmp.com/article/613904/beijing-seeks-taiwanese-secret-agent-over-hacking,2022-08-15,2023-09-07
65,Chinese Espionage in GB 2007,"Jonathan Evans, the Director‐General of MI5, accused the Russian and ""Chinese state organisations ""of espionage against British banks and companies",2007-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,China,"Non-state actor, state-affiliation suggested",,1,85,2007-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thetimes.co.uk/article/mi5-alert-on-chinas-cyberspace-spy-threat-tbxdgkv5l9v; http://www.washingtonpost.com/wp-dyn/content/article/2007/12/03/AR2007120300782.html,2022-08-15,2023-03-13
66,Chinese Attack against US-Election Campaigns,"U.S. officials have determined that the Chinese government hacked into and spied on the 2008 presidential campaigns of Barack Obama and John McCain. Obama publicly referred to the attacks -- in general terms -- at a May 29, 2009, at White House event announcing a new cybersecurity policy. But neither the president nor his top aides publicly spoke about the identity of the hackers.",2008-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Political parties; Election infrastructure / related systems,,China,State,,1,86,2013-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehill.com/policy/technology/304111-report-china-hacked-obama-mccain-campaigns; https://www.theguardian.com/global/2008/nov/07/obama-white-house-usa,2022-08-15,2023-08-09
67,Regin,"Technical reports from Kaspersky and Symantec, which first reported on a tool called Regin in autumn 2014, show that the malware has been active for more than 10 years and has infected numerous countries such as Germany, Belgium, Brazil and two other countries in South (East) Asia. Several versions of Regin have been found in the wild, targeting various businesses, institutions, academics and individuals.
Regin is described as a versatile data collection tool that is the most dangerous spy tool after Stuxnet. 
In 2015, it was identified as an NSA toolkit used by the international intelligence alliance Five Eyes.",2008-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,"Germany; Pakistan; Saudi Arabia; Russia; Brazil; Austria; Iran, Islamic Republic of; Belgium",EUROPE; NATO; EU(MS); WESTEU - ASIA; SASIA; SCO - ASIA; MENA; MEA; GULFC - EUROPE; EASTEU; CSTO; SCO - SOUTHAM - EUROPE; EU(MS); WESTEU - ASIA; MENA; MEA - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure; Critical infrastructure,; Energy; ; ; Transportation; Telecommunications - ; Energy; ; ; Transportation; Telecommunications - ; Energy; ; ; Transportation; Telecommunications - ; Energy; ; ; Transportation; Telecommunications - ; Energy; ; ; Transportation; Telecommunications - ; Energy; ; ; Transportation; Telecommunications - ; Energy; ; ; Transportation; Telecommunications - ; Energy; ; ; Transportation; Telecommunications,GCHQ,United Kingdom,State,,2,8685; 8684,2015-01-01 00:00:00; 2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Media-based attribution,,Not available; Not available,,GCHQ; NSA/Equation Group,United Kingdom; United States,State; State,http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf; https://www.itpro.co.uk/security/33926/former-yandex-ciso-weighs-in-on-alleged-five-eyes-hack; http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html,2022-08-15,2023-11-01
68,Anarchist,US and UK agencies hacked into Israeli drones and other aircraft as they gathered intelligence according to the leaks of Edward Snowden. Intelligence reports stemming from GCHQ and the NSA extend from 2008 to 2012.,2008-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Israel,ASIA; MENA; MEA,State institutions / political system,Military,NSA/Equation Group; GCHQ,United States; United Kingdom,State; State,,2,8543; 8543; 8543; 8543; 8542; 8542; 8542; 8542,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/; https://www.jpost.com/Israel-News/Report-US-UK-intelligence-hacked-into-Israeli-drones-under-operation-Anarchist-443228; https://www.nytimes.com/2016/01/30/world/middleeast/israel-drones-snowden-britain-us.html,2022-08-15,2023-03-16
69,Blackgear,"Blackgear, also known as Topgear and Comnie, has been around since at least 2008, mainly targeting entities in Taiwan, South Korea and Japan. Their objectives include organizations in the telecommunications, defense, government, aerospace, and high-tech sectors.",2008-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,None - None - None,"Taiwan; Korea, Republic of; Japan",ASIA; SCS - ASIA; SCS; NEA - ASIA; SCS; NEA,State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Telecommunications; Defence industry;  - Government / ministries; Telecommunications; Defence industry;  - Government / ministries; Telecommunications; Defence industry; ,Blackgear/Topgear/Comnie,Unknown,Unknown - not attributed,,2,93; 92,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Attribution given, type unclear",IT-security community attributes attacker; Media-based attribution,,,,Blackgear/Topgear/Comnie; Blackgear/Topgear/Comnie,Unknown; China,"Unknown - not attributed; Non-state actor, state-affiliation suggested",https://www.securityweek.com/blackgear-cyberspies-resurface-new-tools-techniques,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/; https://www.securityweek.com/blackgear-cyberspies-resurface-new-tools-techniques,2022-08-15,2023-03-13
185,Fine Gael defacement of Anonymous,The website of the main Irish opposition party Fine Gael was hacked and defaced with a critical message by Anonymous in January 2011. The data of 2000 users were compromised.,2011-01-09,2011-01-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,Fine Gael,Ireland,EUROPE; EU(MS); NORTHEU,State institutions / political system,Political parties,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8678,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Not available,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.theguardian.com/technology/2011/jan/10/fine-gael-website-anonymous-hackers; http://www.thejournal.ie/fine-gael-website-defaced-by-anonymous-hacktivists-66151-Jan2011/,2022-08-15,2023-03-13
186,Breach of Sarkozys Facebook,Hackers managed to break into the Facebook page of French President Nicolas Sarkozy to announce he would be quitting next year.,2011-01-24,2011-01-24,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Political parties,,Unknown,Unknown - not attributed,,1,250,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,https://www.france24.com/en/20110125-france-president-nicolas-sarkozy-facebook-hacked,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.telegraph.co.uk/technology/facebook/8278200/Nicolas-Sarkozys-Facebook-page-hacked.html; https://www.france24.com/en/20110125-france-president-nicolas-sarkozy-facebook-hacked,2022-08-15,2023-03-13
187,Anonymous vs. Egypt 2011,"Sites belonging to Egypt’s cabinet, the Ministry of the Interior and the Ministry of Communications and Information Technology were inaccessible, after DDoS attacks by Anonymous.",2011-01-26,2011-01-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Egypt,MENA; MEA; AFRICA; NAF,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,251,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.nbcnews.com/id/41280813/ns/technology_and_science-security/t/anonymous-hacktivists-attack-egyptian-websites/#.W7IzEuF1NEY,2022-08-15,2023-03-13
300,Operation Quantum Entanglement/Dragon OK,"The attack group “Dragon OK” (named after an event name in one of their payload executables 6) appears to operate out of the Jiangsu province in China, and is known to target high-tech and manufacturing companies in Japan and Taiwan",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,None - None,Japan; Taiwan,ASIA; SCS; NEA - ASIA; SCS,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,DragonOk,China,Unknown - not attributed,,1,371,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DragonOk,China,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf,2022-08-15,2022-11-02
302,SpringDragon aka LotusBlossom,"Since as early as 2012, the maintargets of SpringDragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Taiwan; Indonesia; Philippines; Vietnam; Thailand,ASIA; SCS - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SEA,State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Science,Government / ministries; Legislative; Political parties; Telecommunications;  - Government / ministries; Legislative; Political parties; Telecommunications;  - Government / ministries; Legislative; Political parties; Telecommunications;  - Government / ministries; Legislative; Political parties; Telecommunications;  - Government / ministries; Legislative; Political parties; Telecommunications; ,Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,Unknown,"Non-state actor, state-affiliation suggested",,1,374,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,Unknown,"Non-state actor, state-affiliation suggested",https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf; https://unit42.paloaltonetworks.com/operation-lotus-blossom/,Resources,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf; https://securelist.com/spring-dragon-updated-activity/79067/; https://unit42.paloaltonetworks.com/operation-lotus-blossom/,2022-08-15,2023-06-18
303,Dark Caracal,"Look out and EFF revealed a worldwide cyber-espionage-campaign, allegedly sponsored or conducted by Lebanon.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,,,,,Dark Carceral,Lebanon,"Non-state actor, state-affiliation suggested",,1,373,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Dark Carceral,Lebanon,"Non-state actor, state-affiliation suggested",https://www.vice.com/en_us/article/gyw3n9/lebanese-government-hackers-hit-thousands-of-victims-with-incredibly-simple-campaign,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.vice.com/en_us/article/gyw3n9/lebanese-government-hackers-hit-thousands-of-victims-with-incredibly-simple-campaign,2022-08-15,2023-10-26
304,StealthFalcon aka FruityArmor,"Spy-Campaign against dissidents, journalistis and activists, allegedly tied to the United Arab Emirates government.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,None - None,United Arab Emirates; United Kingdom,ASIA; MENA; MEA; GULFC - EUROPE; NATO; EU(MS); NORTHEU,Social groups; End user(s) / specially protected groups; Media - Social groups; End user(s) / specially protected groups; Media,; ;  - ; ; ,Stealth Falcon/Fruity Armor,United Arab Emirates,"Non-state actor, state-affiliation suggested",,1,375,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Stealth Falcon/Fruity Armor,United Arab Emirates,"Non-state actor, state-affiliation suggested",,National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2016/05/stealth-falcon/; https://securityaffairs.com/151298/malware/deadglyph-backdoor-middle-east.html,2022-08-15,2023-09-25
305,Operation Slingshot,"Kaspersky revealed an allegedly US-counter terrorism cybercampaign in MENA countries, especially Kenya and Yemen.",2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Kenya; Yemen; Iraq; Middle East (region); Africa,AFRICA; SSA - ASIA; MENA; MEA - ASIA; MENA; MEA -  - ,Social groups - Social groups - Social groups - Social groups - Social groups,Terrorist - Terrorist - Terrorist - Terrorist - Terrorist,Slingshot,Unknown,"Non-state actor, state-affiliation suggested",,2,376; 377,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attacker confirms,,,,Slingshot; Slingshot,Unknown; United States,"Non-state actor, state-affiliation suggested; State",https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/; https://securelist.com/apt-slingshot/84312/,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.scmagazine.com/home/security-news/apts-cyberespionage/slingshot-apt-campaign-exposed-after-six-years-of-sophisticated-spying/; https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/; https://securelist.com/apt-slingshot/84312/,2022-08-15,2022-11-02
306,IAEA Hack 2012,"Parastoo (aka Charming Kitten), an Iran-related group, claimed to have compromised computer systems at the International Atomic Energy Agency (IAEA).",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,International Atomic Energy Agency (IAEA; Austria),Austria,EUROPE; EU(MS); WESTEU,International / supranational organization,,Parastoo,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),2,5929; 5930,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,; Not available,,Parastoo; Parastoo,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.thedailybeast.com/did-irans-cyber-army-hack-into-the-iaeas-computers; https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf,2022-08-15,2023-03-13
307,Israel Police Hack,A virus struck the Israeli Police department and gathered data for more than a week. Israeli IT company AVNET attributes the attack to Iran as a state-sponsor.,2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,Israel,ASIA; MENA; MEA,State institutions / political system,Police,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,380,2012-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.timesofisrael.com/how-israel-police-computers-were-hacked-the-inside-story/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.timesofisrael.com/how-israel-police-computers-were-hacked-the-inside-story/,2022-08-15,2022-11-02
308,Operation SoftCell,"In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT 10. This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Global (region),,Critical infrastructure,Telecommunications,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,1,381,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers; https://securityaffairs.com/143928/apt/operation-soft-cell-china-telecom-providers.html; https://www.darkreading.com/endpoint/linux-chinese-apt-alloy-taurus-back-retooling; https://twitter.com/unix_root/status/1651283247635001346; https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html; https://unit42.paloaltonetworks.com/alloy-taurus/,2022-08-15,2023-03-27
309,US Recon on Russian Power Grids,"The US - according to former officials - targeted the Russian cybernetwork with reconnaissance operations, later on leading to agressive operations in 2019",2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,NSA/Equation Group,United States,State,,1,382,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,NSA/Equation Group,United States,State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/87220/cyber-warfare-2/malware-russian-power-grid.html; https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html,2022-08-15,2022-11-02
310,NSA vs. System Administrators,"The American NSA hacked the computers of system admins globally, to gain access to the networks they manage.",2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Global (region),,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,NSA/Equation Group,United States,State,,2,383; 384,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://theintercept.com/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/,2022-08-15,2022-11-02
311,GCHQ vs. Taliban,"In Afghanistan, according to the 2012 presentation, the British used a blizzard of text messages, phone calls and faxes to “significantly disrupt” Taliban communications, with texts and calls programmed to arrive every minute.",2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Afghanistan,ASIA; SASIA,Social groups,Criminal,GCHQ,United Kingdom,State,,2,385; 386,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nbcnews.com/news/investigations/snowden-docs-british-spies-used-sex-dirty-tricks-n23091,2022-08-15,2022-11-02
312,CSEC vs. Canadian travellers,The Canadian CSEC used airport wifi to spy on canadian travellers,2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Canada,NATO; NORTHAM,End user(s) / specially protected groups,,CSEC,Canada,State,,2,387; 388,2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,CSEC; CSEC,Canada; Canada,State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881,2022-08-15,2022-11-02
313,Operation Muscular,"The NSA and GCHQ managed to access the security parameters of Yahoo and Google, therefore bypassing the encription and getting access to the full data traffic",2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,United States,NATO; NORTHAM,Critical infrastructure; End user(s) / specially protected groups,Telecommunications; ,NSA/Equation Group; GCHQ,United States; United Kingdom,State; State,,2,8557; 8557; 8557; 8557; 8556; 8556; 8556; 8556,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,; ; ; ; ; ; ; ,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,; ; ; ; ; ; ; ,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2013/10/how-the-nsas-muscular-tapped-googles-and-yahoos-private-networks/,2022-08-15,2023-03-13
314,"BlackTech campaign ""PLEAD""",BlackTech attacked Taiwanese government and private actor networks with the goal of the theft of confidential documents,2012-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Taiwan; Japan; Hong Kong,ASIA; SCS - ASIA; SCS; NEA - ASIA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries;  - Government / ministries; ,Blacktech,Unknown,Unknown - not attributed,,1,391,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Blacktech,Unknown,Unknown - not attributed,,Secession,Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html,2022-08-15,2022-11-02
315,Machete vs. Venezuelan Army,"A cyber-espionage group known as ""Machete"" has been observed stealing sensitive files from the Venezuelan military,according to an ESET report published today.",2012-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Venezuela; Ecuador,SOUTHAM - ,State institutions / political system - State institutions / political system,Military - Military,Machete,Unknown,Unknown - not attributed,,1,392,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Machete,Unknown,Unknown - not attributed,https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/a-cyber-espionage-group-has-been-stealing-files-from-the-venezuelan-military/; https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf,2022-08-15,2022-11-02
316,OperationCleaver/CuttingKitten,"Iranian hackers were identified in a report released Tuesday as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,None - None - None - None - None - None - None - None - None - None,United States; Canada; Israel; Germany; Saudi Arabia; Turkey; United Arab Emirates; United Kingdom; France; China,NATO; NORTHAM - NATO; NORTHAM - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU - ASIA; MENA; MEA; GULFC - ASIA; NATO; MEA - ASIA; MENA; MEA; GULFC - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry;  - Civil service / administration; Military; ; Energy; Transportation; Defence industry; ,Magic Hound/APT35/Cobalt Gypsy,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,393,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Magic Hound/APT35/Cobalt Gypsy,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf; https://www.nytimes.com/2014/12/03/world/middleeast/report-says-cyberattacks-originated-inside-iran.html; https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf; https://www.nytimes.com/2014/12/03/world/middleeast/report-says-cyberattacks-originated-inside-iran.html; https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf,2022-08-15,2022-11-02
317,"PLA vs. SolarWorld, ATI & USW",Chinese-government backed military hackers stole e-mails of German Solar company's executives containting solar panel technological innovations and manufacturing metrics. The same holds true for the companies ATI and USW in the respective year.,2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,ATI - SolarWorld,United States; Germany,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,,China,State,,1,14719,2014-05-20 00:00:00,Domestic legal action,Attribution by receiver government / state entity,US Department of Justice (DoJ),Not available,United States,,China,State,https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor; https://twitter.com/NCSCgov/status/1659565751806709761,2022-08-15,2023-12-04
318,Leak of Israeli CreditCard Data,"Saudi hackers publish creditcard details of about 20000 Israelis, Israeli officials call cyberterrorism",2012-01-01,2012-01-06,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,Israel,ASIA; MENA; MEA,End user(s) / specially protected groups; Other,,OxOmar,Saudi Arabia,Individual hacker(s),,1,395,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,OxOmar,Saudi Arabia,Individual hacker(s),https://www.huffingtonpost.com/2012/01/06/israel-hack-saudi-arabia-oxomar_n_1188979.html,System / ideology,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.jpost.com/International/Hackers-post-1000s-of-Israeli-credit-card-numbers; https://www.huffingtonpost.com/2012/01/06/israel-hack-saudi-arabia-oxomar_n_1188979.html; http://www.nytimes.com/2012/01/07/world/middleeast/cyberattack-exposes-20000-israeli-credit-card-numbers.html,2022-08-15,2022-11-02
319,Wikileaks leaks Stratfor Info,Hacked email from leading private US intelligence agency Stratfor,2012-01-01,2012-02-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,396,NaT,"Attribution given, type unclear",Media-based attribution,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.rt.com/news/stratfor-syria-secret-wikileaks-989/,2022-08-15,2023-06-13
320,Wikileaks leaks US Info,WikiLeaks to release two million ‘humiliating’ hacked Syrian government emails,2012-01-01,2012-07-05,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,Syria,ASIA; MENA; MEA,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Government / ministries; Political parties; ,,Unknown,Unknown - not attributed,,1,397,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/wikileaks-to-release-two-million-humiliating-hacked-syrian-government-emails/; https://www.diepresse.com/6274092/pentagon-nennt-datenleck-sehr-hohes-sicherheitsrisiko; https://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/; https://socradar.io/dark-peep-7-shadows-of-betrayal-and-leadership-in-flux/,2022-08-15,2023-10-05
301,Molerats aka Gaza Cybergang 2012,"Spear-Phishing campaign by the Group Molerats aka Gaza Cybergang against Israeli, US and UK government. The group has been later attributed to Hamas.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,United Kingdom; Israel; United States,EUROPE; NATO; EU(MS); NORTHEU - ASIA; MENA; MEA - NATO; NORTHAM,State institutions / political system; Media - State institutions / political system; Media - State institutions / political system; Media,Government / ministries;  - Government / ministries;  - Government / ministries; ,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,Terrorist(s),1,17168,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf; https://www.securityweek.com/gaza-cybergang-attacks-attributed-hamas; https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://blog.trendmicro.com/trendlabs-security-intelligence/new-xtreme-rat-attacks-on-usisrael-and-other-foreign-governments/; https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf; https://www.securityweek.com/gaza-cybergang-attacks-attributed-hamas; https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,2022-08-15,2024-02-15
299,Leviathan vs. Maritime & Defense Targets,"Chinese APT Leviathan targets defense contractors, universities (particularly those with military research ties), legal organizations and government agencies. The actor has particular interest in naval industries including shipbuilding and related research.",2011-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,Austria; Germany; United Kingdom; Canada; Norway; India; Malaysia; Saudi Arabia; Cambodia; United States,EUROPE; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM - EUROPE; NATO; NORTHEU - ASIA; SASIA; SCO - ASIA; SCS; SEA - ASIA; MENA; MEA; GULFC - ASIA; SEA - NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ;  - Government / ministries; ; ,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department); Hainan Xiandun Company/MSS",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,13888; 13888; 13887; 13887,2020-01-01 00:00:00; 2020-01-01 00:00:00; 2020-01-01 00:00:00; 2020-01-01 00:00:00,"Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,Not available; Not available; ; ,United States; United States; ; ,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department); Hainan Xiandun Company/MSS; APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department); Hainan Xiandun Company/MSS",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion; https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets; https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion; https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets; https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html,2022-08-15,2023-10-26
188,Lybia anti-Government DDOS,Anti-government activists Tuesday accused Libyan leader Moamer Gaddafi of hacking websites reporting on Libya's pro-democracy demonstrations.,2011-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,Libya,AFRICA; MENA; MEA; NAF,Social groups; Media,Political opposition / dissidents / expats; ,,Unknown,State,,1,252,2011-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,State,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/03/libyan-opposition-websites-hacked.html,2022-08-15,2023-10-20
298,XDSpy Espionage campaign,New hacking group XDSpy got discovered stealing government secrets in Eastern Europe and the Balkans since 2011,2011-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Eastern Europe; Balkans (region), - ,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Military;  - Government / ministries; Military; ,XDSpy,Unknown,Unknown - not attributed,,1,368,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,XDSpy,Unknown,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/; https://www.eset.com/us/about/newsroom/press-releases/eset-researchers-discover-xdspy-an-apt-group-stealing-government-secrets-in-europe-since-2011-2/,2022-08-15,2022-11-02
279,DDOS on Korean By-Election,Associates of the ruling party attacked the servers of the national electoral commision on the day of the 2011 Seoul-by-election,2011-10-26,2011-10-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Not available,Disruption,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Election infrastructure / related systems,,"Korea, Republic of","Non-state actor, state-affiliation suggested",,1,348,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Republic of","Non-state actor, state-affiliation suggested",,National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://web.archive.org/web/20120108030022/http://koreatimes.co.kr/www/news/nation/2012/01/117_102260.html; http://www.koreatimes.co.kr/www/nation/2018/12/113_100097.html,2022-08-15,2022-11-02
280,Anonymous vs. Oakland,"Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors, taking down their websites with DDoS attacks.",2011-10-27,2011-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,349,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/10/anonymous-ddos-oakland-police-site.html,2022-08-15,2022-11-02
281,Anonymous defaces Website of Political Candidate that colloborates with Cartels,"In a slate against the Mexican Drug Cartel Los Zetas, Anonymous Mexico defaces the website of the politician Gustavo Rosario Torres, claiming that he collaborates with the cartel.",2011-10-29,2011-10-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Mexico,,State institutions / political system,,Anonymous,Mexico,Non-state-group,Hacktivist(s),1,350,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Mexico,Non-state-group,,System / ideology,Subnational predominance; Resources; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/10/anonymous-hackers-threatening-mexican.html,2022-08-15,2022-11-02
282,DDOS vs. Palestinian Pages,"Internet services in the WestBank and Gaza have come under ""sustained attack"" in multiple locations, a day after Palestine's accession to the UNESCO. Palestinian officials hint at Israel as the inititator.",2011-11-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,Palestine,ASIA; MENA; MEA,Critical infrastructure,Telecommunications,,Israel,State,,1,351,2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Israel,State,,System / ideology; Territory; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.aljazeera.com/indepth/opinion/2011/11/2011117151559601957.html; https://www.theguardian.com/world/2011/nov/01/palestinians-hit-cyber-attack-unesco,2022-08-15,2022-11-02
283,Anonymous vs. El Salvador,"The Anonymous hacking group launched an online strike against government websites in El Salvador last Saturday, forcing several of them to shut down to prevent the theft of high-ranking officials' personal information.",2011-11-05,2011-11-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,El Salvador,CENTAM,State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Legislative; Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,352,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.nbcnews.com/id/45214010/ns/technology_and_science-security/t/hackers-hit-el-salvador-government-sites/#.W4k_4ScVREY,2022-08-15,2022-11-02
284,Anonymous leaks finish Neo-Nazi site data,Anonymous hacks the database of a Finnish neo-nazi group and leaks data of 16000 members.,2011-11-08,2011-11-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Finland,EUROPE; EU(MS); NORTHEU,Social groups,Political opposition / dissidents / expats,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,353,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/11/anonymous-hackers-hack-neo-nazis.html,2022-08-15,2022-11-02
285,DDOS in the preceding days of the russian parliament election,"DDoS have in the days preceding parliamentary elections shutdown a large number of media websites. Russia’s most popular bloggingsite, LiveJournal, was hobbled. The cyberattack also simultaneously crippled the websites of leading radio station EkhoMoskvy-owned by state energy monopoly Gazprom-Kommersant newspaper and other topmedia outlets. Russia’s main independent vote monitor, Golos, was another target.",2011-11-08,2011-11-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,Media,,,Russia,"Non-state actor, state-affiliation suggested",,1,354,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Russia,"Non-state actor, state-affiliation suggested",https://www.bbc.com/news/technology-16032402?print=true,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf; https://www.reuters.com/article/us-russia-protests-socialmedia/insight-social-media-makes-anti-putin-protests-snowball-idUSTRE7B60R720111207; https://www.bbc.com/news/technology-16032402?print=true,2022-08-15,2022-12-28
286,Q!sRQaTaR-Hacker Alajman vs. Ankara Government,Qatari hacker defaces several websites belonging to the Turkish government.,2011-11-10,2011-11-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,Q!sRQaTaR - Hacker Alajman,Qatar,Individual hacker(s),,1,355,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Q!sRQaTaR - Hacker Alajman,Qatar,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Turkish-Government-Websites-Defaced-by-Qatar-Hacker-226486.shtml,2022-08-15,2022-11-02
287,3xp1r3 Cyber Army vs. Supreme Court of Bangladesh,The website of the Supreme Court of Bangladesh is defaced with crude political messages.,2011-11-10,2011-11-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Bangladesh,ASIA; SASIA,State institutions / political system,Judiciary,3xp1r3 Cyber Army,Unknown,Unknown - not attributed,,1,356,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,3xp1r3 Cyber Army,Unknown,Unknown - not attributed,https://www.thedailystar.net/news-detail-209824,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/11/bangladesh-supreme-court-website-hacked.html; https://www.thedailystar.net/news-detail-209824,2022-08-15,2022-11-02
288,Anonymous vs. The Muslim Brotherhood,Anonymous Hackers take down the The Muslim Brotherhood websites.,2011-11-11,2011-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Unknown,,State institutions / political system,Political parties,Anonymous,France; Germany; Slovakia; United States,Non-state-group,Hacktivist(s),2,357; 357; 357; 357; 358; 358; 358; 358,NaT; NaT; NaT; NaT; NaT; NaT; NaT; NaT,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,; ; ; ; ; ; ; ,; ; ; ; ; ; ; ,; ; ; ; ; ; ; ,Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous,France; Germany; Slovakia; United States; France; Germany; Slovakia; United States,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/11/operation-brotherhood-shutdown-by.html,2022-08-15,2023-11-23
289,Anonymous vs. Israeli Foreign Ministry,"To protest what they call the ""barbaric, brutal and despicable treatment of the Palestinian people,"" hackers from the collective Anonymous have been attacking a number of Israeli Web sites, including Israel’s Foreign Ministry and the municipal Web site for Tel Aviv.The group has also deleted the databases of the Israel Ministry of Foreign Affairs and Bank of Jerusalem, and leaked e-mail addresses and passwords for other sites.",2011-11-17,2011-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Military; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,359,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/news/worldviews/wp/2012/11/17/anonymous-is-hacking-israeli-web-sites/?noredirect=on&utm_term=.eb177b12241b,2022-08-15,2022-11-02
290,TeamP0ison leaks UN login data,"The TeaM p0isoN hacking gang has leaked over one hundred usernames, email addresses and passwords that appear to belong to individuals at the United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organisation(WHO) and other groups. The UN states that an old server had been compromised, and that the passwords would be outdated.",2011-11-29,2011-11-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,None - None - None,United States; France; Switzerland,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - EUROPE; WESTEU,International / supranational organization - International / supranational organization - International / supranational organization, -  - ,Team P0ison,Unknown,Non-state-group,Hacktivist(s),1,360,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/technology-15951883; https://nakedsecurity.sophos.com/2011/11/29/united-nations-hacked-email-addresses-and-passwords-leaked/,2022-08-15,2022-11-02
291,Attack on the Syrian MFA,An unknown actor attacked the Syrian MFA via a spear-phishing attack,2011-12-05,2011-12-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,361,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/a-targeted-attack-against-the-syrian-ministry-of-foreign-affairs/34742/,2022-08-15,2022-11-02
292,Indishell vs. Dawrn,"Indian hackers deface a big Pakistani news page and leak its database, presumably relating to Kashmeer conflict.",2011-12-08,2011-12-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Pakistan,ASIA; SASIA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Indishell,India,Non-state-group,Hacktivist(s),1,362,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indishell,India,Non-state-group,,Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/12/biggest-pakistan-news-site-dawncom.html,2022-08-15,2022-11-02
293,Anonymous vs. Coalition of Law Enforcement,Hacktivists leak the database with log-in credentials of the US Coalition of Law Enforcement and Retail in support of Occupy protests.,2011-12-12,2011-12-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Media,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,363,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://www.csoonline.com/article/2221299/lulzlover-hacked-coalition-of-law-enforcement--data-dumped-for-2-400-cops-and-feds.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/12/coalition-of-law-enforcement-hacked.html; https://www.csoonline.com/article/2221299/lulzlover-hacked-coalition-of-law-enforcement--data-dumped-for-2-400-cops-and-feds.html,2022-08-15,2022-11-02
294,Anti-Israel Hack of Guyana,Hacker defaces the website of the President of Guyana and leaves anti-Israel messages.,2011-12-12,2011-12-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Guyana,,State institutions / political system,Government / ministries,The Hacker Team,Unknown,Non-state-group,Hacktivist(s),1,364,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Hacker Team,Unknown,Non-state-group,https://news.softpedia.com/news/Presidency-of-Guyana-and-Anonymous-Websites-Defaced-by-Tha-Disaster-240003.shtml,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/12/president-of-guyanas-website-defaced-by.html; https://news.softpedia.com/news/Presidency-of-Guyana-and-Anonymous-Websites-Defaced-by-Tha-Disaster-240003.shtml,2022-08-15,2022-11-02
295,Anonymous leaks Senate Data,"Right after the National Defense Authorization Act (NDAA) passed through the Senate, hackers who operate under the name Anonymous leaked detailed information on many of the politicians.",2011-12-19,2011-12-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Legislative,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,365,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Anonymous-Leaks-Information-on-Senators-who-Passed-NDAA-241675.shtml,2022-08-15,2022-11-02
296,Revenge for Bradley Menning,"Anonymous hacks the US American intelligence company Stratfor, leaking personal and creditcard information of its customers and donating over 500$ from said credit cards to charity. Action was supposedly motivated by frustration over treatment of US whistleblower Bradley Manning.",2011-12-24,2011-12-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,366,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://venturebeat.com/2011/12/25/anonymous-hackers-steals-data-stratfor-security/; https://venturebeat.com/2011/12/27/anonymous-stole-9k-credit-cards-stratfor-hack/; https://www.theguardian.com/technology/2011/dec/27/security-stratfor-hackers-credit-cards,2022-08-15,2022-11-02
297,Hack of french MP,"Turkish hackers deface the website of French parliamentarian Valerie Boyer, the author of a bill criminalizing the denial of the Armenian genocide, that had been adopted a couple of days earlier by the French National Assembly.",2011-12-26,2011-12-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Legislative,Turkish Hackers,Turkey,Non-state-group,Hacktivist(s),1,367,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turkish Hackers,Turkey,Non-state-group,,System / ideology,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/12/french-mp-valerie-boyers-website-hacked.html,2022-08-15,2022-11-02
321,Attack on Indian Navy,"China hackers enter Navy computers, plant bug to extract sensitive data",2012-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,India,ASIA; SASIA; SCO,State institutions / political system,Military,,China,Unknown - not attributed,,1,398,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://archive.indianexpress.com/news/china-hackers-enter-navy-computers-plant-bug-to-extract-sensitive-data/968897/,2022-08-15,2022-11-02
322,Volatile Cedar,Volatile Cedar–Analysis of a Global Cyber Espionage Campaign,2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,Canada; United Kingdom; United States; Lebanon; Israel; Turkey,NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; NATO; MEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Critical infrastructure,Telecommunications; ; ; Defence industry - Telecommunications; ; ; Defence industry - Telecommunications; ; ; Defence industry - Telecommunications; ; ; Defence industry - Telecommunications; ; ; Defence industry - Telecommunications; ; ; Defence industry,DeftTorero/Volatile Cedar/Lebanese Cedar,Lebanon,"Non-state actor, state-affiliation suggested",,1,17169,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DeftTorero/Volatile Cedar/Lebanese Cedar,Lebanon,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,,2022-08-15,2024-02-15
323,Belgian MFA hacked,"Belgium’s Ministry of Foreign Affairs Hacked, Foreign Policy Data Leaked",2012-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Government / ministries,NSA/Equation Group,United States,State,,1,400,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,NSA/Equation Group,United States,State,,International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Belgium-s-Ministry-of-Foreign-Affairs-Hacked-Foreign-Policy-Data-Leaked-384413.shtml,2022-08-15,2022-11-02
324,Op Freedom Palestine Pak CyberPirates,800 Websites Hacked by Pak CyberPyrates for #op Freedom Palestine,2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Unknown,,Pak Cyber Pirates,Pakistan,Non-state-group,Hacktivist(s),1,401,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Cyber Pirates,Pakistan,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/800-websites-hacked-by-pak-cyber-pyrates-for-opfreedompalestine/,2022-08-15,2022-11-02
347,Anonymous takes down Vatikan Pages 2012,Anonymous brings down Vatican website,2012-03-01,2012-03-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Holy See (Vatican City State),EUROPE,State institutions / political system; Critical infrastructure,; Telecommunications,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,424,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/official-vatican-radio-website-hacked-once-again-by-anonymous/,2022-08-15,2022-11-02
348,YeiZeta Data Leak,Pentagon and Mexican Presidential Servers Hacked,2012-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,None - None,United States; Mexico,NATO; NORTHAM - ,State institutions / political system; Media - State institutions / political system; Media,Government / ministries;  - Government / ministries; ,YeiZeta,Unknown,Non-state-group,Hacktivist(s),1,425,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,YeiZeta,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/pentagon-and-mexican-presidential-servers-hacked-by-yei-zeta-and-database-leaked/,2022-08-15,2022-11-02
349,Muslim Liberation Army Defacement of Indian pages,Indian websites hacked by MLA,2012-03-01,2012-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; Critical infrastructure; Media; Other,Government / ministries; Telecommunications; ; ,Muslim Liberation Army,Unknown,Non-state-group,Hacktivist(s),1,426,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Muslim Liberation Army,Unknown,Non-state-group,,Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/2300-indian-websites-hacked-including-government-and-online-channels-websites-by-muslim-liberation-army-mla/,2022-08-15,2022-11-02
350,Guardian on Iranian cyber-attack,BBC fears Iranian cyber-attack over its Persian TV service,2012-03-02,2012-03-02,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,427,2012-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/media/2012/mar/14/bbc-fears-iran-cyber-attack-persian,2022-08-15,2022-11-02
351,Cyberwar against Israel for freedom of Palestine,34 Israeli Websites hacked by GaZaHaCkeRTeam,2012-03-21,2012-03-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,GaZaHaCkeRTeam,Palestine,Non-state-group,Hacktivist(s),1,428,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GaZaHaCkeRTeam,Palestine,Non-state-group,,National power,National power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/34-israeli-websites-hacked-by-gaza-hacker-team/,2022-08-15,2022-11-02
352,Pirate Cr3wdoxxes Israeli Parliament,Massive Israeli Government Doxby PirateCr3w,2012-03-25,2012-03-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system; State institutions / political system,Government / ministries; Government / ministries,PirateCr3w,Unknown,Non-state-group,Hacktivist(s),1,429,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,PirateCr3w,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/massive-israeli-government-dox-by-piratecr3w/,2022-08-15,2022-11-02
353,Team P0ison Defaces NATO Website,Official NATO Croatia Website defaced,2012-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Croatia,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system; International / supranational organization,Government / ministries; ,Team P0ison,Unknown,Non-state-group,Hacktivist(s),1,430,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/official-nato-croatia-website-defaced-by-teamp0ison/,2022-08-15,2022-11-02
354,AlQaedaSec DDOS vs. NYC,DDOS attack on the official site of New York City,2012-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Al Qaeda Sec,Syria,Non-state-group,Hacktivist(s),1,431,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Al Qaeda Sec,Syria,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/AlQaedaSec-Launch-DDOS-Attack-on-New-York-City-Website-264960.shtml,2022-08-15,2022-11-02
355,Anonymous attacks chinese government sited,Anonymous hackers attack Chinese govt websites,2012-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Media; State institutions / political system,Government / ministries; ; Military,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,432,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://tvnewswatch.blogspot.de/2012/04/anonymous-hackers-attack-chinese-govt.html,2022-08-15,2022-11-02
356,Team GhostShell hack Uarkansas,Team GhostShell Hacks University of Arkansas Computer Store,2012-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,United States,NATO; NORTHAM,Science,,Team Ghostshell,Unknown,Non-state-group,Hacktivist(s),1,433,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Ghostshell,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Team-GhostShell-Hacks-University-of-Arkansas-Computer-Store-264675.shtml,2022-08-15,2023-06-18
357,Anonymous DDOS CIA Part II,(DDOS) attacks against the official site of the Central Intelligence Agency,2012-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,434,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Hackers-Launch-DDOS-Attacks-on-CIA-and-DOD-Sites-264665.shtml,2022-08-15,2022-11-02
358,The Unknowns hack NASA,The Unknowns' hack NASA,2012-04-20,2012-04-20,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,The Unknowns,Unknown,Non-state-group,Hacktivist(s),1,435,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Unknowns,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.pri.org/stories/2012-05-04/unknowns-hack-nasa,2022-08-15,2023-05-26
359,Wiper,"Wiper was an aggressive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April, sharing some similarities with Stuxnet, Duqu, Gauss and Flame, according to Kaspersky.",2012-04-21,2012-04-30,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system; Critical infrastructure,Government / ministries; Energy,NSA/Equation Group,Unknown,"Non-state actor, state-affiliation suggested",,2,3193; 3192,2012-01-01 00:00:00; 2012-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Media-based attribution,,Not available; ,,NSA/Equation Group; NSA/Equation Group,Unknown; United States,"Non-state actor, state-affiliation suggested; State",https://securelist.com/what-was-that-wiper-thing-48/34088/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nytimes.com/2012/04/24/world/middleeast/iranian-oil-sites-go-offline-amid-cyberattack.html; https://www.wired.com/2012/08/wiper-possible-origins/; https://securelist.com/what-was-that-wiper-thing-48/34088/,2022-08-15,2023-03-16
360,UgNazi vs. CIA,UG NaziHackers Launch DDOS Attacks on CIA,2012-04-24,2012-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups; End user(s) / specially protected groups; Media,; ; ,UGNazi,Unknown,Non-state-group,Hacktivist(s),1,438,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,UGNazi,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/UGNazi-Hackers-Launch-DDOS-Attack-on-CIA-DOJ-Site-to-Protest-CISPA-266033.shtml,2022-08-15,2022-11-02
361,Defacement of Taliban Website,Taliban website hacked,2012-04-26,2012-04-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Afghanistan,ASIA; SASIA,Social groups,Terrorist,,Unknown,Unknown - not attributed,,1,439,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/net-us-afghanistan-taliban-hacking/taliban-website-hacked-as-afghan-cyber-war-heats-up-idUSBRE83Q09I20120427,2022-08-15,2022-11-02
362,Mofang_ShimRat Reporter,"A threatgroup called ""Mofang"" believed to be affiliated with the Chinese government has been conducting cyberespionage operations against Myanmar and other countries for economic gain, using the malware""ShimRatReporter"".",2012-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,"Myanmar; Canada; Germany; United States; Korea, Republic of; Singapore",ASIA; SEA - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - ASIA; SCS; NEA - ASIA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,Mofang,China,"Non-state actor, state-affiliation suggested",,1,440,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Mofang,China,"Non-state actor, state-affiliation suggested",https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf,2022-08-15,2022-11-02
363,Anonymous vs. DOJ,Anonymous Hacks Department of Justice,2012-05-22,2012-05-22,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Judiciary,Anonymous,Unknown,Non-state-group,Hacktivist(s),2,441; 442,NaT; NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,Anonymous; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://mashable.com/2012/05/22/anonymous-department-justice/#YTbwFNx45ZqN,2022-08-15,2022-11-02
364,Zcompany Hacking Crew hacks government pages,Government & Civilian Websites Hacked by Zcompany Hacking Crew,2012-05-29,2012-05-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; Other,Government / ministries; ,Zcompany Hacking Crew,Unknown,Non-state-group,Hacktivist(s),1,443,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Unknown,Non-state-group,,Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/1846-government-civilian-websites-hacked-by-z-company-hacking-crew/,2022-08-15,2022-11-02
365,Bangladeshi Cyber Army Declares War,Bangladeshi Cyber Army Declares War on Myanmar,2012-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Myanmar,ASIA; SEA,State institutions / political system; International / supranational organization; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ; ,Bangladesh Cyber Army,Bangladesh,Non-state-group,Hacktivist(s),1,444,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,,Cyber-specific; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/Bangladeshi-Cyber-Army-Declares-War-on-Myanmar-Attacks-Websites-276450.shtml,2022-08-15,2022-11-02
346,Op Freedom Palestine & Kashmir,OP Palestine and Kashmir,2012-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,,Pak Cyber Pirates,Pakistan,Non-state-group,Hacktivist(s),1,423,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Cyber Pirates,Pakistan,Non-state-group,,Secession,Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/over-400-indian-websites-hacked-pak-cyber-pyrates-for-opfreedom-palestine-kashmir/,2022-08-15,2022-11-02
345,Anonymous disrupt Interpol,"Anonymous disrupts website of Interpol with DDos attack, after the arrest of 25 alleged hackers.",2012-02-29,2012-02-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Interpol,,International / supranational organization,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,422,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2012/feb/29/interpol-website-cyber-attack,2022-08-15,2022-11-02
344,rOOtw0rm vs. UNEP,"The hacking group rOOtw0rm hacked and leaked the database of United Nations Environment Programme UNEP, including admin login and usersdata. UNEP's website service was also disrupted.",2012-02-28,2012-02-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,United Nations,,International / supranational organization,,rOOtw0rm,Unknown,Non-state-group,Hacktivist(s),1,421,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,rOOtw0rm,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/united-nations-environment-programme-database-leaked-by-r00tw0rm/,2022-08-15,2022-11-02
333,Nightmare disrupts Israeli Site,"Saudi hackergroup 'Nightmare', lead by 0xOmar, shortly disrupted the websites of the Tel Aviv Stock Exchange, El Al Airlines and several commercial banks. ",2012-01-16,2012-01-16,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Critical infrastructure; Critical infrastructure,Transportation; Finance,Nightmare(OxOmar),Saudi Arabia,Non-state-group,Hacktivist(s),1,6706,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Nightmare(OxOmar),Saudi Arabia,Non-state-group,https://www.telegraph.co.uk/news/worldnews/middleeast/israel/9019204/Hackers-disrupt-Tel-Aviv-Stock-Exchange-and-El-Al.html,System / ideology,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-israel-hackers/israel-rattled-as-hackers-hit-bourse-banks-el-al-idUSTRE80F0V220120116; https://www.telegraph.co.uk/news/worldnews/middleeast/israel/9019204/Hackers-disrupt-Tel-Aviv-Stock-Exchange-and-El-Al.html,2022-08-15,2023-03-13
325,Bangladesh Cyber Army hack indian webpages,Indian Government and 30 websites hacked by Bangladesh Cyber Army,2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; Media,,Bangladesh Cyber Army,Bangladesh,Non-state-group,Hacktivist(s),1,402,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,,System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/indian-government-and-and-30-websites-hacked-by-bangladesh-cyber-army/,2022-08-15,2022-11-02
326,Espionage Campaign targeting Japan,Espionage campaign targeting Japan,2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Taiwan,ASIA; SCS,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,China,Unknown - not attributed,,1,403,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/cyber-espionage-campaign-targeting-japan-may-have-ties-to-2012-taiwan-attacks-505607.shtml,2022-08-15,2022-11-02
327,Telvent Hack,"A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.",2012-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft,,Canada,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,1,404; 404,2012-01-01 00:00:00; 2012-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,https://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/; https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/; https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html; https://www.securityinfowatch.com/cybersecurity/article/53098118/the-us-electric-industry-is-not-responding-to-cyber-vulnerable-chinese-equipment,2022-08-15,2024-03-05
328,Ocean Lotus (vs. China),"Last week, SkyEye, Qihoo 360’s threat intelligence service, released a report entitled OceanLotus. The report describes the working of an APT (Advanced Persistent Threat) group engaged for at least three years in cyber espionage against Chinese targets, including ocean affairs agencies, the departments in charge of China’s territorial waters, research institutes, and aviation, aeronautics, and shipping companies.",2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Water; ; ,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Unknown,"Non-state actor, state-affiliation suggested",,1,405,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Unknown,"Non-state actor, state-affiliation suggested",https://www.cfr.org/blog/oceanlotus-china-hits-back-its-own-cybersecurity-report,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cfr.org/blog/oceanlotus-china-hits-back-its-own-cybersecurity-report,2022-08-15,2022-11-02
329,Operation Beebus/APT 1,Allegedly a Chinese-state-sponsored group spied on US defense and aerospace  companies.,2012-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,United States,NATO; NORTHAM,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Defence industry; ,,China,"Non-state actor, state-affiliation suggested",,1,406,2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html,2022-08-15,2022-11-02
330,Operation Quantum Entanglement/MoafeeGroup,The attack group “Moafee” (named after their command and control infrastructure) appears to operate out of the Guangdong province in China and is known to target the governments and military organizations of countries with national interests in the South China Sea.,2012-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None,Southeast Asia (region); United States, - NATO; NORTHAM,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries; Military - Government / ministries; Military,Moafee Group,China,Unknown - not attributed,,1,407,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Moafee Group,China,Unknown - not attributed,,Resources,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
331,Ox Omer leaks Saudi Credit Data,An Israeli hacker published details of hundreds of Saudi creditcards online in revenge for acts by Arab hackers.,2012-01-11,2012-01-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Saudi Arabia,ASIA; MENA; MEA; GULFC,End user(s) / specially protected groups,,OxOmer,Israel,Individual hacker(s),,1,408,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,OxOmer,Israel,Individual hacker(s),http://www.bbc.com/news/world-middle-east-16526067,System / ideology,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://english.alarabiya.net/articles/2012/01/11/1; http://www.bbc.com/news/world-middle-east-16526067,2022-08-15,2022-11-02
332,Molerats deface Israeli Fire Service,A group of hackers claiming to be from the Gaza Strip succeeded on Thursday night in hacking into the Israeli Fire and Rescue Services' official website's homepage was changed to black with a sneering message from the hackers to the Israeli government.,2012-01-13,2012-01-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,Terrorist(s),1,17167,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion; https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website,System / ideology,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"https://www.ynetnews.com/articles/0,7340,L-4175183,00.html; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion; https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website",2022-08-15,2024-02-15
334,IDF-Team takes down Stock Exchanges,"Israeli hackers brought down the websites of both the Saudi Stock Exchange (Tadawul) and the Abu Dhabi Securities Exchange (ADX) Tuesday, in the latest episode of a continuing cyberwar between hackers in the two countries.",2012-01-17,2012-01-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,United Arab Emirates; Saudi Arabia,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC,Critical infrastructure - Critical infrastructure,Finance - Finance,IDF-Team,Israel,Non-state-group,Hacktivist(s),1,6705,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,IDF-Team,Israel,Non-state-group,,System / ideology,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.haaretz.com/1.5166851,2022-08-15,2023-02-09
343,Bangladesh Cyber Army hack indian regional government,"Bangladeshi hackers deface website of Indian local government (and claim to have hacked 20,000 other pages), leave message that calls for end of innocent killings at border.",2012-02-15,2012-02-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Bangladesh Cyber Army,Bangladesh,Non-state-group,Ethnic actors,1,420,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,,Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/indian-kaliabor-sub-division-government-website-hacked-by-bangladesh-cyber-army/; https://www.kahawatungu.com/2012/02/15/bangladesh-hackers-engages-indian-hackers-in-major-cyber-warfare/,2022-08-15,2022-11-02
335,Anonymous revenge for Megaupload Shutdown,"Department of Justice, FBI, and Universal Music sites hacked after Megaupload shutdown, Anonymous claims credit",2012-01-20,2012-01-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Civil service / administration; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,412,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://www.hackread.com/us-top-government-security-website-hacked-by-anonymous-and-login-details-leaked/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/business/economy/department-of-justice-site-hacked-after-megaupload-shutdown-anonymous-claims-credit/2012/01/20/gIQAl5MNEQ_story.html?utm_term=.a9426cb8a27d; https://www.hackread.com/us-top-government-security-website-hacked-by-anonymous-and-login-details-leaked/; https://tarnkappe.info/artikel/hintergrundberichte/beruehmte-hacker-die-uns-noch-lange-in-erinnerung-bleiben-werden-teil-4-273234.html,2022-08-15,2023-04-20
336,Anonymous takes down Israeli hospital and newspaper websites,Anonymous Palestina shuts down two Israeli hospital websites and one newspaper website.,2012-01-25,2012-01-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Critical infrastructure; Media,Health; ,Anonymous,Palestine,Non-state-group,Hacktivist(s),1,413,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Palestine,Non-state-group,,System / ideology,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.haaretz.com/1.5174761; http://jerusalemworldnews.com/2012/01/25/palestinian-hackers-jam-israeli-hospital-websites/,2022-08-15,2022-11-02
337,Mofang_ShimRat,"A threatgroup called ""Mofang"" believed to be affiliated with  the Chinese government has been conducting cyberespionage operations against Myanmar and other countries for economic gain, using the malware""ShimRat"".",2012-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,Myanmar; United States; Germany; Canada; India; Singapore,ASIA; SEA - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - ASIA; SASIA; SCO - ASIA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,Mofang,China,"Non-state actor, state-affiliation suggested",,1,414,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Mofang,China,"Non-state actor, state-affiliation suggested",https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/chinese-attackers-conduct-cyberespionage-economic-gain; https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf,2022-08-15,2022-11-02
338,Anonmyous leaks Conversation between FBI and Scotland Yard,"Anonymous hacks into phone call between FBI and Scotland Yard, leaks recordings.",2012-02-03,2012-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,None - None,United States; United Kingdom,NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system - State institutions / political system,Police - Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,415,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2012/feb/03/anonymous-hacks-call-fbi-scotland-yard,2022-08-15,2022-11-02
339,SilentHacker Defaces Bangladeshi Pages,"Indian hacker ""SilentHacker""defaces 30 Bangladeshi government websites.",2012-02-09,2012-02-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,Bangladesh,ASIA; SASIA,State institutions / political system,Government / ministries,Silent Hacker,India,Non-state-group,Ethnic actors,1,416,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Silent Hacker,India,Non-state-group,,Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.infosecurity-magazine.com/news/cyberwar-between-india-and-bangladesh-escalates/,2022-08-15,2022-11-02
340,Anonymous takedown of CIA website,Anonymous takes down CIA website in large-scale DDos attack.,2012-02-11,2012-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,417,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://www.rt.com/news/anonymous-cia-interpol-down-702/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/world-us-canada-16993488; https://www.hackread.com/cia-website-hacked-taken-down-by-anonymous/; https://www.rt.com/news/anonymous-cia-interpol-down-702/,2022-08-15,2022-11-02
341,Indishell defaces Bangladeshi government pages,"Indians hacking Group ""Indishell"" deface 38 Bangladeshi government websites, including ministry of the ministries are communications, youth and sports, primary and mass education, Trading Corporation of Bangladesh, leaving remarks on border disputes.",2012-02-11,2012-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,Bangladesh,ASIA; SASIA,State institutions / political system,Government / ministries,Indishell,India,Non-state-group,Ethnic actors,1,418,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indishell,India,Non-state-group,,Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2012/02/38-bangladeshi-government-sites-defaced.html,2022-08-15,2022-11-02
342,Black Hat Hackers defaces Indian Pages,"Bangaldeshi group Black Hat Hackers hack into roughly 10000 Indian websites, including governmental ones.",2012-02-12,2012-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,India,ASIA; SASIA; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Black Hat Hackers,Bangladesh,Non-state-group,Ethnic actors,1,419,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Black Hat Hackers,Bangladesh,Non-state-group,,Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/over-200-bangladeshi-government-and-private-websites-hacked-by-indishell/; https://www.hackread.com/over-20000-indian-websites-hacked-by-bangladeshi-hackers/,2022-08-15,2023-03-13
278,CabinCr3w vs. Citigroup,Hackers of CabinCr3w leak sensitive personal information of CitiGroup's CEO in support of the OccupyWallstreet movement.,2011-10-21,2011-10-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,CabinCr3w,United States,Non-state-group,Hacktivist(s),1,347,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,CabinCr3w,United States,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/10/hackers-leak-citigroup-ceos-personal.html,2022-08-15,2022-11-02
277,ZHC defaces page of Indian National Congress,Pakistani hackers deface the website of the Indian National Congress and leave political remarks on the Kashmir conflict.,2011-10-18,2011-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Political parties,Zcompany Hacking Crew,Pakistan,Non-state-group,Hacktivist(s),1,346,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Pakistan,Non-state-group,,System / ideology; International power; Cyber-specific,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/10/indian-national-congress-party-official.html,2022-08-15,2022-11-02
276,MNDF Website Hacked,The Maldives National Defence Force (MNDF) has confirmed that its website was hacked last night by an unknown attacker.,2011-10-16,2011-10-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,Maldives,ASIA; SASIA,State institutions / political system,Military,,Unknown,Unknown - not attributed,,1,345,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/02/maldives-national-defence-force-mndf.html,2022-08-15,2023-02-17
231,Anonymous breach of Defense Contractor,"Anonymous announced  that it had penetrated a server belonging to the defense contractor Booz Allen Hamilton and released what it claims are 90,000 military email addresses, encrypted passwords and an assortment of data related to other companies and government networks.",2011-07-11,2011-07-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,297,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forbes.com/sites/andygreenberg/2011/07/11/anonymous-hackers-breach-booz-allen-hamilton-dump-90000-military-email-addresses/#597956a376bb,2022-08-15,2022-11-02
211,Strider attack against various countries through Remsec malware,"A previously unknown hacking group known as ""Strider"" or ""ProjectSauron"" has carried out a cyber espionage campaign against targets in Russia, Belgium, China, Iran, Sweden and Rwanda. The Strider crew has apparently been active since at least 2011. Their capabilities and the nature of the targets prompts experts to suspect that it is a nation-state group. The Strider group is using a sophisticated strain of malware dubbed Remsec.",2011-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,"Iran, Islamic Republic of; Sweden; China; Russia; Belgium",ASIA; MENA; MEA - EUROPE; EU(MS); NORTHEU - ASIA; SCS; EASIA; NEA; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EU(MS); NATO; WESTEU,State institutions / political system; Critical infrastructure; Other; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Other; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Other; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Other; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Other; State institutions / political system; Critical infrastructure,Government / ministries; Telecommunications; ; Military; Finance - Government / ministries; Telecommunications; ; Military; Finance - Government / ministries; Telecommunications; ; Military; Finance - Government / ministries; Telecommunications; ; Military; Finance - Government / ministries; Telecommunications; ; Military; Finance,Strider/Project Sauron,Unknown,State,,1,6708,2016-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,Strider/Project Sauron,Unknown,State,https://securityaffairs.co/wordpress/50119/intelligence/projectsauron-apt-stride.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securelist.com/faq-the-projectsauron-apt/75533/; https://securityaffairs.co/wordpress/50119/intelligence/projectsauron-apt-stride.html,2022-08-15,2023-03-13
212,Syria information war,Release of dozens of revealing Syrian messages points to a newer a of information warfare,2011-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,,Syria,Unknown - not attributed,,1,277,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Syria,Unknown - not attributed,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-syria-assads-emails-naked/sexy-photo-in-hacked-assad-e-mails-causes-comment-idUSBRE82G09L20120317; https://in.reuters.com/article/syria-hacking/syria-e-mail-hack-points-to-new-information-war-idINDEE82F0HX20120316,2022-08-15,2022-11-02
213,Anonymous vs. Indian National Informatics Centre,Anonymous defaces the website of the Indian National Informatics Centre to protest government corruption.,2011-06-05,2011-06-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Civil service / administration,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,278,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/06/national-informatics-centre-nic-india.html,2022-08-15,2022-11-02
214,Zcompany HackingCrew UNICEF Defacement,Pakistani hackers deface the website of UNICEF and leave political messages on Kashmir and in support of Palestinians.,2011-06-07,2011-06-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,International / supranational organization,,Zcompany Hacking Crew,Pakistan,Non-state-group,Hacktivist(s),1,279,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Pakistan,Non-state-group,,System / ideology; Territory; International power,System/ideology; Territory; International power; Secession,; ; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/06/united-nations-childrens-fund-unicef.html,2022-08-15,2022-11-02
215,Anonymous vs. Turkey 2011,Official Turkish websites were attacked by Internet vigilante group Anonymous on Thursday as part of a protest against what it says is government Internet censorship.,2011-06-09,2011-06-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,280,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-turkey-election-internet/turkish-websites-attacked-by-anonymous-before-vote-idUSTRE7583DV20110609,2022-08-15,2022-11-02
216,Anonymous vs. Spain National Police,"The website of Spain's national police force has been briefly knocked offline by hacker collective Anonymous, in protest against the arrest of three hackers.",2011-06-12,2011-06-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,281,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/technology-13749181,2022-08-15,2022-11-02
217,LulzSec access to Senate,"LulzSec broke into the Senate's Website and was able to gain access to the server's directory and file structure, the contents of which the group published on ist own site.",2011-06-13,2011-06-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Legislative,LulzSec,Unknown,Non-state-group,Hacktivist(s),1,282,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/lulzsec-hackers-attack-senate-site/,2022-08-15,2022-11-02
218,LulzSec takes down the CIA page,The public website of the US Central Intelligence Agency has gone down after the hackergroup LulzSecurity said it had launched an attack.,2011-06-15,2011-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Intelligence agencies,LulzSec,Unknown,Non-state-group,Hacktivist(s),1,283,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.telegraph.co.uk/news/worldnews/northamerica/usa/8578704/CIA-website-hacked-by-Lulz-Security.html,2022-08-15,2024-02-14
219,Anonymous vs. Censorship in Malaysia,"Hackers have attacked dozens of government websites in Malaysia, days after a hacking group criticised the country over censorship.",2011-06-15,2011-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Malaysia,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,284,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/world-asia-pacific-13788817,2022-08-15,2022-11-02
220,Ktoki defacement of Lybian Sites,"Several Libyan private and public media outlets are in accessible, websites defaced with message against Gaddafi.",2011-06-18,2011-06-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Libya,AFRICA; MENA; MEA; NAF,State institutions / political system; Media,,Ktoki,Libya,Non-state-group,Hacktivist(s),1,285,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ktoki,Libya,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html,2022-08-15,2022-11-02
221,Operation AntiSec,"As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec take down several websites with DDoS attacks, including Tunisian, Turkish and Brazilian government websites and the websites of a US Court of Appeals, a  Chinese government district and the British Serious Organised CrimeAgency.",2011-06-20,2011-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,None - None - None - None - None - None,Tunisia; United Kingdom; China; Brazil; United States; Turkey,AFRICA; NAF; MENA - EUROPE; NATO; EU(MS); NORTHEU - ASIA; SCS; EASIA; NEA; SCO - SOUTHAM - NATO; NORTHAM - ASIA; NATO; MEA,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Judiciary; Police;  - Government / ministries; Judiciary; Police;  - Government / ministries; Judiciary; Police;  - Government / ministries; Judiciary; Police;  - Government / ministries; Judiciary; Police;  - Government / ministries; Judiciary; Police; ,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,286; 286,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.webcitation.org/5zxp1vmNv; https://uk.pcmag.com/news/107520/anonymous-antisec-operation-targets-viacom-universal-music; https://www.pcworld.com/article/235184/Anonymous_Attacks_Turkish_Websites_Again.html; https://www.bbc.com/news/technology-13878888; http://www.gmanetwork.com/news/scitech/content/224612/hacktivist-spree-continues-tunisian-govt-site-latest-target/story/; https://www.webcitation.org/5zbHJFF18; https://www.webcitation.org/61TbdSoz8; https://www.webcitation.org/5zdkR3nOy; https://www.theinquirer.net/inquirer/news/2082148/anonymous-hacks-anguilla-brazil-zimbabwe-australia-governments; https://www.cnet.com/news/lulzsec-takes-down-brazil-government-sites/; https://www.webcitation.org/5zaPT1ekX,2022-08-15,2023-08-11
222,Operation AntiSec,"As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec deface several websites with their logo and political messages, including the websites of the British newspaper The Sun, of the Australian Casino, Liquor and Gaming Control Authority, of an Italian Prison Agency and of several Turkish businesses and governmental websites.",2011-06-20,2011-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,None - None - None - None,United Kingdom; Turkey; Australia; Italy,EUROPE; NATO; EU(MS); NORTHEU - ASIA; NATO; MEA - OC - EUROPE; NATO; EU(MS),State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,Civil service / administration; Police; ;  - Civil service / administration; Police; ;  - Civil service / administration; Police; ;  - Civil service / administration; Police; ; ,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,287; 287,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackmageddon.com/2011/08/05/italian-prison-guards-hacked/; https://www.webcitation.org/60HMbQTWj; https://www.cyberwarnews.info/2011/11/27/australian-government-website-defaced-by-anonymous/,2022-08-15,2023-08-11
223,Operation AntiSec,"As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec hack several political and commercial entities and publish data, often times including confidential information. The hacked organisations include police and cyberterrorism agencies in the USA, Italy and Brazil, US government contractors and multinational businesses.",2011-06-20,2011-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,None - None - None - None - None - None,United States; Brazil; Italy; Anguilla; Zimbabwe; Australia,NATO; NORTHAM - SOUTHAM - EUROPE; NATO; EU(MS) -  - AFRICA; SSA - OC,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Judiciary; Police; Political parties;  - Government / ministries; Judiciary; Police; Political parties;  - Government / ministries; Judiciary; Police; Political parties;  - Government / ministries; Judiciary; Police; Political parties;  - Government / ministries; Judiciary; Police; Political parties;  - Government / ministries; Judiciary; Police; Political parties; ,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,288; 288,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/08/another-government-contractor-pcs.html; https://uk.pcmag.com/news/107504/lulzboat-sails-on-anonymous-dumps-more-arizona-data; https://www.webcitation.org/5zijhtzV4; https://www.webcitation.org/5zwEwc1It; https://www.webcitation.org/5zxoSRQ4X; https://www.theinquirer.net/inquirer/news/2082148/anonymous-hacks-anguilla-brazil-zimbabwe-australia-governments; https://www.webcitation.org/5zxp1vmNv; https://www.hackmageddon.com/2011/08/07/the-lulz-boat-sails-to-brazil-and-leaks-8-gb-of-data/; https://thehackernews.com/2011/07/italys-police-it-network-vitrocisetit.html; https://www.webcitation.org/5zxppc1WY; https://www.webcitation.org/612Cy17OA; https://thehackernews.com/2011/08/operation-satiagraha-brazil-corruption.html; https://www.cnet.com/news/anonymous-ready-to-roll-in-post-lulzsec-world/; https://www.cyberwarnews.info/2011/12/25/new-york-city-public-advocate-hacked-and-database-dumped-by-anonymous/; https://www.hackmageddon.com/2011/10/22/another-friday-another-dump/; https://www.hackmageddon.com/2011/08/06/i-shot-the-sheriff/; https://www.webcitation.org/61TbdSoz8,2022-08-15,2023-08-11
224,Team P0ison leaks Tony Blairs AdressBook,Pakistani hacker allegedly accessed Tony Blair's e-mail account and leak his addressbook.,2011-06-24,2011-06-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system; State institutions / political system,Legislative; Political parties; ,Team P0ison,Pakistan,Non-state-group,Hacktivist(s),1,289,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Pakistan,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/06/teamp0ison-leak-former-british-pm-tony.html,2022-08-15,2022-11-02
225,Attack on Al-Qaida Comm-Systems,Communication networks of Al Qaida are disrupted for severeal days by unknown hacker.,2011-06-29,2011-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Unknown,,Social groups,Terrorist,,Unknown,Unknown - not attributed,,1,290,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/06/hackers-target-al-qaida-internet.html,2022-08-15,2022-11-02
226,Operation BlackTulip,"Presumably Iranian hackers gain access to a DutchSSL certificate supplier, is suing fraudulent certificates and thus gaining access to more than 300000 Iranian Google-Mail-Accounts.",2011-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Data theft,None - None,"Iran, Islamic Republic of; Netherlands",ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU,Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Advocacy / activists (e.g. human rights organizations);  - Advocacy / activists (e.g. human rights organizations); ,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,292; 291,2011-01-01 00:00:00; 2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Media-based attribution,,,,,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/; https://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2011/08/31/technology/internet/hackers-impersonate-google-to-snoop-on-users-in-iran.html?_r=3; https://spectrum.ieee.org/riskfactor/telecom/security/diginotar-certificate-authority-breach-crashes-egovernment-in-the-netherlands; https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/; https://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/,2022-08-15,2023-08-07
227,LulzSec attack FoxNews Twitter,"LuzSec hackers take control of @fox newspolitics, post tweets about death of Barack Obama.",2011-07-04,2011-07-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,LulzSec,Unknown,Non-state-group,Hacktivist(s),1,293,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2011/jul/04/hacking-twitter-feed-fix-news,2022-08-15,2024-02-14
228,Energy Labs breached,"The Websites of the Energy Department's Pacific Northwest National Lab and Jefferson National Lab were down today in the after math of ""sophisticated"" attacks, no classified information has been stolen.",2011-07-06,2011-07-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,,,Unknown,Unknown - not attributed,,1,294,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/sophisticated-attack-targets-two-energy-dept-labs/,2022-08-15,2022-11-02
229,Moodys Defaced,Portuguese hackers responded to a negative assessment of the country's ability to repay loans by defacing the website of credit reference agency Moody's.,2011-07-08,2011-07-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Portugal,Non-state-group,Hacktivist(s),1,295,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Portugal,Non-state-group,,System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2011/07/08/patriotic_portuguese_hackers_hit_moody/,2022-08-15,2022-11-02
210,China vs. Vietnam Hacker,"Computer hackers from Vietnam and China have attacked websites including portals run by each other's governments, amid a sea-border row.",2011-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system,,,Vietnam,Non-state-group,Hacktivist(s),1,275,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Vietnam,Non-state-group,,System / ideology; Territory,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-08-11
209,China vs. Vietnam Hacker,"Computer hackers from Vietnam and China have attacked websites including portals run by each other's governments, amid a sea-border row.",2011-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Vietnam,ASIA; SCS; SEA,State institutions / political system,,,China,Non-state-group,Hacktivist(s),1,274,NaT,"Attribution given, type unclear",Media-based attribution,,,,,China,Non-state-group,,System / ideology; Territory,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/world-asia-pacific-13707921,2022-08-15,2023-08-11
208,Lulzsec vs. PBS,"The hacking group LulzSec breaks into PBS and pastes in a report that says Tupac Shakur is living in NewZealand, in protest against critical reporting on WikiLeaks.",2011-05-30,2011-05-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,LulzSec,Unknown,Non-state-group,Hacktivist(s),1,273,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/pbs-hacked-says-tupac-is-still-alive/; https://www.forbes.com/sites/andygreenberg/2011/05/30/pbs-hacked-after-critical-wikileaks-show/#2a90db8a2fb0,2022-08-15,2022-11-02
197,Dark Seoul 2011,DDoS and Disk wiping attacks in South Korea.,2011-03-04,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; State institutions / political system,Government / ministries; Military,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,262; 261,2011-01-01 00:00:00; 2011-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Unknown","Non-state actor, state-affiliation suggested; Individual hacker(s)",https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/; https://www.mcafee.com//wp-content/uploads/2011/07/McAfee-Labs-10-Days-of-Rain-July-2011.pdf; https://www.sans.org/reading-room/whitepapers/critical/tracing-lineage-darkseoul-36787; http://english.chosun.com/site/data/html_dir/2013/04/11/2013041100648.html,System / ideology,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/; https://www.mcafee.com//wp-content/uploads/2011/07/McAfee-Labs-10-Days-of-Rain-July-2011.pdf; https://www.sans.org/reading-room/whitepapers/critical/tracing-lineage-darkseoul-36787; http://english.chosun.com/site/data/html_dir/2013/04/11/2013041100648.html; https://twitter.com/securityaffairs/status/1661671109014564864,2022-08-15,2023-08-09
189,Anonymous vs. Egypt 2011 II,The online group Anonymous said Wednesday that it had paralyzed the Egyptian government’s Web sites in support of the antigovernment protests.,2011-02-02,2011-02-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Egypt,MENA; MEA; AFRICA; NAF,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,253,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2011/02/03/world/middleeast/03hackers.html,2022-08-15,2023-03-13
190,Anonymous vs. Yemen Ministry of Information,"Anonymous takes down the websites of Yemen’s Ministry of Information, as well as Yemeni President Ali Abdullah Saleh",2011-02-03,2011-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Yemen,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,254,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.digitaltrends.com/computing/anonymous-hackers-strike-back-against-governments-of-egypt-yemen/,2022-08-15,2022-11-02
191,Al-Jazeera fake advertising,Hackers insert false news into Al Jazeera website in protest against its coverage of protests in Egypt.,2011-02-09,2011-02-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Qatar,ASIA; MENA; MEA; GULFC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,Non-state-group,Hacktivist(s),1,255,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Media-based attribution,,,,,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/02/hackers-insert-rogue-content-on-al.html,2022-08-15,2023-03-13
192,Anonymous posts Aaron Barrs Mails,"Anonymous has already posted around 50,000 emails of Aaron Barr, the CEO of sister organisation HPGary Federal, which revealed a report by the firm looking at ways to sabotage WikiLeaks in collaboration with Palantir Technologies and Berico Technologies. The emails also show that Bank of America, a potential target of WikiLeaks, was to hear the proposal via its outside law firm Hunton & Williams. The proposal's recommendations included a disinformation campaign against WikiLeaks and cyber attacks on its Web site.",2011-02-11,2011-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,256,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forbes.com/sites/parmyolson/2011/02/11/anonymous-ready-to-dump-more-hbgary-e-mails-launch-anonleaks/#2d6a31f4698f; https://www.theguardian.com/commentisfree/cifamerica/2011/jun/22/hacking-anonymous,2022-08-15,2023-03-13
193,Iranian cyber Army hacks Voice of America,"Iranian Cyber Army, a hackergroup that might be affiliated with the Iranian government, hacks the website of Voice of America and leaves political messages critical of the US foreign policy.",2011-02-21,2011-02-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Iranian Cyber Army,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,257,2011-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Iranian Cyber Army,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/02/voice-of-america-voa-website-hacked-by.html,2022-08-15,2023-03-13
194,Anonymous vs. Westboro Baptist Church,Anonymous hacks several websites of Westboro Baptist Church to protest its worldviews.,2011-02-24,2011-02-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups,Religious,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,258,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/02/anonymous-hackers-send-video-message-to.html,2022-08-15,2023-03-13
195,DoD hacked by nation state,"Pentagon systems are penetrated in sophisticated attack, probably by other nation state, confidential data is stolen.",2011-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,,,Unknown,State,,1,259,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2011/07/15/world/15cyber.html?mtrref=www.google.com&gwh=33D9E59FC84D0817FABA517CD46991C8&gwt=pay,2022-08-15,2023-03-13
196,PakCyber Combat Squad vs. Western Sites,"Pakistani hackers deface websites of the Indian embassy in Sweden and Australian beer and wine companies, leave political messages about Kashmir.",2011-03-02,2011-03-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None,Sweden; Australia,EUROPE; EU(MS); NORTHEU - OC,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries; ,Pak Cyber Combat Squad,Pakistan,Non-state-group,Hacktivist(s),1,260,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Cyber Combat Squad,Pakistan,Non-state-group,,System / ideology; Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/03/26-australian-beerwine-shop-websites.html; https://thehackernews.com/2011/03/indian-embassy-of-sweden-hacked-by.html,2022-08-15,2023-03-13
198,Attack on Norway after Lybia Bombing,"The Norwegian military has been the victim of a serious cyber attack , a day after Norwegian F-16 fighter jets for the first time carried out bombings in Libya. According to military officials, no sensitive information was lost.",2011-03-25,2011-03-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,Norway,EUROPE; NATO; NORTHEU,State institutions / political system,Military,,Unknown,Unknown - not attributed,,1,263,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.abs-cbn.com/global-filipino/world/05/19/11/norway-army-says-faced-cyber-attack-after-libya-bombing,2022-08-15,2023-03-13
207,Anonymous vs. US Chamber of Commerce,The hacker collective Anonymous took down the US chamber of commerce in response to an planed copyright act,2011-05-27,2011-05-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,272,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/05/anonymous-takes-down-us-chamber-of.html,2022-08-15,2022-11-02
199,Zcompany Hacking Crew vs. Government of Orissa,"Pakistani hacker defaces the website of the government of Orissa, India, and leaves political messages on Kashmir.",2011-04-05,2011-04-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Zcompany Hacking Crew,Pakistan,Non-state-group,Hacktivist(s),1,264,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Pakistan,Non-state-group,,System / ideology; Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/04/govt-of-orissa-website-owned-by-zhc.html,2022-08-15,2023-03-13
200,North Korea disrupts South Korean Bank Service,"NorthKorea hacks SouthKorean bank with over 30 million customers, disrupts service for almost a week and deletes transaction data.",2011-04-12,2011-04-17,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption,,"Korea, Republic of",ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,"Korea, Democratic People's Republic of",State,,1,265,2011-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/world-asia-pacific-13263888,2022-08-15,2023-03-13
201,Playstation Network Outage,"The 2011 PlayStation Network outage was the result of an ""external intrusion""on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. On May 4 Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed. The outage lasted 23days.",2011-04-17,2011-05-14,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,Japan,ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,,Unknown,Unknown - not attributed,,1,266,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/technology-13192359; https://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html; https://www.flickr.com/photos/playstationblog/sets/72157626521862165/; https://web.archive.org/web/20110505041135/http://blumenthal.senate.gov/press/release/index.cfm?id=82698973-255D-4B92-9E18-39E5937C9361,2022-08-15,2022-11-02
202,Chinese DDOS vs. Change.Org,"Change.org, an online petitioning platform,has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody.",2011-04-19,2011-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,China,Non-state-group,Hacktivist(s),1,267,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Media-based attribution,,,,,China,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/04/ddos-attack-on-changeorg-from-china.html,2022-08-15,2022-11-02
203,Gmail Hack,"Google claims that hundreds of users of Gmail, its e-mailservice, had been the targets of clandestine attacks apparently originating in China that were aimed at stealing their passwords and monitoring their e -mail. Victims included senior government officials in the United States, Chinese political activists, officials in several Asian countries, military personnel and journalists.",2011-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,None - None - None,"Korea, Republic of; Asia (region); United States",ASIA; SCS; NEA -  - NATO; NORTHAM,State institutions / political system; Media; State institutions / political system - State institutions / political system; Media; State institutions / political system - State institutions / political system; Media; State institutions / political system,Government / ministries; ; Military - Government / ministries; ; Military - Government / ministries; ; Military,,China,"Non-state actor, state-affiliation suggested",,1,14508,2011-06-02 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Google,Not available,United States,,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nytimes.com/2011/06/02/technology/02google.html; https://money.cnn.com/2011/06/01/technology/gmail_hack/index.htm,2022-08-15,2023-12-04
204,Anonymous vs. Iran,Anonymous attacks several Iranian government websites.,2011-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Legislative; Police; Political parties,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,269,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/05/anonymous-attacks-iranian-state.html,2022-08-15,2022-11-02
205,XtReMiSt defaces Indian government pages,Pakistani hacker defaces several Indian government and commercial websites and leaves political messages about Kashmir.,2011-05-21,2011-05-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,XtReMiSt,Pakistan,Non-state-group,Hacktivist(s),1,270,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,XtReMiSt,Pakistan,Non-state-group,,System / ideology; Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/05/200-important-some-govt-websites-of.html,2022-08-15,2022-11-02
206,ALLAH`U EKBER-Team defaces webpage of Thai Democratic Party,Hacker defaces a website of the Thai Democratic Party.,2011-05-22,2011-05-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Thailand,ASIA; SEA,State institutions / political system,Political parties,ALLAH`UEKBER-Team,Unknown,Unknown - not attributed,,1,271,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,ALLAH`UEKBER-Team,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/05/democrat-website-youngdemocratorg.html,2022-08-15,2022-11-02
230,NN-Crew,"A group calling itself NN-Crew says it has broken into a server used by Germany's Federal Police and stole thousands of data used to GPS-track suspects under surveillance. The police apparently used the hacked server as a datapool and server to download GPS tracking software; it also contained instructions for installation and operation of that software, several usernames and passwords along with telephone numbers , licenseplate numbers, locations, and coordinates.Numerous internal documents used by the authorities were also stored on the server.",2011-07-08,2011-07-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Police,NN-Crew,Germany,Non-state-group,Hacktivist(s),1,296,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,NN-Crew,Germany,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html,2022-08-15,2022-11-02
232,InjectorTeam vs. IOM,"The website of the International Organization for Migration is defaced by Libyanhackers, who leave a political message about the Libyan civilwar.",2011-07-12,2011-07-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Switzerland,EUROPE; WESTEU,International / supranational organization,,Inj3ct0rTeam,Libya,Non-state-group,Hacktivist(s),1,298,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Inj3ct0rTeam,Libya,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/07/international-organization-for.html,2022-08-15,2022-11-02
275,Iron Dome Hack,Three Israeli defense contractors responsible for building the “Iron Dome” missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertaining to the shield technology.,2011-10-10,2012-08-13,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft,,Israel,ASIA; MENA; MEA,Critical infrastructure,Defence industry,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,344; 344,2014-01-01 00:00:00; 2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/,2022-08-15,2022-11-02
233,Anonymous vs. GEMA,"German creative author's society GEMA is hacked, log-in credentials are leaked and the website is later replaced with political message.",2011-07-13,2011-08-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Germany,EUROPE; NATO; EU(MS); WESTEU,Media,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,299,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/security/meldung/Anonymous-legt-GEMA-Seite-lahm-1327285.html; https://www.heise.de/security/meldung/Gema-offenbar-gleich-mehrfach-gehackt-1328737.html,2022-08-15,2022-11-02
256,PrivateX vs. PNRI,"Private Xhackers defaced the website of the Philippine Nuclear Research Institute (PNRI) and left a message accusing another government agency of corruption, to support President Benigno AquinoIII and his State of the Nation Address",2011-08-25,2011-08-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system; Science,,PrivateX,Philippines,Non-state-group,Hacktivist(s),1,323,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,PrivateX,Philippines,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/08/philippine-nuclear-research-institute.html,2022-08-15,2022-11-02
257,DDOS vs. Wikileaks,"Website of WikiLeaks is disabled with a major DDoS attack, hours after classified documents of the USA find their way online.",2011-08-30,2011-08-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Unknown,,Media,,,Unknown,Unknown - not attributed,,1,324,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.techspot.com/news/45314-wikileaks-website-targeted-by-hackers.html,2022-08-15,2022-11-02
258,North Korea vs. Inche on Airport,"The south Korean police suspects that the North’s Reconnaissance General Bureau is behind a technical glitch in the flight data process or that paralyzed airtraffic control at Inche on International Airport for nearly an hour last Sept.15. It was presumably enabled by a botnet of south Korean computers, which have been infected by a compromised pc gaming version, distributed by a southKorean citizen, which was instructed by the Reconnaissance General Bureau of the Norths Military.",2011-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Transportation,South Korean Citizen; Reconnaissance General Bureau,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,325; 325,2012-01-01 00:00:00; 2012-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,South Korean Citizen; Reconnaissance General Bureau,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://threatpost.com/report-north-korea-accused-ddos-attack-south-korean-airport-060712/76664/,System / ideology,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://koreajoongangdaily.joins.com/2012/06/04/socialAffairs/Incheon-Airport-cyberattack-traced-to-Pyongyang/2953940.html; https://threatpost.com/report-north-korea-accused-ddos-attack-south-korean-airport-060712/76664/,2022-08-15,2022-11-02
259,Chinese Phishing vs. US Gas Companies,"Allegedly Chinese cyberspies targeted 23 US American gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks and obtain information,that would enable them to attack the country's whole gas system easily.",2011-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,Critical infrastructure,Energy,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,2,326; 326; 327; 327,2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00; 2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,; ; ; ,; ; ; ,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China; China; China,"State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/; https://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leaves-natural-gas-pipelines-vulnerable-to-sabotage; https://www.recordedfuture.com/from-coercion-to-invasion-the-theory-and-execution-of-china-cyber-activity,2022-08-15,2023-01-26
260,Gauss,"Gauss, a Stuxnet-related malware was created to steal sensitive information mainly from Lebanon Banking Sector.",2011-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Lebanon,ASIA; MENA; MEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Defence industry; ,NSA/Equation Group,United States,"Non-state actor, state-affiliation suggested",,2,8550; 8549,2012-01-01 00:00:00; 2012-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,; Not available,,NSA/Equation Group; NSA/Equation Group,United States; United States,"Non-state actor, state-affiliation suggested; State",https://bits.blogs.nytimes.com/2012/08/09/researchers-find-possible-state-sponsored-virus-in-mideast/?mtrref=undefined; https://www.golem.de/news/kaspersky-lab-gauss-ist-staatliche-malware-zum-kontenraub-1208-93780.html; https://de.securelist.com/kaspersky-security-bulletin-2012-cyberwaffen/59256/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.rsaconference.com/writable/presentations/file_upload/br-208_bencsath.pdf; https://bits.blogs.nytimes.com/2012/08/09/researchers-find-possible-state-sponsored-virus-in-mideast/?mtrref=undefined; https://www.golem.de/news/kaspersky-lab-gauss-ist-staatliche-malware-zum-kontenraub-1208-93780.html; https://de.securelist.com/kaspersky-security-bulletin-2012-cyberwaffen/59256/,2022-08-15,2023-08-07
261,Inj3ct0r Team vs. European Comission,"Hackinggroup Inj3ct0rTeam deface the website of the European Commission's Joint Research Service, leave political messages and publish server data.",2011-09-04,2011-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Belgium,EUROPE; EU(MS); NATO; WESTEU,International / supranational organization,,Inj3ct0rTeam,Unknown,Non-state-group,Hacktivist(s),1,330,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Inj3ct0rTeam,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/09/european-union-hacked-by-inj3ct0r-team.html,2022-08-15,2022-11-02
262,Akincilar vs. Israel,Several Israeli websites are defaced by Turkish hackers who oppose Israel's foreign policy and its tensions with Turkey.,2011-09-04,2011-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,Akincilar,Turkey,Non-state-group,Hacktivist(s),1,331,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/09/100s-of-israel-websites-hacked-by-cyber.html,2022-08-15,2022-11-02
263,ScriptKiddies vs. NBC,Hackergroup the ScriptKiddies gain access to the NBC News Twitteraccount and post false tweets on terrorist attacks at Ground Zero.,2011-09-09,2011-09-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,ScriptKiddies,Unknown,Non-state-group,Hacktivist(s),1,332,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,ScriptKiddies,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackmageddon.com/2011/09/11/an-e-mail-attack-to-ground-zero/,2022-08-15,2022-11-02
264,Muslim Liberation Army vs. Christian Sites,20 Churches websites and Truth Alliance Network defaced by Muslim Liberation Army in support of Muslims in ongoing international conflicts and to protest against burings of Quran.,2011-09-11,2011-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups,Religious,Muslim Liberation Army,Unknown,Non-state-group,Religious actors,1,333,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Muslim Liberation Army,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/09/truth-alliance-network-and-20-churches.html,2022-08-15,2022-11-02
265,FatalErrorCrew vs. Nigeria,Fatal Error Crew deface the official website of the Nigerian government with a message in Portuguese.,2011-09-12,2011-09-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Nigeria,AFRICA; SSA,State institutions / political system,Government / ministries,Fata Error Crew,Unknown,Non-state-group,Hacktivist(s),1,334,NaT,"Attribution given, type unclear",Media-based attribution,,,,Fata Error Crew,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://nakedsecurity.sophos.com/2011/09/12/nigerian-government-website-defacement/,2022-08-15,2022-11-02
266,Protest vs. David Camerons visit to Russia,"Unknown hackers take down the website of the Russian Embassy in the United Kingdom, presumably to protest the visit of PM David Cameron to Russia.",2011-09-12,2011-09-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,,,Unknown,Unknown - not attributed,,1,335,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/DDoS-Attack-Targets-Russian-Embassy-Website-221257.shtml,2022-08-15,2022-11-02
267,Anonymous vs. INSA,"United States trade association for intelligence contractors Intelligence and National Security Association (INSA) was hacked, and personal information of its 3000 members, including e-mail and home addresses is leaked.",2011-09-14,2011-09-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system; State institutions / political system,; Government / ministries; Police; Intelligence agencies,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,336,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.computerworld.com/article/2471073/endpoint-security/3-000-intelligence-officials--names--emails-leaked-as--insa-spies-.html; https://thehackernews.com/2011/09/intelligence-and-national-security.html,2022-08-15,2022-11-02
268,Mexican Independence Day Hack,Anonymous takes down several Mexican government websites on Mexico's Independence Day.,2011-09-15,2011-09-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Mexico,,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,337,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/09/operation-opindependencia-anonymous-hit.html,2022-08-15,2022-11-02
269,Trick(ing) the City of Rennes,Website of the City of Rennes is defaced in protest against Anti-Islam policies.,2011-09-19,2011-09-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,Trick,Unknown,Non-state-group,Religious actors,1,338,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Trick,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/09/city-of-rennes-france-hacked-against.html,2022-08-15,2022-11-02
270,Anonymous Austria leaks Police Data,AnonAustria publishes personal information of almost 25000 police officials in protest against a draft law which would require telecommunications companies to store details of all telephone and internet traffic for six months and make them available to the police,2011-09-26,2011-09-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Austria,EUROPE; EU(MS); WESTEU,State institutions / political system,Police,Anonymous,Austria,Non-state-group,Hacktivist(s),1,339,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Austria,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://nakedsecurity.sophos.com/2011/09/28/names-addresses-25000-police-officers-anonymous-cell/; https://www.bbc.co.uk/news/world-europe-15065931,2022-08-15,2022-11-02
271,Anonymous and RevoluSec Deface Syrian government pages,Hackers of Anomyous and RevoluSec deface websites of several Syrian government websites in support of the Syrian opposition.,2011-09-26,2011-09-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous; RevoluSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,340; 340,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; RevoluSec,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.aljazeera.com/news/middleeast/2011/09/201192692416534215.html,2022-08-15,2022-11-02
272,A sophisticated cyberattack with a Syrian background was carried out on Harvard University's website in September 2011,"Syrian Electronic Army hackers launched a ""sophisticated"" cyberattack on Harvard University's website on 26 September 2011. The compromised homepage featured a picture of Syrian President Bashar al-Assad alongside the message ""Syrian Electronic Army Were Here"", which contained terror threats against the United States and criticised its stance against the Assad regime. The university confirmed the security breach, noting that the attack was likely carried out by a skilled individual or group. ",2011-09-26,2011-09-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,Harvard University,United States,NATO; NORTHAM,Critical infrastructure; Education,Research; ,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,10761,2013-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://threatpost.com/pro-syrian-electronic-army-hacks-harvard-university-site-092711/75695/,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://thehackernews.com/2011/09/harvard-university-website-hacked-by.html; https://www.bbc.com/news/education-15061377; https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0; https://threatpost.com/pro-syrian-electronic-army-hacks-harvard-university-site-092711/75695/,2022-08-15,2023-06-18
273,Zombie_Ksa vs. SupremeCourtofPakistan,Website of the Supreme Court of Pakistan is hacked and political remarks are left.,2011-09-28,2011-09-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Judiciary,Zombie_Ksa,Saudi Arabia,Non-state-group,Hacktivist(s),1,342,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zombie_Ksa,Saudi Arabia,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/09/supreme-court-of-pakistan-website.html,2022-08-15,2022-11-02
274,Twitter of Thai PM hacked,"Thailand’s PrimeMinister, Yingluck Shinawatra, had her Twitter account hacked this weekend–meaning that her followers saw a stream of messages criticising her leadership.",2011-10-03,2011-10-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Thailand,ASIA; SEA,State institutions / political system,Government / ministries,,Thailand,Non-state-group,Hacktivist(s),1,343,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Thailand,Non-state-group,,System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://metro.co.uk/2011/10/03/thailands-prime-minister-yingluck-shinawatra-targeted-by-twitter-hackers-170901/; https://nakedsecurity.sophos.com/2011/10/03/thai-pm-is-twitter-hacked/,2022-08-15,2024-01-05
255,Breach of US contractor,An admirer of Anonymous acted independently to breach an outsourced provider and steal a customer list with log-in credentials. Many on the list were U.S. government employees.,2011-08-24,2011-08-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,,,Unknown,Individual hacker(s),,1,322,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.eweek.com/security/cyber-attacker-dumps-log-ins-for-20-000-customers-u.s.-employees,2022-08-15,2022-11-02
254,Electr0nde faces NIC,"Hackers calling themselves “Electr0n”have defaced the nic.ly website, the main registry which administers .ly domainnames and replaced it with an anti-Gaddhafi message",2011-08-22,2011-08-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Libya,AFRICA; MENA; MEA; NAF,State institutions / political system,,Electr0n,Unknown,Non-state-group,Hacktivist(s),1,321,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Electr0n,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://nakedsecurity.sophos.com/2011/08/22/hackers-deface-libya-anti-gadaffi/,2022-08-15,2022-11-02
253,Egyptian Hacker Defacement of Page of Israeli Prime Minister,"An Egyptian hacker managed on Sunday to hack into the website of Israeli Prime Minister, Benjamin Netanyahu, and placed a picture of Egyptian soldiers raising the Egyptian flag in Sinai during the October,6 , 1973, on the sites’ homepage. The hacker who managed to penetrate the webpage of Netanyahu wrote “AntiZionism”, the site was then gradually taken offline.",2011-08-21,2011-08-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Egyptian Hacker,Egypt,Non-state-group,Ethnic actors,1,320,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Egyptian Hacker,Egypt,Non-state-group,,System / ideology; Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/08/israeli-prime-minister-netanyahus.html,2022-08-15,2022-11-02
242,Anonymous vs. Italian Cyber Police,Anonymous leaks webpage data of Italian cyber police unit (CNAIPIC).,2011-07-25,2011-07-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,308,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.computerworld.com/article/2509444/government-it/anonymous-hacks-italy-s-cybercrime-police.html,2022-08-15,2022-11-02
234,Information Theft US Military,The US Deputy Defense Secretary William Lynn has revealed that a foreign intelligence agency was behind a hackattack that stole classified information about a topsecret weapons system which now has to be redesigned.,2011-07-13,2011-07-13,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,,Unknown,State,,1,300,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://nakedsecurity.sophos.com/2011/07/15/hackers-governmentsecret-plans-pentagon/,2022-08-15,2022-11-02
235,Israeli Websites hacked by Palestinian Hackers,"Palestinian hackers defaces several Israeli websites, demanding freedom for Palestine.",2011-07-18,2011-07-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,Dr. Torjan; Code 5,Palestine; Palestine,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,301; 301,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Dr. Torjan; Code 5,Palestine; Palestine,Non-state-group; Non-state-group,,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/07/israel-web-hosting-server-hacked-for.html,2022-08-15,2022-11-02
236,Taliban Networks hacked,"The Taliban said their phones, email and website had been hacked to spread a false report that the movement’s spiritual leader, Mullah Omar, was dead. They identify US intelligence services behind the attack.",2011-07-20,2011-07-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,Afghanistan,ASIA; SASIA,Social groups,Terrorist,,United States,State,,1,302,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,United States,State,,System / ideology,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-afghanistan-taliban-technology/tech-savvy-taliban-fights-war-in-cyberspace-idUSTRE76J1IL20110720,2022-08-15,2022-11-02
237,Anonymous vs. NATO 2011,Anonymous claimed credit Thursday for hacking into NATO servers and stealing 1 gigabyte of sensitive information,2011-07-21,2011-07-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,NATO (institutions),,International / supranational organization,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,303,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/world/national-security/nato-web-site-hacked-by-anonymous/2011/07/21/gIQACLFCSI_story.html?noredirect=on&utm_term=.f3d9e4435ee6,2022-08-15,2022-11-02
238,Anonymous vs. Public Broadcaster,"Anon Austria hack data base of public broadcaster (GIS), leak personal information and bank details of 100 employees of police ministry of the interior.",2011-07-22,2011-07-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Austria,EUROPE; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups,,Anonymous,Austria,Non-state-group,Hacktivist(s),1,304,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Austria,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://diepresse.com/home/techscience/internet/sicherheit/680144/GIS-gehackt_Anonymous-kapern-95954-Bankdaten,2022-08-15,2022-11-02
239,Anonymous vs. Colombia National Police,Colombian hackers spambomb several addresses of the Colombian police and leak personal information on police officers.,2011-07-23,2011-07-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Colombia,SOUTHAM,State institutions / political system,Police,Anonymous,Colombia,Non-state-group,Hacktivist(s),1,305,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Colombia,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/07/colombian-anonymous-hackers-reveal.html,2022-08-15,2023-03-13
240,Defacing Anonymous,"Unidentified hackers deface Anonplus, the social network of hacker group Anonymous, in retaliation against Turkish government websites earlier in July.",2011-07-23,2011-07-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Unknown,,Social groups,Hacktivist,Akincilar,Turkey,Non-state-group,Hacktivist(s),1,306,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://gizmodo.com/5823351/hackers-hacked-the-hackers-anonplus-social-network,2022-08-15,2022-11-02
241,Chinese Trojan Horse in Japan,"Computers and servers in the lower house of Japan's parliament became infected by a Trojan horse virus after one politician opened an email attachment. Computer IDs and passwords of all the lawmakers in the House of Representatives were leaked, e-mails sent to its lawmakers might have been accessible to hackers for a maximum of 15 days and computers were found to have made improper communications with overseas Websites",2011-07-25,2011-10-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,Japan,ASIA; SCS; NEA,State institutions / political system,Legislative,,China,Unknown - not attributed,,1,307,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.asiaone.com/News/Latest%2BNews/Asia/Story/A1Story20111116-310940.html; https://nakedsecurity.sophos.com/2011/10/25/japanese-parliament-hit-by-cyber-attack/; https://thenextweb.com/asia/2011/10/25/japanese-government-hit-by-chinese-trojan-horse-attack/,2022-08-15,2022-11-02
243,Anonymous vs. ManTech,"Anonymous hacks ManTech, a contractor that provides cyber security services to the FBI, releases 500mb of internal data.",2011-07-28,2011-07-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,End user(s) / specially protected groups,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,309,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/anonymous-claims-it-hacked-mantech-fbi-cybersecurity-contractor,2022-08-15,2022-11-02
252,Team P0ison vs. BlackBerry,Hacktivists left their mark of dissatisfaction on Blackberry's website after it announced that they would help police track down rioters in London,2011-08-09,2011-08-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Canada,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Team P0ison,Unknown,Non-state-group,Hacktivist(s),1,319,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.businessinsider.com/blackberry-hacked-london-riots-2011-8?IR=T,2022-08-15,2022-11-02
244,Get Him Outgame,"Hackers have attacked Nicolas Sarkozy's official Elysee Palace website to create a video game called 'GetHimOut'. Under the formal banner introducing the site, a cartoon image of the French president was pictured on a go-kart heading towards the gates of the palace. For each click on a Facebook 'like' button beside the game, the French leader moved one step closer out into the street",2011-07-28,2011-07-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,310,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/07/nicolas-sarkozys-official-elysee-palace.html,2022-08-15,2022-11-02
245,Anonymous vs. SpecialForces.com,"Members of the hacker collective Anonymous claim they have stolen about 14,000 user passwords and 8,000 credit card numbers from SpecialForces.com, a military and law enforcement equipment retailer. The data breach occurred several months ago, according to Anonymous, but the group only now decided to post the data online. The purloined password list had reportedly been posted online several weeks ago as well.",2011-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,311,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.pcworld.com/article/247072/anonymous_hacks_specialforces_com_posts_passwords_and_credit_card_data.html,2022-08-15,2022-11-02
246,Chinese Hack Japanese Defense Contractor,"Allegedly Chinese hackers gain access to 85 computers of Mitsubishi Heavy Industries, a Japanese defence supplier, stealing classified information.",2011-08-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,Japan,ASIA; SCS; NEA,Critical infrastructure,Defence industry,,China,Unknown - not attributed,,1,312,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,Decolonization,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2011/sep/20/china-denies-hacking-attack-japan; https://nakedsecurity.sophos.com/2011/09/19/mitsubishi-defense-contractor-hack/,2022-08-15,2022-11-02
247,Attack against Endusers in ISR-EGY Cyberwar,"Egyptian hackers release a computer worm to US American and Israeli users condemning Israel's foreign policy, especially towards Egypt.",2011-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,Israel; United States,ASIA; MENA; MEA - NATO; NORTHAM,End user(s) / specially protected groups - End user(s) / specially protected groups, - ,,Egypt,Unknown - not attributed,,1,313,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Egypt,Unknown - not attributed,,System / ideology; Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/08/cyber-war-against-israel-have-taken.html,2022-08-15,2022-11-02
248,Operation Defense,Anonymous and colombian hackers spambomb several addresses of the Colombian police and leak personal information on police officers.,2011-08-02,2011-08-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Colombia,SOUTHAM,State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Intelligence agencies; Political parties,Anonymous,Colombia,Non-state-group,Hacktivist(s),1,314,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Colombia,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/08/operation-defense-anonymous-shut-down.html,2022-08-15,2022-11-02
249,Alexploiter hacks website of Yemens customs authority,Hacktivists defaces the website of Yemen's customs authority to protest the government.,2011-08-05,2011-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Yemen,ASIA; MENA; MEA,State institutions / political system,,Alexploiter,Unknown,Non-state-group,Hacktivist(s),1,315,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Alexploiter,Unknown,Non-state-group,,System / ideology,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehackernews.com/2011/08/customs-authority-of-yemen-hacked-for.html,2022-08-15,2022-11-02
250,Anonymous takes down Syrian defense ministry website,"The Syrian Ministry of Defense's website was inaccessible after it was hacked by Anonymous, which replaced its content by an anti-government message.",2011-08-07,2011-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,316,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://edition.cnn.com/2011/WORLD/meast/08/08/syria.ministry.site.hacked/index.html; https://thehackernews.com/2011/08/syrian-ministry-of-defense-hacked-by.html,2022-08-15,2022-11-02
251,Syrian ElectronicArmy vs. AnonPlus,"In retaliation for the defacement of the Syrian Ministry of Defense's website, the Syrian Electronic Army hacks and defaces AnonPlus, an alternative social network of Anonymous",2011-08-08,2011-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,Unknown,,Social groups,Hacktivist,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,317; 318,2011-01-01 00:00:00; 2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,System / ideology; National power; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.computerworld.com/article/2510039/cybercrime-hacking/syrian-hackers-retaliate--deface-anonymous--social-network.html; https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
724,U.S.Army Website Hack 2015,US Army website defaced by Syrian Electronic Army,2015-06-08,2015-08-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Military,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),1,863,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,https://www.forbes.com/sites/katevinton/2015/06/08/syrian-electronic-army-claims-responsibility-for-hacking-army-website/#a0c6557197f0,System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/world-us-canada-33058755; https://www.forbes.com/sites/katevinton/2015/06/08/syrian-electronic-army-claims-responsibility-for-hacking-army-website/#a0c6557197f0,2022-08-15,2022-11-02
729,Anonymous vs. Canadian Government,Anonymous attacked Canadian networks in response to an Anti-Terror Law,2015-06-17,2015-06-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Canada,NATO; NORTHAM,State institutions / political system; State institutions / political system,Government / ministries; Intelligence agencies,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,868,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-canada-cyberattack/canada-government-websites-taken-down-in-cyber-attack-idUSKBN0OX2GI20150617,2022-08-15,2022-11-02
726,AnonGhost attacks US Air Force Website,Pro-Palestine Group Hacks Subdomains of US Air Force Website,2015-06-10,2015-10-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Military,AnonGhost,Unknown,Non-state-group,Hacktivist(s),1,865,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,AnonGhost,Unknown,Non-state-group,,System / ideology; Secession,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/us-air-force-hacked-website-hacked/,2022-08-15,2022-11-02
1202,FSB data breach,The unidentified group 0v1ru$ managed to access important data of the Russian FSB,2019-07-13,2019-07-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Intelligence agencies,0v1ru$; Digital Revolution,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,1419; 1419,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,0v1ru$; Digital Revolution,Unknown; Unknown,Non-state-group; Non-state-group,https://www.bbc.com/russian/features-49050982,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#515475926b11; https://www.bbc.com/russian/features-49050982,2022-08-15,2022-11-13
1204,NSO tools vs. Whatsapp users,"A spyware designed by the Israeli firm NSO group was used against various high-ranking government and military officials in countries allied to the US. Detailed attribution is unclear, but NSO says it only sells its software to governments.
In January 2023 the petition made by NSO Group to claim immunity was dismissed by the Supreme Court of the United States. The petition was made in response to a legal challenge brought in 2019 by the messaging company WhatsApp over the use of the Pegasus hacking tool to target its infrastructure and approximately 1,400 users.",2019-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,United States; United Arab Emirates; Pakistan; Mexico; Bahrain; India; Global (region),NATO; NORTHAM - ASIA; MENA; MEA; GULFC - ASIA; SASIA; SCO -  - ASIA; MENA; MEA; GULFC - ASIA; SASIA; SCO - ,State institutions / political system; Social groups; Media; State institutions / political system - State institutions / political system; Social groups; Media; State institutions / political system - State institutions / political system; Social groups; Media; State institutions / political system - State institutions / political system; Social groups; Media; State institutions / political system - State institutions / political system; Social groups; Media; State institutions / political system - State institutions / political system; Social groups; Media; State institutions / political system - State institutions / political system; Social groups; Media; State institutions / political system,Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Military - Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Military - Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Military - Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Military - Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Military - Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Military - Government / ministries; Advocacy / activists (e.g. human rights organizations); ; Military,,Unknown,State,,2,5819; 5820,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Attribution by third-party,,Not available; Not available,,,Unknown; Unknown,State; State,https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.malwarebytes.com/blog/news/2024/04/apple-warns-people-of-mercenary-attacks-via-threat-notification-system; https://www.zdnet.de/88359987/whatsapp-schwachstelle-erlaubt-installation-von-spyware/; https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup-excl/exclusive-government-officials-around-the-globe-targeted-for-hacking-through-whatsapp-sources-idUSKBN1XA27H; https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones; https://www.cyberscoop.com/meta-surveillance-for-hire-government-action/; https://therecord.media/supreme-court-dismisses-spyware-company-nso-groups-claim-of-immunity/; https://www.cyberscoop.com/supreme-court-whatsapp-nso-group-spyware/; https://twitter.com/jsrailton/status/1612467553988640768,2022-08-15,2024-03-28
1205,Ransomware Ryuk deployed against US cities,The networks of various US cities were temporarily taken down by ransomware of Russian origin.,2019-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Wizard Spider; Temp.Mixmaster,Russia; Russia,Non-state-group; Non-state-group,Criminal(s); Criminal(s),1,3806; 3806,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,Not available; Not available,,Wizard Spider; Temp.Mixmaster,Russia; Russia,Non-state-group; Non-state-group,https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/,Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://statescoop.com/recent-ransomware-surge-russian-criminal-group/; https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/; https://statescoop.com/state-local-government-urged-ransomware-defense/; https://www.bleepingcomputer.com/news/security/russian-man-pleads-guilty-to-laundering-ryuk-ransomware-money/,2022-08-15,2023-02-09
1206,APT33 vs. Saudi targets 2019,"The Iranian state-sponsored APT33 primarily hacked Saudi targets, but also targets in India and other countries, using a changed infrastructure since Recorded Future last published its activities in March 2019.",2019-05-02,2019-06-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,Saudi Arabia; India; United Arab Emirates; Egypt; Turkey; Croatia,ASIA; MENA; MEA; GULFC - ASIA; SASIA; SCO - ASIA; MENA; MEA; GULFC - MENA; MEA; AFRICA; NAF - ASIA; NATO; MEA - EUROPE; BALKANS; NATO; EU(MS),Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure; Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Critical infrastructure; Critical infrastructure,Energy; ; ; Water; Finance - Energy; ; ; Water; Finance - Energy; ; ; Water; Finance - Energy; ; ; Water; Finance - Energy; ; ; Water; Finance - Energy; ; ; Water; Finance,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,6364,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://go.recordedfuture.com/hubfs/reports/cta-2019-0626.pdf,2022-08-15,2023-03-13
1207,Gamaredon,"The Russian state-sponsored APT Gamaredon started with attacks on various targets in the Ukraine, partly with the goal of data theft, partly with the goal of increasing its offensive capabilities.",2019-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Media,Civil service / administration; Military; Police; Advocacy / activists (e.g. human rights organizations); ,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",,1,1425,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.anomali.com/files/white-papers/Anomali_Threat_Research-Gamaredon_TTPs_Target_Ukraine-WP.pdf; https://labs.sentinelone.com/pro-russian-cyberspy-gamaredon-intensifies-ukrainian-security-targeting/; https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf; https://www.cyberscoop.com/ukraine-russian-hackers-armageddon-videos-gamaredon/,2022-08-15,2023-01-20
1208,Ryuk usage against US coast guard,The networks of an US-American port authority was taken down by cybercriminals via the ryuk malware,2019-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Military,Wizard Spider; Temp.Mixmaster,Russia; Russia,Non-state-group; Non-state-group,Criminal(s); Criminal(s),1,1426; 1426,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Wizard Spider; Temp.Mixmaster,Russia; Russia,Non-state-group; Non-state-group,https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/; https://www.hhs.gov/sites/default/files/ryuk-update.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.darkreading.com/attacks-breaches/russian-national-sanctioned-for-aiding-russian-elites-ransomware-groups; https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/; https://www.bbc.com/news/technology-50972890; https://www.hhs.gov/sites/default/files/ryuk-update.pdf; https://www.bleepingcomputer.com/news/security/russian-man-pleads-guilty-to-laundering-ryuk-ransomware-money/,2022-08-15,2023-02-09
1209,Burisma Hack,The ukrainian gas company Burisman was attacked by Fancy Bear. Supposedly to find information about Joe Biden.,2019-11-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,Ukraine,EUROPE; EASTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,1,1427; 1427,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,https://www.wired.com/story/russia-burisma-hack-leaks/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2020/01/13/us/politics/russian-hackers-burisma-ukraine.html; https://www.wired.com/story/russia-burisma-hack-leaks/,2022-08-15,2022-11-02
1210,Australia Parliament hack,"Unkown actors, attributed by unknown officials allegedly Chinese, hacked into the systems of the Australian Parliament three months ahead of elections, raised fears of election interference, but no leaked data became public.",2019-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft,,Australia,OC,State institutions / political system; State institutions / political system,Legislative; Political parties,,China,State,,1,1428,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,State,https://www.reuters.com/article/us-australia-china-cyber-exclusive/exclusive-australia-concluded-china-was-behind-hack-on-parliament-political-parties-sources-idUSKBN1W00VF,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.abc.net.au/news/2019-02-08/china-government-cyber-security-breach-parliament-hackers/10792938; https://www.reuters.com/article/us-australia-china-cyber-exclusive/exclusive-australia-concluded-china-was-behind-hack-on-parliament-political-parties-sources-idUSKBN1W00VF,2022-08-15,2022-11-02
1211,Lazarus turns against Russia,The north-Korean APT attacked Russian companies with previously used tools,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,1429,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://research.checkpoint.com/2019/north-korea-turns-against-russian-targets/,2022-08-15,2022-11-02
1212,Fancy Bear Summer Campaign,In Summer 2019 the Russian APT Fancy Bear attacked various embassies of Eastern European and Central Asian countries.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Eastern Europe; Central Asia (region), - ,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries;  - Government / ministries; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1430,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/,2022-08-15,2022-11-02
1213,Amnesty Hongkong Hack,The hongkong part of amnesty international was the target of an attack by a Chinese APT .,2019-03-15,2019-03-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,Hong Kong,ASIA,Social groups,Advocacy / activists (e.g. human rights organizations),,China,"Non-state actor, state-affiliation suggested",,1,1431,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",,System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.amnesty.org/en/latest/news/2019/04/state-sponsored-cyber-attack-hong-kong/,2022-08-15,2022-11-02
1214,Chinese Attack against telecommunication providers,The Chinese government accessed the networks of telecommunication providers in various countries to get data about the travel routes of Uighurs.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None - None,Turkey; Kazakhstan; India; Thailand; Malaysia,ASIA; NATO; MEA - ASIA; CSTO; SCO - ASIA; SASIA; SCO - ASIA; SEA - ASIA; SCS; SEA,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation - Transportation - Transportation,,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,1432; 1433,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by third-party,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; Secession,System/ideology; Secession; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-china-cyber-uighurs/china-hacked-asian-telcos-to-spy-on-uighur-travelers-sources-idUSKCN1VQ1A5,2022-08-15,2023-01-23
1215,Telegram DDOS,An attack on the messenger service telegram took down the service for a couple of hours. The attack was linked to a Chinese state hacker group.,2019-06-12,2019-06-12,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,,Hong Kong,ASIA,Social groups; End user(s) / specially protected groups,Advocacy / activists (e.g. human rights organizations); ,,China,State,,1,1434,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,China,State,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2019/06/13/world/asia/hong-kong-telegram-protests.html,2022-08-15,2022-11-02
1216,APT  40 vs. US-Universities,APT  40 attacked American universities via spearphishing. The apparent goal was the theft of crucial information about naval research.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Data theft,,United States,NATO; NORTHAM,Science,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",,1,1435,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theverge.com/2019/3/5/18251836/chinese-hackers-us-servers-universities-military-secrets-cybersecurity,2022-08-15,2023-06-18
1217,Thrip attacks continue,The threat actor Thrip continues its attacks around South East Asia. The targets are mostly military entities and satellite providers,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Hong Kong; Indonesia; Malaysia; Philippines; Vietnam,ASIA - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Military;  - Military;  - Military;  - Military;  - Military; ,Thrip; Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1436; 1436,2019-01-01 00:00:00; 2019-01-01 00:00:00,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,Thrip; Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.bankinfosecurity.com/chinese-APT -group-thrip-powers-ahead-a-13077,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://symantec-blogs.broadcom.com/blogs/threat-intelligence/thrip-APT%20-south-east-asia; https://www.bankinfosecurity.com/chinese-APT -group-thrip-powers-ahead-a-13077,2022-08-15,2022-11-17
1218,Benny Gantz phone hack,"The phone of Netanyahus Challenger Benny Gantz was hacked, the stolen data was allegedly sold to Iranian state actors.",2019-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,Israel,ASIA; MENA; MEA,State institutions / political system,Political parties,Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of",State,,1,1437,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,"Ministry of Intelligence and Security (MOIS, Iran)","Iran, Islamic Republic of",State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jta.org/quick-reads/iran-hacked-benny-gantzs-phone-israeli-authorities-reportedly-believe; https://www.nytimes.com/2019/03/15/world/middleeast/gantz-netanyahus-challenger-faces-lurid-questions-after-iran-hacked-his-phone.html; https://www.spiegel.de/politik/ausland/israel-hacker-skandal-um-benjamin-netanyahus-gegner-benny-gantz-a-1258271.html; https://therecord.media/israel-opposition-phones-whatsapp-outage-investigation,2022-08-15,2023-09-12
1219,Cloud Atlas 2018/19,"The APT Cloud Atlas continued its campaigns against government institutions and companies across Russia, Eastern Europe and Central Asia in 2019.",2019-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,Russia; Portugal; Ukraine; Romania; Turkey; Turkmenistan; Afghanistan,EUROPE; EASTEU; CSTO; SCO - EUROPE; NATO; EU(MS) - EUROPE; EASTEU - EUROPE; BALKANS; NATO; EU(MS) - ASIA; NATO; MEA - ASIA - ASIA; SASIA,State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ; Defence industry; Religious;  - Government / ministries; ; Defence industry; Religious;  - Government / ministries; ; Defence industry; Religious;  - Government / ministries; ; Defence industry; Religious;  - Government / ministries; ; Defence industry; Religious;  - Government / ministries; ; Defence industry; Religious;  - Government / ministries; ; Defence industry; Religious; ,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,1,5431; 5431,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securelist.com/recent-cloud-atlas-activity/92016/; https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html,2022-08-15,2024-03-20
1220,Charming Kitten Election Interference,The Iranian State APT Charming Kitten restarted attack campaigns against Iranian dissidents and started to influence elections,2019-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,None - None - None - None,"United States; Mena Region (region); France; Iran, Islamic Republic of",NATO; NORTHAM -  - EUROPE; NATO; EU(MS); WESTEU - ASIA; MENA; MEA,Social groups; Science - Social groups; Science - Social groups; Science - Social groups; Science,Political opposition / dissidents / expats;  - Political opposition / dissidents / expats;  - Political opposition / dissidents / expats;  - Political opposition / dissidents / expats; ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1439; 1439,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Ministry of Intelligence and Security (MOIS, Iran)","Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2-1.pdf; https://www.darkreading.com/threat-intelligence/disinformation-attacks-threaten-us-midterm-elections,2022-08-15,2024-02-01
1221,National Association of Manufacturers vs. Chinese Hackers,Hackers of Chinese origin attacked the networks of the American National association of Manufacturers during the talks about trade between the US and China,2019-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,United States,NATO; NORTHAM,Social groups,Other social groups,,China,State,,1,1440,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,,China,State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-usa-trade-china-cyber-exclusive/exclusive-u-s-manufacturing-group-hacked-by-china-as-trade-talks-intensified-sources-idUSKBN1XN1AY?il=0,2022-08-15,2022-11-02
1222,Golden Falcon Surveillance in Kazakhstan,"Many sectors in Kazakhstan were surveilled and hacked by the threat actor Golden Falcon, which may be linked to the Kazakh government.",2019-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Kazakhstan,ASIA; CSTO; SCO,State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science; Other,Government / ministries; Military; Election infrastructure / related systems; Religious; Political opposition / dissidents / expats; ; ; ; ,APT-C-34/Golden Falcon,Kazakhstan,State,,1,1441,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-34/Golden Falcon,Kazakhstan,State,https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/; https://cyware.com/news/pan-country-cyberattack-operation-unidentified-actors-worries-kazakhstan-5436b277,2022-08-15,2022-11-02
1203,Anti-Propaganda Operation by the US,The United States attacked the Iran after the physical attacks of Iran on the Saudi oil facilities. The strike was focused on reducing the propaganda capabilities of the Iran,2019-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,,,United States,State,,1,1420,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,,United States,State,,System / ideology; International power,System/ideology; International power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-usa-iran-military-cyber-exclusive/exclusive-u-s-carried-out-secret-cyber-strike-on-iran-in-wake-of-saudi-oil-attack-officials-idUSKBN1WV0EK,2022-08-15,2022-11-02
1201,Baltimore hack,Unknown actors took down almost the complete network of the US-American city of Baltimore. Links to the NSA software EternalBlue that was leaked on the internet remain inconclusive,2019-05-06,2019-05-21,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Government / ministries; Civil service / administration,Robin Hood,Unknown,Individual hacker(s),,1,1418,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,Robin Hood,Unknown,Individual hacker(s),https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html; https://krebsonsecurity.com/2019/06/report-no-eternal-blue-exploit-found-in-baltimore-city-ransomware/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html; https://krebsonsecurity.com/2019/06/report-no-eternal-blue-exploit-found-in-baltimore-city-ransomware/; https://www.facebook.com/CharmTVBaltimore/videos/1092989207540670/,2022-08-15,2022-11-02
727,Lov3rDns vs. Obama Campaign,"Obama’s Election Campaign Social Network Domain Hacked by Yemeni Hacker""Lov3rDns""",2015-06-11,2015-11-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Political parties,Lov3rDns,Yemen,Individual hacker(s),,1,866,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Lov3rDns,Yemen,Individual hacker(s),,System / ideology,National power; Subnational predominance,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/obama-election-social-network-hacked-yemen-hacker/,2022-08-15,2022-11-02
1200,APT32 vs. Global car manufacturers,The vietnamese state-sponsored group Ocean Lotus/APT32 managed to hack 5-10 car manufacturers globally via freely available tools,2019-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Global (region),,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT 32/Ocean Lotus,Vietnam,"Non-state actor, state-affiliation suggested",,1,1417,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 32/Ocean Lotus,Vietnam,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://www.cyberscoop.com/apt32-ocean-lotus-vietnam-car-companies-hacked/; https://www.br.de/nachrichten/wirtschaft/fr-autoindustrie-im-visier-von-hackern-bmw-ausgespaeht,RjnLkD4",2022-08-15,2022-11-02
1181,BITTER ArtraDownloader,The hacking group BITTER gained access into governemental and commercial entities in Pakistan and Saudi Arabia.,2018-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Pakistan; Saudi Arabia,ASIA; SASIA; SCO - ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Energy;  - Government / ministries; Energy; ,BITTER,India; South Asia (region),Unknown - not attributed,,1,1394; 1394,NaT; NaT,"Attribution given, type unclear; Attribution given, type unclear",Media-based attribution; Media-based attribution,,,,BITTER; BITTER,India; South Asia (region),Unknown - not attributed; Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/,2022-08-15,2023-03-27
1182,Ocean Lotus Espionage,"The state-sponsored Vietnamese hacking group ""OceanLotus"" conducted an espionage campaign on the vietnamese activist Bui Thanh Hieu in Germany, the organization Vietnamese Overseas Intitative for Conscience Empowerment (VOICE) in the Phillipines and an unnamed activist in Vietnam.",2018-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Vietnam,ASIA; SCS; SEA,Social groups,Advocacy / activists (e.g. human rights organizations),Ocean Lotus/APT 32/Cobalt Kitty; CyberOne Group,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1395; 1395,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Ocean Lotus/APT 32/Cobalt Kitty; CyberOne Group,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.amnesty.org/en/latest/research/2021/02/click-and-bait-vietnamese-human-rights-defenders-targeted-with-spyware-attacks/,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.amnesty.org/en/latest/news/2021/02/viet-nam-hacking-group-targets-activist/; https://www.heise.de/news/Ocean-Lotus-Cyberangriffe-auf-Aktivisten-aus-Vietnam-in-Deutschland-5063674.html; https://www.amnesty.org/en/latest/research/2021/02/click-and-bait-vietnamese-human-rights-defenders-targeted-with-spyware-attacks/,2022-08-15,2022-11-02
1183,North African Fox Espionage campaign,"The algerian hacking group ""North African Fox"" targets military entities in Arab countries.",2018-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Jordan; Algeria,ASIA; MENA; MEA - AFRICA; NAF; MENA,State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups,Military;  - Military; ,APT-C-44/North African Fox,Algeria,State,,1,1396,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-44/North African Fox,Algeria,State,https://blogs.360.cn/post/APT-C-44.html; https://twitter.com/campuscodi/status/1324562652815790083,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blogs.360.cn/post/APT-C-44.html; https://twitter.com/campuscodi/status/1324562652815790083,2022-08-15,2022-11-02
1184,Rancor Phishing,The Chinese threatactor Rancor accessed cambodian government networks via an spearphishing campaign,2018-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking with Misuse,,Southeast Asia (region),,State institutions / political system,Government / ministries,Rancor,China,Unknown - not attributed,,1,1397,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Rancor,China,Unknown - not attributed,https://research.checkpoint.com/2019/rancor-the-year-of-the-phish/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyberscoop.com/rancor-group-check-point-phishing-emails/; https://research.checkpoint.com/2019/rancor-the-year-of-the-phish/,2022-08-15,2022-11-02
1185,"Pharmaceutical Company ""Bayer"" hack","Chinese state-sponsored hacker group ""Winnti"" breached into computer systems of German pharmaceutical company Bayer, according to the company no data was stolen.",2018-01-01,2019-03-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Hijacking without Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Health,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,2,1398; 1399,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker; IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://web.br.de/interaktiv/winnti/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://web.br.de/interaktiv/winnti/,2022-08-15,2022-11-02
1186,FunnyDream,Chinese hacking group gained access into more than 200 network systems of government entities in Southeast Asia.,2018-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Southeast Asia (region); Malaysia; Taiwan; Philippines; Vietnam, - ASIA; SCS; SEA - ASIA; SCS - ASIA; SCS; SEA - ASIA; SCS; SEA,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries,Funny Dream,China,"Non-state actor, state-affiliation suggested",,1,1400,2020-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,Funny Dream,China,"Non-state actor, state-affiliation suggested",https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT .pdf,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/more-than-200-systems-infected-by-new-chinese-APT%20-funnydream/; https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT .pdf,2022-08-15,2022-11-02
1187,Chafer vs. Kuwait,Iran-linked hacking group APT39/Chafer targeted the computer systems of kuwaiti government and air transportation.,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Kuwait,ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure,Government / ministries; Transportation,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1401,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/103556/apt/chafer-apt-kuwait-saudi-arabia.html; https://www.bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf,2022-08-15,2022-11-02
1188,NavRAT,"North Korean state-sponsored hackers compromised the network systems of south Korean targets with a remote access trojan called ""NavRAT"" in order to steal information.",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,End user(s) / specially protected groups,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1402,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/2018/05/navrat.html?m=1; https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.talosintelligence.com/2018/05/navrat.html?m=1; https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html,2022-08-15,2022-11-02
1189,Chilean Redbanc,"The North Korean state-sponsored hacking group ""Lazarus Group"" gained access to the network systems of the Chilean company Redbanc, which interconnects the ATM infrastructure of all Chilean banks.",2018-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Chile,SOUTHAM,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,6365,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/; https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/,2022-08-15,2023-02-01
1190,Dark Hotel exploitation,Korean hacking group Dark Hotel utilized an Internet Explorer vulnerability to target companies in South Korea and Japan.,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,"Korea, Republic of; Japan",ASIA; SCS; NEA - ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux,"Korea, Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1404,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux,"Korea, Republic of","Non-state actor, state-affiliation suggested",https://blog.confiant.com/internet-explorer-cve-2019-1367-in-the-wild-exploitation-prelude-ef546f19cd30,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.confiant.com/internet-explorer-cve-2019-1367-in-the-wild-exploitation-prelude-ef546f19cd30,2022-08-15,2022-11-02
1191,"Hacking-for-Hire group Bahamut aka ""The White Company"" continued its cyber-espionage campaigns against various targets in the Persian Gulf and South Asia in 2020","The hacking-for-hire group Bahamut aka ""The White Company"" is behind a variety of campaigns, including malicious applications, fake news and phishing campaigns in order to access network systems and steal data with targets in South Asia and the Persian Gulf, according to Blackberry in October 2020. In contrast to previous phishing campaigns, the group focused for South Asia only on individuals ""of greater importance in private industry"". For the Persian Gulf, the group still targeted actors involved/relevant for governance-related topics with phishing. Blackberry also assigned the following industry group designations directly to Bahamut, attributing them as one and the same hacking group: The White Company, Windshift, Kaspersky’s unnamed “InPage” threat actor and Urpage. 
(This incident refers to the section ""Present Day Targeting"" in Blackberry`s report). ",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Sikhs for Justice (India) - Not available - Jamaat-ul-Islami - Jaish-e-Mohammad,Saudi Arabia; Qatar; Bahrain; Kuwait; United Arab Emirates; Not available; South Asia (region); Pakistan; Pakistan,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC -  -  - ASIA; SASIA; SCO - ASIA; SASIA; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Social groups; Social groups - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Social groups - State institutions / political system,Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Religious; Terrorist -  - Terrorist - Political parties,Bahamut/The White Company/Windshift,Unknown,"Non-state actor, state-affiliation suggested; Non-state-group",; Private technology companies / hacking for hire groups without state affiliation / research entities,1,5314; 5314,2020-10-07 00:00:00; 2020-10-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team,,United States; United States,Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state-group",https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf; https://www.reuters.com/article/blackberry-cyber-mercenary-hackers-int/mercenary-hacker-group-runs-rampant-in-middle-east-cybersecurity-research-shows-idUSKBN26S1Y3,2022-08-15,2023-08-13
1192,SEA vs. Al Swarm,"Via watering hole techniques the SEA managed to disrupt the service of the IS news-website ""Al Swarm""",2018-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,ISIS,,Social groups,Terrorist,APT-C-37; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1406; 1406,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT-C-37; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; Resources; International power,System/ideology; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blogs.360.cn/post/SEA_role_influence_cyberattacks.html#2018,2022-08-15,2022-11-02
1193,Norway government hack,Chinese state-sponsored group APT 31/Zirconium gained access into the IT network systems of the norwegian government and stole data.,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Norway,EUROPE; NATO; NORTHEU,State institutions / political system,Government / ministries,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",,1,1407,2021-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",https://www-nrk-no.translate.goog/norge/pst_-har-etterretning-om-at-kinesisk-gruppe-stod-bak-dataangrep-mot-statsforvaltere-1.15540601?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui; https://pst.no/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/norway-says-chinese-group-APT%2031-is-behind-catastrophic-2018-government-hack/; https://www-nrk-no.translate.goog/norge/pst_-har-etterretning-om-at-kinesisk-gruppe-stod-bak-dataangrep-mot-statsforvaltere-1.15540601?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui; https://pst.no/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/,2022-08-15,2024-01-11
1194,Visma hack,"Chinese state-sponsored group APT 31/Zirconium gained access into the IT network systems of the norwegian software firm Visma and stole data. In 2019, Recorded Future attributed the same operation to Chinese APT  10.",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Norway,EUROPE; NATO; NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,3,1410; 1410; 1409; 1409; 1408; 1408,2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Not available; Not available",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Contested attribution; Contested attribution,; ; ; ; ; ,; ; ; ; ; ,; ; ; ; ; ,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://pst-no.translate.goog/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui; https://www.recordedfuture.com/APT 10-cyberespionage-campaign/?__hstc=156209188.4e66ab3a14d12726bc06ec44a878904e.1634634784306.1634634784306.1634634784306.1&__hssc=156209188.1.1634634784306&__hsfp=1513977555,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.recordedfuture.com/APT%2010-cyberespionage-campaign/; https://therecord.media/norway-says-chinese-group-APT%2031-is-behind-catastrophic-2018-government-hack/; https://pst-no.translate.goog/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui; https://www.recordedfuture.com/APT 10-cyberespionage-campaign/?__hstc=156209188.4e66ab3a14d12726bc06ec44a878904e.1634634784306.1634634784306.1634634784306.1&__hssc=156209188.1.1634634784306&__hsfp=1513977555; https://securityaffairs.com/142452/apt/chinese-apts-targets-eu.html; https://twitter.com/RecordedFuture/status/1626633928327954434; https://securityaffairs.com/142698/breaking-news/security-affairs-newsletter-round-408-by-pierluigi-paganini.html,2022-08-15,2023-02-20
1195,BITTER vs. China,"The hacking group ""BITTER"" targeted Chinese military industry personel with the malware called SlideRat.",2019-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Critical infrastructure,Government / ministries; Defence industry,Man Linghua/ APT-C-08; BITTER,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,2,1412; 1412; 1411; 1411,NaT; NaT; NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,; ; ; ,; ; ; ,; ; ; ,Man Linghua/ APT-C-08; BITTER; Man Linghua/ APT-C-08; BITTER,Unknown; Unknown; India; India,Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,https://blogs.360.cn/post/analysis_of_APT_C_08.html; https://www.anomali.com/blog/suspected-bitter-apt-continues-targeting-government-of-china-and-chinese-organizations#When:19:24:00Z,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blogs.360.cn/post/analysis_of_APT_C_08.html; https://www.anomali.com/blog/suspected-bitter-apt-continues-targeting-government-of-china-and-chinese-organizations#When:19:24:00Z,2022-08-15,2023-03-27
1196,DDOS-Attacks on Ukrainian Electoral commission,"Russian Hackers, attributed by the ukrainian government to be part of the Russian state, took down the infrastructure of the ukrainian electoral commission.",2019-02-24,2019-02-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system,Election infrastructure / related systems,,Russia,State,,1,1413,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Russia,State,,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://en.interfax.com.ua/news/general/568710.html,2022-08-15,2022-11-02
1197,Iran hacks on Bahrain,Over the course of the summer of 2019 hackers alleged to be Iranian government supported accessed various important parts of the Bahrainian state networks,2019-07-25,2019-08-05,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,,Bahrain,ASIA; MENA; MEA; GULFC,State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Intelligence agencies; Energy,,"Iran, Islamic Republic of",State,,1,1414,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,"Iran, Islamic Republic of",State,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jpost.com/Middle-East/Wall-Street-Journal-reports-Bahrain-targeted-by-Iranian-cyber-attacks-598190,2022-08-15,2022-11-02
1198,USA cyberattack against Iranian military,"The American military managed to shut down a database of Iran, which was used to target oil tankers",2019-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,Military,US CYCOM,United States,State,,1,1415,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,US CYCOM,United States,State,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html; https://www.timesofisrael.com/us-cyber-attack-said-to-have-disabled-irans-ability-to-target-oil-tankers/,2022-08-15,2023-03-13
1199,OPIsrael 2019 Preperatory Stage,"Hamas-affiliated Hacktivists created backdoors in the networks of israelian companies, to use them in the OpIsrael 2019 event",2019-04-02,2019-04-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Giant-PS; Hamas affiliated,Palestine; Palestine,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),1,1416; 1416,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Giant-PS; Hamas affiliated,Palestine; Palestine,Non-state-group; Non-state-group,,System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.haaretz.com/israel-news/.premium-pro-palestinian-hackers-breach-120-israeli-websites-1.7084034,2022-08-15,2022-11-02
1223,Sandworm vs. Georgia - 2019,On the 28th October 2019 many websites in Georgia were taken down by an coordinated attack. The US and many of its allies attributed this to Sandworm,2019-10-28,2019-10-28,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Georgia,ASIA; CENTAS,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Election infrastructure / related systems; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU Unit 74455",Russia; Russia,State; State,,2,3237; 3237; 3236; 3236,2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,; ; ; ,Not available; Not available; Not available; Not available,; ; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU Unit 74455; Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU Unit 74455",Russia; Russia; Russia; Russia,State; State; State; State,https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.nytimes.com/2020/02/20/world/europe/georgia-cyberattack-russia.html; https://www.gov.pl/web/diplomacy/statement-of-the-polish-mfa-on-cyberattacks-against-georgia,International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bbc.com/news/technology-50207192; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.nytimes.com/2020/02/20/world/europe/georgia-cyberattack-russia.html; https://www.gov.pl/web/diplomacy/statement-of-the-polish-mfa-on-cyberattacks-against-georgia; https://www.consilium.europa.eu/en/press/press-releases/2020/02/21/declaration-by-the-high-representative-on-behalf-of-the-european-union-call-to-promote-and-conduct-responsible-behaviour-in-cyberspace/; https://www.techrepublic.com/article/sandworm-threat-actor-disrupts-power-ukraine/; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/,2022-08-15,2023-11-14
1224,Attack on Czech MFA,Czech Authorities blame the GRU`s Fancy bear for a DDoS-Attack against the Czech Ministry of Foreign Affairs.,2019-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft,,Czech Republic,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Government / ministries,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,1,1444; 1444,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,https://www.prosyscom.tech/cyber-security/the-czech-republic-again-accused-russia-of-hacker-attacks/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-czech-security-cyber/foreign-power-was-behind-cyber-attack-on-czech-ministry-senate-idUSKCN1V31DS?il=0; https://www.prosyscom.tech/cyber-security/the-czech-republic-again-accused-russia-of-hacker-attacks/,2022-08-15,2022-11-02
1225,Totok App Surveillance,A private company directly connected to the ARE government developed and distributed a messenger app designed to conduct surveillance against ARE citizens.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None,United Arab Emirates; Global (region),ASIA; MENA; MEA; GULFC - ,End user(s) / specially protected groups - End user(s) / specially protected groups, - ,Breej Holding; DarkMatter,United Arab Emirates; United Arab Emirates,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1445; 1445,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Attribution by third-party,,,,Breej Holding; DarkMatter,United Arab Emirates; United Arab Emirates,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html,2022-08-15,2022-11-02
1226,Great Cannon strikes on Hongkong,"The Chinese government DDOSed the Hongkong-Website LIHKG via a man-in-the-middle-attack, injecting malicious webcode in javascript-scripts on certain webpages.",2019-08-31,2019-11-27,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,Hong Kong,ASIA,Social groups; Social groups; End user(s) / specially protected groups,Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ,,Unknown,Unknown - not attributed,,2,1447; 1446,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Media-based attribution,,,,,Unknown; China,Unknown - not attributed; State,https://citizenlab.ca/2015/04/chinas-great-cannon/,System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/; https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again; https://citizenlab.ca/2015/04/chinas-great-cannon/,2022-08-15,2023-03-02
1249,Seedworm,"Iranian hacking group Seedworm/MuddyWater hacked into government entities and telecommunications operators in Iraq, Kuwait, Turkey, ARE and Georgia as part of a cyber espionage campaign.",2019-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Iraq; Turkey; Kuwait; United Arab Emirates; Georgia,ASIA; MENA; MEA - ASIA; NATO; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; CENTAS,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,Government / ministries; Telecommunications - Government / ministries; Telecommunications - Government / ministries; Telecommunications - Government / ministries; Telecommunications - Government / ministries; Telecommunications,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1473,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyberscoop.com/muddywater-iran-symantec-middle-east/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east,2022-08-15,2023-10-26
1250,Chinese espionage campaign against japanese organizations,Chinese hacking group Cicada/ APT 10 gained access into network systems and stole credential information from japanese companies in 17 regions and multiple sectors.,2019-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Japan,ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,1,1474,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-APT 10-japan-espionage,System / ideology; International power,Territory; Resources; International power; Other,; ; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/chinese-hackers-target-japanese-organizations-large-scale-campaign; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-APT 10-japan-espionage,2022-08-15,2022-11-02
1251,Ocean Lotus Fake Websites,"The state-sponsored vietnamese hacking group ""OceanLotus"" created websites for the vietnamese public and Southeast Asia in general to steal information about persons of interest.",2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Southeast Asia (region); Vietnam, - ASIA; SCS; SEA,End user(s) / specially protected groups - End user(s) / specially protected groups, - ,Ocean Lotus/APT 32,Vietnam,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1475,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ocean Lotus/APT 32,Vietnam,"Non-state actor, state-affiliation suggested",https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyberscoop.com/vietnam-hacking-oceanlotus-apt32-fake-news/; https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/,2022-08-15,2022-11-02
1252,HpReact,APT-C-43 steals Venezuelan military secrets to provide intelligence support for the coup.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Venezuela,SOUTHAM,State institutions / political system,Military,APT-C-43/El Machete,Colombia,"Non-state actor, state-affiliation suggested",,1,1476,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-43/El Machete,Colombia,"Non-state actor, state-affiliation suggested",https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/,National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/,2022-08-15,2022-11-02
1253,MoleRats Espionage 2019,The arabic-speaking hacking group MoleRATs/ Gaza Cybergang conducted an espionage campaign on entities and individuals related to the Palestinian Authority.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Palestine,ASIA; MENA; MEA,State institutions / political system; End user(s) / specially protected groups,Government / ministries; ,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,Hacktivist(s),1,17184,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one,2022-08-15,2024-02-16
1254,Russian APT29 targeted entities worldwide during the supply-chain cyber espionage campaign Solarwinds starting in 2019,"The Russian government-linked hacking group ""Cozy Bear"" (aka APT29/The Dukes) and an unknown Hacker/ hacking group used the SolarWinds Supply Chain vulnerability to compromise multiple targets worldwide. Mandiant confirmed attribution statements made by the US government that the activity of the UNC2452 (aka Dark Halo) hacking group in the Solarwinds attack was conducted by the Russian-based espionage group, APT29.

The Russian threat actors behind the SolarWinds attack appear to deploy a Nobelium infrastructure, which the Recorded Future Insikt Group calls SOLARDEFLECTION, and ""encompasses command and control (C2) infrastructure."" The Insikt Group issued a report on Nobelium in May 2022 that notes that they have ""made extensive use of typosquat domains in SSL certificates and will likely continue to use deceptive techniques, including typosquat redirection, when using Cobalt Strike tooling.""

In January 2021, investors in SolarWinds sued the company, alleging that they had been misled by SolarWinds before the attack regarding security measures that the company had in place; on 28 October 2022, SolarWinds reached a settlement deal with the investors, agreeing to pay out over $26 million in the wake of the attack. The same day, the Securities and Exchange Commission (SEC) warned the company that it may face further investigation and punishments. This investigation was regarding potential violations of laws surrounding the disclosure of cyberattacks. On 30 October 2023, the investigation was concluded and resulted in charges against both SolarWinds itself and its Chief Information Security Officer (CISO), with the SEC filing stating that they violated two securities laws by ""overstating its cybersecurity practices and understating or failing to disclose known risks,"" alleging that SolarWinds knew of potential security risks and deficiencies but misled investors through only stating broad, ""hypothetical"" risks.",2019-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim; Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,EU (region); United States; United States; United States; United States; United States; United Kingdom; United States; United States; Global (region), - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM - NATO; NORTHAM - ,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science, - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Civil service / administration -  - Government / ministries - Government / ministries - Government / ministries; Finance; Other social groups; ; ; ,,Russia,State,,7,14492; 14492; 14488; 14488; 14489; 14486; 14491; 14490; 14487,2021-04-15 00:00:00; 2021-04-15 00:00:00; 2021-02-23 00:00:00; 2021-02-23 00:00:00; 2021-01-05 00:00:00; 2022-04-27 00:00:00; 2020-12-13 00:00:00; 2021-04-15 00:00:00; 2021-04-15 00:00:00,"Political statement / report (e.g., on government / state agency websites); Domestic legal action; Domestic legal action; Domestic legal action; Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by receiver government / state entity,"Joe Biden (President, USA); Joe Biden (President, USA); Mandiant; Microsoft; Cyber Unified Coordination Group (UCG); Mandiant; Mandiant; Government of Canada; UK government",Not available; Not available; ; ; Not available; ; ; Not available; Not available,United States; United States; United States; United States; United States; United States; United States; Canada; United Kingdom,; ; ; ; ; ; ; ; ,Russia; Russia; Russia; Russia; Russia; Russia; Not available; Russia; Russia,"State; State; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Unknown - not attributed; State; State",https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/; https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html; https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF; https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29,System / ideology; International power,Unknown,,Unknown,,7,2020-12-21 00:00:00; 2021-02-23 00:00:00; 2021-04-15 00:00:00; 2021-04-15 00:00:00; 2021-04-15 00:00:00; 2021-04-15 00:00:00; 2021-04-15 00:00:00,State Actors: Preventive measures; State Actors: Legislative reactions; State Actors: Stabilizing measures; EU: Stabilizing measures; International organizations: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures,Awareness raising; Parliamentary investigation committee; Statement by head of state/head of government (or executive official); Declaration of HR; Statement by secretary-general or similar; Statement by minister of foreign affairs (or spokesperson); Statement by head of state/head of government (or executive official),United States; United States; United States; EU (region); NATO (region); Canada; United Kingdom,"Federal Bureau of Investigation (FBI); US Senate; Joe Biden (President, USA); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); North Atlantic Treaty Organization (NATO); Government of Canada; UK government",No,,Supply Chain Compromise,Data Exfiltration,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,13.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",501-10000,0.0,21-50,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage,,Not available,2,2021-04-15 00:00:00; 2023-10-30 00:00:00,"Peaceful means: Retorsion (International Law); Other legal measures on national level (e.g. law enforcement investigations, arrests)",Economic sanctions; ,United States; United States,US Department of the Treasury; Securities and Exchange Commission (SEC),Cyber espionage; Sovereignty,,Countermeasures under international law justified (state-atttribution & breach of international law),,"https://cyberscoop.com/white-house-cybersecurity-strategy/; https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/; https://therecord.media/treasury-department-hits-russian-disinformation-operators-with-sanctions/; https://twitter.com/DigitalPeaceNow/status/1630705797964390401; https://twitter.com/DigitalPeaceNow/status/1630705797964390401; https://krebsonsecurity.com/2023/03/highlights-from-the-new-u-s-cybersecurity-strategy/; https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy; https://cyberscoop.com/easterly-cisa-budget-china-biden/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack; https://cyberscoop.com/3cx-hack-supply-chain-north-korea/; https://www.darkreading.com/endpoint/automatic-officlal-updates-malicious-3cx-enterprises; https://socradar.io/learnworlds-users-at-risk-numerous-vulnerabilities-uncovered/; https://www.microsoft.com/en-us/security/blog/2023/04/06/devops-threat-matrix/; https://thehackernews.com/2023/04/russia-linked-hackers-launches.html; https://www.darkreading.com/operations/marlinspike-adds-charles-carmakal-to-its-advisory-board; https://socradar.io/rise-of-malicious-packages-in-devops/; https://twitter.com/DarkReading/status/1650627226939924480; https://www.wired.com/story/minneapolis-public-schools-ransomware-attack/; https://twitter.com/KimZetter/status/1653394852019830786; https://www.darkreading.com/attacks-breaches/china-innovated-its-cyberattack-tradecraft-mandia-says; https://www.databreaches.net/the-untold-story-of-the-boldest-supply-chain-hack-ever/; https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/; https://www.schneier.com/blog/archives/2023/05/solarwinds-detected-six-months-earlier.html; https://www.darkreading.com/vulnerabilities-threats/anatomy-of-a-malicious-package-attack; https://twitter.com/ciaranmartinoxf/status/1654137678743457793; https://twitter.com/KimZetter/status/1658899848308072449; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-10-supply-chain-attacks/; https://www.gao.gov/products/gao-22-104746; https://www.darkreading.com/application-security/cycode-launches-ci-cd-pipeline-monitoring-solution-cimon-to-prevent-supply-chain-attacks; https://www.govinfosecurity.com/sec-alleges-solarwinds-cfo-ciso-violated-us-securities-laws-a-22367; https://www.darkreading.com/operations/solarwinds-execs-targeted-sec-ceo-fight; https://www.darkreading.com/attacks-breaches/fda-sbom-mandate-changes-oss-security; https://www.databreaches.net/wells-notice-against-solarwinds-ciso-could-be-first-of-its-kind/; https://www.wired.com/story/cyberstalking-first-amendment-us-supreme-court-security-roundup/; https://www.govinfosecurity.com/cisas-new-cybersentry-program-to-tighten-ics-security-a-22435; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://socradar.io/credential-theft-attacks-surge-microsoft-raises-red-flag-on-midnight-blizzard-apt29/; https://www.darkreading.com/endpoint/solarwinds-attackers-bmws-spy-diplomats; https://cyberscoop.com/microsoft-china-hacking-state/; https://www.hackread.com/phishers-diplomats-kyiv-fake-2011-bmw-flyers/; https://cyberscoop.com/microsoft-cloud-breach-china/; https://www.darkreading.com/cloud/microsoft-365-breach-risk-widens-millions-of-azure-ad-apps; https://www.darkreading.com/perimeter/senator-microsoft-negligence-365-email-breach; https://www.bleepingcomputer.com/news/security/russian-hackers-target-govt-orgs-in-microsoft-teams-phishing-attacks/; https://www.hackread.com/microsoft-teams-rissia-midnight-blizzard/; https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html; https://www.wired.com/story/cloudzy-state-sponsored-hackers-roundup/; https://www.malwarebytes.com/blog/news/2023/08/microsoft-teams-used-in-phishing-campaign-to-bypass-multi-factor-authentication; https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html; https://www.darkreading.com/application-security/owasp-lead-gaping-hole-software-supply-chain-security; https://socradar.io/the-black-box-of-github-leaks-analyzing-companies-github-repos/; http://www.defenseone.com/ideas/2023/08/4-ways-defense-spending-bill-could-have-addressed-ai-other-issues-boost-cybersecurity/389586/; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-supply-chain-attacks/; https://www.darkreading.com/edge-articles/cybersecurity-builds-trust-in-critical-infrastructure; https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023; https://www.bleepingcomputer.com/news/security/progress-warns-of-maximum-severity-ws-ftp-server-vulnerability/; https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace; https://therecord.media/teamcity-vulnerability-targeted-by-nk-hackers; https://www.darkreading.com/edge/securing-cloud-identities-to-protect-assets-and-minimize-risk; https://www.c4isrnet.com/federal-oversight/doj-fbi/2023/10/31/sec-sues-solarwinds-for-alleged-cyber-neglect-ahead-of-russian-hack/; https://www.spiegel.de/netzwelt/netzpolitik/solarwinds-sec-verklagt-softwarefirma-wegen-falscher-sicherheitsversprechen-a-e0d2cfe2-0524-4ee0-b78d-279f402e6f06; https://cyberscoop.com/sec-sues-solarwinds-and-ciso-for-fraud/; https://www.darkreading.com/attacks-breaches/sec-charges-against-solarwinds-ciso-send-shockwaves-through-security-ranks; https://arstechnica.com/tech-policy/2023/10/sec-sues-solarwinds-and-ciso-says-they-ignored-flaws-that-led-to-major-hack/; https://www.malwarebytes.com/blog/news/2023/11/solarwinds-and-its-ciso-accused-of-misleading-investors-before-major-cyberattack; https://www.wired.com/story/flipper-zero-iphone-dos-attack-security-roundup/; https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-october-30-november-5-2; https://www.darkreading.com/risk/sec-suit-ushers-in-new-era-of-cyber-enforcement; https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf; https://www.theregister.com/2022/11/04/solarwinds_settlement_sec_enforcement/?utm_source=substack&utm_medium=email; https://www.cybersecuritydive.com/news/sec-solarwinds-ciso-cfo-orion/653864/?utm_source=substack&utm_medium=email; https://www.sec.gov/news/press-release/2023-227; https://cyberscoop.com/edr-vulnerability-management-report/; https://www.bleepingcomputer.com/news/security/cisa-russian-hackers-target-teamcity-servers-since-september/; https://www.channelnewsasia.com/business/us-officials-say-russian-targeting-jetbrains-servers-potential-solarwinds-style-operations-3987511; https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html; https://therecord.media/cyber-espionage-campaign-embassies-apt29-cozy-bear; https://cyberscoop.com/csrb-hearing-authority-transparency/; https://www.ilpost.it/2024/01/20/attacco-hacker-russi-microsoft/; https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html; https://www.business-standard.com/world-news/russia-linked-group-attacked-corporate-systems-hacked-emails-microsoft-124012000068_1.html; https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html; https://www.boursier.com/actualites/economie/e-mails-pirates-hackers-russes-ce-que-l-on-sait-de-la-cyberattaque-qui-a-vise-microsoft-50480.html; https://www.01net.com/actualites/hackers-russes-pirate-microsoft-mot-passe-epu-securise.html; https://www.computerweekly.com/news/366567100/SolarWinds-hackers-attack-Microsoft-in-apparent-recon-mission; https://webrazzi.com/2024/01/22/microsoftun-kurumsal-e-posta-hesaplari-hacklendi/; https://therecord.media/russian-hackers-accessed-emails-of-senior-microsoft-leaders; https://www.aksiyon.com.tr/rus-bilgisayar-korsanlari-microsoft-a-saldirdi-13537; https://thehackernews.com/2024/01/the-unknown-risks-of-software-supply.html; https://therecord.media/hpe-tells-sec-breached-by-cozy-bear; https://www.bleepingcomputer.com/news/security/hpe-russian-hackers-breached-its-security-teams-email-accounts/; https://new.qq.com/rain/a/20240126A04VZ800; https://securityaffairs.com/158164/apt/midnight-blizzard-apt-cyberespionage.html; https://www.01net.com/actualites/microsoft-revele-comment-pirates-midnight-russes-pirate-messagerie.html; https://www.schneier.com/blog/archives/2024/01/microsoft-executives-hacked.html; https://www.silicon.de/41711715/zero-trust-verhinderung-von-angriffen-auf-software-lieferkette; https://www.automation.com/en-us/articles/january-2024/industry-protect-critical-infrastructure-2024; https://www.phillyvoice.com/cybersecurity-101-safeguarding-your-digital-life-cyber-shadows/; https://www.computerworld.dk/art/285960/solarwinds-raser-over-retssag-mod-selskabet-og-dets-ciso-sagen-boer-skrottes; https://www.portail-ie.fr/non-classe/2024/apt29-suspecte-dune-nouvelle-cyberattaque-contre-une-entreprise-americaine/; https://www.infoworld.com/article/3712543/protecting-against-software-supply-chain-attacks.html; https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/enhancing-software-supply-chain-security-navigating-slsa-standards-and-the-mitre-att-and-ck-framework; https://www.etnews.com/20240205000213; https://www.bleepingcomputer.com/news/security/hpe-investigates-new-breach-after-data-for-sale-on-hacking-forum/; https://www.lemondeinformatique.fr/actualites/lire-solarwinds-rejette-les-accusations-de-la-sec-sur-sa-gestion-d-une-cyberattaque-92881.html; https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bugs-in-access-rights-audit-solution/; https://www.larazon.es/emergente/10-ciberataques-rusos-mas-potentes-ultimos-tiempos_2024021765cb12e94129260001b2e1c4.html; https://cyberscoop.com/microsoft-logging-cisa-omb/; https://www.malwarebytes.com/blog/news/2023/02/how-to-protect-your-business-from-supply-chain-attacks; https://www.canada.ca/en/global-affairs/news/2021/04/statement-on-solarwinds-cyber-compromise.html; https://therecord.media/solarwinds-hack-affected-six-eu-agencies/; https://www.bbc.com/news/technology-55318815; https://www.bleepingcomputer.com/news/security/nsa-shares-supply-chain-security-tips-for-software-suppliers/; https://www.ic3.gov/Media/News/2020/201229.pdf; https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/; https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise; https://www.consilium.europa.eu/en/press/press-releases/2021/04/15/declaration-by-the-high-representative-on-behalf-of-the-european-union-expressing-solidarity-with-the-united-states-on-the-impact-of-the-solarwinds-cyber-operation/; https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure; https://www.nato.int/cps/en/natohq/official_texts_183168.htm; https://www.c-span.org/video/?509234-1/senate-intelligence-hearing-solarwinds-hacking; https://www.businessinsider.com/cloud-software-firms-takeover-targets-acquisitions-rbc-analysts-2022-10; https://www.recordedfuture.com/solardeflection-c2-infrastructure-used-by-nobelium-in-company-brand-misuse; https://www.darkreading.com/threat-intelligence/advanced-cyberattackers-disruptive-hits-new-technologies; https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/; https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29; https://www.govinfosecurity.com/feds-warn-healthcare-over-cobalt-strike-infections-a-20242; https://www.businessinsider.com/biden-statement-solarwinds-cyberattack-trump-russia-2020-12#:~:text=President-elect%20Joe%20Biden%20released%20a%20strongly-worded%20statement%20Thursday%2C,still%20have%20not%20commented%20publicly%20on%20the%20attack.; https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF; https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html; https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/; https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html; https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022; https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/; https://twitter.com/780thC/status/1620378980758196226; https://www.bleepingcomputer.com/news/security/russian-hackers-shift-to-cloud-attacks-us-and-allies-warn/; https://cyberscoop.com/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments/; https://therecord.media/russia-svr-espionage-hacking-cloud-five-eyes-warning; https://www.kyivpost.com/post/28885; https://www.lemagit.fr/definition/Le-hack-de-SolarWinds-explique-Tout-ce-quil-faut-savoir; https://www.lemonde.fr/blog/binaire/2024/03/; https://www.techrepublic.com/article/ncsc-uk-svr-cyber-threat-actors/; https://www.watson.ch/fr/international/hacker/286092407-des-hackers-d-elite-russes-ont-pirate-microsoft; https://www.usine-digitale.fr/article/microsoft-reconnait-que-des-pirates-russes-lui-ont-vole-du-code-source-et-des-documents-sensibles.N2209713; https://www.lemonde.fr/blog/binaire/2024/03/15/quand-le-responsable-de-la-securite-informatique-doit-vraiment-aller-en-prison/; https://www.hstoday.us/subject-matter-areas/cybersecurity/article-cyber-threats-are-here-to-stay-3-tips-for-defending-u-s-critical-infrastructure-under-siege/; https://finance.yahoo.com/news/hackers-roil-entire-industries-attacks-100000390.html; https://www.channelnewsasia.com/business/sec-ramps-hack-probe-focus-tech-telecom-companies-bloomberg-news-says-4224171; https://www.schneier.com/blog/archives/2024/04/xz-utils-backdoor.html; https://cyberscoop.com/federal-government-russian-breach-microsoft/; https://formiche.net/2024/04/cyber-attacco-russia-sventato/; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/the-us-government-has-a-microsoft-problem/",2022-08-15,2023-11-30
1255,CactusPete vs. Russia and Mongolia,"The Chinese hacking group ""CactusPete"" conducted an espionage campaign against the Russian defense industry and the mongolian government.",2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Mongolia; Russia,ASIA; EASIA; NEA - EUROPE; EASTEU; CSTO; SCO,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries; Election infrastructure / related systems - Government / ministries; Election infrastructure / related systems,"Tonto Team/CactusPete/BRONZE HUNTLEY/KARMA PANDA/G0131 (PLA, Unit 65017); PLA",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1480; 1480,2020-01-01 00:00:00; 2020-01-01 00:00:00,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,"Tonto Team/CactusPete/BRONZE HUNTLEY/KARMA PANDA/G0131 (PLA, Unit 65017); PLA",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://securelist.com/cactuspete-APT -groups-updated-bisonal-backdoor/97962/; https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/; https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/cactuspete-APT%20-groups-updated-bisonal-backdoor/97962/; https://securelist.com/cactuspete-APT -groups-updated-bisonal-backdoor/97962/; https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/; https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403,2022-08-15,2022-11-02
1256,Transparent Tribe hack,The pakistani hacking group Transparent Tribe targets military targets in Afghanistan and India.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,India; Afghanistan,ASIA; SASIA; SCO - ASIA; SASIA,State institutions / political system - State institutions / political system,Military - Military,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1481,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested",https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf; https://securelist.com/transparent-tribe-part-1/98127/,System / ideology; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf; https://securelist.com/transparent-tribe-part-1/98127/,2022-08-15,2023-07-12
1257,Fishing Elephant hack,"The hacking group Fishing Elephant targets government and diplomatic entities in Turkey, Pakistan, Bangladesh, Ukraine and China.",2019-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,Pakistan; Bangladesh; Ukraine; China,ASIA; SASIA; SCO - ASIA; SASIA - EUROPE; EASTEU - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,Fishing Elephant,Unknown,Unknown - not attributed,,1,1482,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Fishing Elephant,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/apt-trends-report-q1-2020/96826/,2022-08-15,2022-11-02
1258,Chinese MSS campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2019-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None,"United States; Australia; Netherlands; Korea, Republic of",NATO; NORTHAM - OC - EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; NEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Health; ; Defence industry - Health; ; Defence industry - Health; ; Defence industry - Health; ; Defence industry,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); Dong Jiazhi",China; China,State; State,,1,13900; 13900,2020-01-01 00:00:00; 2020-01-01 00:00:00,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,Not available; Not available,United States; United States,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); Dong Jiazhi",China; China,State; State,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,2022-08-15,2023-10-26
1259,KISMET,Government-linked Saudi and Emirati hacking groups compromised the mobile devices of Al Jazeera journalists in order to steal information.,2019-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,None - None,United Kingdom; Qatar,EUROPE; NATO; EU(MS); NORTHEU - ASIA; MENA; MEA; GULFC,Media - Media, - ,MONARCHY; SNEAKY KESTREL,Saudi Arabia; United Arab Emirates,State; State,,1,8660; 8660; 8660; 8660,2020-01-01 00:00:00; 2020-01-01 00:00:00; 2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,; ; ; ,Not available; Not available; Not available; Not available,; ; ; ,MONARCHY; MONARCHY; SNEAKY KESTREL; SNEAKY KESTREL,Saudi Arabia; United Arab Emirates; Saudi Arabia; United Arab Emirates,State; State; State; State,https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/,International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.derstandard.de/story/2000122676179/schwere-iphone-luecke-zur-spionage-gegen-dutzende-journalisten-genutzt; https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/,2022-08-15,2023-03-13
1260,SectorE02 vs. Pakistani government,The hacking group SectorE02 targets the Pakistani government.,2019-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Pakistan,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Intelligence agencies,Sector E02 Group,South Asia (region),Unknown - not attributed,,1,1485,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Sector E02 Group,South Asia (region),Unknown - not attributed,https://redalert.nshc.net/2019/08/02/sectore02-updates-yty-framework-in-new-targeted-campaign-against-pakistan-government/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://redalert.nshc.net/2019/08/02/sectore02-updates-yty-framework-in-new-targeted-campaign-against-pakistan-government/,2022-08-15,2022-11-02
1261,National Revenue Agency hack,"A Hacker steals data of millions of Bulgarians from the National Revenue Agency, a department of the Bulgarian Ministry of Finance.",2019-01-01,2019-07-15,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,Bulgaria,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1486,2019-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/hacker-steals-data-of-millions-of-bulgarians-emails-it-to-local-media/; https://www.dnevnik.bg/bulgaria/2019/07/15/3938760_demokratichna_bulgariia_iska_ostavkata_na_goranov/,2022-08-15,2022-11-02
1262,LAPD hack,The Los Angeles Personnel Deparment was hacked and thousands of personal information of police officers were stolen.,2019-07-01,2019-07-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Police,,Unknown,Unknown - not attributed,,1,1487,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/us-news/2019/jul/29/los-angeles-police-officer-data-breach; https://www.nbclosangeles.com/news/lapd-police-officers-personal-information-stolen-data-breach/132477/,2022-08-15,2022-11-02
1263,North Louisiana school districs,"The IT networks of three school districts in North Louisiana - Sabine, Morehouse, and Ouachita - experienced disruptions to varying degress as a result of a ransomware attack. The governor declared a state of emergency in response to the attack.",2019-07-21,2019-07-24,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,State institutions / political system; Education,Civil service / administration; ,,Unknown,Unknown - not attributed,,1,10658,NaT,"Attribution given, type unclear",Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.zdnet.com/article/louisiana-governor-declares-state-emergency-after-local-ransomware-outbreak/; https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline,2022-08-15,2024-02-06
1264,REvil carried out ransomware attacks targeting 23 local governments in Texas on 16 August 2019,"REvil carried out ransomware attacks targeting 23 local governments in Texas on 16 August 2019, ZDNet first reported two days later based on an anonymous source. 
In a Jan. 24, 2023, interview for IT security firm Cybereason, Rich Murray, the head of the FBI's North Texas cyber unit, described exactly what happened on the afternoon of Aug. 16, 2019. Within the affected local governments in Texas, a water treatment facility and computer-aided dispatch systems for law enforcement, among others, were disrupted. Later that evening, investigating officials learned from a private organization that it was the ransomware group REvil. 
On November 8, 2021, based on the FBI's investigation, the U.S. Department of Justice filed charges against Yevegeniy Polyanin, a Russian national, for carrying out ransomware attacks on the Texas local governments. In addition, investigators seized $6.1 million in kyrptocurrency that Polyanin extorted in the course of ransomware attacks. ",2019-08-16,2019-08-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,Local Texas Governments - Not available,United States; United States,NATO; NORTHAM - NATO; NORTHAM,State institutions / political system - ,Civil service / administration - ,Yevgeniy Polyanin --> REvil/ Sodinokibi,Russia,Non-state-group,Criminal(s),3,6143; 6142; 6141,2021-11-08 00:00:00; 2019-08-18 00:00:00; 2019-08-16 00:00:00,"Domestic legal action; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution; Media-based attribution,US Department of Justice (DoJ); Not available; Not available,Not available; Not available; Not available,United States; Not available; Not available,Yevgeniy Polyanin --> REvil/ Sodinokibi; REvil; REvil,Russia; Not available; Not available,Non-state-group; Non-state-group; Non-state-group,https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/; https://www.cybereason.com/blog/fbi-vs.-revil-ml-bside; https://dir.texas.gov/news/us-justice-department-announces-indictment-against-revil-ransomware-suspect-behind-2019,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,Supply Chain Compromise,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,1,2019-08-16 00:00:00,Proclamation of public emergency (national level),,United States,Texas Military Department,Other,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://twitter.com/InfoSecSherpa/status/1662123534179524609; https://thehackernews.com/2023/06/winning-mind-game-role-of-ransomware.html; https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/; https://www.cybereason.com/blog/fbi-vs.-revil-ml-bside; https://dir.texas.gov/news/us-justice-department-announces-indictment-against-revil-ransomware-suspect-behind-2019,2022-08-15,2023-03-13
1265,Fancy Bear hacks US Federal Agency,The Russian state-sponsored hacking group Fancy Bear penetrated the network systems of a yet unknown US Federal Agency and stole data from it.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure,Government / ministries; Energy,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1490; 1490,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.wired.com/story/russia-fancy-bear-us-hacking-campaign-government-energy/; https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/story/russia-fancy-bear-us-hacking-campaign-government-energy/; https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/; https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a,2022-08-15,2023-03-16
1266,Double Dragon: Video Game Distributor (Supply-Chain),"Chinese state-sponsored hacking group APT41 injected a backdoor into a Southeast Asian video games distributor infecting the games Path of Exile, League of Legends and Fifa Online 3.",2014-12-01,2014-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,Southeast Asia (region),,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,1,1800,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,FireEye,,United States,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.ft.com/content/965ceffc-b8ea-11e9-8a88-aa6628ac896c; https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf,2022-08-15,2022-11-02
1267,Volatile / Lebanese Cedar II,"Volatile Cedar, presumed to be connected to the Lebanese Hezbollah Cyber Unit, has attacked targets around the world.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None,United States; United Arab Emirates; Jordan; Europe (region); Saudi Arabia; Palestine; United Kingdom; Egypt,NATO; NORTHAM - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA -  - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); NORTHEU - MENA; MEA; AFRICA; NAF,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Telecommunications;  - Telecommunications;  - Telecommunications;  - Telecommunications;  - Telecommunications;  - Telecommunications;  - Telecommunications;  - Telecommunications; ,DeftTorero/Volatile Cedar/Lebanese Cedar; Hezbollah Cyber Unit,Lebanon; Lebanon,"Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",; Terrorist(s); ; Terrorist(s),1,17248; 17248; 17248; 17248,2021-01-01 00:00:00; 2021-01-01 00:00:00; 2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,; ; ; ,; ; ; ,DeftTorero/Volatile Cedar/Lebanese Cedar; DeftTorero/Volatile Cedar/Lebanese Cedar; Hezbollah Cyber Unit; Hezbollah Cyber Unit,Lebanon; Lebanon; Lebanon; Lebanon,"Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/hezbollah-hackers-attack-unpatched-atlassian-servers-at-telcos-isps/; https://blog.checkpoint.com/2015/03/31/volatilecedar/; https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf,2022-08-15,2024-02-19
1248,Russia interference in Britains general election 2019,Russian hacking group stole U.S.-UK trade documents from email account of former trade minister Liam Fox and leaked them ahead of the general election in order to influence it.,2019-07-12,2019-10-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,,Russia,"Non-state actor, state-affiliation suggested",,1,1472,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,Russia,"Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-britain-russia-hack-exclusive/exclusive-papers-leaked-before-uk-election-in-suspected-russian-operation-were-hacked-from-ex-trade-minister-sources-idUKKCN24Z1V4?edition-redirect=uk,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-britain-russia-hack-exclusive/exclusive-papers-leaked-before-uk-election-in-suspected-russian-operation-were-hacked-from-ex-trade-minister-sources-idUKKCN24Z1V4?edition-redirect=uk; https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes; https://www.bleepingcomputer.com/news/security/russian-military-hackers-target-nato-fast-reaction-corps/; https://securityaffairs.com/155564/breaking-news/security-affairs-newsletter-round-449-by-pierluigi-paganini-international-edition.html; https://www.kyivpost.com/post/28885,2022-08-15,2023-12-12
1247,Telecom Providers hack,"Suspected iranian hacking group ""Greenbug"" targets telecom providers in South Asia.",2019-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,South Asia (region),,Critical infrastructure,Telecommunications,Greenbug; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1471; 1471,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Greenbug; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia; https://www.cyberscoop.com/greenbug-symantec-iran-hacking-pakistan/,2022-08-15,2022-11-02
1246,UN hack,"A probably state-linked hacking group compromised the computer systems of the UN offices in Geneva and Vienna, which the UN tried to cover up.",2019-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,United Nations Organization,,International / supranational organization,,,Unknown,Unknown - not attributed,,1,1470,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack; https://apnews.com/article/0d958e15d7f5081dd612f07482f48b73,2022-08-15,2022-11-02
1235,Naikon Reloaded,The threat actor Naikon reemerged in 2019 and 2020 with a new attack wave on governments in SEA and Australia.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse,None - None - None - None - None - None,Australia; Indonesia; Philippines; Thailand; Vietnam; Brunei,OC - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS; SEA - ASIA; SCS,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,"APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1457; 1457,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2020/05/07/world/asia/china-hacking-military-aria.html; https://research.checkpoint.com/2020/naikon-APT%20-cyber-espionage-reloaded/,2022-08-15,2022-11-02
1227,Dtrack vs. Indian nuclear power plant,"Dtrack-Malware, associated with North Korean Lazarus group, was inserted into an Indian nuclear power plant.",2019-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,,India,ASIA; SASIA; SCO,Critical infrastructure,Energy,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,1449; 1448,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by third-party,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/; https://www.thenewsminute.com/article/kudankulam-nuclear-power-plant-denies-cyber-attack-north-korean-hackers-111366,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://tarnkappe.info/artikel/linux/maya-os-indiens-verteidigungsministerium-will-windows-durch-eigenes-linux-ersetzen-279494.html; https://dragos.com/blog/industry-news/assessment-of-reported-malware-infection-at-nuclear-facility/; https://www.reuters.com/article/india-npcil-malware/nuclear-power-corp-of-india-says-detected-malware-in-its-systems-idUSL3N27F356; https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/; https://www.thenewsminute.com/article/kudankulam-nuclear-power-plant-denies-cyber-attack-north-korean-hackers-111366; https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/; https://twitter.com/RecordedFuture/status/1621646796219883520,2022-08-15,2023-11-09
1228,Iran vs. Bapco,"Iranian state-backed hackers attacked the Bahrainian Oil-Company Bapco with a data-wiping malware.

For a detailed analysis of this incident, please see here: http://bit.ly/3YwNryo.",2019-01-01,2019-12-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,,Bahrain,ASIA; MENA; MEA; GULFC,Critical infrastructure,Energy,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,7052,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,Not available,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.zdnet.com/article/new-iranian-data-wiper-malware-hits-bapco-bahrains-national-oil-company/; https://de.scribd.com/document/442225568/Saudi-Arabia-CNA-report; https://www.jpost.com/international/article-716572,2022-08-15,2023-08-29
1229,"The North Korean State-integrated Threat Actor Lazarus Launched Operation ""AppleJeus Sequel"" against Unspecified European and Chinese Targets ","With Operation AppleJeus Sequel, the North Korean Lazarus Group specifically targeted the cryptocurrency sector. This operation - which is the continuation of the AppleJeus operation active in 2018 - which was analysed and reported by the Russian cybersecurity company Kaspersky in particular at the time, marked a strategic change in the group's methodology, adapting to different cybersecurity environments. The new operation, which has evolved technically, was observed and described by Securelist researchers.
The operation was distinguished by the fact that it now focused on macOS users - which is a departure from the group's usual targets. The Lazarus Group developed and used specialised macOS malware and integrated an authentication mechanism to distribute the second stage payload more carefully. This ensures that the payload was delivered discreetly and accurately, leaving no trace on the hard drive. At the same time, Lazarus Group refined its strategy for Windows users by introducing a multi-stage infection process and significantly altering the final payload. 
Of the operations, victims were particularly identified in countries such as the UK, Poland, Russia and China. 
",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,None - None - None - None,United Kingdom; China; Poland; Russia,EUROPE; NATO; NORTHEU - ASIA; SCS; EASIA; NEA; SCO - EUROPE; NATO; EU(MS); EASTEU - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  - ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,14993,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securelist.com/operation-applejeus-sequel/95596/; https://www.cfr.org/blog/new-entries-cfr-cyber-operations-tracker-q1-2020,2022-08-15,2024-03-06
1230,Fractured Statue,North Korean attackers accessed the networks of an unidentified US government agency.,2019-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,TA406/Konni Group/Opal Sleet fka OSMIUM < Kimsuky,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,17360,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TA406/Konni Group/Opal Sleet fka OSMIUM < Kimsuky,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/#Attribution,2022-08-15,2024-02-21
1231,Fake Interview,Charming Kitten tried to gain information about academics and their accounts by impersonating as journalists,2019-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,United States; United Kingdom; Saudi Arabia; Europe (region),NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - ASIA; MENA; MEA; GULFC - ,Media; Science - Media; Science - Media; Science - Media; Science,;  - ;  - ;  - ; ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1453,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.certfa.com/posts/fake-interview-the-new-activity-of-charming-kitten/,2022-08-15,2022-11-02
1232,Winnti vs. Hongkong Universities,The APT  Winnti installed Keyloggers on the computers of universities in Hongkong,2019-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,Hong Kong,ASIA,Science,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1454,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/,System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf; https://www.bleepingcomputer.com/news/security/winnti-group-infected-hong-kong-universities-with-malware/; https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/,2022-08-15,2023-08-09
1233,Turlas New Waterhole,"Turla created a watering hole, with which they managed to compromise various Armenian web pages",2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Armenia,ASIA; CENTAS; CSTO,State institutions / political system,Government / ministries,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1455,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/,2022-08-15,2023-01-09
1234,DarkHotel vs. PRK,The state-attributed APT DarkHotel used 5 Zero-Days over the course of 2019 to spy on North Korea,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Korea, Democratic People's Republic of",ASIA; NEA,End user(s) / specially protected groups; Other,,Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux,"Korea, Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1456,2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux,"Korea, Republic of","Non-state actor, state-affiliation suggested",,System / ideology; International power; Other,System/ideology; International power; Other,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/story/north-korea-hacking-zero-days-google/,2022-08-15,2022-11-02
1236,ZeroCleare,APT34 attacked middle-eastern oil companies with its new file-deleting malware ZeroCleare,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,Middle East (region),,Critical infrastructure,Energy,ITG13 ; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1458; 1458,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,ITG13 ; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/,2022-08-15,2023-06-07
1245,Mitsubishi hack,"China-linked hacking group ""Tick"" breached into computer systems of Mitsubishi Electric Corporation and stole sensitive data.",2019-03-18,2019-06-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,Japan,ASIA; SCS; NEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Defence industry; ,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419)",China,"Non-state actor, state-affiliation suggested",,2,1469; 1468,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker; Attribution by third-party,,,,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419); Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/; https://www.asahi.com/articles/ASN1M6VDSN1MULFA009.html,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://apnews.com/article/2e85904379adc4fa30ebc6aba3eb4d55; https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/; https://www.japantimes.co.jp/news/2020/02/13/business/corporate-business/cyberattack-mitsubishi-china/; https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/; https://www.asahi.com/articles/ASN1M6VDSN1MULFA009.html,2022-08-15,2022-11-02
1237,Operation In(ter)ception,"A group (likely the north-Korean APT Lazarus) attacked two central European defense companies via LinkedIn with the goal of espionage. In one case, the attackers tried to monetize access to a victim’s email account through a business email compromise (BEC) attack as the final stage of the operation.",2019-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Europe (region); Middle East (region), - ,Critical infrastructure - Critical infrastructure,Defence industry - Defence industry,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1459,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf; https://www.reuters.com/article/us-cyber-linkedin-hacks/cyber-spies-use-linkedin-to-hack-european-defence-firms-idUSKBN23O2L7?utm_campaign=wp_the_cybersecurity_202&utm_medium=email&utm_source=newsletter&wpisrc=nl_cybersecurity202,2022-08-15,2022-11-02
1238,NSO Tools vs. Moroccan Journalist,Spyware of the NSO group was used against a Morrocan journalist by the Morrocan government.,2019-01-27,2020-01-29,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Morocco,AFRICA; NAF; MENA,Media,,,Morocco,State,,1,1460,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Morocco,State,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.amnesty.org/en/latest/news/2020/06/nso-spyware-used-against-moroccan-journalist/,2022-08-15,2022-11-02
1239,OilRig Read my Lips,The unidentified group Shadow Brokers leaked hackingtools of the Iranian group OilRig online,2019-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,Intelligence agencies,Read My Lips/Lab Dookhtegan,Unknown,Unknown - not attributed,,1,1461,2019-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Read My Lips/Lab Dookhtegan,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/; https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/,2022-08-15,2022-11-02
1240,Togo NSO tools vs. Religious opposition,The government of Togo used spyware tools of the NSO group against the religious opposition in the country,2019-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Togo,AFRICA; SSA,Social groups; Social groups,Religious; Political opposition / dissidents / expats,,Togo,State,,1,1462,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Togo,State,,National power,National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2020/aug/03/senior-clergymen-among-activists-targeted-by-spyware; https://www.cyberscoop.com/religious-politicians-togo-surveillance-nso-group/,2022-08-15,2022-11-02
1241,Attack on two US municipalities,"Since June 2019, unidentified cyber actors have used a SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following a widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two identified US municipalities using CVE-2019-0604.",2019-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Unknown,State,,1,1463,2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Unknown,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/; https://www.aha.org/fbi-tlp-alert/2020-03-18-fbi-alert-ac-000113-tt-unidentified-cyber-actors-exploit-sharepoint,2022-08-15,2022-11-02
1242,Emissary Panda attack on Iranian and other Middle Eastern Governments,"Chinese cyber-espionage group Emissary Panda has been targeting government organizations in two different countries in the Middle East, Palo Alto Networks security researchers say. Iran later claimed to be one of the victims and attributed the operation to Chinese APT 27.",2019-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None,"Iran, Islamic Republic of; Middle East (region)",ASIA; MENA; MEA - ,State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,14776; 14775,2019-12-15 00:00:00; 2019-05-28 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,; Palo Alto Networks Unit 42,Not available; Palo Alto Networks,"Iran, Islamic Republic of; United States",Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027; Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/; https://team-cymru.com/blog/2020/03/25/how-the-iranian-cyber-security-agency-detects-emissary-panda-malware/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.securityweek.com/chinese-cyber-spies-target-government-organizations-middle-east; https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/; https://team-cymru.com/blog/2020/03/25/how-the-iranian-cyber-security-agency-detects-emissary-panda-malware/; https://twitter.com/azarijahromi/status/1206071513222467585,2022-08-15,2023-12-04
1243,Pulwama retaliation hack,"An Indian hacker group named ""I Team Crew"" disrupted many pakistani websites after an suicide attack of pakistan-based group Jaish-e-Mohammad in Kashmir, which killed 40 police officers.",2019-02-14,2019-02-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Military,Team I Crew,India,Non-state-group,Hacktivist(s),1,1466,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team I Crew,India,Non-state-group,,Autonomy; Secession,Autonomy; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://timesofindia.indiatimes.com/gadgets-news/pulwama-attack-pakistani-websites-hacked-heres-the-list/articleshow/68042727.cms,2022-08-15,2022-11-02
1244,US hack on IRGC,US Cyber Command disrupts iranian missile control systems and spy network to retaliate the downing of a US Global Hawk Drone and the attack on two oil tankers in June 2019.,2019-06-20,2019-06-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,Military,US CYCOM,United States,State,,1,1467,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,US CYCOM,United States,State,https://apnews.com/article/f01492c3dbd14856bce41d776248921f,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports; https://www.dw.com/en/us-hits-iran-with-cyberattack-reports/a-49316935; https://apnews.com/article/f01492c3dbd14856bce41d776248921f; https://www.businessinsider.com/iran-us-cyberattacks-after-drone-shot-down-did-not-work-2019-6,2022-08-15,2023-03-13
1180,Stealth Mango,"Lookout Security Intelligence discovered an espionage campaign of a Pakistani hacking group, probably members of the military, on government officials and civilians in Pakistan, Afghanistan, India, Iraq, Iran, and the United Arab Emirates.",2018-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,"Pakistan; Afghanistan; India; Iraq; Iran, Islamic Republic of; United Arab Emirates",ASIA; SASIA; SCO - ASIA; SASIA - ASIA; SASIA; SCO - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC,State institutions / political system; End user(s) / specially protected groups; State institutions / political system - State institutions / political system; End user(s) / specially protected groups; State institutions / political system - State institutions / political system; End user(s) / specially protected groups; State institutions / political system - State institutions / political system; End user(s) / specially protected groups; State institutions / political system - State institutions / political system; End user(s) / specially protected groups; State institutions / political system - State institutions / political system; End user(s) / specially protected groups; State institutions / political system,Government / ministries; ; Military - Government / ministries; ; Military - Government / ministries; ; Military - Government / ministries; ; Military - Government / ministries; ; Military - Government / ministries; ; Military,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,State,,1,5213,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Lookout,,United States,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,State,https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf,2022-08-15,2023-07-12
1179,Operation Skeleton Key,"China-based hacking group ""Chimera"" compromised the networks systems of seven semiconductor companies in Taiwan.",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Taiwan,ASIA; SCS,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Chimera; Winnti Umbrella/G0044 (MSS, Xicheng District, Beijing)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1392; 1392,2020-01-01 00:00:00; 2020-01-01 00:00:00,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,"Chimera; Winnti Umbrella/G0044 (MSS, Xicheng District, Beijing)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf,International power,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/; https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf,2022-08-15,2023-11-28
1178,Turkish DNS hack,Alleged state-sponsored turkish hackers breached into computer systems of at least 30 organizations across Europe and the Middle East in an extensive DNS hack campaign.,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,None - None - None - None - None,Cyprus; Greece; Iraq; Albania; Turkey,EUROPE; EU(MS); MEA - EUROPE; NATO; EU(MS); BALKANS - ASIA; MENA; MEA - EUROPE; BALKANS; NATO; WBALKANS - ASIA; NATO; MEA,State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Civil service / administration; Intelligence agencies; Religious;  - Government / ministries; Civil service / administration; Intelligence agencies; Religious;  - Government / ministries; Civil service / administration; Intelligence agencies; Religious;  - Government / ministries; Civil service / administration; Intelligence agencies; Religious;  - Government / ministries; Civil service / administration; Intelligence agencies; Religious; ,,Turkey,"Non-state actor, state-affiliation suggested",,1,1391,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,Turkey,"Non-state actor, state-affiliation suggested",,National power; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-cyber-attack-hijack-exclusive/exclusive-hackers-acting-in-turkeys-interests-believed-to-be-behind-recent-cyberattacks-sources-idUSKBN1ZQ10X,2022-08-15,2023-03-13
1133,Operation Shadow Hammer,Barium inserted backdoors into automatic updates for ASUS lAPT ops. The vulnerability was active for about 5 Months.,2018-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Global (region),,End user(s) / specially protected groups; Other,,"APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1338; 1338,2019-01-01 00:00:00; 2019-01-01 00:00:00,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://securelist.com/operation-shadowhammer/89992/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/asus-pc-backdoors-shadowhammer/143129/; https://securelist.com/operation-shadowhammer/89992/; https://www.bleepingcomputer.com/news/security/hackers-abuse-google-command-and-control-red-team-tool-in-attacks/,2022-08-15,2023-04-18
1113,Anonymous publishes 26 thousand email addresses of italian teachers,"The Italian branch of the Anonymous collective leaks from the Italian Ministry of Education, 26,000 emails of teachers belonging to all level of schools. They also leak 200 administrative staff addresses.",2018-03-08,2018-03-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),State institutions / political system; Science,Government / ministries; ,Anonymous/LulzSec Italy,Italy,Non-state-group,Hacktivist(s),1,1317,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,Anonymous/LulzSec Italy,Italy,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://medium.com/@arturodicorinto/anonymous-has-hacked-and-put-into-the-net-26-thousand-email-addresses-of-italian-teachers-b94e679d2743%20%C2%A0%20%C2%A0%20%C2%A0,2022-08-15,2023-06-18
1114,Lazarus goes HakunaMATA,"Lazarus attacked various cooperate entities across Germany, Poland, Turkey, India, Japan and the ROK with its new insertion framework MATA",2018-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,"Germany; Poland; Turkey; India; Japan; Korea, Republic of",EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); EASTEU - ASIA; NATO; MEA - ASIA; SASIA; SCO - ASIA; SCS; NEA - ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  -  -  - ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,1318; 1319,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.darkreading.com/threat-intelligence/north-koreas-lazarus-group-developing-cross-platform-malware-framework/d/d-id/1338422; https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/,2022-08-15,2023-03-02
1115,Op Israel 2018,"In name of Op Israel, more than a dozen major Israeli websites, belonging to hospitals, local authorities, the Israeli Opera, Israel Teachers Union and the IDF Widows and Orphans Organization are defaced apparently in response to clashes between the IDF and Gazan protesters the previous weekend.",2018-04-03,2018-04-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system; Critical infrastructure; Science; Other,Civil service / administration; Health; ; ,Dark-Coder/Th3Falcon.; Anonymous,Unknown; Unknown,Individual hacker(s); Individual hacker(s),,1,1320; 1320,NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,,,,Dark-Coder/Th3Falcon.; Anonymous,Unknown; Unknown,Individual hacker(s); Individual hacker(s),,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jpost.com/Arab-Israeli-Conflict/Major-Israeli-websites-targeted-in-large-anti-Israel-cyberattack-547834,2022-08-15,2022-11-02
1116,Hackers use vulnerability of Cisco switches,"The Iranian IT Ministry reveals that Hackers have attacked networks in a number of countries including datacenters in Iran where they left the image of a U.S. flag on screens along with a warning: “Don’t mess with our elections”. The attack, exploiting CVE-2018-0171, affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in Iran.",2018-04-07,2018-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,None - None,"Iran, Islamic Republic of; Global (region)",ASIA; MENA; MEA - ,State institutions / political system - State institutions / political system, - ,,Unknown,Unknown - not attributed,,1,1321,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-iran-cyber-hackers/iran-hit-by-global-cyber-attack-that-left-u-s-flag-on-screens-idUSKBN1HE0MH,2022-08-15,2022-11-02
1117,Team Kerala CyberWarriors attack websites in Pakistan,"Team Kerala CyberWarriors, a hacking group based out of India, initiated a ransomware campaign against websites hosted in Pakistan, deploying customized KCW ransomware.",2018-04-27,2018-04-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Ransomware,,Pakistan,ASIA; SASIA; SCO,Unknown,,Kerala Cyber Warriors,India,Non-state-group,Hacktivist(s),1,3826,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Kerala Cyber Warriors,India,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/kcw-ransomware-encrypting-web-sites-in-pakistan/,2022-08-15,2022-11-02
1118,"Greek & Turkish hackers target each other’s media outlets on April 30, 2018","The Turkish hacker group Akincilar (""Invaders"") starts its offensive against Greece and defaces four websites (Greek Foreign Ministry, Athens-Macedonia News Agency-ANA-, the Greek Handball Federation, and Suzuki-Greece) in response to Athens' refusal to hand over the Turkish officers who fled to Greece in July 2016. As a retaliation for the attacks of the Turkish collective Akincilar, Greek hackers from Anonymous paralyze the 24TV Live website for several hours. They also claim to have hacked 12,987 routers of Turk Telekom.",2018-04-30,2018-04-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Greece,EUROPE; NATO; EU(MS); BALKANS,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,,Akincilar,Turkey,Non-state-group,Hacktivist(s),1,10009,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Akincilar,Turkey,Non-state-group,,Territory; Resources; Other,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/cyberwar-greek-turkish-hackers-target-media-outlets/,2022-08-15,2023-05-22
1119,DDoS-Attack on Tennessee county's website,The Tennessee county's website is taken down by a DDoS attack on election night.,2018-05-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1324,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://techcrunch.com/2018/05/04/tennessee-election-ddos-knox-county-voting/,2022-08-15,2024-02-01
1120,"Russian-based APT(?)Hades attacks targets in Ukraine, Europe and Russia","According to telemetry and the characteristics of the analyzed spear-phishing documents, Kaspersky believes the attackers from Olympic Destroyer are now targeting financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.",2018-05-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Ukraine; Russia; Netherlands; France; Germany,EUROPE; EASTEU - EUROPE; EASTEU; CSTO; SCO - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure,Chemicals; Finance - Chemicals; Finance - Chemicals; Finance - Chemicals; Finance - Chemicals; Finance,,Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1325,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://twitter.com/NCSCgov/status/1623676779826118656,2022-08-15,2023-03-13
1121,"OilRig Backdoor ""QUADAGENT""",Researchers from Palo Alto Networks Unit 42 reveal to have detected multiple attacks by the OilRig group appearing to originate from a government agency in the Middle East. The attacks delivered a PowerShell backdoor called QUADAGENT.,2018-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Middle East (region),,State institutions / political system; Other,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1326,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/,2022-08-15,2022-11-02
1122,Bezos Phone Hack,The Phone of Jeff Bezos was hacked by hackers attributed to be directly connected to the Saudi-Arabian prince,2018-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Media,,,Saudi Arabia,State,,1,1327,2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,,Saudi Arabia,State,https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25488&LangID=E,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2020/01/22/world/middleeast/bezos-phone-hacked.html; https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25488&LangID=E,2022-08-15,2022-11-02
1123,Hackers attack Georgia sites,"A group of vigilante hackers going by SB315 deface some Georgia sites and threaten retaliation if a planned bill becomes law. The list of the targets include: the City of Augusta (that denies the hack), the website of Calvary Baptist Church, Georgia Southern University, the sites for two Augusta restaurants, BlueSkyKitchen and SoyNoodleHouse.",2018-05-02,2018-05-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Religious; ,SB315,United States,Non-state-group,Hacktivist(s),1,1328,NaT,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,,,,SB315,United States,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.csoonline.com/article/3269535/hackers-protest-georgias-sb-315-anti-hacking-bill-by-allegedly-hacking-georgia-sites.html,2022-08-15,2023-06-18
1124,Turkish hackers attack Honda Greece,Turkish hackers from Akincilar launch a new cyberattack against Honda Greece. The automaker’s website in Greece is infiltrated with a message condemning the country for “partnering” with terrorists.,2018-05-07,2018-05-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Greece,EUROPE; NATO; EU(MS); BALKANS,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Akincilar,Turkey,Non-state-group,Hacktivist(s),1,1329,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,,Territory; Resources; Other,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://greece.greekreporter.com/2018/05/07/turkish-hackers-launch-cyber-attack-on-honda-greece/,2022-08-15,2022-11-02
1125,Anonymous defaces website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo),"The hacker group Anonymous defaced several subdomains of the official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo) against the ongoing censorship in the country, especially the recent ban on Telegram.",2018-05-10,2018-05-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1330,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-russian-govt-website-against-censorship/,2022-08-15,2022-11-02
1126,Attack on Russian Central Election Commission,"The Russian Central Election Commission was hit by a DDoS attack ""from 15 different countries"".",2018-05-13,2018-05-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1331,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.rt.com/news/421622-russian-election-under-cyber-attack/,2022-08-15,2024-04-18
1127,City of Atlanta hit by Sam Sam Ransomware,"IT systems used by the City of Atlanta, were hit by a Sam Sam ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.",2018-05-22,2018-05-23,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,3808,NaT,Not available,Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.forbes.com/sites/leemathews/2018/03/23/city-of-atlanta-computers-hit-by-ransomware-attack/#55c0636c2ee4; https://www.wired.com/story/hospital-ransomware-hhs-digiheals/; https://arstechnica.com/information-technology/2023/08/our-health-care-system-may-soon-receive-a-much-needed-cybersecurity-boost/,2022-08-15,2023-08-21
1128,Anonymous defaces screens at the Mashhad airport,Anonymous defaced the screens at the Mashhad airport in Iran to protest against the Government and the military’s activities in the Middle East.,2018-05-24,2018-05-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Critical infrastructure,Telecommunications,Tapandegan (Palpitaters) ,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),1,1333,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Tapandegan (Palpitaters) ,"Iran, Islamic Republic of",Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/72969/hacktivism/mashhad-airport-defacement.html%20%C2%A0%20%C2%A0https://en.radiofarda.com/a/iran-hackers-post-protest-messages-mashad-airport/29250247.html; https://www.hackread.com/beirut-airport-screens-hacked-hezbollah-message/,2022-08-15,2024-01-09
1129,Chafer vs. Kuwait,The APT Chafer Attacked primarily Kuwaiti Networks between May 2018 and July 2019,2018-05-30,2019-07-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Kuwait; Saudi Arabia,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,Government / ministries; Transportation - Government / ministries; Transportation,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1334,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://download.bitdefender.com/resources/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf; https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html,2022-08-15,2022-11-02
1130,Bithumb Hack,South Korean cryptocurrency exchange Bithumb says that 35 billion won ($31.5 million) worth of virtual coins have been stolen by the NorthKorean APT Lazarus.,2018-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1335,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://btcmanager.com/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/?q=/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://theblockchainland.com/2018/06/28/a-cybercrime-group-lazarus-is-likely-behind-the-30mln-bithumb-hack/; https://thenextweb.com/hardfork/2018/10/19/cryptocurrency-attack-report/; https://btcmanager.com/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/?q=/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/,2022-08-15,2023-02-01
1131,Andariel Group attacks website of South Korean non-profit organisation,Researchers from Trend Micro discover a new campaign from the Andariel Group carried out via the injection of a malicious script into four compromised South Korean websites for reconnaissance purposes.,2018-06-01,2018-06-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; Other,Civil service / administration; ,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1336; 1336,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; International power; Secession,System/ideology; International power; Secession,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/,2022-08-15,2022-11-02
1112,Operation Ghost Secret (Lazarus),"The aggressive phishing campaign of Lazarus, executed on Mar.2 and 3, targeted a major government-controlled financial organization, a second government body involved in finance and trade, and three other large financial institutions. All targets are located in Turkey. Later on, McAfee expanded the targets list regarding numerous sectors worldwide.",2018-03-02,2018-03-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None,Turkey; United States; Germany; Japan; Thailand; China; United Kingdom; Australia; Global (region),ASIA; NATO; MEA - NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - ASIA; SCS; NEA - ASIA; SEA - ASIA; SCS; EASIA; NEA; SCO - EUROPE; NATO; EU(MS); NORTHEU - OC - ,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Finance; ;  - Finance; ;  - Finance; ;  - Finance; ;  - Finance; ;  - Finance; ;  - Finance; ;  - Finance; ;  - Finance; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)",Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,6565; 6564,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Media-based attribution,,; Not available,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Unknown; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.hurriyetdailynews.com/north-korean-hacking-group-allegedly-targets-turkish-financial-institutions-128495,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/; https://www.hurriyetdailynews.com/north-korean-hacking-group-allegedly-targets-turkish-financial-institutions-128495; https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html,2022-08-15,2023-03-13
1111,FoxKittens vs. US,The iranian APT FoxKittens hacks into government and private networks in the US and commercial targets worldwide.,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None,United States; Global (region),NATO; NORTHAM - ,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries; ,Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,14753; 14752,2020-08-01 00:00:00; 2020-02-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,Federal Bureau of Investigation (FBI); ClearSky,Not available; ClearSky,United States; Israel,Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.cybersafe.news/fbi-warns-about-iranian-hacking-group-attacking-f5-networking-devices/; https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf,2022-08-15,2023-12-04
1110,LuckyMouse APT  aka Emissary Panda aka APT 27,"KasperskyLab discovers several infections from a previously unknown Trojan, likely related to the infamous Chinese-speaking threat actor–LuckyMouse. The most peculiar trait of this malware is its driver, signed with a legitimate digital certificate.",2018-03-01,2018-09-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Asia (region),,State institutions / political system,Government / ministries,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1312,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/luckymouse-ndisproxy-driver/87914/%C2%A0%C2%A0%C2%A0; https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177,2022-08-15,2023-03-02
1099,Whitefly vs. SingHealth,"Singapore's largest healthcare group, SingHealth, reveals to have suffered a cyberattack to a company database in which attackers copied information belonging to roughly 1.5 million patients, including the country's primeminster, Lee Hsien Loong. The attack was discovered on July 4 and all patients who visited the clinics from May 1, 2015 through July 4, 2018 were affected.",2018-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,Singapore,ASIA,Critical infrastructure,Health,Whitefly,Unknown,"Non-state actor, state-affiliation suggested",,2,1298; 1297,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,Whitefly; Whitefly,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Unknown - not attributed",https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-singapore-cyberattack/cyberattack-on-singapore-health-database-steals-details-of-1-5-million-including-pm-idUSKBN1KA14J; https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore,2022-08-15,2022-11-02
1091,Qatar vs. Congressman Broidy,"Congressman Broidy was hacked by allegedly qatarian actors, accessing his E-Mail account and leaking the data to American media",2018-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Legislative,,Qatar,State,,1,1288,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Qatar,State,,International power,International power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2018/05/24/world/middleeast/be-very-careful-conversation-cited-to-link-qatar-to-hack-of-gop-donor.html,2022-08-15,2022-11-02
1092,Cobalt Dickens,"The iranian group Mabna Institutes proofed websites, and managed to access credentials of various educational institutions worldwide",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,None - None - None - None - None - None - None - None - None,United States; Australia; Canada; China; Israel; Japan; Switzerland; Turkey; United Kingdom,NATO; NORTHAM - OC - NATO; NORTHAM - ASIA; SCS; EASIA; NEA; SCO - ASIA; MENA; MEA - ASIA; SCS; NEA - EUROPE; WESTEU - ASIA; NATO; MEA - EUROPE; NATO; EU(MS); NORTHEU,Science - Science - Science - Science - Science - Science - Science - Science - Science, -  -  -  -  -  -  -  - ,COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute); COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1289,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities,2022-08-15,2023-10-31
1093,StealthFalcon vs. Middle Eastern Targets,"The APT StealthFalcon gained access to various-not further specified networks around the middle eastern region, via an Windows Zero-Day-Vulnerability",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,Middle East (region),,Unknown,,Stealth Falcon/Fruity Armor; DarkMatter,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1290; 1290,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Stealth Falcon/Fruity Armor; DarkMatter,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://citizenlab.ca/2016/05/stealth-falcon/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2016/05/stealth-falcon/; https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/; http://pattersonjournal.com/2019/11/19/stealth-falcon-apt/,2022-08-15,2023-09-25
1094,Pterodo Attack by Gamaredon,The ukrainian cyber-command warned of an increasing number of new malware infections by Russian-aligned Gamaredon APTvs. Ukraine during KerchCrisis,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",,1,1291,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)",Russia,"Non-state actor, state-affiliation suggested",,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2018/11/ukraine-detects-new-pterado-backdoor-malware-warns-of-russian-cyberattack/; https://www.defenseone.com/technology/2018/12/russia-launched-cyber-attacks-against-ukraine-ship-seizures-firm-says/153375/; https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf; https://www.cyberscoop.com/ukraine-russian-hackers-armageddon-videos-gamaredon/,2022-08-15,2022-11-02
1095,Lazarus returns against ATMs,The North Korean APT Lazarus targeted Indian ATMs with the help of the banking malware 'ATMDTrack'.,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,India; Global (region),ASIA; SASIA; SCO - ,Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure,Finance; Finance - Finance; Finance,None; None,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,6575; 6574,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,; Not available,,,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://us-cert.cisa.gov/ncas/alerts/aa20-239a,,,,,,0,,,,,,,,,,,False,,none,,,,3,,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://thenextweb.com/security/2019/09/24/north-korean-hackers-are-targeting-atms-in-india-with-new-data-stealing-malware/; https://securelist.com/my-name-is-dtrack/93338/; https://us-cert.cisa.gov/ncas/alerts/aa20-239a,2022-08-15,2023-03-13
1096,Bronze president vs. SEA NGOs,Various south- and southeastasian NGOs were compromised by the Chinese threat actor Bronze President,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Southeast Asia (region); India; Mongolia, - ASIA; SASIA; SCO - ASIA; EASIA; NEA,State institutions / political system; State institutions / political system; Social groups - State institutions / political system; State institutions / political system; Social groups - State institutions / political system; State institutions / political system; Social groups,; Police; Other social groups - ; Police; Other social groups - ; Police; Other social groups,Bronze President,China,"Non-state actor, state-affiliation suggested",,1,1294,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Bronze President,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.secureworks.com/research/bronze-president-targets-ngos,2022-08-15,2022-11-02
1097,Phishing Campaign against Amnesty,Amnesty revealed a sophisticated phishing campaign against various Humanright defenders across the middle east,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None - None - None,Mena Region (region); United Arab Emirates; Yemen; Egypt; Palestine, - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA,State institutions / political system; Social groups; Social groups; Media - State institutions / political system; Social groups; Social groups; Media - State institutions / political system; Social groups; Social groups; Media - State institutions / political system; Social groups; Social groups; Media - State institutions / political system; Social groups; Social groups; Media,; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats;  - ; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats;  - ; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats;  - ; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats;  - ; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ,,Gulf Countries (region),Unknown - not attributed,,1,1295,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Gulf Countries (region),Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/,2022-08-15,2022-11-02
1098,StrongPity Activity in Turkey,"The APT StrongPity spied on turkish citizens, highly likely with a connection to the conflict between Turkey and the Kurds",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Turkey; Syria,ASIA; NATO; MEA - ASIA; MENA; MEA,Critical infrastructure; End user(s) / specially protected groups - Critical infrastructure; End user(s) / specially protected groups,Telecommunications;  - Telecommunications; ,StrongPity,Turkey,"Non-state actor, state-affiliation suggested",,1,1296,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,StrongPity,Turkey,"Non-state actor, state-affiliation suggested",,Autonomy,Autonomy,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://download.bitdefender.com/resources/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf?adobe_mc=MCMID%3D81353798674868294900645340493449571262%7CMCORGID%3D0E920C0F53DA9E9B0A490D45%2540AdobeOrg%7CTS%3D1594802281,2022-08-15,2022-11-02
1100,Taidoor and BlackTech vs. Taiwan,"Taiwan attributed an ""omnipresent"" espionage campaign against their government institutions to the Chinese state-sponsored APT s BlackTech and Taidoor",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,Taiwan,ASIA; SCS,State institutions / political system,Government / ministries,Taidoor; Blacktech,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1299; 1299,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Taidoor; Blacktech,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK,2022-08-15,2022-11-04
1109,Hackers successfully infiltrated the election campaign computer of David Min,"Reuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyberattack on the congressional campaign of David Min, a Democratic candidate in California.",2018-03-01,2018-03-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Political parties; Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1311,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
1101,Yandex Hack FiveEyes,"According to people with knowledge into the matter, the FiveEyes alliance gained access to Russian Yandex in 2018.",2018-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Hijacking without Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Five Eyes,Australia; Canada; New Zealand; United Kingdom; United States,State,,1,1300; 1300; 1300; 1300; 1300,2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,; ; ; ; ,; ; ; ; ,; ; ; ; ,Five Eyes; Five Eyes; Five Eyes; Five Eyes; Five Eyes,Australia; Canada; New Zealand; United Kingdom; United States,State; State; State; State; State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX,2022-08-15,2023-03-13
1102,MSS 2020 Indictment Case 2018,"MSS supported hackers have stolen sensitive data by different companies in the US in 2018, according to a 2020 indictment.",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None,United States; Japan; Belarus,NATO; NORTHAM - ASIA; SCS; NEA - EUROPE; EASTEU; CSTO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,;  - ;  - ; ,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,1,1301,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-12-04
1103,Twitter account of Syed Akbaruddin hacked,"The verified Twitter account of Syed Akbaruddin, India 'stop diplomat to the United Nations, is briefly taken over by suspected Turkish hackers (AyyıldızTim).",2018-01-14,2018-01-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,International / supranational organization,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,Hacktivist(s),1,1302,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/hackers-hijack-twitter-account-indias-top-diplomat-post-photos-pakistans-flag-1655147,2022-08-15,2022-11-02
1104,Fox News Hosts and Trump-supporting Ex-sheriffs Twitter Accounts defaced,The twitter page of two foxnews hosts was taken over by turkish hacktivists and their personal data leaked there,2018-01-16,2018-01-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,United States,NATO; NORTHAM,Media,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,Hacktivist(s),1,1303,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/turkish-hackers-hijack-twitter-account-trump-ally-ex-sheriff-david-clarke-latest-cyberattack-1656221; https://www.ibtimes.co.uk/turkish-hackers-hijack-ex-fox-news-hosts-twitter-accounts-post-personal-data-private-messages-1655644,2022-08-15,2022-11-02
1105,The GorgonGroup,"Researchers from Palo Alto Networks Unit 42 uncover Gorgon, a threatactor allegedly operating from Pakistan and targeting governmental organizations in the United Kingdom, Spain, Russia, and the United States leveraging spearphishing emails with Microsoft Word documents exploiting CVE-2017-0199.",2018-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,United States; Russia; Spain; Pakistan; United Kingdom,NATO; NORTHAM - EUROPE; EASTEU; CSTO; SCO - EUROPE; NATO; EU(MS) - ASIA; SASIA; SCO - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries; Intelligence agencies - Government / ministries; Intelligence agencies - Government / ministries; Intelligence agencies - Government / ministries; Intelligence agencies - Government / ministries; Intelligence agencies,GorgonGroup,Pakistan,Unknown - not attributed,,1,1304,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,GorgonGroup,Pakistan,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-gorgon-group-slithering-nation-state-cybercrime/,2022-08-15,2022-11-02
1106,The AnonPlus group hacked the Florence branch of the PD,The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online.,2018-02-06,2018-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Political parties,AnonPlus,Unknown,Non-state-group,Hacktivist(s),1,1305,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,AnonPlus,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ansa.it/english/news/politics/2018/02/06/florence-pd-hacked-renzi-data-published-2_e65dc016-237d-482b-80d6-0072e65ee307.html; https://www.thetimes.co.uk/article/hackers-anonplus-and-rogue-o-put-italina-politicians-details-online-qjndfpkl8,2022-08-15,2022-11-02
1107,Olympic Destroyer,"Pyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyberattack during Friday’s opening ceremony, but they refused to reveal the source. Researchers from CiscoTalos call the malware OlympicDestroyer and confirm that the only purpose is to disrupt systems. The hackergroup, called Hades by Kaspersky, used techniques to make it look like Lazarus has been responsible. Later on, unnamed US officials from the intelligence branch said that the Russians tateled APTS and worm has been the likely culprit.",2018-02-09,2018-02-09,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,International / supranational organization,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,3,9620; 9621; 9622; 9622,2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00,"Statement in media report and political statement/technical report; Attribution given, type unclear; Statement in media report and indictment / sanctions; Statement in media report and indictment / sanctions",IT-security community attributes attacker; Contested attribution; Attribution by third-party; Attribution by third-party,; ; ; ,; Not available; Not available; Not available,; ; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; State; State; State",https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.washingtonpost.com/world/national-security/russian-spies-hacked-the-olympics-and-tried-to-make-it-look-like-north-korea-did-it-us-officials-say/2018/02/24/44b5468e-18f2-11e8-92c9-376b4fe57ff7_story.html; https://www.npr.org/sections/thetorch/2018/02/13/585297314/malware-attacks-on-olympics-could-have-come-from-russia-and-north-korea-experts?t=1606841802773; https://arstechnica.com/information-technology/2018/02/russia-accused-of-false-flag-attack-on-olympic-opening/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://twitter.com/NCSCgov/status/1623676779826118656; https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.darkreading.com/ics-ot/world-cup-glory-looms-cyber-threats-microsoft-warns; https://www.techrepublic.com/article/sandworm-threat-actor-disrupts-power-ukraine/; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.wired.com/story/f1-las-vegas-grand-prix-security/; https://www.larazon.es/emergente/10-ciberataques-rusos-mas-potentes-ultimos-tiempos_2024021765cb12e94129260001b2e1c4.html; https://www.techniques-ingenieur.fr/actualite/articles/atos-un-leader-mondial-aux-abois-131885/; https://www.iyigunler.net/spor/spor-dunyasinda-gerceklesen10-siber-saldiri-h353183.html; https://es-us.noticias.yahoo.com/deportes/seremos-atacados-juegos-ol%C3%ADmpicos-par%C3%ADs-125935232.html; https://es-us.noticias.yahoo.com/deportes/seremos-atacados-juegos-ol%C3%ADmpicos-par%C3%ADs-125935232.html; https://tecnogazzetta.it/smart-office/2024-04-22-misure-di-sicurezza-olimpiadi-parigi.html; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/; https://www.heise.de/security/meldung/Olympic-Destroyer-Hackerangriff-auf-die-Olympischen-Spiele-lief-unter-falscher-Flagge-3989288.html; https://www.reuters.com/article/us-olympics-2018-cyber/games-organizers-confirm-cyber-attack-wont-reveal-source-idUSKBN1FV036; https://securelist.com/olympic-destroyer-is-still-alive/86169/; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.washingtonpost.com/world/national-security/russian-spies-hacked-the-olympics-and-tried-to-make-it-look-like-north-korea-did-it-us-officials-say/2018/02/24/44b5468e-18f2-11e8-92c9-376b4fe57ff7_story.html; https://www.npr.org/sections/thetorch/2018/02/13/585297314/malware-attacks-on-olympics-could-have-come-from-russia-and-north-korea-experts?t=1606841802773; https://arstechnica.com/information-technology/2018/02/russia-accused-of-false-flag-attack-on-olympic-opening/; https://www.wired.com/story/worst-hacks-2022/; https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html,2022-08-15,2024-04-23
1108,Campaign Desert Scorpion conducted by APT-C-23 allegedly tied to Operation Frozen Cell (2016-2017),"Researchers from Lookout reveal the details of an espionage campaign using two malware strains called Desert Scorpion and FrozenCell, to spy on targets in Palestine. The attackers are thought to be linked to Hamas.",2018-02-26,2018-03-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Palestine,ASIA; MENA; MEA,End user(s) / specially protected groups,,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Hamas,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,2,17160; 17160; 17159; 17159,NaT; NaT; NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,; ; ; ,; ; Not available; Not available,; ; ; ,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Hamas; Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Hamas,Unknown; Unknown; Palestine; Palestine,Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.cyberscoop.com/hamas-spyware-desert-scorpion-apt-c-23-google-play-lookout/; https://blog.lookout.com/desert-scorpion-google-play,2022-08-15,2024-02-15
1132,Reaper drone dataleak,A criminal hacker managed to access secure data files of the US military via an unpatched network gap,2018-06-01,2018-07-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Military,,Unknown,Individual hacker(s),,1,1337,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Individual hacker(s),https://www.recordedfuture.com/reaper-drone-documents-leaked/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/Darknet-Hacker-bietet-sensible-Infos-ueber-US-Militaerdrohne-ab-150-US-Dollar-an-4108450.html; https://www.recordedfuture.com/reaper-drone-documents-leaked/,2022-08-15,2022-11-02
1134,APT38 attacks Chilean Central Bank,"Shares in the Bank of Chile (the country's central bank) have fallen after it confirmed that hackers diverted $10 million of its funds, mainly to Hong Kong. However, according to the bank, no customer accounts were affected but 9,000 workstations and 500 servers. Apparently, a wiper malware was used to reveal the true purpose of the attack (compromising endpoints that process transactions over the SWIFT network).",2018-06-11,2018-06-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,Central Bank (Chile) ,Chile,SOUTHAM,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,6379,2018-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://content.fireeye.com/apt/rpt-apt38,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/; https://content.fireeye.com/apt/rpt-apt38,2022-08-15,2023-03-13
1177,Breach and data theft from South Korea's Defense Ministry,Hackers breach 30 computers of South Koreas Defense Ministry and steal data from 10 of them.,2018-10-04,2019-01-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Military,,Unknown,Unknown - not attributed,,1,1390,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/hackers-breach-and-steal-data-from-south-koreas-defense-ministry/; https://securityaffairs.co/wordpress/79993/cyber-warfare-2/south-korea-defense-hack.html,2022-08-15,2022-11-02
1135,DDoS-attack on the website of the Mexican National Action Party,"The website of the Mexican National Action Party is hit by a cyberattack during the final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate.",2018-06-12,2018-06-12,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,Mexico,,State institutions / political system; State institutions / political system,Political parties; Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1340,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/uk-mexico-election-cyber/cyber-attack-on-mexico-campaign-site-triggers-election-nerves-idUKKBN1J93C0,2022-08-15,2022-11-02
1158,Carbanak  vs. Ukraine during Kerch Crisis,Russian state-sponsored actors phished access to various ukrainian and eastern European government institutions,2018-10-25,2018-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Ukraine; Eastern Europe,EUROPE; EASTEU - ,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries; Military - Government / ministries; Military,Carbanak/Anunak,Russia,"Non-state actor, state-affiliation suggested",,1,1367,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Carbanak/Anunak,Russia,"Non-state actor, state-affiliation suggested",,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2023-07-04
1159,Anonymous took down several Gabon websites,The hacktivist group Anonymous takes down 70 Gabon government websites as part of its “anti-dictatorships” campaign.,2018-10-27,2018-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Gabon,AFRICA; SSA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1368,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://www.news24.com/news24/Africa/News/gabon-official-websites-hacked-anonymous-group-20181029,System / ideology; National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.scmagazine.com/home/security-news/anonymous-knocks-out-gabon-government-sites-with-dos-attack/; https://www.news24.com/news24/Africa/News/gabon-official-websites-hacked-anonymous-group-20181029,2022-08-15,2022-11-02
1160,Anonymous Italy hacks several universities,"In name of #AntiSecITA, hackers from the Anonymous collective`s wing in Italy hacked several university sites.",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Italy,EUROPE; NATO; EU(MS),Science,,Anonymous Italy,Italy,Non-state-group,Hacktivist(s),1,13609,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous Italy,Italy,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.binarydefense.com/threat_watch/anonymous-targeting-italian-universities/,2022-08-15,2023-10-12
1161,MuddyWater vs. Turkey (2018),"Security researchers at Trend Micro discover a PowerShell-based backdoor, active in Turkey, which resembles a malware used by Muddy Water threat actor.",2018-11-01,2018-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Turkey; Oman; Lebanon,ASIA; NATO; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of",Unknown - not attributed,,2,1370; 1371,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of; Iran, Islamic Republic of","Unknown - not attributed; Non-state actor, state-affiliation suggested",https://yoroi.company/research/dissecting-the-muddywater-infection-chain/  https://www.cyberscoop.com/muddywaters-trend-micro-middle-east/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/78586/apt/muddywater-powershell-backdoor.html; https://yoroi.company/research/dissecting-the-muddywater-infection-chain/  https://www.cyberscoop.com/muddywaters-trend-micro-middle-east/,2022-08-15,2023-01-31
1162,US Attack on Internet Reseach Internet Agency,"The US Cyber command managed to shut down the infamous Russian influence agency ""Internet research Agency""",2018-11-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,US CYCOM,United States,State,,1,1372,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,US CYCOM,United States,State,,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html,2022-08-15,2023-08-07
1163,APT29s first attack after one year of silence - 2018,Multiple security companies including Crowdstrike and FireEye reveal a new spear phishing campaign carried out by APT29 (after one year of silence) targeting multiple sectors in the U.S.,2018-11-14,2018-11-14,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science; Critical infrastructure; Critical infrastructure,Government / ministries; Transportation; ; ; ; Health; Defence industry,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,,1,4797,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.zdnet.com/article/russian-apt-comes-back-to-life-with-new-us-spear-phishing-campaign/; https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html,2022-08-15,2022-11-30
1164,The Digital Revolution group hacks the Kvant Scientific Research Institute,"The Russian Digital Revolution group claims to have hacked the servers of Moscow-based Kvant Scientific Research Institute, and gathered evidence of a neural networks tool used to analyze activities on social networks.",2018-11-30,2018-12-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Science,Intelligence agencies; ,The Digital Revolution,Russia,Non-state-group,Hacktivist(s),1,1374,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,The Digital Revolution,Russia,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://openmedia.io/news/xakery-vzlomali-servera-nii-kvant-on-prinadlezhit-fsb/; https://globalvoices.org/2018/12/22/report-says-hackers-detected-online-protest-sniffing-software-in-kazakhstan/; https://www.d1g1r3v.net/,2022-08-15,2023-02-27
1165,2018 Citrix Hack by APT Iridium,"The servers of the remote access tool Citrix were hacked, and important data (highly likely passwords) were stolen. The perpetrator is at this point still unclear, but might have been an Iranian state hacker group.",2018-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)","Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,2,1375; 1376,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)","Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forbes.com/sites/kateoflahertyuk/2019/03/10/citrix-data-breach-heres-what-to-do-next/#65aeed341476; https://www.forbes.com/sites/kateoflahertyuk/2019/03/15/who-is-resecurity-the-mysterious-firm-that-blamed-iran-for-the-citrix-hack/#40c7ff7280e9; https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986,2022-08-15,2022-11-02
1166,Mikroceen,Mikroceen was used by a Chinese actor (likely ViciousPanda) against central asian government agencies,2018-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Kazakhstan; Uzbekistan; Turkmenistan; Tajikistan; Kyrgyzstan,ASIA; CSTO; SCO - ASIA; CENTAS; CSTO; SCO - ASIA - ASIA; CENTAS; CSTO; SCO - ASIA; CENTAS; CSTO; SCS,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,;  - ;  - ;  - ;  - ; ,Vicious Panda,China; Czech Republic,Unknown - not attributed,,1,1377; 1377,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Vicious Panda; Vicious Panda,China; Czech Republic,Unknown - not attributed; Unknown - not attributed,https://decoded.avast.io/luigicamastra/APT -group-planted-backdoors-targeting-high-profile-networks-in-central-asia/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/; https://decoded.avast.io/luigicamastra/APT -group-planted-backdoors-targeting-high-profile-networks-in-central-asia/,2022-08-15,2022-11-02
1167,Fancy Bear vs. US Energy Sector,"Fancy Bear started a long term espionage campaign against the US energy sector and political targets, accessing data and secure networks",2018-12-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure,Government / ministries; Energy,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,3,1380; 1379; 1378,2020-01-01 00:00:00; 2020-01-01 00:00:00; 2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution; IT-security community attributes attacker,; ; ,; ; ,; ; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia,"State; State; Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/story/russia-fancy-bear-us-hacking-campaign-government-energy/,2022-08-15,2022-11-02
1168,Shamoon 3.0,"Oil companies in Europe and the Gulfare hit by a new version of the Shamoon malware. The attacks started in India and hit the servers in Saudi Arabia, the United Arab Emirates and Kuwait. Fingers are pointed to Iran.",2018-12-10,2018-12-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Disruption; Hijacking with Misuse,None - None - None,Europe (region); Middle East (region); Italy, -  - EUROPE; NATO; EU(MS),Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Energy;  - Energy;  - Energy; ,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1381,2018-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html; https://gulfnews.com/technology/companies/iran-hackers-behind-attacks-on-oil-and-gas-companies-in-gulf-and-europe-1.61007070; https://www.zdnet.com/article/shamoon-malware-destroys-data-at-italian-oil-and-gas-company/; https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/; https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/; https://twitter.com/780thC/status/1618571785276100609,2022-08-15,2023-01-30
1169,Charming Kitten vs. US and Arab Officials,Hackers believed to be associated with Charming Kitten (Iran-based APT) has ramped up their activities with a phishing campaign against American officials charged with enforcing economic sanctions imposed on Iran by President Trump.,2018-12-13,2018-12-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,United States,NATO; NORTHAM,State institutions / political system; Other,Government / ministries; ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1382; 1382,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://blog.certfa.com/posts/the-return-of-the-charming-kitten/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.scmagazine.com/home/security-news/charming-kitty-targets-u-s-arab-officials-in-wake-of-iran-sanctions/; https://blog.certfa.com/posts/the-return-of-the-charming-kitten/,2022-08-15,2022-11-02
1170,Chinese PLA attacks EU - organisations,"A report by Area 1 Security reveals that a successful phishing attack on the Ministry of Foreign Affairs of Cyprus, an EU member nation, compromised the diplomatic communication network for the European Union (COREU).",2018-12-19,2018-12-19,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None,EU (institutions); Cyprus, - EUROPE; EU(MS); MEA,State institutions / political system; International / supranational organization - State institutions / political system; International / supranational organization,Government / ministries;  - Government / ministries; ,PLA,China,State,,1,1383,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,PLA,China,State,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.prnewswire.com/news-releases/area-1-security-uncovers-cybersecurity-breach-of-european-diplomatic-network-initiated-by-chinese-government-300768487.html,2022-08-15,2023-04-20
1171,IranRev. Guard vs. UKGovernment,Iranish actors hacked various UK companies and the UK postoffice,2018-12-23,2018-12-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Civil service / administration; ,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1384,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.infosecurity-magazine.com/news/iranian-hackers-target-uk-1/; https://www.mirror.co.uk/news/uk-news/major-cyber-attack-uk-infrastructure-14226055,2022-08-15,2022-11-02
1172,Philippine media under DDoS-attack,"The news sites of Bulatlat, Kodao and Pinoy Weekly are taken down by a DDoS attack, after stories on the Communist Party of the Philippines’ 50th anniversary were posted.",2018-12-26,2018-12-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,Philippines,ASIA; SCS; SEA,Media,,,Unknown,Non-state-group,Hacktivist(s),1,1385,NaT,Not available,Media-based attribution,,,,,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.philstar.com/headlines/2018/12/28/1880570/altermidya-slams-cyberattacks-vs-members-sites,2022-08-15,2022-11-02
1173,Italian Trade Union of State Police Officers Hacked & Defaced by The Anonymous Anarchist Agency,"Hackers from the Anonymous collective release the contact information of over 200 Italian police officers, including their full names and personal emailaddresses. Hackers also post the user loginname and password of 26 website administrators.",2018-12-30,2018-12-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Police,Anonymous Anarchist Agency,Unknown,Non-state-group,Hacktivist(s),1,1386,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous Anarchist Agency,Unknown,Non-state-group,https://web.archive.org/web/20190104233230/https://www.cyberguerrilla.org/blog/black-december-italian-trade-union-of-state-police-workers-hacked/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.databreaches.net/italian-trade-union-of-state-police-officers-hacked-defaced-by-the-anonymous-anarchist-agency/; https://web.archive.org/web/20190104233230/https://www.cyberguerrilla.org/blog/black-december-italian-trade-union-of-state-police-workers-hacked/,2022-08-15,2024-02-12
1174,NSO-campaign focusing on Amnesty International in Saudi-Arabia,"In June 2018, an Amnesty International staff member received a malicious WhatsApp message with Saudi Arabia-related bait content and carrying links Amnesty International believes are used to distribute and deploy sophisticated mobile spyware.",2018-06-01,2018-06-30,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,Unknown,,Social groups,Other social groups,KINGDOM,Saudi Arabia,State,,1,13419,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,Not available,,KINGDOM,Saudi Arabia,State,https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/; https://www.amnesty.org/en/latest/research/2018/08/amnesty-international-among-targets-of-nso-powered-campaign/,2022-08-15,2023-10-16
1175,Greek & Turkish hackers target each other’s mediaoutlets,"As a retaliation for the attacks of the Turkish collective Akincilar, Greekhackers from Anonymous paralyze the 24TV Livewebsite for several hours. They also claim to have hacked 12,987 routers of TurkTelekom.",2018-04-30,2018-04-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,Critical infrastructure; Media; Other,Telecommunications; ; ,Anonymous Greece,Greece,Non-state-group,Hacktivist(s),1,13418,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous Greece,Greece,Non-state-group,,Territory; Resources; Other,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,,2022-08-15,2023-09-29
1176,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2018-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None,Belgium; United States,EUROPE; EU(MS); NATO; WESTEU - NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,,1,14754; 14754,2020-10-24 00:00:00; 2020-10-24 00:00:00,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA),Not available; Not available,United States; United States,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,2022-08-15,2023-12-04
1157,"DDoS-attack on""Davos in theDesert""","The website of the Saudi Arabian investment conference, referred to as“Davos in the Desert”, is defaced with anti-Saudi messages, to protest against the death of journalist Jamal Khashoggi.",2018-10-22,2018-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system,,,Unknown,Non-state-group,Hacktivist(s),1,1366,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.scmagazine.com/home/security-news/saudi-investment-conference-website-hacked-defaced/,2022-08-15,2022-11-02
1156,Defacement of the website of the Bhartiya Janata Party’s Goawing,"The website of the Bhartiya Janata Party’s Goawing was defaced on Monday, 15 October during the day.",2018-10-15,2018-10-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Political parties,Team PCE,Pakistan,Non-state-group,Hacktivist(s),1,1365,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team PCE,Pakistan,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thequint.com/news/india/bjp-goa-website-hacked,2022-08-15,2022-11-02
1155,Rep. PeterKing Website Defacement,The website of Peter King was hacked and defaced by Turkish Hacktivists,2018-10-05,2018-10-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Legislative,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,Hacktivist(s),1,1364,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtontimes.com/news/2018/oct/9/rep-peter-kings-congressional-campaign-site-hacked/,2022-08-15,2022-11-02
1144,Cosmos Bank Hack,State-sponsored PRK hackers stole US$13.5 million from India's Cosmos Bank. ,2018-08-10,2018-08-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,India,ASIA; SASIA; SCO,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,2,6375; 6374,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Statement in media report and political statement/technical report; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,Not available; ,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://us-cert.cisa.gov/ncas/alerts/TA18-275A; https://www.securonix.com/securonix-threat-research-cosmos-bank-swift-atm-us13-5-million-cyber-attack-detection-using-security-analytics/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.tatacommunications.com/blog/2018/09/stay-secure-stay-safe-lessons-from-the-cosmos-bank-attack/; https://www.forbes.com/sites/leemathews/2019/03/11/north-korean-hackers-have-raked-in-670-million-via-cyberattacks/#39a86b2c7018; https://us-cert.cisa.gov/ncas/alerts/TA18-275A; https://www.securonix.com/securonix-threat-research-cosmos-bank-swift-atm-us13-5-million-cyber-attack-detection-using-security-analytics/,2022-08-15,2023-02-01
1136,Andariel (Subgroup of Lazarus) attacks South Korean think tank,"According to researchers at AlienVault, North Korea-linked hackers planted an ActiveX zero-day vulnerability on the website of a South Korean think tank focused on national security.",2018-06-12,2018-06-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,Science,,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,1341,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Andariel/Onyx Sleet fka PLUTONIUM/Silent Chollima/G0138/DarkSeoul < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://cybersecurity.att.com/blogs/labs-research/more-details-on-an-activex-vulnerability-recently-used-to-target-users-in-south-korea,System / ideology; International power; Secession,System/ideology; International power; Secession,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/73456/apt/lazarus-apt-activex-attacks.html; https://cybersecurity.att.com/blogs/labs-research/more-details-on-an-activex-vulnerability-recently-used-to-target-users-in-south-korea,2022-08-15,2023-07-07
1137,TEMP. Periscope aka APT 40 aka Leviathan targeted UK-based engineering company,"Researchers from RecordedFuture rereveal the details of a spearphishing campaign carried out by the Chinese TEMP.Periscope group against a UK-based engineering company, leveraging Russian APT  Techniques. The Group is normally tied to the Chinese state, by Fireeye and IntrusionTruth.",2018-07-01,2018-07-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",,2,1343; 1342,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department); APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html; https://intrusiontruth.wordpress.com/2020/01/16/APT 40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/#more-587,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/; https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html; https://intrusiontruth.wordpress.com/2020/01/16/APT 40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/#more-587,2022-08-15,2023-07-12
1138,"DarkHydrus , July 2018","In July 2018, Unit 42 analyzed a targeted attack using a novelfile type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group they trackas DarkHydrus.",2018-07-01,2018-07-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Middle East (region),,State institutions / political system,Government / ministries,DarkHydrus/LazyMeerkat,Unknown,Unknown - not attributed,,1,1344,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkHydrus/LazyMeerkat,Unknown,Unknown - not attributed,https://unit42.paloaltonetworks.com/threat-brief-iranian-linked-cyber-operations/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/; https://unit42.paloaltonetworks.com/threat-brief-iranian-linked-cyber-operations/,2022-08-15,2022-11-02
1139,Hamas (probably) hacks mobilephones of isralian soldiers,100 Isralian soldiers became victims to different apps of the google playstore. The apps which seemed to be completely normal were infected by malware spying on all activities on the soldiers smartphones. The Reuter Agency asserted that the terror organisation Hamas started the attack.,2018-07-01,2018-07-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,State institutions / political system,Military,Hamas,Palestine,Non-state-group,Terrorist(s),1,1345,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,Hamas,Palestine,Non-state-group,https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX,Resources; Secession,Resources; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/Israelische-Soldaten-ueber-WM-Apps-aus-dem-Play-Store-gehackt-4100548.html; https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX,2022-08-15,2022-11-02
1140,Ehud Barak Hack,The cellphone of Ehud Barak was hacked-apparently without negligence on the part of the former israelian prime minister,2018-07-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,Israel,ASIA; MENA; MEA,State institutions / political system,Political parties,,Unknown,Unknown - not attributed,,1,1346,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Unknown,Unknown - not attributed,https://cyware.com/news/attackers-hacked-israeli-officials-devices-stolen-information-sold-to-iran-e5faac0d,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.timesofisrael.com/report-baraks-phone-breached-info-apparently-sold-to-iran-by-foreign-hackers/; https://cyware.com/news/attackers-hacked-israeli-officials-devices-stolen-information-sold-to-iran-e5faac0d,2022-08-15,2023-03-13
1141,Chinese hackers defaced the official website of the Taiwanese DDP,"The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading ""Chinese netizens are supporting TsaiIng-went or un for re-election"" in simplified Chinese characters.",2018-07-03,2018-07-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Taiwan,ASIA; SCS,State institutions / political system,Political parties,,China,Non-state-group,Hacktivist(s),1,1347,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Non-state-group,,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.taiwannews.com.tw/en/news/3473203,2022-08-15,2022-11-02
1142,"Operation ""RomanHoliday""","Security researchers from the Z-LabatCSE Cybersec reveal the details of Operation""Roman Holiday""an operation carried on by APT28 (AKA Fancy Bear)and targeting the Italian Military.",2018-07-12,2018-07-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Military,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,1348,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://vx-underground.org/archive/APTs/2018/2018.07.13/Operation%20Roman%20Holiday.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2018/07/16/apt28_italian_job/; https://vx-underground.org/archive/APTs/2018/2018.07.13/Operation%20Roman%20Holiday.pdf,2022-08-15,2022-11-02
1143,Tinder profile of RAF airwoman got hacked,An RAF airwoman hasher Tinder profile hacked.The attackers use the hacked profile to steal secrets of Britain’s new F-35 Lightning II stealthfighter.,2018-08-04,2018-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Military,,China; Russia,"Non-state actor, state-affiliation suggested",,1,1349; 1349,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution,,,,,China; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.dailymail.co.uk/news/article-6027207/Honeytrap-spy-stole-secrets-new-RAF-stealth-jet-hacking-Tinder-profile.html,2022-08-15,2023-03-13
1145,Anonymous Catalonia takes down the website of the Bank of Spain,"The hacktivists of Anonymous Catalonia claims to have taken down the website of the Banco de España (the Spanish central bank) through a targeted DDoS attack.
It is part of #OpCatalonia, a protest against the arrest of leading Catalan politicians in connection with the region's fight for independence last year.",2018-08-26,2018-08-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Central Bank (Spain),Spain,EUROPE; NATO; EU(MS),State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",Anonymous,Spain,Non-state-group,Hacktivist(s),1,6371,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,Not available,,Anonymous,Spain,Non-state-group,,System / ideology; Autonomy; Secession,Autonomy; Secession; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/anonymous-catalonia-claims-ddos-attack-on-bank-of-spain-website/,2022-08-15,2023-03-13
1154,Cyberattack on the Pentagon,"Roughly 30,000 DOD military and civilian personnel are believed to be affected by a cyberattack. A third-party contractor is compromised, granting the attackers access to the Pentagon network to steal travel data for DOD personnel.",2018-10-04,2018-10-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Military,,Unknown,Unknown - not attributed,,1,1363,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.boston.com/news/politics/2018/10/12/pentagon-reveals-cyber-breach-of-travel-records,2022-08-15,2022-11-02
1146,Iranian APT Chafer focuses on diplomatic entities in the Middle East,Throughout the autumn of 2018 Kaspersky analyzed a long-standing cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might be a domestic cyber-espionage operation. This malware has previously been associated with an Iranian APT actor that is widely called Chafer.,2018-09-01,2019-01-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Middle East (region),,State institutions / political system,Government / ministries,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1353,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/chafer-used-remexi-malware/89538/; https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html,2022-08-15,2022-11-02
1147,Seedworm,"The iranian actor Seedworm hacked various firms, primarily related to telecommunication with the goal of datatheft. The exact origin of this group remains unknown",2018-09-01,2018-11-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,Pakistan; Turkey; Russia; Saudi Arabia,ASIA; SASIA; SCO - ASIA; NATO; MEA - EUROPE; EASTEU; CSTO; SCO - ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Telecommunications;  - Government / ministries; Telecommunications;  - Government / ministries; Telecommunications;  - Government / ministries; Telecommunications; ,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1354,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://symantec-blogs.broadcom.com/blogs/threat-intelligence/seedworm-espionage-group; https://www.darkreading.com/threat-intelligence/highly-active-seedworm-group-hits-it-services-governments/d/d-id/1333451,2022-08-15,2022-11-02
1148,US State Department breached by unknown hacker(s),"The State Department suffers a breach of its unclassified emailsystem, and the compromise exposes the personal information of a small number of employees.",2018-09-07,2018-09-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1355,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.politico.com/story/2018/09/17/state-department-email-personal-information-792665; https://www.jpost.com/international/article-735585,2022-08-15,2023-03-28
1149,Turkish hacking group attacked Egypt's state-run newsagency,A Turkish hacking group have taken over the website of Egypt's state-run newsagency to condemn deathsentences against leaders of the blacklisted Muslim Brotherhood movement.,2018-09-11,2018-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Egypt,MENA; MEA; AFRICA; NAF,Media,,Akincilar; Muslim Brotherhood,Turkey; Turkey,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),2,1356; 1356; 1357; 1357,NaT; NaT; NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Receiver attributes attacker; Attacker confirms; Attacker confirms,; ; ; ,; ; ; ,; ; ; ,Akincilar; Muslim Brotherhood; Akincilar; Muslim Brotherhood,Turkey; Turkey; Turkey; Turkey,Non-state-group; Non-state-group; Non-state-group; Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.alaraby.co.uk/english/news/2018/9/11/suspected-turkish-hackers-take-over-egypt-state-media-website,2022-08-15,2022-11-02
1150,DDoS-attack on Bryan Caforrio's website,A DDoS attack takes down California Democratic Bryan Caforio’s website just hours before he steps onto the debate stage to face fellow Democrats.,2018-09-21,2018-09-21,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Political parties; Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1358,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.scmagazine.com/home/security-news/ddos-attacks-took-down-calif-democratic-hopefuls-website-during-primaries/,2022-08-15,2022-11-02
1151,Hack of Facebook,An unknown hackergroup attacked Facebook and stole data of 50 Million of its users. The attackers gained access by using three different weaknesses of the company`s system.,2018-09-27,2018-09-27,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,Unknown - not attributed,,1,1359,2018-01-01 00:00:00,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html; https://www.heise.de/newsticker/meldung/DSGVO-Facebook-droht-nach-massivem-Hack-Milliardenstrafe-4179341.html; https://www.diariocritico.com/nuevas-tecnologias/20-anos-facebook-repaso-del-auge-y-principales-polemicas; https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177; https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177,2022-08-15,2024-03-04
1152,"Fancy Bear attacks European and US targets (""Cannon""Malware)","Researchers from PaloAlto Networks reveal the details of a new campaign carried out by the infamous APT28, AKA Fancy Bear, AKA Sofacy, via the Cannon malware.",2018-10-01,2018-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,United States; Europe (region),NATO; NORTHAM - ,State institutions / political system - State institutions / political system, - ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,1360; 1361,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Unknown; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/russian-hackers-are-trying-out-new-malware-against-us-and-european-targets/; https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/,2022-08-15,2022-11-02
1153,Watering Hole Attacks - OceanLotus,Researchers from ESET discover a new watering hole campaign targeting 21 distinct websites in Southeast Asia carried out by OceanLotus.,2018-10-01,2018-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,None - None,Vietnam; Cambodia,ASIA; SCS; SEA - ASIA; SEA,State institutions / political system; End user(s) / specially protected groups; Media - State institutions / political system; End user(s) / specially protected groups; Media,Government / ministries; ;  - Government / ministries; ; ,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,4684,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Unknown,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2018/11/20/oceanlotus-new-watering-hole-attack-southeast-asia/%C2%A0,2022-08-15,2022-11-28
1268,Ferocious Kitten Domestic Surveillance,"The  previously unknown APT group Ferocious Kitten got discovered surveying persian-speaking individuals in Iran since 2015. Therefore it used lure content displaying images or videos of resistance or strikes against the Iranian regime, suggesting the surveillance is aimed at potential supporters of such movements.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Social groups,Political opposition / dissidents / expats,Ferocious Kitten,Unknown,Unknown - not attributed,,1,1493,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ferocious Kitten,Unknown,Unknown - not attributed,https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/kaspersky-details-iranian-domestic-cyber-surveillance-operation; https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/,2022-08-15,2022-11-02
1269,Tetris,"A security researcher calling himself Imp0rtp3 reports on the Chinese spy tool called Tetris used by a suspected Chinese government hacking group. Targets here were 58 websites, one of which is the New York Times site. It is believed that Chinese dissidents are the target.",2016-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,None - None,China; United States,ASIA; SCS; EASIA; NEA; SCO - NATO; NORTHAM,Social groups; Media - Social groups; Media,Political opposition / dissidents / expats;  - Political opposition / dissidents / expats; ,,China,State,,1,1494,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,State,https://imp0rtp3.wordpress.com/2021/08/12/tetris/,System / ideology; National power,System/ideology,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://iicybersecurity.wordpress.com/2021/08/20/tetris-chinese-governments-favorite-hacking-spying-tool-how-it-works-and-how-to-get-it/; https://therecord.media/chinese-espionage-tool-exploits-vulnerabilities-is-58-widely-used-websites/; https://imp0rtp3.wordpress.com/2021/08/12/tetris/,2022-08-15,2023-05-17
1270,Operation Harvest,McAfee's Advanced Threat Research Team discovered a malware attack that turned out to be a long-term espionage campaign. The company considers Chinese groups APT27 and APT41 the most likely actors for the attack.,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,Unknown,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027; APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1495; 1495,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027; APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/operation-harvest-a-deep-dive-into-a-long-term-campaign.html,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://cyware.com/news/lets-talk-about-operation-harvest-2d9feff3/?web_view=true; https://www.inforisktoday.com/chinese-apt-data-harvesting-campaign-analyzed-a-17581; https://www.techtarget.com/searchsecurity/news/252506722/McAfee-discovers-Chinese-APT-campaign-Operation-Harvest; https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/operation-harvest-a-deep-dive-into-a-long-term-campaign.html,2022-08-15,2022-11-02
1405,Chinese Espionage Campaign: Cambodia,Chinese state-sponsored hacking groups compromised the networks of the Cambodian government and the country's sole international and commercial Aihanoukville Autonomous Port. The targeting of this Cambodian seaport aims to offset Japanese influence as the biggest investor of this particular seaport because of its relevance for the Belt-and-Road Initiative of China.,2021-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Cambodia,ASIA; SEA,State institutions / political system; Critical infrastructure,Government / ministries; Transportation,TAG-34,China,Unknown - not attributed,,1,3176,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,Not available,,TAG-34,China,Unknown - not attributed,https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf,2022-08-15,2022-11-02
1385,Police surveillance footage leak,"The transparency collective Distributed Denial of Secrets ( DDoSecrets ) released more than 600 hours of aerial surveillance footage of police in Texas and Georgia in November 2021 after the group obtained it through an unknown source. Three months earlier, it was revealed that Dallas police lost 22 terabytes of case data and recovered only 14 terabytes.",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Police,,Unknown,Unknown - not attributed,,1,1625,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.infosecurity-magazine.com/news/dallas-police-surveillance-footage/; https://www.courthousenews.com/activists-leak-600-hours-of-mostly-dallas-police-helicopter-footage-after-citys-22-terabyte-loss-of-criminal-case-data/; https://ddosecrets.com/wiki/Aerial_Surveillance_Footage; https://twitter.com/AricToler/status/1457009465400741891; https://twitter.com/NatSecGeek/status/1457053874741784576,2022-08-15,2022-11-02
1386,macOS-Exploits,An unknown actor targeted Hong Kong websites of a media provider and a pro-democracy labor and political group using watering hole attacks and exploiting a vulnerability. Google's Threat Analysis Group suspects a state-sponsored actor behind the attack.,2021-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Hong Kong,ASIA,End user(s) / specially protected groups,,,Unknown,"Non-state actor, state-affiliation suggested",,1,1626,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/124513/malware/macos-zero-day-watering-hole-hong-kong.html; https://therecord.media/macos-zero-day-deployed-via-hong-kong-pro-democracy-news-sites/,2022-08-15,2022-11-02
1387,Kimsuky vs. South Korean think tanks,"Since at least June 2021, North Korea's state-sponsored APT Kimsuky has targeted geopolitical and aerospace research agencies in South Korea.",2021-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Science,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,1627,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/north-korean-hackers-target-the-souths-think-tanks-through-blog-posts/; https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html; https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html; https://www.bleepingcomputer.com/news/security/us-govt-sanctions-north-koreas-kimsuky-hacking-group/,2022-08-15,2023-05-05
1388,FBI spam mails,"An unknown hacker gained access to the Federal Bureau of Investigation (FBI) email server and used it to send tens of thousands of spam emails in two waves. The emails warn of a cyberattack by a threat actor named Vinny Troia. Actually, Vinny Troia is the head of security research for the dark web intelligence companies NightLion and Shadowbyte.",2021-11-13,2021-11-13,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Police,Pompompurin,Unknown,Individual hacker(s),,1,1628,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Pompompurin,Unknown,Individual hacker(s),https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/; https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://twitter.com/spamhaus/status/1459450061696417792?ref_src=twsrc%5Etfw; https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/; https://www.hackread.com/us-marshals-service-ransomware-attack/; https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-incident-involving-fake-emails; https://indianexpress.com/article/technology/tech-news-technology/the-fbis-email-system-was-hacked-to-send-out-fake-cybersecurity-warnings-7623616/; https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/; https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/,2022-08-15,2023-03-01
1389,Iranian hacker group Moses Staff targeting Israeli organizations since 2021,"Since September 2021, the hacker group Moses Staff has been targeting Israeli organizations by, among other things, publishing sensitive data or encrypting networks without ransom demands. The CheckPoint company therefore assesses the group's attacks as entirely politically motivated.",2021-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft & Doxing; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,Unknown,,Moses Staff/Marigold Sandstorm fka DEV-0500/Cobalt Sapling (IRGC),Unknown,Unknown - not attributed,,1,6383,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Moses Staff/Marigold Sandstorm fka DEV-0500/Cobalt Sapling (IRGC),Unknown,Unknown - not attributed,https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://therecord.media/new-moses-staff-group-targets-israeli-organizations-in-destructive-attacks/; https://www.bleepingcomputer.com/news/security/moses-staff-hackers-wreak-havoc-on-israeli-orgs-with-ransomless-encryptions/; https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/; https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush/110794/,2022-08-15,2023-10-26
1390,Iranian state-sponsored group Phosphorus exploits ProxyShell to deploy ransomware,"According to DFIR Report, the Iranian state-sponsored APT Phosphorus (also tracked as APT35, Charming Kitten, Newscaster, TA453, Magic Hound) exploited ProxyShell to conduct a ransomware campaign that encrypts systems of targets domain-wide.",2021-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,,Unknown,,Unknown,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of",State,,1,3877,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,Not available,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of",State,https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/,Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/proxyshell-vulnerabilities-domain-wide-ransomware-attacks/; https://www.techtarget.com/searchsecurity/news/252509511/ProxyShell-leads-to-domain-wide-ransomware-attack; https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/; https://cyberscoop.com/top-routinely-exploited-vulnerabilities/,2022-08-15,2024-01-18
1391,BlueNoroff hackers steal crypto using fake MetaMask extension,The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions,2021-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,United States; Russia; China; India; United Kingdom; Ukraine; Poland; Czech Republic; United Arab Emirates; Germany,NATO; NORTHAM - EUROPE; EASTEU; CSTO; SCO - ASIA; SCS; EASIA; NEA; SCO - ASIA; SASIA; SCO - EUROPE; NATO; NORTHEU - EUROPE; EASTEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - ASIA; MENA; MEA; GULFC - EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  -  -  -  -  -  -  - ,"Blue Noroff/APT38/Stardust Chollima/G0082/Sapphire Sleet fka COPERNICUM/Genie Spider < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,1631,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Blue Noroff/APT38/Stardust Chollima/G0082/Sapphire Sleet fka COPERNICUM/Genie Spider < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/bluenoroff-hackers-steal-crypto-using-fake-metamask-extension/; https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/; https://securityaffairs.com/148042/malware/rustbucket-macos-malware.html; https://www.bleepingcomputer.com/news/security/bluenoroff-hackers-backdoor-macs-with-new-objcshellz-malware/,2022-08-15,2023-12-21
1392,"MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists","State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.",2021-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Palestine; Turkey,ASIA; MENA; MEA - ASIA; NATO; MEA,State institutions / political system; Critical infrastructure; Social groups; Media - State institutions / political system; Critical infrastructure; Social groups; Media,Political parties; Finance; Advocacy / activists (e.g. human rights organizations);  - Political parties; Finance; Advocacy / activists (e.g. human rights organizations); ,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Unknown - not attributed,,1,17185,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Unknown - not attributed,https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://thecybersecurity.news/vulnerabilities/molerats-apt-launches-spy-campaign-on-bankers-politicians-journalists-16146/; https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east,2022-08-15,2024-02-16
1393,NSO Pegasus Spyware: Finnish diplomats,"Finland's Ministry for Foreign Affairs revealed in a statement on 28 January 2022 that devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign. The ministry did not further specify the precise location of the affected diplomats or their number, but the Finnish Ambassador for cyber security, Jarmo Sareva, stated that ""even the microphone and camera of these devices were being spied on"" (source: EuroNews). The ministry’s head of information security, Matti Parviainen, further said that even though the phones used by diplomats only handle information that is either public or with the lowest security classification, “the information and its source may be confidential between diplomats"" (source: SecurityWeek). The ministry claimed to have a suspect in mind, but did not further attribute the responsibility for the espionage.",,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available,Finland,EUROPE; EU(MS); NORTHEU,State institutions / political system,"Other (e.g., embassies)",Not available,Not available,Not available,,1,13312,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html; https://www.securityweek.com/finnish-diplomats-targeted-pegasus-spyware-ministry/; https://www.euronews.com/2022/01/28/finnish-diplomats-were-targeted-by-pegasus-spyware-says-foreign-ministry,2022-08-15,2023-09-25
1394,Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign,Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign,2021-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Eastern Europe,,State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Military; Defence industry,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1633; 1633,2022-01-01 00:00:00; 2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-dazzlespy-macos-malware-spying-on-visitors-of-hong-kong-pro-democracy-news/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/new-dazzlespy-malware-targets-macos-users-in-watering-hole-attack/; https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-dazzlespy-macos-malware-spying-on-visitors-of-hong-kong-pro-democracy-news/,2022-08-15,2022-11-02
1395,DazzleSpy,A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malware.,2021-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Hong Kong,ASIA,Social groups,Advocacy / activists (e.g. human rights organizations),,Unknown,Unknown - not attributed,,1,1634,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/finnish-diplomats-phones-infected-with-nso-group-pegasus-spyware/; https://um.fi/current-affairs/-/asset_publisher/gc654PySnjTX/content/ulkoministerio-on-saanut-selvitettya-siihen-kohdistuneen-vakoilutapauksen,2022-08-15,2022-11-28
1396,MuddyWater vs. Turkey (2021),MuddyWater is impersonating the Turkish Health and Interior Ministries to sink its claws into victim networks.,2021-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Turkey,ASIA; NATO; MEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system,Government / ministries; ; Civil service / administration,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,6270; 6270,2022-01-01 00:00:00; 2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Ministry of Intelligence and Security (MOIS, Iran)","Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.zdnet.com/article/state-sponsored-iranian-hackers-attack-turkish-govt-organizations/; https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/; https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html,2022-08-15,2023-01-31
1397,MuddyWater: Armenia and Pakistan,State-sponsored hacking group MuddyWater targeted not furhter definded pakistan entities and the armenian telecommunication sector. It is not known if the iranian cyber-operation against Turkey is linked to this cyber-operation.,2021-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None,Pakistan; Armenia,ASIA; SASIA; SCO - ASIA; CENTAS; CSTO,Unknown; Critical infrastructure - Unknown; Critical infrastructure,; Telecommunications - ; Telecommunications,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1636; 1636,2022-01-01 00:00:00; 2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); Ministry of Intelligence and Security (MOIS, Iran)","Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html,2022-08-15,2023-01-16
1398,US media and publishing conglomerate News Corp was targeted by Chinese-linked espionage group from February 2020 until January 2022,"American media and publishing giant News Corp disclosed on February 4, 2022, that it was the target of a ""persistent"" cyber attack by which the attackers gained access to emails and documents, also by journalists. According to David Wong, vice president of consulting at Mandiant (in February 2022), the perpetrators are believed to have ""China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.” Mandiant was engaged in the containment of the breach.
In February 2023, News Corp further revealed that the actual breach of its systems already started in February 2020. ",2020-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,News Corp,United States,NATO; NORTHAM,Media,,Not available,China,State,,1,11512,2022-02-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,David Wong (Vice President of Consulting at Mandiant),,United States,Not available,China,State,https://www.wsj.com/articles/cyberattack-on-news-corp-believed-linked-to-china-targeted-emails-of-journalists-others-11643979328?st=yrhf72fjgcuccqv&reflink=desktopwebshare_permalink,International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/news-corp-discloses-hack-from-persistent-nation-state-cyber-attacks/; https://www.wsj.com/articles/cyberattack-on-news-corp-believed-linked-to-china-targeted-emails-of-journalists-others-11643979328?st=yrhf72fjgcuccqv&reflink=desktopwebshare_permalink; https://securityaffairs.com/142701/data-breach/news-corp-security-breach.html; https://www.documentcloud.org/documents/23689861-news-corp-feb-2023-data-breach-notification; https://www.reuters.com/article/news-corp-cyber-attack-idCNL4N2UF255; https://investors.newscorp.com/node/11716/html; https://www.bleepingcomputer.com/news/security/news-corp-says-state-hackers-were-on-its-network-for-two-years/; https://www.darkreading.com/analytics/attackers-were-on-network-2-years-news-corp; https://twitter.com/Dinosn/status/1630224915105452033; https://twitter.com/HackRead/status/1630203903286427648; https://twitter.com/Dinosn/status/1630088111630721024; https://therecord.media/limited-number-of-news-corp-employees-sent-breach-notification-letters-after-january-cyberattack/; https://www.hackread.com/news-corp-breach-hackers-undetected/; https://twitter.com/Cyber_O51NT/status/1629284078334910466; https://twitter.com/Dinosn/status/1629244368149266441; https://twitter.com/HackRead/status/1630203903286427648; https://twitter.com/Dinosn/status/1630224915105452033; https://twitter.com/Dennis_Kipker/status/1631296998094635008; https://www.bleepingcomputer.com/news/security/associated-press-warns-that-ap-stylebook-data-breach-led-to-phishing-attack/,2022-08-15,2023-07-14
1399,Operation Cache Panda,A hacking group affiliated with the Chinese government is believed to have carried out a months-long attack against Taiwan’s financial sector by leveraging a vulnerability in a security software solution used by roughly 80% of all local financial organizations.,2021-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Taiwan,ASIA; SCS,Critical infrastructure,Finance,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11513,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",https://medium.com/cycraft/supply-chain-attack-targeting-taiwan-financial-sector-bae2f0962934,International power,System/ideology; Secession,China (Taiwan); China (Taiwan),Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://therecord.media/chinese-hackers-linked-to-months-long-attack-on-taiwanese-financial-sector/; https://medium.com/cycraft/supply-chain-attack-targeting-taiwan-financial-sector-bae2f0962934; https://medium.com/cycraft/china-implicated-in-prolonged-supply-chain-attack-targeting-taiwan-financial-sector-264b6a1c3525,2022-08-15,2023-07-14
1400,SockDetour,A new custom malware dubbed SockDetour found on systems belonging to US defense contractors has been used as a backup backdoor to maintain access to compromised networks.,2021-07-27,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None,United States; Global (region),NATO; NORTHAM - ,Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Energy; Health; Finance; Defence industry; ;  - Energy; Health; Finance; Defence industry; ; ,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",,1,1639,2022-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://www.bleepingcomputer.com/news/security/us-defense-contractors-hit-by-stealthy-sockdetour-windows-backdoor/; https://unit42.paloaltonetworks.com/sockdetour/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/us-defense-contractors-hit-by-stealthy-sockdetour-windows-backdoor/; https://unit42.paloaltonetworks.com/sockdetour/,2022-08-15,2024-02-23
1401,U.S. State Governments Targeted by Chinese Hackers via Zero-Day in Agriculture Tool,"A threat group believed to be sponsored by the Chinese government has breached the networks of U.S. state governments, including through the exploitation of a zero-day vulnerability.",2021-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,1,11514,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/apt41-us-state-governments,Unknown,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.securityweek.com/us-state-governments-targeted-chinese-hackers-zero-day-agriculture-tool; https://www.mandiant.com/resources/apt41-us-state-governments,2022-08-15,2023-07-14
1402,APT36 use various malware against Indian govt employees in an extended campaign - 2021,"A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government. The threat actors are known to utilize their malware of choice, CrimsonRAT (remote access trojan), during this campaign, in addition to new malware as they use various initial entry mechanisms in an attempt to diversify, remain undetected, and gain access to further systems. According to Cisco Talos, the campaign has been documented since June 2021 and uses inauthentic domains that mimic authentic government and government-related domains. ""Notably, the adversary has moved towards deploying small, bespoke stagers and downloaders that can be easily modified, likely to enable quick and agile operations."" It is suspected that the APT36 threat actors are Pakistan-linked since they are known to specifically target government- and military-associated persons and entities. The Windows-based malware that the threat actors are known to use are: CrimsonRAT, ObliqueRAT, and customized malware.",2021-06-01,2022-03-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available,India,ASIA; SASIA; SCO,State institutions / political system,Military,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11515,2022-03-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,Cisco Talos ,United States,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html,International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Not available,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,Not available,Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Cyber espionage,Non-state actors,No response justified (missing state attribution & breach of international law),,https://www.bleepingcomputer.com/news/security/hackers-use-modified-mfa-tool-against-indian-govt-employees/; https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html; https://blog.talosintelligence.com/transparent-tribe-new-campaign/; https://thehackernews.com/2022/02/new-caprarat-android-malware-targets.html,2022-08-15,2023-07-14
1403,Chinese Hackers Targeted Southeast Asian Nations,"State-sponsored chinese hackers, have been broadly targeting government entities across Southeast Asia, including those closely involved with Beijing regarding the One-Belt-One-Road Initiative.",2021-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None - None - None,Philippines; Malaysia; Thailand; Vietnam; Indonesia,ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Legislative; Civil service / administration; Military; Police; Political parties - Government / ministries; Legislative; Civil service / administration; Military; Police; Political parties - Government / ministries; Legislative; Civil service / administration; Military; Police; Political parties - Government / ministries; Legislative; Civil service / administration; Military; Police; Political parties - Government / ministries; Legislative; Civil service / administration; Military; Police; Political parties,TAG-16,China,"Non-state actor, state-affiliation suggested",,1,1643,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TAG-16,China,"Non-state actor, state-affiliation suggested",https://www.recordedfuture.com/chinese-state-sponsored-cyber-espionage-expansion-power-influence-southeast-asia/?utm_source=securityweek,System / ideology; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/report-chinese-hackers-targeted-southeast-asian-nations; https://www.recordedfuture.com/chinese-state-sponsored-cyber-espionage-expansion-power-influence-southeast-asia/?utm_source=securityweek,2022-08-15,2023-09-22
1384,Border crossings database hack - 2021,"The Belarus Cyber-Partisans stated in a tweet that they had gained access to the database on all border crossings in Belarus. A YouTube video shows an excerpt of the alleged data set. All entries and exits of the past 15 years are said to have been documented, including those of Belarusian President Lukashenko and his personnel.",2021-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Belarus,EUROPE; EASTEU; CSTO,State institutions / political system,Police,Belarusian Cyber-Partians,Unknown,Non-state-group,Hacktivist(s),1,3272,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Belarusian Cyber-Partians,Unknown,Non-state-group,https://twitter.com/cpartisans/status/1457840536023351301; https://www.youtube.com/watch?v=YpOiGRLEz3w,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://portswigger.net/daily-swig/belarusian-hackers-claim-to-have-accessed-full-database-of-those-crossing-the-countrys-borders; https://twitter.com/cpartisans/status/1457840536023351301; https://www.youtube.com/watch?v=YpOiGRLEz3w,2022-08-15,2022-11-02
1383,BlackShadow,"The database of the Israeli hosting provider Cyberserve was attacked by the Iranian hacker group BlackShadow, demanding ransom from its customers. Customers include local radio stations, museums and educational institutions, as well as the Israeli LGBTQ dating app Atraf.",2021-10-29,2021-10-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Israel,ASIA; MENA; MEA,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science,Transportation; ; ; ,Black Shadow,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),1,1623,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Black Shadow,"Iran, Islamic Republic of",Non-state-group,https://www.timesofisrael.com/iranian-hackers-take-down-servers-of-israeli-internet-hosting-company-cyberserve/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/124000/hacking/black-shadow-hacked-cyberserve.html; https://www.bleepingcomputer.com/news/security/blackshadow-hackers-breach-israeli-hosting-firm-and-extort-customers/; https://www.timesofisrael.com/iranian-hackers-take-down-servers-of-israeli-internet-hosting-company-cyberserve/,2022-08-15,2024-02-05
1382,DeathNote cluster,"In 2021, two attacks were perpetrated by the Lazarus Group using an updated DeathNote cluster. The first attack targeted a think tank in South Korea and the second an IT asset monitoring vendor. Kaspersky therefore assumes that the threat actor wants to build the attack capabilities on supply chains.",2021-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None,"Korea, Republic of; Latvia",ASIA; SCS; NEA - EUROPE; NATO; EU(MS); NORTHEU,Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Other social groups;  - Other social groups; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1622,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://usa.kaspersky.com/about/press-releases/2021_apt-actor-lazarus-attacks-defense-industry-develops-supply-chain-attack-capabilities; https://securelist.com/apt-trends-report-q3-2021/104708/,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/kaspersky-north-korean-hackers-targeting-it-supply-chain; https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/; https://usa.kaspersky.com/about/press-releases/2021_apt-actor-lazarus-attacks-defense-industry-develops-supply-chain-attack-capabilities; https://securelist.com/apt-trends-report-q3-2021/104708/; https://securelist.com/the-lazarus-group-deathnote-campaign/109490/,2022-08-15,2023-05-05
1371,DDoS attack German election commission,"Shortly before the German federal election in September 2021, the website of the Federal Election Commissioner suffered a short DDoS attack by unknown actors. However, the IT systems important for the election were not affected by the attack.",2021-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1611,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/germany-election-cyber-idUSL8N2QH438; https://www.businessinsider.de/politik/deutschland/hackerangriff-auf-server-des-bundeswahlleiters/; https://www.straitstimes.com/world/europe/german-election-authority-confirms-likely-cyber-attack,2022-08-15,2023-03-13
1363,United Nations Hack,"In April 2021, the United Nations' computer network infrastructure was breached by unknown hackers, who gained access to the Umoja system using stolen credentials acquired from the dark web. The purpose behind the breach remains unclear, but it appears that the attackers aimed to perform network intrusion and gather intelligence. The UN confirmed the breach and subsequent attacks, but no significant damage or data exfiltration was reported. As a response, the Umoja system migrated to Microsoft's Azure platform with multifactor authentication to enhance security.",2021-04-05,2021-08-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by IT-security company,Data theft,,United Nations,,International / supranational organization,,,Unknown,Unknown - not attributed,,1,12196,NaT,Not available,Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://cyberlaw.ccdcoe.org/wiki/UN_data_breach_(2021); https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/; https://edition.cnn.com/2021/09/09/politics/junited-nations-cyberattack-april/index.html; https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html,2022-08-15,2023-08-04
1364,Grayfly campaign,"While ESET recently attributed the Sidewalk backdoor to the SparklingGoblin group, Symantec attributes the backdoor to the chinese Grayfly espionage group. The group attacked several sectors in Taiwan, Vietnam, USA and Mexico. The campaign continued even after five members of the group were indicted by the U.S. in 2020.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,Taiwan; Vietnam; United States; Mexico,ASIA; SCS - ASIA; SCS; SEA - NATO; NORTHAM - ,Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Telecommunications; Finance; ;  - Telecommunications; Finance; ;  - Telecommunications; Finance; ;  - Telecommunications; Finance; ; ,Grayfly/GREF/Wicked Panda,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1603,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Grayfly/GREF/Wicked Panda,China,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/sidewalk-backdoor-china-espionage-grayfly/169310/; https://cyware.com/news/chinese-group-grayfly-uses-sidewalk-backdoor-79b419a0; https://securityaffairs.co/wordpress/122069/apt/grayfly-apt-backdoor.html; https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware,2022-08-15,2023-09-22
1365,Mustang Panda vs. Indonesian government agencies,"At least ten Indonesian government ministries and agencies, as well as the intelligence service Badan Intelijen Negara (BIN), were attacked by the Chinese hacking group Mustang Panda, according to the Record. Indonesian authorities, however, denied that the BIN was the victim of an attack in response to the report.",2021-03-01,2021-08-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Indonesia,ASIA; SCS; SEA,State institutions / political system; State institutions / political system,Government / ministries; Intelligence agencies,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",,2,10940; 10941,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Contested attribution,,; Not available,,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon; Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://therecord.media/indonesian-intelligence-agency-compromised-in-suspected-chinese-hack/; https://apnews.com/article/technology-indonesia-hacking-d82af1aff0153a3d230b85bb0238f60e,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.newsweek.com/indonesia-has-no-evidence-china-hacked-intelligence-service-after-warning-us-company-1630798; https://www.thefineryreport.com/news/2021/9/15/chinese-hackers-allegedly-breach-system-of-indonesian-ministries; https://therecord.media/indonesian-intelligence-agency-compromised-in-suspected-chinese-hack/; https://apnews.com/article/technology-indonesia-hacking-d82af1aff0153a3d230b85bb0238f60e,2022-08-15,2023-09-25
1366,Bitcoin Scam,"On September 2, 2021, unknown actors hacked the website of the administration of the Russian city of Ryazan. In a first post, the hackers wrote on the website that users of an application would receive a certain amount of Bitcoins. In the second post, a Bitcoin lottery was advertised on the website.",2021-09-02,2021-09-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1606,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://coingape.com/bitcoin-scam-hackers-launch-ponzi-btc-scheme-through-russias-government-website/; https://m.rzn.info/news/2021/9/2/sajt-ryazanskoj-merii-vtoroj-raz-za-sutki-vzlomali-hakery-239195.html; https://bitcoinik.com/hackers-hijack-russian-government-website-prompts-ponzi-bitcoin-scheme/,2022-08-15,2022-11-02
1367,Virginia National Guard attack,"In July 2021, email accounts for the Virginia Defense Force and the Virginia Department of Military Affairs were affected by a cyberattack. A month later, some stolen emails were offered for sale on the Marketo marketplace.",2021-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Military,,Unknown,Unknown - not attributed,,1,1607,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/virginia-national-guard-cyberattack-marketo-data-leak/; https://www.itsecuritynews.info/virginia-defense-force-email-accounts-hit-by-a-cyber-attack/; https://whro.org/news/local-news/21447-for-sale-on-the-dark-web-61-gigabytes-from-the-virginia-defense-force; https://www.zdnet.com/article/virginia-national-guard-confirms-cyberattack-hit-virginia-defense-force-email-accounts/,2022-08-15,2022-11-02
1368,Operation EpikFail,"The hacker group Anonymous breached the database of the controversal web hosting provider Epik in February 2021 and published sensitive information of Epik customers. In September, the group also defaced parts of the Epik support portal in response to the provider's denial of an attack.",2021-02-28,2021-02-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Social groups,Political opposition / dissidents / expats,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1608,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://archive.ph/Czuu2; https://web.archive.org/web/20210915001823/https://www.epik.com/support/knowledgebase/update-they-claim-we-got-hacked-q-says-theyre-lying/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.dailydot.com/debug/anonymous-new-epik-leak/; https://www.bankinfosecurity.com/anonymous-leaks-epik-data-again-a-17655; https://therecord.media/anonymous-hacks-and-leaks-data-from-domain-registrar-epik/; https://archive.ph/Czuu2; https://web.archive.org/web/20210915001823/https://www.epik.com/support/knowledgebase/update-they-claim-we-got-hacked-q-says-theyre-lying/,2022-08-15,2023-10-11
1369,Operation Jane,"After Texas Senate Bill 8, which bans abortion after the sixth week of pregnancy, went into effect on Sept. 1, 2021, Operation Jane was launched by the hacktivist group Anonymous in protest. This involved defacing the Republican Party of Texas website for several hours.",2021-09-11,2021-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Political parties,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1609,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://web.archive.org/web/20210911101420/https://www.texasgop.org/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-texas-republican-party-website-abortion-law/; https://www.tpr.org/technology-entrepreneurship/2021-09-11/texas-gop-website-hacked-by-activists-protesting-abortion-law; https://www.newsweek.com/anonymous-hacks-texas-republican-party-website-after-state-enacts-anti-abortion-law-1628252; https://portswigger.net/daily-swig/texas-republican-party-website-defaced-in-anonymous-protest-against-abortion-law; https://web.archive.org/web/20210911101420/https://www.texasgop.org/; https://cyberscoop.com/hacktivist-target-operational-technology/; https://www.mandiant.com/resources/blog/hacktivists-targeting-ot-systems,2022-08-15,2023-12-27
1370,Cyber attack hits Jefferson Parish Courts,"Unknown hackers exploited the vulnerabilities after Hurricane Ida to take down Jefferson Parish's key courthouses website, where malware has been used.",2021-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Judiciary,,Unknown,Unknown - not attributed,,1,1610,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.secureworld.io/industry-news/louisiana-court-system-cyberattack; https://www.nola.com/news/courts/article_385d0e5e-14b5-11ec-849b-fb8b4964d837.html; https://www.securedata.com/blog/malware-attack-follows-hurricane-ida-landfall,2022-08-15,2022-11-02
1372,FocaLeaks vs. El Salvador Police,"The hacktivist group FocaLeaks claims to be responsible for the exfiltration and publication of personal data of more than 30,000 police officers of the Polícia Nacional Civil (PNC) in El Salvador. One of the reasons given for this is the arrest of Salvadoran Bitcoin Law critic Mario Gómez in early September.",2021-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,,El Salvador,CENTAM,State institutions / political system,Police,FocaLeaks,Europe (region); South America,Non-state-group,Hacktivist(s),1,1612; 1612,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,FocaLeaks; FocaLeaks,Europe (region); South America,Non-state-group; Non-state-group,https://www.databreaches.net/focaleaks-claims-to-have-hacked-el-salvador-police-gained-access-to-records-on-civilians-agents-and-criminal-investigations/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://ddosecrets.com/wiki/El_Salvador_Police_Database; https://www.coindesk.com/policy/2021/09/01/el-salvador-police-releases-bitcoin-law-critic-arrested-for-alleged-bank-fraud/; https://www.laprensagrafica.com/elsalvador/Hackeo-de-web-de-la-PNC-pone-en-peligro-datos-de-policias-20210909-0059.html; https://www.databreaches.net/el-salvador-pnc-confirms-investigation-of-focaleaks/; https://www.databreaches.net/focaleaks-claims-to-have-hacked-el-salvador-police-gained-access-to-records-on-civilians-agents-and-criminal-investigations/,2022-08-15,2022-11-02
1381,HDP vs. Hezbollah,"A hacking group called HDP hacked the Venezuelan intelligence database to obtain personal data of alleged Hezbollah operators living under the protection of President Nicolas Maduro and leaked information from it. According to the group, this campaign was carried out together with former intelligence officers.",2021-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,Venezuela,SOUTHAM,State institutions / political system,Intelligence agencies,Team HDP,Venezuela,Unknown - not attributed,,1,1621,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Team HDP,Venezuela,Unknown - not attributed,https://www.israelhayom.co.il/news/world-news/article/5293982,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.israelhayom.com/2021/10/26/hezbollah-operatives-given-refuge-in-venezuela-hackers-reveal/; https://www.israelhayom.co.il/news/world-news/article/5293982,2022-08-15,2023-12-21
1373,TAG-28 vs. Indian agencies,"The state-sponsored Chinese group TAG-28 used the Winnti malware to target the media conglomerate Bennett Coleman And Co Ltd (BCCL), the Unique Identification Authority of India (UIDAI) and the Madhya Pradesh Police and exfiltrated data. The IT company Recorded Future draws parallels to the border conflicts between India and Pakistan.",2021-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system; Media,Civil service / administration; Police; ,TAG-28,China,"Non-state actor, state-affiliation suggested",,1,1613,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TAG-28,China,"Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2021-0921.pdf,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://economictimes.indiatimes.com/news/india/report-suspected-chinese-hack-targets-indian-media-government/articleshow/86430553.cms; https://therecord.media/report-china-linked-hackers-take-aim-at-times-of-india-and-a-biometric-bonanza/; https://cybersecuritynews.com/china-linked-group-tag-28/; https://go.recordedfuture.com/hubfs/reports/cta-2021-0921.pdf,2022-08-15,2022-11-02
1374,ChamelGang,"The previously unknown APT ChamelGang targeted institutions, such as the government, aviation and energy sectors, of a total of ten countries in two attacks. The group disguised its malware and network infrastructure as legitimate domains, such as McAffee, Microsoft, or TrendMicro.",2021-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,Russia; United States; Japan; Turkey; Taiwan; Vietnam; India; Afghanistan; Lithuania; Nepal,EUROPE; EASTEU; CSTO; SCO - NATO; NORTHAM - ASIA; SCS; NEA - ASIA; NATO; MEA - ASIA; SCS - ASIA; SCS; SEA - ASIA; SASIA; SCO - ASIA; SASIA - EUROPE; NATO; EU(MS); NORTHEU - ASIA; SASIA,State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure,Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation - Government / ministries; Energy; Transportation,ChamelGang,Unknown,Unknown - not attributed,,1,1614,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,ChamelGang,Unknown,Unknown - not attributed,https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/122902/apt/chamelgang-apt-targets-russia.html; https://www.securityweek.com/chamelgang-hackers-target-energy-aviation-and-government-sectors; https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/; https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html,2022-08-15,2023-06-19
1375,DEV-0343,"Iran-linked threat actors attempted password spraying to compromise the Office 365 accounts of more than 250 targets, with fewer than 20 of these attacks being successful. Targets were primarily U.S. and Israeli defense technology companies, Persian Gulf ports of entry, and maritime transportation companies operating in the Middle East.",2021-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None - None,United States; Israel; EU (region); Middle East (region),NATO; NORTHAM - ASIA; MENA; MEA -  - ,Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure,Transportation; Defence industry - Transportation; Defence industry - Transportation; Defence industry - Transportation; Defence industry,Gray Sandstorm fka DEV-0343,"Iran, Islamic Republic of",State,,1,1615,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Gray Sandstorm fka DEV-0343,"Iran, Islamic Republic of",State,https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/microsoft-iran-linked-hackers-breached-office-365-customer-accounts/; https://www.bleepingcomputer.com/news/security/microsoft-iran-linked-hackers-target-us-defense-tech-companies/; https://cybernews.com/news/microsoft-iran-linked-hackers-have-targeted-us-and-israeli-defense-companies/; https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/; https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-defense-orgs-in-password-spray-attacks/; https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/,2022-08-15,2024-03-14
1376,MysterySnail,"Kaspersky discovered a zero-day exploit as well as a malware called MysterySnail that was used for an espionage campaign against IT companies, military/defense contractors and diplomatic entities. The attack was attributed by the IT company to the Chinese APT IronHusky, which has been active since 2012.",2021-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,State institutions / political system; State institutions / political system; Critical infrastructure,; Military; Defence industry,IronHusky,China,Unknown - not attributed,,1,1616,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,IronHusky,China,Unknown - not attributed,https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/123285/hacking/ironhusky-zero-day.html; https://www.bleepingcomputer.com/news/security/chinese-hackers-use-windows-zero-day-to-attack-defense-it-firms/; https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/,2022-08-15,2022-11-02
1377,RENAPER breach,"An unknown hacker breached Argentina's ID database RENAPER and published ID card photos and personal data of 44 Argentinian celebrities, such as President Alberto Fernández and soccer players like Lionel Messi and Sergio Aguero. The hacker claims to have the data of all 45 million residents of Argentina.",2021-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,Argentina,SOUTHAM,State institutions / political system,Government / ministries,,Unknown,Individual hacker(s),,1,1617,NaT,Not available,Media-based attribution,,,,,Unknown,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/; https://www.argentina.gob.ar/noticias/el-renaper-detecto-el-uso-indebido-de-una-clave-otorgada-un-organismo-publico-y-formalizo; https://www.hackread.com/hacker-steals-govt-database-entire-argentine-population/; https://tn.com.ar/tecno/novedades/2024/04/03/publicaron-mas-de-115-mil-fotos-de-ciudadanos-argentinos-robadas-del-renaper-cuales-son-los-riesgos/; https://tn.com.ar/tecno/novedades/2024/04/03/publicaron-mas-de-115-mil-fotos-de-ciudadanos-argentinos-robadas-del-renaper-cuales-son-los-riesgos/; https://www.tiempoar.com.ar/ta_article/tras-un-hackeo-masivo-venden-en-telegram-las-licencias-de-conducir-de-6-millones-de-personas-incluidos-milei-y-sus-ministros/; https://www.infobae.com/politica/2024/04/30/un-bot-de-telegram-exhibe-datos-de-millones-de-personas-por-el-hackeo-a-las-licencias-de-conducir/,2022-08-15,2024-05-02
1378,Harvester,"A previously unknown hacking group, which Symantec calls Harvester, is conducting espionage campaigns against sectors such as telecommunications, government and information technology, using new tools such as a custom backdoor in conjunction with other downloaders and screenshot tools. Based on the tools used, the custom development and the targets, Symantec assumes a state-sponsored threat actor.",2021-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,South Asia (region); Afghanistan, - ASIA; SASIA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Telecommunications;  - Government / ministries; Telecommunications; ,Harvester,Unknown,"Non-state actor, state-affiliation suggested",,1,1618,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Harvester,Unknown,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/123559/apt/harvester-targets-telcos.html; https://www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia,2022-08-15,2023-09-22
1379,RootAyyildiz,"Former U.S. President Donald Trump's website was defaced by a pro-Turkish hacktivist named RootAyyildiz on October 18, 2021. There was already a defacement on Trump's website on October 9.",2021-10-09,2021-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,End user(s) / specially protected groups,,RootAyyildiz,Turkey,Non-state-group,Hacktivist(s),1,1619,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RootAyyildiz,Turkey,Non-state-group,https://web.archive.org/web/20211009080849/https://action.donaldjtrump.com/; https://web.archive.org/web/20211018012151/http://action.donaldjtrump.com/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.vice.com/amp/en/article/4avkkn/hacker-turkey-hacks-defaces-donald-trump-website; https://www.forbes.com/sites/joewalsh/2021/10/18/hacker-appears-to-deface-part-of-trumps-website/?sh=5248010a6fb2; https://web.archive.org/web/20211009080849/https://action.donaldjtrump.com/; https://web.archive.org/web/20211018012151/http://action.donaldjtrump.com/,2022-08-15,2022-11-02
1380,AR Bunse,A single threat actor used the Pakistani front company Bunse Technologies to send malware to targets in Afghanistan and India using RTF documents with political and governmental themes. They also exploited the CVE-2017-11882 vulnerability and targeted mobile devices.,2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,None - None,India; Afghanistan,ASIA; SASIA; SCO - ASIA; SASIA,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries;  - Government / ministries; ,A.R. Bunse,Pakistan,Individual hacker(s),,1,1620,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,A.R. Bunse,Pakistan,Individual hacker(s),https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/; https://threatpost.com/apt-commodity-rats-microsoft-bug/175601/; https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html,2022-08-15,2022-11-02
1404,Chinese Espionage Campaign: Laos,Chinese state-sponsred hacking groups compromised the networks of the telecom companies and the government of Laos. The chinese government conducted this cyber-operation in the context of the Belt-and-Road Initiative with which the government of Laos is strongly aligned to.,2021-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Laos,ASIA; SEA,State institutions / political system; Critical infrastructure,Government / ministries; Telecommunications,TAG-33,China,"Non-state actor, state-affiliation suggested",,1,1644,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TAG-33,China,"Non-state actor, state-affiliation suggested",https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://worldview.stratfor.com/article/chinas-cyberespionage-will-remain-robust-and-expansive-southeast-asia; https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf,2022-08-15,2022-11-02
1406,Log4j Belgian Defence Ministry,"The Belgian Defense Ministry was hit by a cyber attack which blocked the ministry's activities, it seems that the attackers used the Log4j vulnerability, which was discovered earlier in December of 2021.",2021-12-16,2021-12-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,3207,NaT,Not available,Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.darkreading.com/application-security/building-a-better-sbom; https://www.darkreading.com/vulnerabilities-threats/sossa-and-cra-spell-trouble-for-open-source-software; https://cyberscoop.com/top-routinely-exploited-vulnerabilities/; https://www.standaard.be/cnt/dmf20211220_92316559; https://www.politico.eu/article/belgium-defense-ministry-hit-with-cyberattack/; https://securityaffairs.co/wordpress/125813/cyber-warfare-2/belgian-defense-ministry-hit-cyberattack.html; https://www.darkreading.com/application-security/does-security-have-to-get-worse-before-it-gets-better; https://socradar.io/4-lessons-learned-from-log4shell/,2022-08-15,2022-11-14
1361,French government visa website cyberattack,"On August 10, the french government visa website was hit by a cyberattack in which visa applicants' personal information was stolen. Sensitive data, such as financial-related data, was not exposed, according to the French Ministry of the Interior.",2021-08-10,2021-08-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1600,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.schengenvisainfo.com/news/frances-visa-application-website-experienced-cyber-attack-personal-data-of-applicants-got-exposed/; https://www.interieur.gouv.fr/actualites/communiques/module-de-plate-forme-france-visas-a-ete-lobjet-dune-attaque-informatique; https://portswigger.net/daily-swig/french-government-visa-website-hit-by-cyber-attack-that-exposed-applicants-personal-data,2022-08-15,2022-11-02
1407,UK Ministry of Defence training academy,"A retired military officer has disclosed a cyberattack that struck the UK Ministry of Defence (MoD) academy and had a ""significant"" impact on the organization.",2021-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Military,,Unknown,State,,1,1647,2021-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,,Unknown,State,https://www.thesun.co.uk/news/14412578/mod-defence-academy-cyber-attack-foreign-power/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.sky.com/story/cyber-attack-on-uks-defence-academy-had-significant-impact-officer-in-charge-at-the-time-reveals-12507570; https://www.thesun.co.uk/news/14412578/mod-defence-academy-cyber-attack-foreign-power/,2022-08-15,2022-11-02
1436,"Anonymous targets Western Companies (Decathlon, Auchan, Leroy Merlin) with DDoS attacks in late March 2022","Anonymous declared Western companies as targets for cyber attacks on March 21st and 24th because specific companies remain in operation in Russia after the start of the Russian invasion of Ukraine on February 24th, 2022.  By March 31st, Anonymous was claiming credit for multiple DDOS cyber attacks on European firms Decathlon, Leroy Merlin, and Auchan, along with disputed attacks against Nestlé. Security Discovery, a cybersecurity firm, affirmed that the database of Leroy Merlin was hacked and attributed the attack to Anonymous because they had left messages and references within the data. However, the attacks against Nestlé, which pertained to 10 GB of stolen data and 50K (or 10GB) of leaked data, were disputed by the company and Gizmodo attributed the data leak to failures made by the company.",2022-03-21,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,Nestlé - Auchan - Decathlon - Leroy Merlin,Switzerland; France; France; France,EUROPE; WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  - ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8120,2022-03-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Unknown,Anonymous,Unknown,Non-state-group,https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html; https://twitter.com/YourAnonTV/status/1506272971824025604?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506310451977764873%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129447%2Fhacking%2Fanonymous-companies-active-russia.html; https://twitter.com/LatestAnonPress/status/1506296105088262146?s=20&t=zcQLq85tbfNQBsjG67LB9g; https://twitter.com/YourAnonTV/status/1506776596157370369; https://twitter.com/twitter/status/1509943048595197952,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,International organizations,,,,https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html; https://twitter.com/YourAnonTV/status/1506272971824025604?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506310451977764873%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129447%2Fhacking%2Fanonymous-companies-active-russia.html; https://twitter.com/LatestAnonPress/status/1506296105088262146?s=20&t=zcQLq85tbfNQBsjG67LB9g; https://twitter.com/YourAnonTV/status/1506776596157370369; https://twitter.com/twitter/status/1509943048595197952; https://www.cnbc.com/2022/04/01/which-companies-are-being-targeted-by-anonymous-see-their-responses.html; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-03-03
1437,Anonymous targets the Central Bank of Russia in March 2022 with Hack-and-Leak-Operation,"The Anonymous hacker collective (Black Rabbit World and RootkitHuN7er/@rootkit_sec) claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents and threatens to leak files through the #OpRussia operation. The Intercept reported on April 22, 2022 that 22.5GB of data was leaked and published via DDoSecrets. The reporting by The Intercept also attributes this attack to The Black Rabbit World which has a presence on Twitter. Tweets found online attribute hacking activity to RootkitHuN7er/@rootkit_sec and states that the group supports Ukraine.",2022-03-24,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Central Bank (Russia),Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",Anonymous; Black Rabbit,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,8121; 8121,2022-03-24 00:00:00; 2022-03-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,Anonymous; Anonymous,Not available; Not available,Not available; Not available,Anonymous; Black Rabbit,Unknown; Unknown,Non-state-group; Non-state-group,https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html; https://securityaffairs.co/wordpress/129490/hacking/central-bank-of-russia-data-leak-anonymous.html; https://twitter.com/LatestAnonPress/status/1506779235565944841?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506779235565944841%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129490%2Fhacking%2Fcentral-bank-of-russia-data-leak-anonymous.html; https://twitter.com/youranontv/status/1506769001040551937?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ; https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://twitter.com/cyber_etc/status/1533399029211619328?s=20&t=MgEq_efbLJJYbTt1Y6SKFA,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html; https://securityaffairs.co/wordpress/129490/hacking/central-bank-of-russia-data-leak-anonymous.html; https://twitter.com/LatestAnonPress/status/1506779235565944841?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506779235565944841%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129490%2Fhacking%2Fcentral-bank-of-russia-data-leak-anonymous.html; https://twitter.com/youranontv/status/1506769001040551937?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ; https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html; https://twitter.com/cyber_etc/status/1533399029211619328?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNews/status/1507733860515254279?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-03-03
1438,The hacktivist collective Anonymous targeted the Russian companies MashOil and FID Group with hack-and-leak operation in March 2022,"The online hacktivist group Anonymous has claimed responsibility for targeting two Russian companies stealing a trove of their data and leaking it online for the public to download. The Intercept reports that 110GB of data was leaked from Mashoil, a Moscow based company that designs, manufactures and maintains equipment that is used in the drilling, mining, and fracking industries. The other affected company is FID Group, a group of Belarusian and Russian enterprises. It specializes in manufacturing equipment for the oil and gas industry in both countries. ",2022-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,None - None,Belarus; Russia,EUROPE; EASTEU; CSTO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Energy;  - Energy; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,7943,2022-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous,Unknown,Non-state-group,https://www.hackread.com/anonymous-hack-russian-industrial-firms-data-leak/; https://twitter.com/cyber_etc/status/1508384556793090049?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ; https://twitter.com/pucksreturn/status/1508518212471857153?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ; https://t.co/XVbynI7xmC; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,,,,,No response justified (missing state attribution & breach of international law),,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://www.hackread.com/anonymous-hack-russian-industrial-firms-data-leak/; https://twitter.com/cyber_etc/status/1508384556793090049?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ; https://twitter.com/pucksreturn/status/1508518212471857153?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ; https://t.co/XVbynI7xmC; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-03-02
1439,China hacks Ukraine in Run-Up To Invasion - 2022,"China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion, according to intelligence memos obtained by The Times. This started before the end of the Winter Olympics and peaked on February 23, a day before Russia invaded, according to a source from the Ukrainian Security Service. Later, other media referred to the statements of Western officials, who claimed that the Chinese government had also attacked Russia, Belarus and Poland in order to blame the respective opponents in a False-Flag-operation. Chinese officials blamed this attack on western countries, namely the US, Germany, and the Netherlands.",2022-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption,Not available - Not available - Not available,Ukraine; Russia; Belarus,EUROPE; EASTEU - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Military; Energy;  - Military; Energy;  - Military; Energy; ,,China,State,,2,3503; 3502,2022-04-01 00:00:00; 2022-03-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Contested attribution,United Kingdom’s National Cyber Security Centre (NCSC); National Computer Network Emergency Response Technical Team/Coordination Center of China,Not available; Not available,United Kingdom; China,; Not available,China; United States,State; State,https://www.databreaches.net/china-accused-of-hacking-ukraine-days-before-russian-invasion/; https://www.thetimes.co.uk/article/china-cyberattack-ukraine-z9gfkbmgf; https://www.bbc.com/news/technology-60983346; https://www.oodaloop.com/technology/2022/04/04/china-accused-of-cyber-attacks-on-ukraine-before-russian-invasion/,International power,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration; Network Denial of Service,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,"Widespread effects, e.g., affecting different regions of country or a country as a whole (incident scores 2 points in intensity)",Not available,4,Moderate - high political importance,6.0,Low,6.0,Not available,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,501-10000,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,State actors; Prohibition of intervention; ,Not available,0,,Not available,,Not available,Not available,Cyber espionage; Sovereignty,State actors; ,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.databreaches.net/china-accused-of-hacking-ukraine-days-before-russian-invasion/; https://www.thetimes.co.uk/article/china-cyberattack-ukraine-z9gfkbmgf; https://www.bbc.com/news/technology-60983346; https://www.oodaloop.com/technology/2022/04/04/china-accused-of-cyber-attacks-on-ukraine-before-russian-invasion/; https://www.theguardian.com/technology/2022/apr/01/china-accused-of-launching-cyber-attacks-on-ukraine-before-russian-invasion; https://news.cgtn.com/news/2022-03-11/U-S-hackers-found-to-attack-Russia-through-computers-in-China-18jBJi5QW7S/index.html,2022-08-15,2023-11-01
1440,Anonymous targeted Russian Orthodox Church with hack-and-leak operation in March / April 2022,"Anonymous #OpRussia claims to have hacked the Russian Orthodox Church ‘s charitable wing and leaked 15 GB of alleged stolen data. The data was leaked to DDoSecrets on April 1, 2022 and contained emails for the charity wing of the church.",2022-03-01,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Russian Orthodox Church,Russia,EUROPE; EASTEU; CSTO; SCO,Social groups,Religious,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8122,2022-04-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Unknown,Non-state-group,https://securityaffairs.co/wordpress/129760/hacktivism/anonymous-hacked-russian-orthodox-church.html; https://twitter.com/YourAnonTV/status/1510003195266879488?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1510003195266879488%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129760%2Fhacktivism%2Fanonymous-hacked-russian-orthodox-church.html; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://securityaffairs.co/wordpress/129760/hacktivism/anonymous-hacked-russian-orthodox-church.html; https://twitter.com/YourAnonTV/status/1510003195266879488?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1510003195266879488%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129760%2Fhacktivism%2Fanonymous-hacked-russian-orthodox-church.html; https://twitter.com/YourAnonTV/status/1510003195266879488; https://twitter.com/cyber_etc/status/1510175920866443272; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-03-03
1441,Anonymous targets Russian military personnel stationed in Bucha after massacre in April 2022 Military Unit Bucha Massacre,"As part of #OpRussia, Anonymous claimed in Spring 2022 to leak personal details of the Russian military stationed in Bucha, where the Russian military carried out a massacre of civilians during its occupation, prior to 31 March 2022. The information first appeared in Ukrainian news outlet, Pravda, on March 1st, and the leak was declared reliable by the Centre for Defence Strategies, a Ukrainian security thinktank. The specific Russian military unit whose data was leaked was the 64th Motor Rifle Brigade, stationed in Bucha during the occupation.",2022-03-01,2022-04-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,64th Motor Rifle Brigade,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Military,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8123,2022-04-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Unknown,Non-state-group,https://twitter.com/Anonymous_Link/status/1511024536115982352?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1511024536115982352%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129844%2Fhacktivism%2Fanonymous-targets-russian-military-state-television.html; https://www.newsweek.com/anonymous-leaks-personal-data-120k-russian-soldiers-fighting-ukraine-1694555; https://www.dailymail.co.uk/news/article-10684925/Hackers-Anonymous-release-personal-data-120-000-Russian-soldiers-fighting-Ukraine.html?ns_mchannel=rss&ns_campaign=1490&ito=1490,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://securityaffairs.co/wordpress/129844/hacktivism/anonymous-targets-russian-military-state-television.html; https://twitter.com/Anonymous_Link/status/1511024536115982352?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1511024536115982352%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129844%2Fhacktivism%2Fanonymous-targets-russian-military-state-television.html; https://twitter.com/twitter/status/1511024536115982336; https://www.newsweek.com/anonymous-leaks-personal-data-120k-russian-soldiers-fighting-ukraine-1694555; https://www.dailymail.co.uk/news/article-10684925/Hackers-Anonymous-release-personal-data-120-000-Russian-soldiers-fighting-Ukraine.html?ns_mchannel=rss&ns_campaign=1490&ito=1490; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-03-03
1443,Anonymous targets Russian companies with hack-and-leak operation in April 2022,"Anonymous targets Russian companies with hack-and-leak operation in April 2022. Among the targeted companies have been Tendertech (specializing in processing financial and banking documents on behalf of businesses and entrepreneurs), GUOV i GS – General Dept. of Troops and Civil Construction (construction company that works on projects in the interests of the Russian Ministry of Defense), Synesis Surveillance System and Neocom Geoservice (engineering firm specializing in exploring oil and gas fields and providing drilling support). Data from those firms have been leaked via DDoSecrets on April 19, 2022. ",2022-04-01,2022-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,None - Synesis Surveillance System - Tendertech - GUOV i GS – General Dept. of Troops and Civil Construction,Russia; Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure, -  -  - Defence industry,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8124,2022-04-19 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Unknown,Non-state-group,https://twitter.com/YourAnonTV/status/1512162531430866948?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1512162531430866948%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129991%2Fhacktivism%2Fanonymous-it-army-of-ukraine-vs-russia.html; https://twitter.com/YourAnonTV/status/1517558587559759872,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,,0.0,euro,None/Negligent,,,Not available,0,,Not available,,Not available,Not available,Not available,,,,https://cybernews.com/cyber-war/three-russian-firms-have-over-400-gb-worth-of-emails-leaked/; https://twitter.com/YourAnonTV/status/1512162531430866948?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1512162531430866948%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129991%2Fhacktivism%2Fanonymous-it-army-of-ukraine-vs-russia.html; https://twitter.com/securityaffairs/status/1517786282491064320; https://twitter.com/YourAnonTV/status/1517558587559759872; https://twitter.com/twitter/status/1517526699956707328; https://twitter.com/twitter/status/1511070375945375744; https://www.thetechoutlook.com/news/technology/anonymous-hacks-korolevskiy-a-russian-military-manufacturer/; https://twitter.com/twitter/status/1515887953616252928; https://twitter.com/twitter/status/1516120610337873920; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://theintercept.com/2022/12/30/russia-china-news-media-agreement/,2022-08-15,2023-03-03
1444,DDoS Attack on Finnish government during speech of Zelenskyy,"On April 8, a denial-of-service attack took down the websites of the Finnish ministries of Defense and Foreign Affairs. The attack started at about noon, while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs).",2022-04-08,2022-04-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Finland,EUROPE; EU(MS); NORTHEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,3142,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,https://um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/ulkoministerioon-kohdistunut-palvelunestohyokkays; https://securityaffairs.co/wordpress/130032/hacking/ddos-took-down-finnish-govt-sites.html; https://www.cyberscoop.com/finland-denial-of-service-zelenskyy/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/ulkoministerioon-kohdistunut-palvelunestohyokkays; https://securityaffairs.co/wordpress/130032/hacking/ddos-took-down-finnish-govt-sites.html; https://www.cyberscoop.com/finland-denial-of-service-zelenskyy/,2022-08-15,2022-11-17
1445,Anonymous targeted Russias Ministry of Culture and municipal entities with hack-and-leak operation in April 2022,"In April 2022, Anonymous claimed to hack and leak data from municipal entities in Blagoveshchensk and Tver Oblast, along with the Russia's Ministry of Culture (Министерство культуры Российской Федерации), resulting in hundreds of gigabytes of data being made public. The Intercept reported that 446GB of data (30,000 emails) from the Ministry of Culture of the Russian Federation was leaked to DDoSecrets; 150 gigabytes of emails (230,000 emails) from the city administration of Blagoveshchensk; 116 gigabytes of emails (130,000 emails) from the governor’s office of Tver Oblast",2022-04-01,2022-04-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,Ministry of Culture (Russia) - Not available,Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,State institutions / political system - State institutions / political system,Government / ministries - Civil service / administration,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8138,2022-04-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Unknown,Non-state-group,https://cybernews.com/cyber-war/anonymous-leaked-700-gb-of-russian-government-data/; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://twitter.com/YourAnonOne/status/1496965766435926039; https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html; https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,Not available,,,,Sovereignty,,Not available,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://cybernews.com/cyber-war/anonymous-leaked-700-gb-of-russian-government-data/; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html; https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/,2022-08-15,2023-03-03
1446,"Anonymous targets Russian oil companies Gazprom Linde, Gazregion, and Technotec in April 2022 with hack-and-leak campaign","Anonymous continued with its cyber-operations against entities from Russia in support of Ukraine under the moniker #OpRussia. This time they attacked companies working in the Russian energy sector, Gazprom Linde, Gazregion, and Technotec. According to The Intercept, data stolen in the cyber attack was released via DDoSecrets: 440 GB from Technotec emails; 728 GB from Gazprom Linde emails; and 222 GB of data from Gazregion. The Intercept further attributes attacks to Gazregion to three different hacking groups: NB65, @DepaixPorteur, and an anonymous hacker. The data from these three groups was submitted to DDoSecrets at about the same time and contained overlapping content to “provide as complete a picture as possible, and to provide an opportunity for comparison and cross-checking.”",2022-04-01,2022-04-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Technotec - Gazprom Linde Engineering - Gazregion,Russia; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure,Energy - Energy - Energy,Anonymous; NB65; @DepaixPorteur,Unknown; Not available; Not available,Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s),1,14376; 14376; 14376; 14376; 14376; 14376,2022-04-30 00:00:00; 2022-04-30 00:00:00; 2022-04-30 00:00:00; 2022-04-30 00:00:00; 2022-04-30 00:00:00; 2022-04-30 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous,Not available; Not available; Not available; Not available; Not available; Not available,Unknown; Unknown; Unknown; Unknown; Unknown; Unknown,Anonymous; Anonymous; NB65; NB65; @DepaixPorteur; @DepaixPorteur,Unknown; Not available; Unknown; Not available; Unknown; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://securityaffairs.co/wordpress/130262/hacktivism/anonymous-targets-russian-entities.html; https://twitter.com/YourAnonTV/status/1514501756243353601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1514502022371975169%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130262%2Fhacktivism%2Fanonymous-targets-russian-entities.html; https://twitter.com/retr0h4x0r/status/1520167029210238976; https://twitter.com/twitter/status/1516086586798186496; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://securityaffairs.co/wordpress/130262/hacktivism/anonymous-targets-russian-entities.html; https://twitter.com/YourAnonTV/status/1514501756243353601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1514502022371975169%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130262%2Fhacktivism%2Fanonymous-targets-russian-entities.html; https://twitter.com/retr0h4x0r/status/1520167029210238976; https://www.thetechoutlook.com/news/anonymous-collective-has-hacked-and-leaked-data-from-the-website-of-the-federal-state-unitary-enterprise/; https://twitter.com/twitter/status/1516086586798186496; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/ThraxmanOneFist/status/1548863020012642309,2022-08-15,2023-11-20
1447,Defacement Campaign against Israeli Outlets Jerusalem Post  and Maariv,The website of the Jerusalem Post and the Twitter account of Maariv were defaced on the second anniversary of the killing of Iranian general Qassem Soleimani on 3rd of January 2020.,2022-01-03,2022-01-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Media,,,Unknown,Unknown - not attributed,,1,1688,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,Not available,,Not available,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://www.securityweek.com/israeli-media-outlets-hacked-soleimani-killing-anniversary,%20https://www.firstpost.com/world/two-israeli-media-outlets-hacked-on-anniversary-of-irianian-general-qasem-soleimanis-killing-10255131.html",2022-08-15,2022-11-02
1448,Belarus-linked pro-Russian APT UNC1151/Ghostwriter targeted Ukrainian state websites in January 2022 with DDoS & defacement attacks,"The websites of the Ukrainian Ministry of Foreign Affairs, Ministry of Education and Science, Ministry of Defense, the State Emergency Service, and the Cabinet of Ministers got defaced and targeted with DDoS by the Belarus-linked, pro-Russian APT UNC1151/Ghostwriter on January 13 and 14, 2022, according to Ukrainian state officials. The attackers posted political messages on it, warning the Ukrainian population that they ""should expect the worst"". ",2022-01-13,2022-01-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption,State Emergency Service (Ukraine) - Ministry of Foreign Affairs (Ukraine) - Ministry of Education and Science (Ukraine) - Cabinet of Ministers (Ukraine) - Ministry of Defence (Ukraine),Ukraine; Ukraine; Ukraine; Ukraine; Ukraine,EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU - EUROPE; EASTEU,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries,UNC1151/Storm-0257 fka DEV-0257/Ghostwriter,Russia,"Non-state actor, state-affiliation suggested",,1,9740,2022-01-16 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Unknown,Not available,Ukraine,UNC1151/Storm-0257 fka DEV-0257/Ghostwriter,Russia,"Non-state actor, state-affiliation suggested",https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-01-14 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.security.ntt/blog/threat-analysis-of-the-russia-ukraine-conflict; https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/; https://blogs.microsoft.com/on-the-issues/2023/06/14/russian-cyberattacks-ukraine-cadet-blizzard/; https://www.govinfosecurity.com/microsoft-links-2022-whispergate-kyiv-attacks-to-russia-a-22298; https://twitter.com/KimZetter/status/1481890639029551106; https://twitter.com/OlegNikolenko_/status/1481880668195983362; https://cert.gov.ua/article/17899; https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/; https://www.cyberscoop.com/ukraine-website-hack-russia-tensions/,2022-08-15,2023-08-04
1449,Russian APT Cadet Blizzard targeted Ukraine with WhisperGate wiper attack on 14 January 2022,"Microsoft detected a destructive attack on government, non-profit organizations and IT entities in Ukraine, the so-called WhisperGate wiper malware. On the same day, Ukrainian government websites got defaced. The actual caused damage to the targeted systems was not clear. Even if WhisperGate should look like ransomware, it lacks a ransom recovery mode and destroys the master boot record (MBR) instead of encrypting it. The US and the EU issued political statements addressing the WhisperGate campaign (amongst other Russian cyber operations in the wake of the Ukraine war). 
On 14 June 2023 Microsoft attributed the incidents to Cadet Blizzard, a highly effective Russian state-sponsored group linked to the GRU. Microsoft states that the group has been active since at least 2020, and is focused attacking government services, law enforcement, non-profit/non-governmental organizations, IT service providers/consulting, and emergency services in Ukraine.",2022-01-14,2022-02-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim; Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,Not available,Ukraine,EUROPE; EASTEU,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,UAC-0056/Cadet Blizzard fka DEV-0586/UNC2589,Russia,"Non-state actor, state-affiliation suggested",,4,13944; 13945; 13947; 13946,2022-06-14 00:00:00; 2022-01-15 00:00:00; 2022-01-15 00:00:00; 2022-05-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Political statement / report (e.g., on government / state agency websites)",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by third-party,"Microsoft; Microsoft; Serhiy Demedyuk (deputy secretary of the national security and defence council, UKR); Antony J. Blinken (Secretary of State, USA)",Microsoft; Not available; Not available; Not available,United States; United States; Ukraine; United States,UAC-0056/Cadet Blizzard fka DEV-0586/UNC2589; Not available; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; Not available,Russia; Not available; Russia; Russia,"Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested; State",https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,4,2022-02-26 00:00:00; 2022-05-10 00:00:00; 2022-01-14 00:00:00; 2022-01-14 00:00:00,State Actors: Preventive measures; State Actors: Stabilizing measures; State Actors: Preventive measures; EU: Stabilizing measures,Awareness raising; Statement by minister of foreign affairs (or spokesperson); Awareness raising; Statements by HR on behalf of the Council,United States; United States; Ukraine; EU (region),"Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Antony J. Blinken (Secretary of State, USA); CERT-UA",No,,Not available,Data Destruction,Not available,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,None/Negligent,Not available,,Low,0,,Not available,,Not available,Not available,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,https://securityaffairs.com/141968/apt/graphiron-infostealer-targets-ukraine.html; https://twitter.com/JulienNocetti/status/1623597922154692610; https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hackers-backdoored-govt-websites-in-2021/; https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://twitter.com/Cyber_O51NT/status/1629280661474508801; https://twitter.com/780thC/status/1629087842516320256; https://blogs.microsoft.com/on-the-issues/2023/03/15/russia-ukraine-cyberwarfare-threat-intelligence-center/; https://www.rferl.org/a/russian-hackers-ukraine-cyberattacks-microsoft/32319995.html; https://www.jpost.com/international/article-734447; https://cyberscoop.com/russian-hackers-ukraine-cyberattacks/; https://www.darkreading.com/microsoft/microsoft-digital-defense-report-key-cybercrime-trends; https://twitter.com/securityaffairs/status/1654074007052861440; https://www.bleepingcomputer.com/news/security/microsoft-links-data-wiping-attacks-to-new-russian-gru-hacking-group/; https://www.govinfosecurity.com/microsoft-links-2022-whispergate-kyiv-attacks-to-russia-a-22298; https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/; https://blogs.microsoft.com/on-the-issues/2023/06/14/russian-cyberattacks-ukraine-cadet-blizzard/; https://securityaffairs.com/147470/apt/cadet-blizzard-apt-gru.html; https://www.darkreading.com/threat-intelligence/russian-apt-cadet-blizzard-ukraine-wiper-attacks; https://thehackernews.com/2023/06/microsoft-warns-of-new-russian-state.html; https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/; https://securityaffairs.com/152617/apt/sandworm-ukraine-telecommunication-service.html; https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/; https://securityaffairs.co/wordpress/126782/apt/destructive-malware-campaign-targets-ukraine.html; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd; https://www.securityweek.com/cyber-warfare-rife-ukraine-impact-stays-shadows; https://zetter.substack.com/p/dozens-of-computers-in-ukraine-wiped?utm_source=url; https://www.cisa.gov/uscert/ncas/alerts/aa22-057a; https://www.cyber.gov.au/acsc/view-all-content/advisories/2022-02-australian-organisations-should-urgently-adopt-enhanced-cyber-security-posture; https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/; https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/; https://blog.talosintelligence.com/ukraine-campaign-delivers-defacement/; https://www.nato.int/cps/en/natohq/news_190850.htm; https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/; https://www.politico.eu/article/ukraine-cyberattack-european-union-fight-support-russia/; https://cert.gov.ua/article/18101; https://therecord.media/ukrainian-government-calls-out-false-flag-operation-in-recent-data-wiping-attack/; https://www.wired.com/story/worst-hacks-2022/; https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://www.wired.com/story/google-chrome-youtube-ad-blocker-crackdown/; https://securityaffairs.com/156958/cyber-warfare-2/sandworm-inside-kyivstar-for-months.html,2022-08-15,2023-12-08
1450,Palestinian Preventive Security Service (PSS) espionage,"Palestinian Preventive Security Service (PSS) attacked people opposing the Fatah-led government, journalists, human rights activists, and military groups including the Syrian opposition and Iraqi military.",,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,None - None - None - None - None - None,Palestine; Syria; Iraq; Turkey; Lebanon; Libya,ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; NATO; MEA - ASIA; MENA; MEA - AFRICA; MENA; MEA; NAF,State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media,Military; Political opposition / dissidents / expats;  - Military; Political opposition / dissidents / expats;  - Military; Political opposition / dissidents / expats;  - Military; Political opposition / dissidents / expats;  - Military; Political opposition / dissidents / expats;  - Military; Political opposition / dissidents / expats; ,Preventive Security Service (PSS),Palestine,State,,1,3140,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Preventive Security Service (PSS),Palestine,State,https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/,System / ideology; National power; Subnational predominance; International power,Subnational predominance,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/,2022-08-15,2024-02-23
1451,Unknown hackers gained access to and stole data from Japanese company Fujitsu ProjectWEB platform in 2021,"The Japanese tech company Fujitsu temporarily suspended its ProjectWEB enterprise software-as-a-service (SaaS) platform, due to a data breach caused by unknown hackers. The company detected the compromise on May 24, 2021, according to its statement three days later. The stolen files reportedly included more than 76,000 email addresses of employees and contractors belonging to multiple Japanese government/public entities, such as the Ministry of Land, Infrastructure, Transport, and Tourism; the Ministry of Foreign Affairs; the Cabinet Secretariat; and the Narita Airport. The Cabinet Cyber Security Center (NISC) started an investigation. ",2021-01-01,2021-05-24,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Not available - Fujitsu,Japan; Japan,ASIA; SCS; NEA - ASIA; SCS; NEA,State institutions / political system; Critical infrastructure - Critical infrastructure,Government / ministries; Transportation - Digital Provider,Not available,Not available,Not available,,1,17438,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.documentcloud.org/documents/20791612-japanese-cabinet-cyber-security-center-warning-about-projectweb-leaks-part-1; https://threatpost.com/fujitsu-saas-hack-japan-scrambling/166517/; https://therecord.media/fujitsu-suspends-projectweb-platform-after-japanese-government-hacks/; https://pr.fujitsu.com/jp/news/2021/05/25.html; https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/,2022-08-15,2024-02-23
1452,Indonesian Ministry of Health targeted with hack-and-leak operation at the beginning of January 2022,"Reports have emerged about an alleged massive data leak of Indonesian hospital patients’ medical information being sold in an illegal internet forum at the beginning of January 2022. Hackers claimed to have breached the Indonesian Health Ministry centralized server to obtain the data, having obtained 720 GB of personal medical information from a number of hospitals.
The Health Ministry Chief Digital Transformation Officer Setiyaji announced on January 6 an investigation into the matter.",2022-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,Indonesian Ministry of Health,Indonesia,ASIA; SCS; SEA,State institutions / political system,,Not available,Not available,Not available,,1,17437,NaT,Not available,Not available,Not available,Not available,Not available,Not available,Not available,Not available,,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.asia-pacific-solidarity.net/news/2022-01-07/health-ministry-responds-massive-data-leak-of-medical-records.html,2022-08-15,2024-02-23
1454,France`s Ministry of Justice targeted by LockBit 2.0 in February 2022,"Cybercriminals claimed to have breached systems belonging to France’s Ministry of Justice, threatening to make public the files stolen from the government organization on February 10, 2022. The actors were using the LockBit 2.0 ransomware. According to the ministry, an investigation has been launched as a response.
Cybersecurity researcher Anis Haboubi believed the attackers might have exploited CVE-2021-22986, an unauthenticated remote command execution vulnerability that F5 patched in March 2021.",2022-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,French Ministry of Justice,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,LockBit,Unknown,Non-state-group,Criminal(s),1,17436,2022-02-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,LockBit,Not available,Not available,LockBit,Unknown,Non-state-group,https://www.securityweek.com/french-ministry-justice-targeted-ransomware-attack; https://www.lemagit.fr/actualites/252512561/LockBit-20-menace-de-divulguer-des-donnees-de-la-Justice-francaise?mid=1#cid=408186; https://www.zdnet.com/article/french-officials-investigating-lockbit-claim-of-ransomware-attack/,Unknown,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.securityweek.com/french-ministry-justice-targeted-ransomware-attack; https://www.zdnet.com/article/french-officials-investigating-lockbit-claim-of-ransomware-attack/; https://www.lemagit.fr/actualites/252512561/LockBit-20-menace-de-divulguer-des-donnees-de-la-Justice-francaise?mid=1#cid=408186,2022-08-15,2024-02-23
1455,Iranian APT MuddyWater targeted government and critical infrastructure entities worldwide in an undefined time period using a new variant of PowGoop malware,"US and UK cybersecurity and law enforcement agencies shared information on a new variant of the PowGoop variant deployed by the Iranian-backed MuddyWater hacking group in espionage and other ""malicious"" cyber operations targeting critical infrastructure worldwide, including ""a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America"" (CISA Alert, February 24, 2022). Moreover, the joing alert by the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) reported on the group`s usage of the Small Sieve backdoor in order to maintain and expand a foothold in victim infrastructure and for detection evasion. MuddyWater also used the Canopy/Starwhale malware, the Mori backdoor as well as the POWERSTATS backdoor. The exact impact or ""success"" of the operations was not further specified. ",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None,North America; Africa; Asia (region); Europe (region), -  -  - ,State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure,Civil service / administration; Energy; Telecommunications; Defence industry - Civil service / administration; Energy; Telecommunications; Defence industry - Civil service / administration; Energy; Telecommunications; Defence industry - Civil service / administration; Energy; Telecommunications; Defence industry,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,17435; 17435; 17435; 17435; 17435; 17435; 17435; 17435; 17435; 17435,2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00; 2022-02-24 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); National Security Agency (NSA); National Security Agency (NSA),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS); MuddyWater/TEMP.Zagros/Mango Sandstorm fka MERCURY/Static Kitten/Seedworm/G0069 (MOIS),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.cisa.gov/uscert/ncas/alerts/aa22-055a,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/us-and-uk-expose-new-malware-used-by-muddywater-hackers/; https://www.cisa.gov/uscert/ncas/alerts/aa22-055a,2022-08-15,2024-02-23
3,Armenian hacktivists target Azerbaijani webpages as part of a tit-for-tat between the nation`s hacktivists in February 2000,"In response to previous DDoS-operations against Armenian websites in January/February 2000, an Armenian hacker group called Liazor took down the webpages of many Azerbaijani users, humanitarian organization and newspapers as a revenge act.",2000-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Not available,Azerbaijan,ASIA; CENTAS,Social groups; End user(s) / specially protected groups; Media,Advocacy / activists (e.g. human rights organizations); ; ,Liazor,Armenia,Non-state-group,Hacktivist(s),1,17417,2000-02-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Liazor,Not available,Armenia,Liazor,Armenia,Non-state-group,,Autonomy; Territory; Resources,Autonomy; Territory; Resources,Armenia - Azerbaijan; Armenia - Azerbaijan; Armenia - Azerbaijan,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,,2022-08-15,2024-02-23
1435,Anonymous targets Russian oil company Transneft in Hack-and-Leak Operation in March 2022,"Anonymous stole roughly 79 gigabytes of emails allegedly from Russian state-controlled oil pipeline company Transneft and the data emerged on known leaks hosting website, DDoSecrets. The Intercept reports that the emails were from Omega Co, which is a R&D (research and development) subsidiary of Transneft, a Russian state-controlled oil pipeline company. ",2022-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,Transneft,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Energy,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,8119,2022-03-21 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Unknown,Non-state-group,https://www.securityweek.com/hacktivists-leak-data-allegedly-stolen-russian-energy-giant-transneft; https://hackercombat.com/hacktivists-leak-email-data-from-russian-pipeline-giant-transneft/; https://twitter.com/MikaelThalen/status/1504321727110651905; https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://twitter.com/cyber_etc/status/1531779902646718464?s=20&t=MgEq_efbLJJYbTt1Y6SKFA,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://www.securityweek.com/hacktivists-leak-data-allegedly-stolen-russian-energy-giant-transneft; https://hackercombat.com/hacktivists-leak-email-data-from-russian-pipeline-giant-transneft/; https://twitter.com/MikaelThalen/status/1504321727110651905; https://twitter.com/cyber_etc/status/1531779902646718464?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-03-03
1433,Israel Says Government Sites Targeted by Hack,Israel's National Cyber Directorate said that the country suffered a cyber attack on Monday that briefly took down a number of government web sites.,2022-03-14,2022-03-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1673,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/israel-says-government-sites-targeted-hack,2022-08-15,2022-11-02
1432,Hackers Target German Branch of Russian Oil Giant Rosneft,"The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with hacker group Anonymous claiming responsibility. The attack could have caused a massive disruption in mineral oil distribution; however, extensive harm was thwarted when the Rosneft Germany's IT systems were again operating after only a brief disruption. President of the Federal Office for Information Security (BSI), Arne Schönbohm, clarified that Rosneft Germany was targeted by the hacktivists because it was a Russian affiliated company and part of critical infrastructure.",2022-02-01,2022-03-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption; Hijacking without Misuse,Rosneft,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Energy,Anonymous Deutschland,Germany,Non-state-group,Hacktivist(s),2,11612; 11611,2022-06-23 00:00:00; 2022-03-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attribution by receiver government / state entity; Attacker confirms,"Arne Schönbohm (Head of BSI, Germany); Anonymous",Not available; Not available,Germany; Not available,Anonymous Deutschland; Anonymous Deutschland,Germany; Germany,Non-state-group; Non-state-group,https://anonleaks.nl/2022/anonymous/20-terabyte-anonymous-kapert-daten-von-rosneft-deutschland/; https://www.spiegel.de/netzwelt/web/arne-schoenbohm-bsi-chef-warnt-vor-hackerangriffen-in-deutschland-a-683a4dd0-5152-4a54-997c-42906aeee164#ref=rss,System / ideology,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-03-01 00:00:00,EU member states: Preventive measures,Awareness raising,Germany,Federal Office for Information Security (BSI),No,,Not available,Not available,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,2.0,Day (< 24h),Not available,Not available,0.0,,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.thelocal.de/20220314/hackers-target-german-branch-of-russian-oil-giant-rosneft/; https://www.thelocal.de/20220314/hackers-target-german-branch-of-russian-oil-giant-rosneft; https://www.spiegel.de/netzwelt/web/bundeskriminalamt-ermittelt-hackerangriff-auf-rosneft-deutschland-a-74e3a53a-e747-4500-8198-ea6780a7d79a?sara_ecid=soci_upd_KsBF0AFjflf0DZCxpPYDCQgO1dEMph; https://anonleaks.nl/2022/anonymous/20-terabyte-anonymous-kapert-daten-von-rosneft-deutschland/; https://www.spiegel.de/netzwelt/web/arne-schoenbohm-bsi-chef-warnt-vor-hackerangriffen-in-deutschland-a-683a4dd0-5152-4a54-997c-42906aeee164#ref=rss,2022-08-15,2023-11-23
1417,Colonial Pipeline Hack,"Russian ransomware gang Darkside gained access into the information systems of the company Colonial Pipeline which operates the 5,500-mile Colonial Pipeline from the Gulf Coast to the New York metro area. The company had to stop the pipeline operations in order to contain the impact of the ransomware operation that targeted the billing and accounting systems. The ransomware gang demanded approximately 5$ million dollar ransom for getting back the stolen data, which the company payed. On the 14th of January 2022 the Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang after the US government demanded to do something against the ransomware attacks. A senior Biden administration official said that one of the Russian hacker arrested by the FSB was behind the Colonial Pipeline attack.",2021-05-06,2021-05-12,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,Colonial Pipeline,United States,NATO; NORTHAM,Critical infrastructure,Energy,Darkside,Russia,Non-state-group,Criminal(s),3,12420; 12421; 12422,2021-05-10 00:00:00; 2021-05-10 00:00:00; 2021-05-10 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by receiver government / state entity,"Federal Bureau of Investigation (FBI); Cybereason; Joe Biden (President, USA)",Not available; ; Not available,United States; United States; United States,Darkside; Darkside; Darkside,Russia; Unknown; Russia,Non-state-group; Non-state-group; Non-state-group,https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networks; https://www.theguardian.com/us-news/2021/may/10/colonial-pipeline-shutdown-us-darkside-message; https://www.cybereason.com/blog/inside-the-darkside-ransomware-attack-on-colonial-pipeline,Unknown,Unknown,,Unknown,,3,2021-05-09 00:00:00; 2021-07-27 00:00:00; 2023-01-11 00:00:00,State Actors: Stabilizing measures; State Actors: Legislative reactions; State Actors: Legislative reactions,Statement by head of state/head of government (or executive official); Parliamentary investigation committee; Legislative initiative,United States; United States; United States,"Joe Biden (President, USA); Senate Commerce, Science, and Transportation Committee (USA); Reps. Deborah Ross (D-NC; USA)",No,,Valid Accounts,Data Exfiltration; Data Encrypted for Impact,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,=< 10 Mio,4400000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence,,Not available,2,2022-05-09 00:00:00; 2022-01-14 00:00:00,"Proclamation of public emergency (national level); Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States; Russia,"Joe Biden (President, USA); Federal Security Service (FSB)",Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/reddit-says-ransomware-post-connected-to-february-incident; https://cyberscoop.com/puesh-kumar-energy-cybersecurity/; https://cyberscoop.com/vulnerabilities-industrial-conference-s4x23/; https://www.darkreading.com/attacks-breaches/to-safeguard-critical-infrastructure-go-back-to-basics; https://therecord.media/encino-energy-cyberattack-alleged-data-leak-alphv/; https://twitter.com/alexfrudolph/status/1630355470559879169; https://twitter.com/alexfrudolph/status/1630355470559879169; https://cyberscoop.com/biden-national-cybersecurity-strategy-2023/; https://www.c4isrnet.com/cyber/2023/03/02/biden-vows-to-wield-all-instruments-in-fighting-cyber-threats/; https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy; https://cyberscoop.com/tsa-cybersecurity-airlines/; https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023; https://www.techrepublic.com/article/business-email-compromises-double-overtake-ransomware/; https://cyberscoop.com/easterly-cisa-budget-china-biden/; https://securityaffairs.com/144466/security/cisa-jddc-energy-sector.html; https://thehackernews.com/2023/04/supply-chain-attacks-and-critical.html; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/read-the-manual-locker-a-private-raas-provider.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://www.darkreading.com/operations/marlinspike-adds-charles-carmakal-to-its-advisory-board; https://therecord.media/doj-lisa-monaco-urges-cisos-to-work-with-gov-uber-sentencing; https://www.darkreading.com/ics-ot/2-years-after-colonial-pipeline-attack-us-critical-infrastructure-remains-as-vulnerable-to-ransomware; https://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/; https://www.darkreading.com/attacks-breaches/government-industry-efforts-to-thwart-ransomware-start-to-pay-off-; https://twitter.com/vmyths/status/1655581638120669184; https://twitter.com/DarkReading/status/1655579101380460546; https://therecord.media/ransomware-optimism-nakasone-easterly-vanderbilt; https://www.darkreading.com/ics-ot/tsa-official-feds-improved-cybersecurity-response-post-colonial-pipeline; https://thehackernews.com/2023/05/how-to-reduce-exposure-on-manufacturing.html; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://cyberscoop.com/fin7-ransomware-attacks/; https://twitter.com/Jason_Healey/status/1658869188771950594; https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html; https://www.commerce.senate.gov/2021/7/chair-cantwell-on-cyber-threats-to-energy-infrastructure-colonial-pipeline-attack-the-tip-of-the-iceberg; https://ross.house.gov/sites/evo-subsites/ross.house.gov/files/evo-media-document/cybersecurity-bill-final.pdf; https://www.wsj.com/articles/federal-cyber-oversight-of-critical-infrastructure-is-failing-report-warns-c9f6fb57; https://cyberscoop.com/solarium-commission-critical-infrastructure-ppd-21/; https://thehackernews.com/2023/06/winning-mind-game-role-of-ransomware.html; https://cyberscoop.com/section-702-colonial-pipeline/; https://www.govinfosecurity.com/cisas-new-cybersentry-program-to-tighten-ics-security-a-22435; https://socradar.io/apt-profile-fin7/; https://www.darkreading.com/ics-ot/zero-trust-keeps-digital-attacks-from-entering-the-real-world; https://www.darkreading.com/attacks-breaches/electrical-grid-stability-relies-on-balancing-digital-substation-security; https://www.thecipherbrief.com/white-house-unveils-road-map-for-national-cybersecurity-strategy; https://cyberscoop.com/bide-cybersecurity-strategy-implementation/; https://www.darkreading.com/ics-ot/critical-infrastructure-workers-spotting-phishes; https://therecord.media/tsa-renews-guidelines-for-pipelines; https://www.darkreading.com/ics-ot/tsa-updates-pipeline-cybersecurity-requirements; https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/uncover-the-hidden-story-of-ransomware-victims.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research; https://cyberscoop.com/black-hat-russia-china-ukraine/; https://therecord.media/blackcat-claims-seiko-cyberattack; https://www.darkreading.com/edge-articles/cybersecurity-builds-trust-in-critical-infrastructure; https://therecord.media/cyber-incident-reporting-regulation-cisa; http://www.defenseone.com/threats/2023/09/the-d-brief-september-08-2023/390113/; https://www.bleepingcomputer.com/news/security/blackcat-ransomware-hits-azure-storage-with-sphynx-encryptor/; https://www.darkreading.com/ics-ot/legions-critical-infrastructure-devices-open-cyber-targeting; https://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/; https://therecord.media/colonial-pipeline-attributes-ransomware-claims-to-unrelated-third-party-breach; https://www.hackread.com/ransomedvc-ransomware-quit-sell-infrastructure/; https://www.darkreading.com/ics-ot/shields-ready-initiative-inevitable-cyberattacks; https://cyberscoop.com/edr-vulnerability-management-report/; https://www.bleepingcomputer.com/news/security/htc-global-services-confirms-cyberattack-after-data-leaked-online/; https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/; https://www.wired.com/story/alphv-blackcat-ransomware-doj-takedown/; https://www.bleepingcomputer.com/news/security/fbi-alphv-ransomware-raked-in-300-million-from-over-1-000-victims/; https://www.bleepingcomputer.com/news/security/fbi-disrupts-blackcat-ransomware-operation-creates-decryption-tool/; https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/; https://socradar.io/enhancing-iot-security-with-cyber-threat-intelligence-cti/; https://www.bleepingcomputer.com/news/security/ohio-lottery-hit-by-cyberattack-claimed-by-dragonforce-ransomware/; https://www.forbes.com.mx/el-costo-oculto-de-los-ciberataques-cuando-la-tecnologia-amenaza-la-existencia-empresarial/; https://www.forbes.com.mx/el-costo-oculto-de-los-ciberataques-cuando-la-tecnologia-amenaza-la-existencia-empresarial/; https://cyberscoop.com/farm-and-food-cybersecurity-act/; https://www.bleepingcomputer.com/news/security/us-offers-up-to-15-million-for-tips-on-alphv-ransomware-gang/; https://www.heraldscotland.com/news/24135106.glasgow-caledonian-university-targeting-rail-cyber-criminals/; https://www.defenseone.com/defense-systems/2024/02/biden-sign-executive-order-boosting-cybersecurity-ports-maritime-vessels/394340/; https://www.wired.com/story/anne-neuberger-cybersecurity-q-and-a/; https://apnews.com/article/port-security-cyber-attack-e3da323aebc80c553663e43b77d430e2; https://www.defenseone.com/defense-systems/2024/02/fbi-prepare-election-year-fast-paced-threats-powered-bad-guys-ai/394577/; https://www.kyivpost.com/post/28885; https://arstechnica.com/security/2024/03/us-prescription-market-hamstrung-for-9-days-so-far-by-ransomware-attack/; https://www.bleepingcomputer.com/news/security/blackcat-ransomware-turns-off-servers-amid-claim-they-stole-22-million-ransom/; https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/; https://www.cyberscoop.com/nsa-energy-sector-cyberattacks/; https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know; https://therecord.media/energy-cybersecurity-university-leadership-act-passes-house/; https://www.cyberscoop.com/critical-infrastructure-cybersecurity-imperative/; https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022; https://www.darkreading.com/ics-ot/what-will-it-take-to-secure-critical-infrastructure; https://www.darkreading.com/threat-intelligence/advanced-cyberattackers-disruptive-hits-new-technologies; https://www.securonix.com/blog/securonix-2022-threat-report-part-3-detecting-ransomware/; https://socradar.io/dark-web-profile-royal-ransomware/; https://www.cyberscoop.com/ransomware-payments-cost-treasury/; https://www.theguardian.com/us-news/2021/may/10/colonial-pipeline-shutdown-us-darkside-message; https://twitter.com/BlackBerrySpark/status/1601411383127588865; https://www.cybereason.com/blog/inside-the-darkside-ransomware-attack-on-colonial-pipeline; https://www.whitehouse.gov/briefing-room/press-briefings/2022/01/14/background-press-call-by-a-senior-administration-official-on-cybersecurity/; https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networks; https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737; https://apps.web.maine.gov/online/aeviewer/ME/40/44968239-4f1b-4bb7-927c-775864a3ad07.shtml; https://securityaffairs.co/wordpress/126729/cyber-crime/fsb-dismantled-revil-ransomware-gang.html; https://twitter.com/Cyber_O51NT/status/1612596007430410240; https://www.washingtonpost.com/business/2021/06/09/colonial-pipeline-mandiant-house-hearing/; https://www.cyberscoop.com/ransomware-australia-task-force/; https://www.techrepublic.com/article/cyber-security-trends-uk/; https://www.techuk.org/resource/reducing-the-attack-surface-within-cni-ot-environments-using-revbits-native-security-solutions.html,2022-08-15,2024-02-16
1408,“KONNI” Targets the Russian Diplomatic Sector,Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.,2021-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,3172,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,Not available,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://cluster25.io/2022/01/03/konni-targets-the-russian-diplomatic-sector/; https://blog.lumen.com/new-konni-campaign-targeting-russian-ministry-of-foreign-affairs/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/hackers-take-over-diplomats-email-target-russian-deputy-minister/; https://cluster25.io/2022/01/03/konni-targets-the-russian-diplomatic-sector/; https://blog.lumen.com/new-konni-campaign-targeting-russian-ministry-of-foreign-affairs/,2022-08-15,2023-10-11
1409,South Korea Atomic Energy Research Institute,North Korean state-sponsored hacking group Kimsuky gained access into the networks of South Korea's Atomic Energy Research Institute.,2021-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Hijacking without Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Energy,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Reconnaissance General Bureau,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,3171; 3171,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; IT-security community attributes attacker,,Not available; Not available,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094; Reconnaissance General Bureau,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.sisajournal.com/news/articleView.html?idxno=219152,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://therecord.media/us-sanctions-north-korean-kimsuky-hackers; https://www.bleepingcomputer.com/news/security/north-korea-hacks-two-south-korean-chip-firms-to-steal-engineering-data/; https://www.kaeri.re.kr/board/view?menuId=MENU00326&linkId=9181; https://www.bleepingcomputer.com/news/security/south-koreas-nuclear-research-agency-hacked-using-vpn-flaw/; https://www.sisajournal.com/news/articleView.html?idxno=219152; https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/,2022-08-15,2023-12-04
1410,DragonForce AcadaME Israel,Malaysian hacktivist group DragonForce stole data of over 200.000 israeli students by hacking into the israeli company AcadeME which mediates jobs for israeli graduates. The hacking group conducted this data theft in support of the palestinian cause against the israeli occupation.,2021-06-21,2021-06-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,DragonForce,Malaysia,Non-state-group,Hacktivist(s),1,3170,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,DragonForce,Malaysia,Non-state-group,https://dragonforce.io/threads/opsbedil-2-0-university-recruitment-network-system-in-israel.3127/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.jpost.com/israel-news/details-of-over-200000-students-leaked-in-cyberattack-672179; https://dragonforce.io/threads/opsbedil-2-0-university-recruitment-network-system-in-israel.3127/,2022-08-15,2022-11-02
1411,Triple Threat: TA406,"North Korean state-sponsored hacking group TA406, one of three threat actors that Proofpoint tracks as part of Kimsuky activity, targeted high-value targets in an espionage campaign mostly focused on credential harvesting. In addition, the North Korean group used the stolen information to make ransom demands.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,None - None,"Korea, Republic of; Unknown",ASIA; SCS; NEA - ,State institutions / political system; Social groups; Media; Science - State institutions / political system; Social groups; Media; Science,Government / ministries; Other social groups; ;  - Government / ministries; Other social groups; ; ,TA406/Konni Group/Opal Sleet fka OSMIUM < Kimsuky,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,17280,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TA406/Konni Group/Opal Sleet fka OSMIUM < Kimsuky,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/; https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf; https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/,2022-08-15,2024-02-20
1412,Iranian IT-company Supply-Chain Attack in Israel,"Iranian nation-state hackers compromised a Israel-based IT company in order to use that access to compromise downstream customers in the defense, energy, and legal sectors in Israel.",2021-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Energy; Defence industry; ,Cuboid Sandstorm fka DEV-0228,"Iran, Islamic Republic of",State,,1,1652,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cuboid Sandstorm fka DEV-0228,"Iran, Islamic Republic of",State,https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/microsoft-iranian-state-hackers-increasingly-target-it-sector/; https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/,2022-08-15,2022-11-02
1413,Iranian IT-company Supply-Chain Attack in Bahrain,Iranian nation-state hackers compromised a Bahrain-based IT company that works with not further specified cleints of the Bahrain government who were their ultimate target. Besides that they compromised a not  more precisely defined government-owned organiazation in the Middle East that works with the defense and transportation sector.,2021-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Bahrain; Middle East (region),ASIA; MENA; MEA; GULFC - ,Unknown; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Unknown; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),;  - ; ,DEV-0056,"Iran, Islamic Republic of",State,,1,1653,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DEV-0056,"Iran, Islamic Republic of",State,https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/,2022-08-15,2022-11-02
1414,ColunmTK (Supply Chain),Chinese state-sponsored hacking group APT41 stole information from various airlines by compromising the IT service provider SITA in a supply chain attack.,2021-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft; Hijacking with Misuse,None - None - None - None,India; Singapore; Malaysia; Finland,ASIA; SASIA; SCO - ASIA - ASIA; SCS; SEA - EUROPE; EU(MS); NORTHEU,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Transportation - Transportation - Transportation - Transportation,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,1,3168,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,Not available,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://blog.group-ib.com/colunmtk_apt41,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://twitter.com/MAS/status/1366447449976496131; https://www.singaporeair.com/en_UK/sg/media-centre/news-alert/?id=kltm93p0; https://www.infosecurity-magazine.com/news/sita-supply-chain-breach-hits/?__cf_chl_jschl_tk__=pmd_22d96108ea7a7a023a70a6e1ae2d307113653a31-1626767310-0-gqNtZGzNAfijcnBszQp6; https://yle.fi/news/3-11820715; https://www.airindia.in/images/pdf/Data-Breach-Notification.pdf; https://blog.group-ib.com/colunmtk_apt41,2022-08-15,2022-11-02
1416,ScarCruft Chinotto Surveillance,"North korean state-sponsored hacking group ScarCruft hacked and stole sensitive data from journalists, north korean defector and human rights activists in South Korea.",2021-03-22,2021-09-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Social groups; Social groups; Media,Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,1656,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/apt37-targets-journalists-with-chinotto-multi-platform-malware/; https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/,2022-08-15,2022-12-05
1418,Indian APT Patchwork aka Dropping Elephant used Ragnatela Backdoor against Pakistani Ministry of Defense and targets from academia and science sector at the end of 2021,"Indian APT Patchwork aka Dropping Elephant compromised the Pakistani Ministry of Defense and several Pakistani academic institutions specialized in molecular medicine and biological science at the end of 2021. An apparent lack of operational security stands out for this incident, as described in the MalwareBytes report as follows: ""Ironically, all the information we gathered was possible thanks to the threat actor infecting themselves with their own RAT, resulting in captured keystrokes and screenshots of their own computer and virtual machines"". ",2021-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Pakistani Ministry of Defence,Pakistan,ASIA; SASIA; SCO,State institutions / political system; Critical infrastructure,Government / ministries; Research,Monsoon/Patchwork/Dropping Elephant,India,Unknown - not attributed,,1,11750,2022-01-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,MalwareBytes,,United States,Monsoon/Patchwork/Dropping Elephant,India,Unknown - not attributed,https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/,Territory; Resources; International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Yes / HIIK intensity,HIIK 3,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/126524/apt/patchwork-apt-ragnatela-rat.html; https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/; https://www.bleepingcomputer.com/news/security/oops-cyberspies-infect-themselves-with-their-own-malware/; https://thehackernews.com/2023/05/operation-chattygoblin-hackers.html,2022-08-15,2024-02-05
1431,Anonymous hacked Russian security cameras and shared the live feed online in March 2022,"Anonymous and other hacker groups continue to target entities from Russia, in a recent attack the collective has taken over more than 400 Russian cameras in support of Ukraine. The group shared the live feed of the cameras on the website behindenemylines.live and grouped them in various categories based on their location (Businesses, Outdoor, Indoor, Restaurants, Offices, Schools, and Security Offices).",2022-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,Not available,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Civil service / administration; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,14375,2022-03-08 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,Not available,Not available,Anonymous,Unknown,Non-state-group,https://twitter.com/thewarriorpoetz/status/1501081481212579843?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1501081481212579843%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128847%2Fhacktivism%2Fanonymous-vs-russia.html; https://securityaffairs.co/wordpress/128847/hacktivism/anonymous-vs-russia.html,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://securityaffairs.co/wordpress/128847/hacktivism/anonymous-vs-russia.html; https://twitter.com/thewarriorpoetz/status/1501081481212579843?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1501081481212579843%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128847%2Fhacktivism%2Fanonymous-vs-russia.html; https://twitter.com/twitter/status/1512355603603095552; https://twitter.com/twitter/status/1512405172454137856; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-11-20
1420,Puerto Rico Senate,"Puerto Rico’s Senate announced Wednesday that it was the target of a cyberattack that disabled its internet provider, phone system and official online page, the latest in a string of similar incidents in recent years.",2022-01-01,2022-01-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,Puerto Rico,,State institutions / political system,Legislative,,Unknown,Unknown - not attributed,,1,3155,NaT,Not available,Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236; https://www.securityweek.com/official-says-puerto-ricos-senate-targeted-cyberattack,2022-08-15,2024-02-21
1421,People's Mojahedin Organization of Iran disrupted two TV channel and two radio broadcasts of Iranian state broadcaster IRIB on 27 January 2022,"People's Mojahedin Organization of Iran (PMOI) disrupted two TV channel and two radio broadcasts - Channel One, Koran Channel, Radio Javan, Radio Payam - of Islamic Republic of Iran Broadcasting (IRIB) on 27 January 2022, according to the deputy head of technical affairs for IRIB Reza Alidadi. 
The disruption means a very short interruption of the event by showing the counterfeits of the two leaders of the PMOI, Maryam and Masoud Rajavi. 
However, on the same day, 27 January 2022, the hacktivist group Predatory Sparrow also claimed responsibility for the disruption. ",2022-01-27,2022-01-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,Islamic Republic of Iran Broadcasting (IRIB),"Iran, Islamic Republic of",ASIA; MENA; MEA,Media,,People's Mujahideen Organisation of Iran (PMOI)/ Mujahideen Khalq Organisation (MKO),Albania,Non-state-group,Terrorist(s),2,5212; 5211,2022-01-27 00:00:00; 2022-01-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,"Reza Alidadi (Deputy Head of Technical Affairs for IRIB, Iran); Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Not available; Not available,"Iran, Islamic Republic of; Not available","People's Mujahideen Organisation of Iran (PMOI)/ Mujahideen Khalq Organisation (MKO); Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Albania; Unknown,Non-state-group; Non-state-group,https://www.bloomberg.com/news/articles/2022-01-27/iran-state-tv-says-exiled-dissidents-briefly-hacked-broadcasts?leadSource=uverify%20wall; https://t.me/GonjeshkeDarande/146,System / ideology,Not available,,Not available,,0,,Not available,,Not available,Not available,No,,Not available,Defacement,Not available,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,Not available,,Not available,Not available,Not available,,No response justified (missing state attribution & breach of international law),,https://www.digitaltveurope.com/2022/01/28/iranian-state-broadcaster-irib-hacked-by-opposition-group/; https://www.cyberscoop.com/iran-state-tv-hack-predatory-sparrow-indra/; https://www.bloomberg.com/news/articles/2022-01-27/iran-state-tv-says-exiled-dissidents-briefly-hacked-broadcasts?leadSource=uverify%20wall; https://t.me/GonjeshkeDarande/146; https://research.checkpoint.com/2022/evilplayout-attack-against-irans-state-broadcaster/; https://securityaffairs.com/156065/hacktivism/pro-israel-predatory-sparrow-iran-fuel-stations.html,2022-08-15,2023-12-19
1422,Iran’s national TV stream hacked for the second time in a week,"A hacktivist group known as Adalat Ali (Ali’s Justice) has hijacked the web stream of Iran’s state-owned television station, the Islamic Republic of Iran Broadcasting (IRIB), in order to broadcast an anti-regime message earlier this week.",2022-02-01,2022-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Media,,Adalat Ali,Unknown,Non-state-group,Hacktivist(s),1,3153,2022-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Adalat Ali,Unknown,Non-state-group,https://twitter.com/RadioFarda_/status/1488541026138697728?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1488541026138697728%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Firans-national-tv-stream-hacked-for-the-second-time-in-a-week%2F,System / ideology,Not available,,Not available,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://therecord.media/irans-national-tv-stream-hacked-for-the-second-time-in-a-week/; https://twitter.com/RadioFarda_/status/1488541026138697728?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1488541026138697728%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Firans-national-tv-stream-hacked-for-the-second-time-in-a-week%2F; https://www.wired.com/story/hacktivism-russia-ukraine-ddos/,2022-08-15,2022-12-28
1425,"Ukraine border control hit with wiper cyberattack, slowing refugee crossing","A Ukraine border control station has been struck with a data wiper cyberattack that has slowed the process of allowing refugees to cross into Romania, a cybersecurity expert who spoke with Ukrainian agents at the border crossing told VentureBeat.",2022-02-26,2022-02-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system,Police,,Unknown,Unknown - not attributed,,1,3151,NaT,Not available,Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.washingtonpost.com/world/2022/02/26/europe-welcomes-refugees-ukraine-russia/; https://venturebeat.com/2022/02/27/ukraine-border-control-hit-with-wiper-cyberattack-slowing-refugee-crossing/,2022-08-15,2023-02-28
1426,The IT Army of Ukraine targeted Russian entities from the finance sector with DDoS attacks at the end of February 2022,"The Ukrainian Cyber Police Force stated that their new ""IT Army"" of volunteer hacktivists has taken down key Russian websites and state online portals, such as ""the website of the Investigative Committee of the Russian Federation, the FSB of the Russian Federation, the bank ""Sberbank"" and other government and critical information systems important for the Russian Federation and Belarus."" They further state that they now are openly engaged in cyber-warfare against Russian and pro-Russian entities. The list of websites that they claim to have targeted are: sberbank.ru, vsrf.ru, scrf.gov.ru, kremlin.ru, radiobelarus.by, rec.gov.by, sb.by, belarus.by, belta.by, tvr.by.",2022-02-27,2022-02-28,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,SberBank - Federal Security Service (FSB; Russia) - None - Investigative Committee of the Russian Federation (SKR) - None,Russia; Russia; Belarus; Russia; Russia,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO - EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO; SCO,Critical infrastructure - State institutions / political system - State institutions / political system; Critical infrastructure - State institutions / political system - State institutions / political system; Critical infrastructure,Finance - Intelligence agencies - ;  - Intelligence agencies - ; ,Ukrainian Cyber Police Force; IT Army of Ukraine,Ukraine; Ukraine,State; State,,1,11601; 11601,2022-02-01 00:00:00; 2022-02-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attacker confirms; Attacker confirms,Cyber Police Force of Ukraine; Cyber Police Force of Ukraine,Not available; Not available,Ukraine; Ukraine,Ukrainian Cyber Police Force; IT Army of Ukraine,Ukraine; Ukraine,State; State,https://www.bleepingcomputer.com/news/security/ukraine-says-its-it-army-has-taken-down-key-russian-sites/; https://www.forbes.com/sites/thomasbrewster/2022/02/28/moscow-exchange-and-sberbank-websites-knocked-offline-was-ukraines-cyber-army-responsible/?sh=2009a14177ca; https://cyberpolice.gov.ua/news/spilno-iz-kibervolonteramy-kiberpolicziya-prodovzhuye-atakuvaty-vebresursy-agresora-6445/,System / ideology; National power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/ukraine-says-its-it-army-has-taken-down-key-russian-sites/; https://www.forbes.com/sites/thomasbrewster/2022/02/28/moscow-exchange-and-sberbank-websites-knocked-offline-was-ukraines-cyber-army-responsible/?sh=2009a14177ca; https://cyberpolice.gov.ua/news/spilno-iz-kibervolonteramy-kiberpolicziya-prodovzhuye-atakuvaty-vebresursy-agresora-6445/; https://www.reuters.com/world/europe/ukraine-launches-it-army-takes-aim-russian-cyberspace-2022-02-26/,2022-08-15,2023-07-14
1427,Anonymous-linked hacker group Spid3r targeted Belarusian state websites with DDoS attacks  on,"Anonymous-affiliated group Spid3r (@YourAnonSpider) claimed to have hacked Belarusian government websites, such as Belarusian ministries of the Ministry of Justice, Ministry of Internal Affairs, and Ministry of Education via Twitter on May 29, 2022. Spid3r (@YourAnonSpider) also claimed a defacement of the Volozhinsky District Executive Committee website on May, 30, 2022.
",2022-05-29,2022-05-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Volozhinsky District Executive Committee (Belarus) - Ministry of Education (Belarus) - Ministry of Justice (Belarus) - Ministry of Internal Affairs (Belarus),Belarus; Belarus; Belarus; Belarus,EUROPE; EASTEU; CSTO - EUROPE; EASTEU; CSTO - EUROPE; EASTEU; CSTO - EUROPE; EASTEU; CSTO,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries - Government / ministries,Spid3r (@YourAnonSpider),Unknown,Non-state-group,Hacktivist(s),1,8108,2022-05-29 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Spid3r,Not available,Not available,Spid3r (@YourAnonSpider),Unknown,Non-state-group,https://twitter.com/cyber_etc/status/1531013980226998277?s=20&t=kbDZH5sWN4AiCeseovNgvA; https://twitter.com/cyber_etc/status/1531329187289636864?s=20&t=MgEq_efbLJJYbTt1Y6SKFA,System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,Not available,,Not available,Not available,No,,,,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://www.avionews.it/item/1242738-ukrainian-conflict-alleged-russian-plans-hacked.html; https://securityaffairs.co/wordpress/128703/hacking/anonymous-a-week-of-battles.html; https://twitter.com/YourAnonTV/status/1499513585915019278?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499513585915019278%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128703%2Fhacking%2Fanonymous-a-week-of-battles.html; https://twitter.com/YourAnonTV/status/1499874976362635268?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499874976362635268%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128703%2Fhacking%2Fanonymous-a-week-of-battles.html; https://www.itsecuritynews.info/anonymous-wages-a-cyber-war-against-russia-targets-oligarchs/; https://www.infosecurity-magazine.com/news/anonymous-claims-attacks-against/; https://twitter.com/twitter/status/1520218402903760896; https://twitter.com/twitter/status/1520895718415908864; https://twitter.com/cyber_etc/status/1531013980226998277?s=20&t=kbDZH5sWN4AiCeseovNgvA; https://twitter.com/cyber_etc/status/1531329187289636864?s=20&t=MgEq_efbLJJYbTt1Y6SKFA; https://twitter.com/YourAnonOne/status/1496965766435926039; https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg; https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg,2022-08-15,2023-03-16
1428,@ContiLeaks: Conti Ransomware source code leaked,"A Ukrainian researcher leaked the database of ransomware groups Conti and Ryuk because of their support of the Russian invasion of Ukraine. In the course of the leak, the Ukrainian researcher disclosed internal chat conversations and various versions of source code of the ransomware group's malware, which gives anyone access to the cryptor.exe, cryptor_dll.dll, and decryptor.exe executables.",2022-02-27,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,Conti Ransomware Operation,,,Social groups,Criminal,@ContiLeaks,Ukraine,Individual hacker(s),,1,2274,2022-02-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,@ContiLeaks,Not available,Ukraine,@ContiLeaks,Ukraine,Individual hacker(s),https://securityaffairs.co/wordpress/128563/data-breach/conti-ransomware-source-code-leaked.html; https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/; https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/,System / ideology,System/ideology,,Yes / HIIK intensity,,0,,,,,,No,,Trusted Relationship,Data Exfiltration; Resource Hijacking,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/; https://www.bleepingcomputer.com/news/security/us-and-uk-sanction-11-trickbot-and-conti-cybercrime-gang-members/; https://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/; https://therecord.media/trickbot-developer-sentenced-to-prison; https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html; https://securityaffairs.co/wordpress/128563/data-breach/conti-ransomware-source-code-leaked.html; https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/; https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/; https://www.cyberscoop.com/conti-karakurt-extortion-ransomware/; https://www.wired.com/story/hacktivism-russia-ukraine-ddos/,2022-08-15,2024-01-26
1429,"Hacktivist group v0g3lSec defaced the Russian Space Research Institute website on March 3, 2022","On Thursday, March 3rd, hacktivists from a group going by the Twitter handle of “v0g3lSec” managed to deface the website of the Russian Space Research Institute (IKI).",2022-03-03,2022-03-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,Science,,v0g3lSec,Unknown,Non-state-group,Hacktivist(s),1,7944,2022-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,v0g3lSec,Unknown,Non-state-group,https://twitter.com/YourAnonNews/status/1499380682174480386,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hack-russia-space-research-institute-site/; https://twitter.com/YourAnonNews/status/1499380682174480386,2022-08-15,2023-03-02
1362,North Korean defector Kang Mi-Jin,"The hacker group ScarCruft is suspected of breaching accounts belonging to North Korean defector Kang Mi-jin. Through the access, the group allegedly sent malicious documents to Kang's contacts and also tried to gain access to journalists' professional networks by sending messages to them.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Hijacking without Misuse,,"Korea, Democratic People's Republic of",ASIA; NEA,Social groups; Media,Political opposition / dissidents / expats; ,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,1601,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://blog.alyac.co.kr/4084,System / ideology; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nknews.org/2021/09/north-korean-hackers-breach-prominent-defectors-accounts-in-targeted-attack/; https://blog.alyac.co.kr/4084,2022-08-15,2022-11-02
1360,Konni RAT malware vs. Russia,"MalewareByte reports about an ongoing spear-phishing campaign with Konni RAT malware, which mainly targets Russia, but also other countries, such as Japan or Vietnam. The malware is mainly used by the North Korean hacker group APT37.",2021-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None - None - None - None,"Russia; Korea, Republic of; Japan; Vietnam; Nepal; Mongolia",EUROPE; EASTEU; CSTO; SCO - ASIA; SCS; NEA - ASIA; SCS; NEA - ASIA; SCS; SEA - ASIA; SASIA - ASIA; EASIA; NEA,Social groups - Social groups - Social groups - Social groups - Social groups - Social groups,Other social groups - Other social groups - Other social groups - Other social groups - Other social groups - Other social groups,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1599,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/; https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html,System / ideology; International power,System/ideology; International power; Other,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/konni-rat-variant-hits-russia-ongoing-attack/; https://heimdalsecurity.com/blog/new-konni-rat-campaign-in-full-fling/; https://securityaffairs.co/wordpress/121625/apt/konni-rat-target-russia.html; https://cyware.com/news/konni-rat-targets-russian-users-a74df9a5; https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/; https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html,2022-08-15,2023-09-22
1271,Russian state-sponsored hacked the internal network of Dutch police,Russian state-sponsored hacking groups breached the internal network of Dutch police in September 2017 in the cours of the country’s investigation of the MH-17 crash.,2017-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,,Netherlands,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Police,"Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,,1,1496; 1496,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Contested attribution; Contested attribution,,,,"Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,https://www.volkskrant.nl/nieuws-achtergrond/russen-zaten-ten-tijde-van-mh17-onderzoek-door-hack-diep-in-systemen-politie~b0e044e1/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/russian-hackers-breached-dutch-police-systems-in-2017/; https://www.volkskrant.nl/nieuws-achtergrond/russen-zaten-ten-tijde-van-mh17-onderzoek-door-hack-diep-in-systemen-politie~b0e044e1/,2022-08-15,2022-11-02
1314,TinyTurla,"Cisco Talos reports on a backdoor called TinyTurla, which is used by the state-sponsored Russian Turla APT and primarily targeted systems in the U.S., Germany, and Afghanistan. The company expects the backdoor to be used as an additional safeguard in case the primary malware is removed.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None,United States; Germany; Afghanistan,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - ASIA; SASIA,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,1,1546,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",https://blog.talosintelligence.com/2021/09/tinyturla.html,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/; https://www.bankinfosecurity.com/russian-linked-group-using-secondary-backdoor-against-targets-a-17592; https://thehackernews.com/2021/09/russian-turla-apt-group-deploying-new.html; https://blog.talosintelligence.com/2021/09/tinyturla.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2022-08-15,2024-02-19
1294,Turkish group attacks European Court of Human Rights,"The European Court of Human Rights has been attacked by Turkish hacktivists after publishing a ruling about the situation of Selahattin Demirtaş, who belongs to the Turkish opposition and has been inprisoned in 2016.",2020-12-23,2020-12-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by attacker,Disruption,,Unknown,,State institutions / political system,Judiciary,Anka Neferler Timi ,Turkey,Non-state-group,Hacktivist(s),1,1523,2020-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anka Neferler Timi ,Turkey,Non-state-group,https://www.bloomberg.com/news/articles/2020-12-23/europe-s-human-rights-court-hit-by-cyberattack-after-turkey-case?utm_campaign=socialflow-organic&utm_medium=social&utm_source=twitter&cmpid=socialflow-twitter-business&utm_content=business,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.promoteukraine.org/europes-human-rights-court-hit-by-cyberattack-after-turkey-case/; https://hudoc.echr.coe.int/fre-press#{%22itemid%22:[%22003-6894460-9254005%22]}; https://www.infosecurity-magazine.com/news/cyberattack-on-european-court-of/; https://www.bloomberg.com/news/articles/2020-12-23/europe-s-human-rights-court-hit-by-cyberattack-after-turkey-case?utm_campaign=socialflow-organic&utm_medium=social&utm_source=twitter&cmpid=socialflow-twitter-business&utm_content=business,2022-08-15,2022-11-02
1295,Israel vs. Iran: Portnox,Iranian ransomware group Pay2Key claims to have stolen data from the Israeli cyber security company Portnox.,2020-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,1524; 1525,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.clearskysec.com/pay2kitten/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://english.alaraby.co.uk/news/iran-linked-hacking-group-infiltrates-israeli-cyber-security-firm; https://old.iranintl.com/en/iran-in-brief/iran-linked-group-says-it-hacked-israeli-cyber-security-company; https://www.timesofisrael.com/iran-linked-hackers-say-they-breached-israeli-cyber-security-firm-portnox/; https://www.clearskysec.com/pay2kitten/,2022-08-15,2022-11-02
1296,COVID-19-Campaign: North Korean State-Sponsored Lazarus Group Launched Cyber Operation Against Unnamed Pharmaceutical Company on 25 September 2020 ,"On 25. September 2020, as part of its ""COVID-19 campaign"", the Lazarus Group targeted an unnamed pharmaceutical company that was heavily involved in the development of a COVID-19 vaccine. Unlike previous cyber-attacks using the Bookcode malware, the Securelist researchers were unable to reconstruct the exact initial infection vector. This version of Bookcode shared functionality with a report from the Korea Internet & Security Agency (KISA), communicating with the attacker's infrastructure and providing backdoor capabilities. In the post-exploitation phase, the Lazarus Group used this Bookcode cluster with its own tactics, including extracting host information, checking network connectivity, and scanning hosts on the same network after installing Bookcode on 25 September 2020.",2020-09-25,2020-09-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Hijacking without Misuse,Unspecified pharmaceutical company,Unknown,,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,,1,14994,2020-12-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Securelist,Securelist,United Kingdom,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-breach-covid-19-research-entities/; https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/,2022-08-15,2023-12-22
1297,COVID-19-Campaign: North Korean State-Sponsored Lazarus Group Launched Cyber Operation Against Unspecified Health Ministry on 27 October 2020,"On 27 October 2020, the North Korean Lazarus Group carried out a sophisticated cyber operation on an unspecified Ministry of Health to secretly obtain COVID-19 information. Using ""wAgent"", a versatile malware, they managed to infiltrate two Windows servers, bypassing existing security measures. wAgent worked mainly in the system's memory and was able to retrieve additional malicious payloads from remote servers, demonstrating its advanced remote control capabilities. The attack was - in proven fashion - highly customised, indicating a targeted approach rather than an indiscriminate large-scale attack. The complexity of the operation was also evident in the persistent access strategy, which utilised malware that mimicked legitimate software components. This tactic ensured that the attackers gained persistent access to the Ministry's systems, which could enable ongoing monitoring or data extraction. The sophistication and execution pattern of this operation - from stealth tactics to persistence - was subsequently linked to the Lazarus Group's known operational methods, confirming their involvement in this high-risk cyber espionage operation in retrospective definitive.",2020-10-27,2020-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Unnamed ministry of health,Unknown,,State institutions / political system,Government / ministries,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,14992,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/,2022-08-15,2024-03-06
1298,Hack against Hezbollah's Al-Qard Al-Hassan financial organization,"Hezbollah's Al-Qard Al-Hassan financial organization was hacked by SpiderZ, of whom the country of origin is unknown.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,Lebanon,ASIA; MENA; MEA,Critical infrastructure,Finance,SpiderZ,Unknown,Unknown - not attributed,,1,1528,2020-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,SpiderZ,Unknown,Unknown - not attributed,https://www.youtube.com/watch?v=sE_qW-z73D8,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jpost.com/breaking-news/hezbollah-affiliated-financial-org-hacked-information-leaked-653690; https://www.the961.com/hezbollah-al-qard-al-hassan-hack/; https://daraj.com/en/66163/; https://www.youtube.com/watch?v=sE_qW-z73D8,2022-08-15,2023-03-13
1299,ThreatNeedle: Defense Industries,Since early 2020 Lazarus has attacked defense industries using a custom backdoor named ThreatNeedle.,2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,Critical infrastructure,Defence industry,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,1,1529,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-lazarus-apt-targeting-the-defense-industry; https://ics-cert.kaspersky.com/publications/reports/2021/02/25/lazarus-targets-defense-industry-with-threatneedle/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/; https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-lazarus-apt-targeting-the-defense-industry; https://ics-cert.kaspersky.com/publications/reports/2021/02/25/lazarus-targets-defense-industry-with-threatneedle/,2022-08-15,2023-12-22
1300,Pulse Secure VPN: UNC2630,"Chinese state-sponsored groups UNC2630 and APT5 attacked targets in the US and Europe, focused on US Defense Industrial base (DIB) networks.",2020-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,United States; Europe (region),NATO; NORTHAM - ,State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure,Government / ministries; Finance; Defence industry - Government / ministries; Finance; Defence industry,UNC2630; APT5/Keyhole Panda/Mulberry Typhoon fka MANGANESE/TABCTENG,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1530; 1530,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,UNC2630; APT5/Keyhole Panda/Mulberry Typhoon fka MANGANESE/TABCTENG,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day; https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-now-under-mass-exploitation/; https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day; https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/; https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/; https://www.darkreading.com/attacks-breaches/citrix-adc-gateway-users-race-against-hackers-patch-critical-flaw,2022-08-15,2023-02-15
1301,Pulse Secure VPN: UNC2717,"UNC2717 attacked targets in the US and Europe, focused on US Defense Industrial base (DIB) networks.",2020-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,United States; Europe (region),NATO; NORTHAM - ,State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure,Government / ministries; Finance; Defence industry - Government / ministries; Finance; Defence industry,UNC2717,Unknown,Unknown - not attributed,,1,1531,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,UNC2717,Unknown,Unknown - not attributed,https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day; https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day; https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/,2022-08-15,2023-03-13
1302,Foreign hack on Russian federal executive,Russian government reveals attacks against government bodies by foreign hackers in 2020,2020-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,,Unknown,State,,2,1532; 1533,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,Unknown; Unknown,State; State,https://rt-solar.ru/upload/iblock/53e/Otchet-Solar-JSOC-ob-issledovanii-serii-kiberatak-na-organy-gosudarstvennoy-vlasti-RF-_-web.pdf; https://www.reuters.com/technology/russias-fsb-reports-unprecedented-hacking-campaign-aimed-government-agencies-2021-05-26/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/fsb-nktski-foreign-cyber-mercenaries-breached-russian-federal-agencies/; https://rt-solar.ru/upload/iblock/53e/Otchet-Solar-JSOC-ob-issledovanii-serii-kiberatak-na-organy-gosudarstvennoy-vlasti-RF-_-web.pdf; https://www.reuters.com/technology/russias-fsb-reports-unprecedented-hacking-campaign-aimed-government-agencies-2021-05-26/,2022-08-15,2022-11-02
1303,SideCopy's new custom trojans vs. Indian government personnel and military,SideCopy is using four new custom RAT families and two additional commodity RATs to target government personnel and military in India.,2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Military,SideCopy,Pakistan,Unknown - not attributed,,1,1534,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,SideCopy,Pakistan,Unknown - not attributed,,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/sidecopy-cybercriminals-use-custom-trojans-in-india-attacks/; https://cyware.com/news/operation-sidecopy-targets-defense-forces-in-india-211170f6; https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388; https://twitter.com/Cyber_O51NT/status/1649923268688900096,2022-08-15,2023-04-24
1304,LuminousMoth,"Kaspersky published a report on an ongoing cyber campaign against Southeast Asian countries that began in October 2020, with Myanmar and later the Philippines as the main targets of the attacks. Kaspersky names the initiators as LuminousMoth, which the IT firm links to the Chinese hacking group HoneyMyte.",2020-10-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Southeast Asia (region); Myanmar; Philippines, - ASIA; SEA - ASIA; SCS; SEA,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,LuminousMoth,China,Unknown - not attributed,,1,1535,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,LuminousMoth,China,Unknown - not attributed,https://securelist.com/apt-luminousmoth/103332/,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/chinese-cyberspies-wide-scale-apt-campaign-hits-asian-govt-entities/; https://securityaffairs.co/wordpress/120105/hacking/china-luminousmoth-apt-campaign.html; https://securelist.com/apt-luminousmoth/103332/,2022-08-15,2022-11-02
1305,"TA456's persona ""Marcella Flores""","Since at least 2019, the Iranian state-backed hacking group TA456 has been sending malware on social media by using a fake persona called ""Marcella Flores."" The campaign particularly targeted U.S. aerospace defense contractors in order to obtain sensitive data from victims.",2020-01-01,2021-07-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,Tortoise Shell/Imperial Kitten/TA456/Crimson Sandstorm fka CURIUM/Dustycave/UNC4444,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1536,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Tortoise Shell/Imperial Kitten/TA456/Crimson Sandstorm fka CURIUM/Dustycave/UNC4444,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://wired.me/technology/security/iranian-hackers-invent-flirty-persona-to-target-us-defense-contractors/; https://www.zdnet.com/article/these-hackers-posed-as-an-aerobics-instructor-online-to-trick-their-targets-into-downloading-malware/; https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media,2022-08-15,2023-03-31
1306,Hacked Pulse Secure devises,"CISA issued a report warning about malware found on Pulse Secure devises. The threat actor is still unknown, but has been active since at least June 2020 and targets U.S. government agencies, critical infrastructure entities, and other private sector organizations.",2020-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ; ,,Unknown,Unknown - not attributed,,1,1537,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cisa.gov/uscert/ncas/alerts/aa21-110a; https://www.bleepingcomputer.com/news/security/cisa-warns-of-stealthy-malware-found-on-hacked-pulse-secure-devices/; https://www.securityweek.com/cisa-details-malware-used-attacks-targeting-pulse-secure-devices,2022-08-15,2024-01-19
1307,Wellmess/WellMail - 2020,"The Russian hacking group APT29 continues to use a malware called WellMess to attack research facilities for COVID-19 vaccines, although in 2020 the malware was already attributed to APT by the U.S., U.K. and Canada.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None,United States; Canada; United Kingdom,NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure; Science - Critical infrastructure; Science - Critical infrastructure; Science,Health;  - Health;  - Health; ,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,,1,14695; 14695; 14695; 14695; 14695; 14695; 14695; 14695,2020-07-15 00:00:00; 2020-07-15 00:00:00; 2020-07-15 00:00:00; 2020-07-15 00:00:00; 2020-07-15 00:00:00; 2020-07-15 00:00:00; 2020-07-15 00:00:00; 2020-07-15 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Communications Security Establishment Canada (CSEC); Communications Security Establishment Canada (CSEC); Communications Security Establishment Canada (CSEC); Communications Security Establishment Canada (CSEC),Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available,United Kingdom; United Kingdom; Canada; Canada; United Kingdom; United Kingdom; Canada; Canada,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR; Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR; Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR; Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,State; State; State; State; State; State; State; State,https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.securityweek.com/russias-apt29-still-actively-delivering-malware-used-covid-19-vaccine-spying; https://www.riskiq.com/blog/external-threat-management/apt29-bear-tracks/; https://www.ncsc.gov.uk/files/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf; https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf,2022-08-15,2023-12-04
1308,Praying Mantis,"In July 2021, Sygnia publishes a report on APT Praying Mantis/TG1021 attacking organizations in the US. By tactics and targets, the company assumes the group is affiliated with a state-sponsored group, but makes no formal attribution. Only the similarity of this group's TTPs to attacks on the Australian government and businesses in 2020 highlights the security firm.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Unknown,,Praying Mantis/TG1021,Unknown,"Non-state actor, state-affiliation suggested",,1,1539,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Praying Mantis/TG1021,Unknown,"Non-state actor, state-affiliation suggested",https://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/praying-mantis-threat-actor-targeting-windows-internet-facing-servers-with-malware/; https://www.sygnia.co/praying-mantis-detecting-and-hunting; https://therecord.media/praying-mantis-apt-targets-iis-servers-with-asp-net-exploits/; https://blog.sygnia.co/praying-mantis-an-advanced-memory-resident-attack?hsLang=en; https://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf,2022-08-15,2023-09-22
1309,Chinese Malware against Russian Goverment - 2020,Group-IB presents evidence that the 2020 malware attack on Russian government agencies was carried out by the two state-sponsored hacker groups TA428 and TaskMasters.,2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,TA428/ Temp.Hex/ Vicious Panda; TaskMasters,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,4565; 4565,2021-09-01 00:00:00; 2021-09-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Group-IB; Group-IB,,,TA428/ Temp.Hex/ Vicious Panda; TaskMasters,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://blog.group-ib.com/task,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://hackercombat.com/researchers-perform-an-analysis-on-chinese-malware-used-against-russian-government/; https://www.securityweek.com/researchers-analyze-chinese-malware-used-against-russian-government; https://rt-solar.ru/upload/iblock/53e/Otchet-Solar-JSOC-ob-issledovanii-serii-kiberatak-na-organy-gosudarstvennoy-vlasti-RF-_-web.pdf; https://blog.group-ib.com/task,2022-08-15,2022-12-29
1310,LittleLooter,"An IBM report tells of the Iranian APT ITG18, whose TTPs overlap with those of Charming Kitten. The group used a new Android backdoor called LittleLooter to target members of the Iranian reform movement between August 2020 and May 2021.",2020-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Social groups,Political opposition / dissidents / expats,ITG18,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1541,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,ITG18,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/iran-linked-hackers-expand-arsenal-new-android-backdoor; https://cyware.com/news/iranian-apt-itg18-targets-reformists-within-the-country-cc149c88; https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/,2022-08-15,2022-11-02
1311,Emails from Lithuanian Ministry for sale,"In a data trading forum, 1.6 million emails from the Lithuanian Foreign Ministry were offered for sale. The Lithuanian president also announces that there are indications that sensitive and secret data were stolen in a cyberattack in November 2020.",2020-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,Lithuania,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1542,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.secureblink.com/cyber-security-news/emails-from-lithuanian-foreign-ministry-worth-300gb-put-up-for-sale-on-trading-forum; https://www.bleepingcomputer.com/news/security/emails-from-lithuanian-ministry-of-foreign-affairs-for-sale-on-data-trading-forum/; https://www.lrt.lt/en/news-in-english/19/1467832/hackers-steal-classified-documents-lithuanian-official-say-riots-may-be-connected,2022-08-15,2022-11-02
1312,SparklingGoblin,"While investigating a Winnti Group campaign, ESET finds a group, SparklingGoblin, that is affiliated with the Winnti Group but has a different modus operandi. The APT has a wide range of targets in North America, but also in Asia.",2020-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None - None - None - None - None - None - None - None,"United States; Korea, Republic of; Singapore; Georgia; India; Bahrain; Canada; Taiwan; Macao; Hong Kong",NATO; NORTHAM - ASIA; SCS; NEA - ASIA - ASIA; CENTAS - ASIA; SASIA; SCO - ASIA; MENA; MEA; GULFC - NATO; NORTHAM - ASIA; SCS - ASIA - ASIA,State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science,Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ;  - Government / ministries; Civil service / administration; Religious; ; ; ,SparklingGoblin / Earth Baku,,Unknown - not attributed,,2,1543; 1544,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Contested attribution,,,,SparklingGoblin / Earth Baku; SparklingGoblin / Earth Baku,; Unknown,Unknown - not attributed; Unknown - not attributed,https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/sparklinggoblin-apt/168928/; https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware,2022-08-15,2023-11-01
1293,Israel vs. Iran: Aerospace industries,"Iranian ransomware group Pay2Key claims to have hacked the biggest Israeli airpower defense corporation, named Israel Aerospace Industries.",2020-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,Critical infrastructure,Defence industry,Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,1521; 1522,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/Lemon Sandstorm fka RUBIDIUM/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.clearskysec.com/pay2kitten/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jpost.com/breaking-news/suspected-iranian-cyberattack-targets-israel-aerospace-industries-652731; https://www.timesofisrael.com/iran-linked-group-claims-to-hack-israeli-defense-firm-releases-employee-data/; https://www.haaretz.com/israel-news/tech-news/.premium-iranian-hackers-hit-israel-aerospace-industries-leak-data-as-cyberattack-continues-1.9387283; https://www.clearskysec.com/pay2kitten/,2022-08-15,2022-11-02
1292,SignSight,"Private companies and government agencies in Vietnam and Philippines attacked during ""Operation SignSight"".",2020-07-23,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Hijacking without Misuse,None - None,Vietnam; Philippines,ASIA; SCS; SEA - ASIA; SCS; SEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries; ,,Unknown,Unknown - not attributed,,1,1520,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/; https://www.zdnet.com/article/vietnam-targeted-in-complex-supply-chain-attack/,2022-08-15,2022-11-02
1291,Russian state-sponsored threat actors exploit VMware vulnerability,Russian state-sponsored actors use vulnerabilities to steal sensitive information.,2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state; Incident disclosed by authorities of victim state",Data theft; Hijacking with Misuse,,Unknown,,Unknown,,,Russia,"Non-state actor, state-affiliation suggested",,1,1519,2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Russia,"Non-state actor, state-affiliation suggested",https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2020/12/nsa-says-russian-state-hackers-are-using-a-vmware-flaw-to-ransack-networks/; https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF,2022-08-15,2022-11-02
1280,xHunt,New campaign by xHunt targets Kuwaiti government in using two backdoors.,2019-09-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,Kuwait,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,xHunt/ Hive0081,"Iran, Islamic Republic of",Unknown - not attributed,,1,1508,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,xHunt/ Hive0081,"Iran, Islamic Republic of",Unknown - not attributed,https://securityaffairs.co/wordpress/94724/malware/iran-zerocleare-wiper-attacks.html; https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/110644/apt/xhunt-attackers-hit-microsoft-exchange.html; https://securityaffairs.co/wordpress/94724/malware/iran-zerocleare-wiper-attacks.html; https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/,2022-08-15,2022-11-02
1272,BackdoorDiplomacy hacked diplomats primarily in Africa and the Middle East,"Hacking group BackdoorDiplomacy attacks diplomats in Africa, the Middle East, Europe and Asia.",2017-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,Europe (region); Middle East (region); Asia (region); Africa, -  -  - ,State institutions / political system; State institutions / political system; Critical infrastructure; Social groups - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups,Government / ministries; ; Telecommunications; Other social groups - Government / ministries; ; Telecommunications; Other social groups - Government / ministries; ; Telecommunications; Other social groups - Government / ministries; ; Telecommunications; Other social groups,BackdoorDiplomacy/CloudComputating,Unknown,Unknown - not attributed,,1,1497,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,BackdoorDiplomacy/CloudComputating,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/deutsch/2021/06/11/backdoordiplomacy-von-quarian-zu-turian/; https://www.zdnet.com/article/this-new-hacking-group-has-a-nasty-surprise-for-african-middle-east-diplomats/,2022-08-15,2023-09-22
1273,DeadRinger,"The three clusters Soft Cell, Naikon and APT27/Emissary Panda, which Cyberreason calls DeadRinger, joined forces to carry out cyberattacks against Southeast Asian telecommunications companies. The APTs are believed to be sponsored by the Chinese state. All three actors were active between 2017 and 2021 and overlapped in some targets and also in the timing of the attack.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Southeast Asia (region),,Critical infrastructure,Telecommunications,"Soft Cell; APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1498; 1498,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Soft Cell; APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/deadringer-three-pronged-attack-chinese-military-actors-against-major-telcos; https://www.zdnet.com/article/deadringer-chinese-apts-strike-major-telecommunications-companies/; https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos; https://therecord.media/hong-kong-software-supply-chain-attack-carderbee-apt,2022-08-15,2023-08-24
1274,"Operation Ghostwriter: a Belarusian/Russian APT UNC1151 with links to the secret services stole and leaked information of various targets in Germany, Lithuania, Latvia and Poland until 2021","The European Council formally attributed responsibility to the Russian state in late September 2021 for the Ghostwriter campaign that has been ongoing since at least 2017, after Poland and Germany accused Russia of involvement in the cyber operation in June and September. The campaign here primarily targeted government as well as press personnel in Lithuania, Latvia and Poland, and since 2021, Germany.
In Poland, the emails of Polish Chief of Chancellery Michal Dworczyk were published over many months in starting in June 2021, according to Dworczyk himself and other members of the government.
The emails contained information on questionable government decisions. Michal Dworczyk resigned on 30 September 2022. The European Union already issued a Declaration by the High Representative in September 2021, condemning the Ghostwriter campaign.",2017-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,"Michał Dworczyk (Chief of the Chancellery, Poland) - Not available - Not available - Not available - Not available",Poland; Lithuania; Poland; Latvia; Germany,EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media - State institutions / political system; Social groups; Media,Government / ministries - Legislative; Advocacy / activists (e.g. human rights organizations);  - Legislative; Advocacy / activists (e.g. human rights organizations);  - Legislative; Advocacy / activists (e.g. human rights organizations);  - Legislative; Advocacy / activists (e.g. human rights organizations); ,UNC1151/Storm-0257 fka DEV-0257/Ghostwriter,Russia,State,,7,15677; 15681; 15678; 15683; 15683; 15682; 15680; 15679; 15679,2021-09-24 00:00:00; 2021-11-16 00:00:00; 2021-09-06 00:00:00; 2021-03-26 00:00:00; 2021-03-26 00:00:00; 2021-03-17 00:00:00; 2021-06-18 00:00:00; 2021-06-22 00:00:00; 2021-06-22 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by EU institution/agency; IT-security community attributes attacker; Attribution by receiver government / state entity; Media-based attribution; Media-based attribution; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Mandiant; Federal Government of Germany; Not available; Not available; FireEye; Jaroslav Kaczynski (Deputy Prime Minister, Poland); Internal Security Agency (Poland); Military Counterintelligence Service (Poland)",Not available; ; Not available; Not available; Not available; ; Not available; Not available; Not available,EU (region); United States; Germany; Germany; Germany; United States; Poland; Poland; Poland,UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; GRU; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; Not available; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter; UNC1151/Storm-0257 fka DEV-0257/Ghostwriter,Russia; Belarus; Russia; Russia; Russia; Not available; Russia; Russia; Russia,"State; State; State; State; State; Non-state actor, state-affiliation suggested; Not available; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.spiegel.de/politik/deutschland/russischer-hack-erneute-attacke-hack-auf-bundestag-sieben-abgeordnete-betroffen-a-75e1adbe-4462-4e30-bd94-96796aed6b8a; https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/unc1151-ghostwriter-update-report.pdf; https://www.consilium.europa.eu/en/press/press-releases/2021/09/24/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-respect-for-the-eu-s-democratic-processes/; https://www.dw.com/en/germany-warns-russia-over-cyberattacks-ahead-of-election/a-59101191; https://www.mandiant.com/resources/blog/unc1151-linked-to-belarus-government; https://www.gov.pl/web/premier/oswiadczenie-wiceprezesa-rady-ministrow-przewodniczacego-komitetu-ds-bezpieczenstwa-narodowego-i-spraw-obronnych-jaroslawa-kaczynskiego2,System / ideology; National power; International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,4,2021-06-09 00:00:00; 2021-09-24 00:00:00; 2022-09-30 00:00:00; 2021-09-01 00:00:00,EU member states: Stabilizing measures; EU: Stabilizing measures; EU member states: Executive reactions; State Actors: Cooperative measures,Statements by heads of state/head of government (or executive official); Declaration of HR; Resignation; Diplomatic protest notes,Poland; EU (region); Poland; Germany,"Michał Dworczyk (Chief of Staff, POL); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Michał Dworczyk (Chief of Staff, POL); Miguel Berger (State Secretary, DEU)",No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.spiegel.de/politik/deutschland/russischer-hack-erneute-attacke-hack-auf-bundestag-sieben-abgeordnete-betroffen-a-75e1adbe-4462-4e30-bd94-96796aed6b8a; https://www.thefirstnews.com/article/parliament-email-accounts-also-hacked-in-recent-cyber-attack-23025; https://www.reuters.com/world/europe/cyber-attack-polish-officials-came-russia-kaczynski-says-2021-06-18/; https://www.bleepingcomputer.com/news/security/eu-officially-blames-russia-for-ghostwriter-hacking-activities/; https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/unc1151-ghostwriter-update-report.pdf; https://therecord.media/eu-formally-blames-russia-for-ghostwriter-hack-and-influence-operation/; https://www.bleepingcomputer.com/news/security/german-parliament-targeted-again-by-russian-state-hackers/; https://www.consilium.europa.eu/en/press/press-releases/2021/09/24/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-respect-for-the-eu-s-democratic-processes/; https://www.dw.com/en/germany-warns-russia-over-cyberattacks-ahead-of-election/a-59101191; https://www.securityweek.com/poland-target-unprecedented-cyber-attacks-govt; https://www.mandiant.com/resources/blog/unc1151-linked-to-belarus-government; https://www.cyberscoop.com/unc1151-belarus-russia-influence-ops/; https://www.faz.net/aktuell/politik/ausland/hackerangriff-in-polen-mails-vom-falschen-konto-17394731.html; https://apnews.com/article/russia-ukraine-putin-poland-government-and-politics-6040a1a99cec0b3b0f76a7acbe52c790; https://polishnews.co.uk/michal-dworczyk-a-hacking-attack-on-an-e-mail-inbox-the-minister-issued-another-statement/; https://notesfrompoland.com/2021/06/09/polish-pms-chief-of-staff-confirms-his-email-account-hacked-after-documents-appear-on-telegram/; https://www.politico.eu/article/leaked-email-scandal-engulfs-poland-political-elite-mails-hacking/; https://www.consilium.europa.eu/en/press/press-releases/2021/09/24/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-respect-for-the-eu-s-democratic-processes/; https://www.gov.pl/web/premier/oswiadczenie-wiceprezesa-rady-ministrow-przewodniczacego-komitetu-ds-bezpieczenstwa-narodowego-i-spraw-obronnych-jaroslawa-kaczynskiego2; https://twitter.com/michaldworczyk/status/1402390155877552129?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1402390155877552129%7Ctwgr%5Eac4caa1372e3a3fd2e40d24b80a600ee5e66602c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fnotesfrompoland.com%2F2021%2F06%2F09%2Fpolish-pms-chief-of-staff-confirms-his-email-account-hacked-after-documents-appear-on-telegram%2F; https://www.gov.pl/web/sluzby-specjalne/findings-regarding-hacker-attacks; https://www.statecraft.co.in/article/germany-accuses-russia-of-cyberattacks-and-disinformation-campaigns-ahead-of-election; https://www.gov.pl/web/sluzby-specjalne/atak-dezinformacyjny-na-polske; https://www.gov.pl/web/sluzby-specjalne/kolejny-atak-informacyjny-na-pl; https://www.gov.pl/web/premier/oswiadczenie-wiceprezesa-rady-ministrow-przewodniczacego-komitetu-ds-bezpieczenstwa-narodowego-i-spraw-obronnych-jaroslawa-kaczynskiego2; https://www.funkschau.de/sicherheit-datenschutz/generalbundesanwalt-ermittelt-nach-cyberangriffen-auf-abgeordnete.189623.html; https://twitter.com/SecBlinken/status/1441433540512690177; https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-stands-solidarity-eu-against-malicious-cyber-activity; https://therecord.media/poland-ukraine-ghostwriter-attacks-belarus; https://www.gov.pl/web/sluzby-specjalne/findings-regarding-hacker-attacks; https://www.reuters.com/world/europe/cyber-attack-polish-officials-came-russia-kaczynski-says-2021-06-18/,2022-08-15,2024-02-23
1275,Double Dragon: ShadowPad (Supply Chain),"Chinese state-sponsored hacking group APT41 injected malicious code into a software update of Netsarang. In the end the hacking group compromised one further target in Hong Kong, as the early detection and the following release of a software update free of malicious code prevented the infection of hundreds of companies.",2017-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,None - None,"Korea, Republic of; Hong Kong",ASIA; SCS; NEA - ASIA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,1,1503,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf; https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.kaspersky.com/about/press-releases/2017_shadowpad-how-attackers-hide-backdoor-in-software-used-by-hundreds-of-large-companies-around-the-world; https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf; https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf; https://www.bleepingcomputer.com/news/security/hackers-abuse-google-command-and-control-red-team-tool-in-attacks/,2022-08-15,2023-04-18
1276,Hornbill and Sunbird,Indian state-sponsored group hacked several targets during the India-Pakistan conflict.,2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Pakistan; United Arab Emirates; India,ASIA; SASIA; SCO - ASIA; MENA; MEA; GULFC - ASIA; SASIA; SCO,State institutions / political system; State institutions / political system; End user(s) / specially protected groups - State institutions / political system; State institutions / political system; End user(s) / specially protected groups - State institutions / political system; State institutions / political system; End user(s) / specially protected groups,Military; Election infrastructure / related systems;  - Military; Election infrastructure / related systems;  - Military; Election infrastructure / related systems; ,Confucius,India,"Non-state actor, state-affiliation suggested",,1,1504,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Confucius,India,"Non-state actor, state-affiliation suggested",https://de.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict,Territory; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/pro-india-hackers-use-android-spyware-to-spy-on-pakistani-military/; https://de.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict,2022-08-15,2022-11-13
1277,Operation GhostShell,"While investigating Operation GhostShell, which targeted the aerospace and telecommunications sectors in the Middle East, Europe, Russia, and the U.S., Cybereason found a new RAT called ShellClient and the previously unknown threat actor MalKamak. The group is attributed to Iran and also has possible ties to state-sponsored groups.",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,United States; Russia; Europe (region); Middle East (region),NATO; NORTHAM - EUROPE; EASTEU; CSTO; SCO -  - ,Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure,Transportation; Telecommunications - Transportation; Telecommunications - Transportation; Telecommunications - Transportation; Telecommunications,MalKamak,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1505,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MalKamak,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.cybereason.com/blog/research/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/hackers-use-stealthy-shellclient-malware-on-aerospace-telco-firms/; https://www.securityweek.com/iran-linked-malkamak-hackers-targeting-aerospace-telcos-shellclient-rat; https://www.cybereason.com/blog/research/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms,2022-08-15,2022-11-02
1278,Out to Sea,"IT-Researchers from ESET combined several previously discovered cyber-operations into the iranian cyber-espionage campaign ""Out to Sea"". The previously discovered cyber-operations were attributed to other groups at the time, namely Lyceum and Siamesekitten. IT-Reaseachers from ESET put these supposedly different groups together and attribute them to the known iranian state-sponsored hacking group OilRig. The last part of the cyber-campaign from September to December 2021 used an improved backdoor called Marlin.",2018-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,Israel; Tunisia; United Arab Emirates; Middle East (region); South Africa; Morocco; Saudi Arabia,ASIA; MENA; MEA - AFRICA; NAF; MENA - ASIA; MENA; MEA; GULFC -  - AFRICA; SSA - AFRICA; NAF; MENA - ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Energy; Health; Telecommunications;  - ; Energy; Health; Telecommunications;  - ; Energy; Health; Telecommunications;  - ; Energy; Health; Telecommunications;  - ; Energy; Health; Telecommunications;  - ; Energy; Health; Telecommunications;  - ; Energy; Health; Telecommunications; ,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1506,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://malware.news/t/deep-dive-into-the-lyceum-danbot-malware/36216; https://www.databreachtoday.com/threat-actor-adds-new-marlin-backdoor-to-its-arsenal-a-18524; https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign; https://securelist.com/lyceum-group-reborn/104586/; https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns; https://www.clearskysec.com/wp-content/uploads/2021/08/Siamesekitten.pdf; https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf; https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html,2022-08-15,2023-09-08
1279,Double Dragon: Crackshot backdoor (Supply-Chain),Chinese state-sponsored hacking group APT41 injected a backdoor into a Southeast and Eastasian video game developer.,2018-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,None - None,Southeast Asia (region); Eastern Asia (region), - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,1,1507,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf,2022-08-15,2023-01-02
1281,Dark Caracal II,"Dark Caracal, a Lebanese cyberespionage group, attacks multiple industries in several countries.",2019-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None - None - None - None - None - None - None,Singapore; Cyprus; Chile; Italy; United States; Turkey; Switzerland; India; Germany,ASIA - EUROPE; EU(MS); MEA - SOUTHAM - EUROPE; NATO; EU(MS) - NATO; NORTHAM - ASIA; NATO; MEA - EUROPE; WESTEU - ASIA; SASIA; SCO - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance - Government / ministries; Judiciary; Energy; Health; Food; Finance,Dark Caracal; General Security Directorate,Lebanon; Lebanon,State; Non-state-group; State; Non-state-group,; Terrorist(s); ; Terrorist(s),1,1509; 1509; 1509; 1509,2020-01-01 00:00:00; 2020-01-01 00:00:00; 2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,; ; ; ,; ; ; ,Dark Caracal; Dark Caracal; General Security Directorate; General Security Directorate,Lebanon; Lebanon; Lebanon; Lebanon,State; Non-state-group; State; Non-state-group,https://research.checkpoint.com/2020/bandook-signed-delivered/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/111617/apt/dark-caracal-still-active.html; https://www.scmagazine.com/news/security-news/bandook-malware-found-targeting-unusually-wide-variety-of-industries-regions; https://research.checkpoint.com/2020/bandook-signed-delivered/,2022-08-15,2023-07-17
1290,Anonymous takes down website of the Police Uganda,Uganda Police has been attacked by Anonymous hacktivists in the cours of protests after the arrest of pop star Robert Kyagulanyi Ssentamu alias Bobi Wine.,2020-11-20,2020-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,,Uganda,AFRICA; SSA,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1518,2020-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://www.infosecurity-magazine.com/news/anonymous-hacks-uganda-police/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://redpepper.co.ug/2020/11/cyber-attacks-anonymous-hack-uganda-police-website-in-wake-of-bobi-wine-city-riots/; https://www.infosecurity-magazine.com/news/anonymous-hacks-uganda-police/,2022-08-15,2022-11-02
1282,Arid Viper: Phenakite,"Arid Viper attackes government officials, student groups, and security forces.",2019-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Palestine,ASIA; MENA; MEA,State institutions / political system; Social groups; State institutions / political system; State institutions / political system,Government / ministries; Advocacy / activists (e.g. human rights organizations); Military; Political parties,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Hamas,Palestine; Palestine,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,17152; 17152,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,Not available; Not available,,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang; Hamas,Palestine; Palestine,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf,Subnational predominance,Subnational predominance,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.zdnet.com/article/facebook-uncovers-palestinian-government-officials-targeted-with-malware/; https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf,2022-08-15,2024-02-15
1283,Belgian interior ministry hack,The Belgian interior ministry was hacked in April 2019 by an unknown hacker group.,2019-04-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Belgium,EUROPE; EU(MS); NATO; WESTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1511,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibz.be/fr/system/files/attachments/press/press-kit/cp-spf-ibz.pdf; https://www.standaard.be/cnt/dmf20210525_96103510; https://www.tijd.be/politiek-economie/belgie/federaal/binnenlandse-zaken-twee-jaar-lang-ongemerkt-gehackt/10308489.html; https://therecord.media/belgium-government-discovers-old-2019-hack-during-hafnium-investigation/,2022-08-15,2022-11-14
1284,Fancy Bear Global Brute Force,"From 2019 to 2021, Fancy Bear conducted a global brute force campaign targeting the government and private sector.",2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None,United States; Global (region); Europe (region),NATO; NORTHAM -  - ,State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science; Critical infrastructure; Critical infrastructure,Government / ministries; Energy; Other social groups; ; ; ; Transportation; Defence industry - Government / ministries; Energy; Other social groups; ; ; ; Transportation; Defence industry - Government / ministries; Energy; Other social groups; ; ; ; Transportation; Defence industry,,Russia,"Non-state actor, state-affiliation suggested",,1,14694,2021-07-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,National Security Agency (NSA),Not available,United States,,Russia,"Non-state actor, state-affiliation suggested",https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF; https://www.bleepingcomputer.com/news/security/nsa-russian-gru-hackers-use-kubernetes-to-run-brute-force-attacks/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/nsa-russian-gru-hackers-use-kubernetes-to-run-brute-force-attacks/; https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF; https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-defense-orgs-in-password-spray-attacks/,2022-08-15,2023-12-04
1285,"APT FamousSparrow spied on hotels, but also government organizations and other targets worldwide since 2019","The new cyber espionage group FamousSparrow, active since at least 2019, exploited the already known ProxyLogon vulnerability in early March 2021. The group's main targets are hotels in particular, but also government organizations, engineering firms, as well as law firms worldwide.",2019-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available - Not available,France; Guatemala; Israel; Brazil; Canada; Lithuania; Taiwan; Burkina Faso; South Africa; Saudi Arabia,EUROPE; NATO; EU(MS); WESTEU - CENTAM - ASIA; MENA; MEA - SOUTHAM - NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - ASIA; SCS - AFRICA; SSA - AFRICA; SSA - ASIA; MENA; MEA; GULFC,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,FamousSparrow,Unknown,Unknown - not attributed,,1,13828,2021-09-23 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovenia,FamousSparrow,Unknown,Unknown - not attributed,https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://threatpost.com/famoussparrow-spy-hotels-governments/174948/; https://www.bleepingcomputer.com/news/security/hacking-group-used-proxylogon-exploits-to-breach-hotels-worldwide/; https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/; https://thehackernews.com/2023/08/chinese-hacking-group-exploits.html; https://thehackernews.com/2023/08/earth-estries-espionage-campaign.html; https://therecord.media/mgm-resorts-offline-after-cyberattack,2022-08-15,2023-10-23
1286,Exim Mail Transfer Agent - May 2020,"Russian hacking group Sandworm, respectively the Russian intelligence service GRU, exploited a bug in Exim Mail Transfer Agent in order to send emails, which automatically provide root privileges in the receiving computer. Although this bug was patched in June 2019, at least one month before the hack started, unknown receivers who did not patch their computers got hit.",2019-08-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Hijacking without Misuse,None - None,Unknown; United Kingdom, - EUROPE; NATO; EU(MS); NORTHEU,Unknown - Unknown, - ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia,State; State,,1,3224; 3224,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by third-party; Attribution by third-party,,Not available; Not available,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia,State; State,https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://arstechnica.com/information-technology/2020/05/russian-hackers-are-exploiting-bug-that-gives-control-of-us-servers/; https://techmonitor.ai/techonology/cybersecurity/exim-vulnerability-nsa-sandworm; https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf; https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html; https://www.darkreading.com/cloud/patch-confusion-critical-exim-bug-email-servers-risk,2022-08-15,2023-10-02
1287,Pipemon (Supply Chain),Chinese state-sponsored hacking group APT41 injected malicious code into the game executables of video gaming companies based in South Korea and Taiwan.,2019-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,None - None,"Korea, Republic of; Taiwan",ASIA; SCS; NEA - ASIA; SCS,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), - ,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1515,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/deutsch/2020/05/21/winnti-pipemon/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/103612/malware/winnti-pipemon-backdoor.html; https://www.welivesecurity.com/deutsch/2020/05/21/winnti-pipemon/,2022-08-15,2022-11-02
1288,WIRTE Middle East,"Kaspersky attributed a hacking campaign, targeting especially government and diplomatic entities, in the Middle East to WIRTE. Furthermore, it assesses with low confidence that WIRTE is associated with the Gaza Cybergang, which is a Palestinian non-state hacking group affiliated with Hamas.",2019-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None,Armenia; Cyprus; Egypt; Jordan; Syria; Palestine; Turkey; Lebanon,ASIA; CENTAS; CSTO - EUROPE; EU(MS); MEA - MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; NATO; MEA - ASIA; MENA; MEA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); State institutions / political system; State institutions / political system,Government / ministries; Finance; ; Military;  - Government / ministries; Finance; ; Military;  - Government / ministries; Finance; ; Military;  - Government / ministries; Finance; ; Military;  - Government / ministries; Finance; ; Military;  - Government / ministries; Finance; ; Military;  - Government / ministries; Finance; ; Military;  - Government / ministries; Finance; ; Military; ,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,Terrorist(s),1,17242,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Palestine,Non-state-group,https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/stealthy-wirte-hackers-target-governments-in-the-middle-east/; https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044/; https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html,2022-08-15,2024-02-28
1289,GCHQ disrupts russian anti-vaccine propaganda,UK answers Russian anti-vaccine propaganda through an offensive cyb-eroperation.,2020-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,,GCHQ,United Kingdom,State,,1,1517,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,GCHQ,United Kingdom,State,https://www.theregister.com/2020/11/09/gchq_hacks_russia_vaccine_disinfo/,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thetimes.co.uk/article/gchq-in-cyberwar-on-anti-vaccine-propaganda-mcjgjhmb2; https://www.theregister.com/2020/11/09/gchq_hacks_russia_vaccine_disinfo/,2022-08-15,2022-11-02
1313,Phishing campaign against EMEA and APAC governments,"In a large-scale campaign, various government departments in APAC and EMEA countries, such as Ukraine, Turkey, Russia or Pakistan, became victims of phishing. IT company Cyjax sees similarities in the campaign to an operation against Ukraine at the beginning of the COVID-19 pandemic, attributed to the groups UNC1151 and Hades.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,Uzbekistan; Azerbaijan; Belarus; China; Georgia; Kyrgyzstan; Pakistan; Russia; Turkey; Ukraine,ASIA; CENTAS; CSTO; SCO - ASIA; CENTAS - EUROPE; EASTEU; CSTO - ASIA; SCS; EASIA; NEA; SCO - ASIA; CENTAS - ASIA; CENTAS; CSTO; SCS - ASIA; SASIA; SCO - EUROPE; EASTEU; CSTO; SCO - ASIA; NATO; MEA - EUROPE; EASTEU,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Science,Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications;  - Government / ministries; Judiciary; Military; Intelligence agencies; Water; Transportation; Telecommunications; ,,Unknown,"Non-state actor, state-affiliation suggested",,1,1545,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/122401/hacking/phishing-emea-apac-governments.html; https://www.cyjax.com/2021/09/16/emea-and-apac-governments-targeted-in-widespread-credential-harvesting-campaign/; https://www.securityweek.com/ongoing-phishing-campaign-targets-apac-emea-governments,2022-08-15,2022-11-02
1315,Operation Armor Piercer,"Operation Armor Piercer used NetwireRAT and WarzoneRAT (aka Ave Maria) to launch a campaign against Indian government and military personnel. According to Cisco Talos, the strategy is very similar to that of the APTs Transparent Tribe and SideCopy.",2020-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Military,,Unknown,Unknown - not attributed,,1,1547,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/threat-actor-targets-indian-government-commercial-rats; https://government.economictimes.indiatimes.com/news/governance/operation-armor-piercer-targets-cyber-attacks-to-gain-access-to-govt-and-defence-info-steps-to-ensure-end-to-end-security/86477780; https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html,2022-08-15,2022-11-02
1359,Belarusian Cyber Partisans: Data hacked and leaked - 2021,"A Belarusian hacking group called Cyberpartians has hacked the country's passport system and obtained data on millions of Belarusians, including high-profile figures. Also, data was published confirming that the COVID-19 death rate was in reality 14 times higher than reported by the authorities. Within the following weeks, the group publishes large portions of the stolen data, claiming that it is intended to overthrow Lukashenko's regime.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,Belarus,EUROPE; EASTEU; CSTO,State institutions / political system,Police,Belarusian Cyber Partians,Belarus,Non-state-group,Hacktivist(s),1,2403,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Belarusian Cyber Partians,Belarus,Non-state-group,https://www.currenttime.tv/a/smertnost-v-belarusi/31401342.html; https://www.currenttime.tv/a/hakery-vzlomali-pasporta/31385554.html,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://24.kg/english/202799_Passport_system_of_Belarus_hacked_Kurmanbek_Bakiyevs_data_found/; https://www.databreaches.net/lukashenko-hid-the-real-data-of-covid-19-mortality-a-cyber-attack-has-revealed-figures-about-14-times-higher/; https://www.currenttime.tv/a/smertnost-v-belarusi/31401342.html; https://www.currenttime.tv/a/hakery-vzlomali-pasporta/31385554.html; https://therecord.media/how-belarusian-hacktivists-are-using-digital-tools-to-fight-back/,2022-08-15,2022-11-02
1316,Roshan attack,"Afghan telecommunications company Roshan was attacked by four different Chinese state-sponsored APT groups between July 2020 and September 2021. These are the RedFoxtrot and Calypso groups, as well as two other groups that have not yet been assigned to any existing group, but which used the Winnti and PlugX backdoors for their attacks.",2020-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Afghanistan,ASIA; SASIA,Critical infrastructure,Telecommunications,"RedFoxtrot (PLA, Unit 69010); Calypso",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1548; 1548,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"RedFoxtrot (PLA, Unit 69010); Calypso",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.recordedfuture.com/chinese-APT-groups-target-afghan-telecommunications-firm/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/suspected-chinese-state-linked-threat-actors-infiltrated-major-afghan-telecom-provider/; https://www.redpacketsecurity.com/threat-actors-from-china-infiltrated-a-major-afghan-telecom-provider/; https://www.recordedfuture.com/chinese-APT-groups-target-afghan-telecommunications-firm/,2022-08-15,2022-11-02
1340,Update Pulse Secure VPN Chinese Espionage,UNC2630 und UNC2717 installed new malware strains on the compromised network of several US and EU government organizations,2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,United States; Europe (region),NATO; NORTHAM - ,State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Transportation; Finance; Defence industry;  - Government / ministries; Transportation; Finance; Defence industry; ,UNC2630; UNC2717,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1578; 1578,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,UNC2630; UNC2717,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/chinese-cyberspies-are-targeting-us-eu-orgs-with-new-malware/; https://cyware.com/news/chinese-cyberspies-unc2630-targeting-us-and-eu-organizations-d94ac724; https://www.mandiant.com/resources/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices; https://www.bleepingcomputer.com/news/security/cisa-critical-ivanti-auth-bypass-bug-now-actively-exploited/,2022-08-15,2024-01-19
1341,Pulse Secure VPN: New York Metropolitan Transportation Authority (MTA),Chinese state-sponsored group hacked New York City's Metropolitan Transportation Authority (MTA) by using a Pulse Secure zero-day.,2021-04-01,2021-04-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Hijacking without Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Transportation,UNC2630; UNC2717,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,1579; 1579; 1580; 1580,2021-01-01 00:00:00; 2021-01-01 00:00:00; 2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,; ; ; ,; ; ; ,; ; ; ,UNC2630; UNC2717; UNC2630; UNC2717,China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day; https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day; https://www.bleepingcomputer.com/news/security/chinese-threat-actors-hacked-nyc-mta-using-pulse-secure-zero-day/; https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html,2022-08-15,2023-01-23
1342,Mustang Panda hacked Myanmar president’s office,Chinese state-sponsored group Mustang Panda hacked Myanmar president’s office in June 2021.,2021-01-01,2021-06-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Myanmar,ASIA; SEA,State institutions / political system,Government / ministries,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",,1,1581,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Mustang Panda/RedDelta/Bronze President/Stately Taurus/Earth Preta/TA416/HoneyMyte/Camaro Dragon,China,"Non-state actor, state-affiliation suggested",https://twitter.com/ESETresearch/status/1400165767488970764,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://decoded.avast.io/threatresearch/avast-q4-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2022-threat-report; https://thehackernews.com/2024/01/china-linked-hackers-target-myanmars.html; https://therecord.media/backdoor-malware-found-on-the-myanmar-presidents-website-again/; https://cyberintelmag.com/malware-viruses/backdoor-planted-on-the-myanmar-presidents-website/; https://twitter.com/ESETresearch/status/1400165767488970764; https://twitter.com/780thC/status/1621464181152141312; https://twitter.com/Cyber_O51NT/status/1621313406367309825,2022-08-15,2023-03-13
1343,Russian spear-phishing campaign against Ukraine,"Russian intelligence services target Ukrainian government and private sector via spear-phishing campaign. The Computer Emergency Response Team for Ukraine has reported a spearphishing campaign against Ukrainian government and private email addresses in March 2022 to steal documents and credentials, as well as to obtain access to infected devices.",2021-06-01,2021-06-06,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,,Russia,State,,1,2610,2021-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Russia,State,https://therecord.media/ukraine-warns-of-massive-russian-spear-phishing-campaign/; https://ssu.gov.ua/novyny/sbu-zablokuvala-masovu-kiberataku-spetssluzhb-rf-na-kompiuterni-merezhi-ukrainskykh-orhaniv-vlady; https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://therecord.media/ukraine-warns-of-massive-russian-spear-phishing-campaign/; https://ssu.gov.ua/novyny/sbu-zablokuvala-masovu-kiberataku-spetssluzhb-rf-na-kompiuterni-merezhi-ukrainskykh-orhaniv-vlady; https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/,2022-08-15,2022-11-02
1344,New York City's Law Department disruption,Unknown hacker hacked New York City's Law Department in June.,2021-06-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1583,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.usnews.com/news/best-states/new-york/articles/2021-06-08/nycs-1-000-lawyer-law-department-targeted-by-cyberattack; https://www.nytimes.com/2021/06/18/nyregion/nyc-law-department-hack.html,2022-08-15,2022-11-02
1345,IndigoZebra vs. Afghan government,"In 2021, the Chinese hacking group IndigoZebra impersonated the Afghan president in spear-phishing emails to infiltrate the National Security Council. This cyber attack is part of a larger campaign across Central Asia since 2014, particularly against Kyrgyzstan and Uzbekistan.",2021-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Afghanistan,ASIA; SASIA,State institutions / political system,Government / ministries,IndigoZebra,China,Unknown - not attributed,,1,1584,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,IndigoZebra,China,Unknown - not attributed,https://blog.checkpoint.com/2021/07/01/cyber-espionage-on-afghanistan-kyrgyzstan-and-uzbekistan-by-chinese-speaking-hacker-group/; https://www.voanews.com/a/east-asia-pacific_voa-news-china_chinese-hackers-attacked-afghan-council-network-cybersecurity/6207719.html,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/apt-trends-report-q2-2017/79332/; https://www.zdnet.com/article/chinese-hacking-group-impersonates-afghan-president-to-infiltrate-government-agencies/; https://blog.checkpoint.com/2021/07/01/cyber-espionage-on-afghanistan-kyrgyzstan-and-uzbekistan-by-chinese-speaking-hacker-group/; https://www.voanews.com/a/east-asia-pacific_voa-news-china_chinese-hackers-attacked-afghan-council-network-cybersecurity/6207719.html,2022-08-15,2022-11-02
1346,State DDoS attacks on Philippine media outlets and human rights group,NGO Qurium Media Foundation links DDoS attacks on the alternative media outlets Bulatlat and Altermidya and the human rights group Karapatan with the Department of Science and Technology (DOST) and the Philippine Army.,2021-05-17,2021-06-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,Philippines,ASIA; SCS; SEA,Social groups; Media,Advocacy / activists (e.g. human rights organizations); ,Department of Science and Technology (DOST); Philippine Army,Philippines; Philippines,State; State,,1,1585; 1585,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Department of Science and Technology (DOST); Philippine Army,Philippines; Philippines,State; State,https://www.qurium.org/alerts/philippines/attacks-against-media-in-the-philippines-continue/,National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.qurium.org/press-releases/investigation-of-ddos-attacks-against-independent-media-shows-links-to-philippine-government-and-army/; https://www.theregister.com/2021/07/02/ddos_attack_philippines_dost/; https://www.qurium.org/alerts/philippines/attacks-against-media-in-the-philippines-continue/; https://therecord.media/investigation-links-ddos-attack-on-filipino-media-outlets-to-government-agencies/,2022-08-15,2022-11-02
1347,Cozy Bear breached  Republican National Committee,"Cozy Bear should have breached the computer systems of the Republican National Committee (RNC), according to two people familiar with the matter. The attack took place at the same time as a ransomware attack. The RNC denies being a victim of the attack and points out that Synnex Corp. was attacked, whose accounts the RNC uses.",2021-06-28,2021-07-04,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,,United States,NATO; NORTHAM,State institutions / political system,Political parties,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,,1,3797,2021-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,https://www.infosecurity-magazine.com/news/kremlin-breached-republican/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee; https://fortune.com/2021/07/06/russia-cozy-bear-rnc-ransomware/; https://www.securitymagazine.com/articles/95614-gop-allegedly-hacked-by-apt29-known-as-cozy-bear; https://www.infosecurity-magazine.com/news/kremlin-breached-republican/,2022-08-15,2022-12-02
1348,Indian Cyber Troops vs. Sindh High Court,"The hacker group ""Indian Cyber Troops"" hacked the official website of the Sindh High Court and shared several pictures on the website.",2021-07-04,2021-07-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Judiciary,Indian Cyber Troops,India,Unknown - not attributed,,1,1587,2021-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,Indian Cyber Troops,India,Unknown - not attributed,https://arynews.tv/indian-hackers-sindh-high-court-website/,System / ideology,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.techjuice.pk/sindh-high-court-website-hacked-by-indian-hackers/; https://arynews.tv/indian-hackers-sindh-high-court-website/,2022-08-15,2022-11-02
1349,Georgia's vaccine registration page disrupted,The vaccine registration page of Georgia's Ministry of Health was disrupted for a day.,2021-07-03,2021-07-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,,Georgia,ASIA; CENTAS,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1588,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ekhokavkaza.com/a/31339291.html; https://tass.ru/obschestvo/11819249?utm_source=databreaches.net&utm_medium=referral&utm_campaign=databreaches.net&utm_referrer=databreaches.net; https://agenda.ge/en/news/2021/1832,2022-08-15,2022-11-02
1350,Predatory Sparrow targeted Iran's rail network with series of wipers in July 2021,"A series of wipers led to delays and cancellations of trains of the Iran rail network in early July 2021. In addition, there were disruptions to the website of the transport and urbanisation ministry and of the national railways and cargo services. The phone number of Iran's supreme leader was displayed on the electronic display boards.",2021-07-09,2021-07-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system; Critical infrastructure,Government / ministries; Transportation,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Unknown,Non-state-group,Hacktivist(s),1,16568,2021-07-09 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Not available,Not available,"Gonjeshke Darande = Predatory Sparrow/Indra (Israeli Defence Forces, Unit 8200)",Unknown,Non-state-group,https://kayhan.london/1400/04/18/247666/,Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://old.iranintl.com/en/iran-in-brief/possible-cyberattack-disrupts-irans-rail-network-fars; https://www.reuters.com/world/middle-east/hackers-breach-iran-rail-network-disrupt-service-2021-07-09/; https://www.theguardian.com/world/2021/jul/11/cyber-attack-hits-irans-transport-ministry-and-railways; https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/; https://thehackernews.com/2023/04/iranian-government-backed-hackers.html; https://securityaffairs.com/144996/apt/mint-sandstorm-targeted-us-critical-infrastructure.html; https://www.sentinelone.com/labs/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/; https://kayhan.london/1400/04/18/247666/; https://blog.scadafence.com/the-iran-steel-industry-cyber-attack-explained,2022-08-15,2024-01-26
1351,Operation SpoofedScholars,"Iran-linked actor TA453 imitates British scholars to obtain sensitive data from professors, Middle East experts, as well as journalists.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United Kingdom,EUROPE; NATO; NORTHEU,Social groups; Media; Science,Other social groups; ; ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1590,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453,National power; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453; https://www.securityweek.com/iranian-hackers-impersonate-british-scholars-recent-campaign,2022-08-15,2023-03-31
1352,Safari zero-day exploited by Russian government-backed actor,"A Russian government-backed actor exploited the CVE-2021-1879 WebKit/Safari flaw by sending western European government officials malicious links. While Google does not mention the name of a specific threat group, Microsoft is certain that the campaign was carried out by the hacking group Nobelium.",2021-01-28,2021-05-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Western Europe,,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,,1,1591; 1591,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/; https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/google-russian-svr-hackers-targeted-linkedin-users-with-safari-zero-day/; https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/; https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/; https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-growing-goldmine-your-linkedin-data-abused-for-cybercrime,2022-08-15,2023-03-29
1353,Moldova's Court of Accounts,"Public databases and audits were destroyed in a cyberattack by an unknown attacker on the website of the Moldovan Court of Accounts. The institution shut down the website to ensure an investigation and recovery of the data. The cyberattack coincides with the new Moldova president coming to power, but it's still unclear whether that had anything to do with it.",2021-07-15,2021-07-15,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,"Moldova, Republic of",EUROPE; EASTEU,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1592,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.moldpres.md/en/news/2021/07/15/21005099; https://cyberintelmag.com/attacks-data-breaches/on-heels-of-elections-cyberattack-on-moldovas-court-of-accounts-destroyed-public-records/; https://www.bleepingcomputer.com/news/security/cyberattack-on-moldovas-court-of-accounts-destroyed-public-audits/,2022-08-15,2023-03-13
1354,APT31 targeting French organizations,"In a release, the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) warns French organizations of an attack campaign by Chinese APT31. The group is converting a network of compromised home routers into operational relay boxes to perform stealth reconnaissance and attacks via them.",2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,France,EUROPE; NATO; EU(MS); WESTEU,Unknown,,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1593,2021-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",https://cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003/; https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-013.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://securityaffairs.com/142452/apt/chinese-apts-targets-eu.html; https://twitter.com/RecordedFuture/status/1626633928327954434; https://securityaffairs.com/142698/breaking-news/security-affairs-newsletter-round-408-by-pierluigi-paganini.html; https://twitter.com/shanvav/status/1656800405286789120; https://intrusiontruth.wordpress.com/2023/05/16/introducing-cheng-feng/; https://www.bankinfosecurity.com/chinese-apt-group-attacks-french-organizations-a-17124#:~:text=APT%2031%2C%20a%20China%2Dlinked,Agency%20of%20France%2C%20or%20ANSSI.; https://securityaffairs.co/wordpress/120392/apt/anssi-warns-apt31-attacks.html; https://www.bleepingcomputer.com/news/security/france-warns-of-apt31-cyberspies-targeting-french-organizations/; https://cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003/; https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-013.pdf; https://www.cyberscoop.com/china-midterms-elections-influence-nord-hacking/",2022-08-15,2024-02-07
1355,LINE hack,"The Liberty Times news agency reports a hack on the instant messaging platform LINE in which the accounts of more than 100 Taiwanese politicians, military personnel, county mayors and political and opposition parties were attacked. In the process, the encryption function to protect messages was disabled for those affected.",2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,,Taiwan,ASIA; SCS,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Civil service / administration; Military; Political parties,,Unknown,Unknown - not attributed,,1,1594,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/line-accounts-for-more-than-100-taiwanese-politicians-were-hacked/; https://taipeitimes.com/News/front/archives/2021/07/29/2003761652; https://news.ltn.com.tw/news/politics/paper/1463246; https://www.taiwannews.com.tw/en/news/4259770; https://linecorp.com/zh-hant/pr/news/zh-hant/2021/3841,2022-08-15,2022-11-02
1356,Russian cyberspies vs. Slovak government - 2021,"Between February and July, members of the Slovak government were victims of spear phishing campaigns. The two Slovak security companies ESET and IstroSec attributed the Russian group Dukes/Nobelium/APT29 as the attackers. After these attacks were made public, other campaigns against officials in 13 other European countries were uncovered.",2021-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,None - None - None,Slovakia; Czech Republic; Europe (region),EUROPE; NATO; EU(MS); EASTEU - EUROPE; NATO; EU(MS); EASTEU - ,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries;  - Government / ministries;  - Government / ministries; ,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,,1,4795; 4795,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,https://www.istrosec.com/blog/apt-sk-cobalt/; https://twitter.com/ESETresearch/status/1426204524553846785,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://therecord.media/russian-cyberspies-targeted-slovak-government-for-months/; https://www.secureblink.com/cyber-security-news/cyberspies-linked-to-russian-intelligent-forces-targeted-slovak-government-via-phishing-campaigns; https://www.istrosec.com/blog/apt-sk-cobalt/; https://twitter.com/ESETresearch/status/1426204524553846785,2022-08-15,2022-11-30
1357,Pakistan FBR,"Unknown hackers attacked the Federal Board of Revenue (FBR) and disrupted websites on Pakistan's Independence Day (August 14). In addition, the hackers sold the FBR's network access for $26,000 via a Russian cybercrime forum.",2021-08-01,2021-08-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Police,,Unknown,Unknown - not attributed,,1,1596,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.aboutpakistan.com/news/network-access-to-fbr-sold-on-russian-forum/; https://tribune.com.pk/story/2315712/fbr-reels-under-a-major-cyberattack; https://www.hackread.com/network-access-pakistans-top-fbr-russian-forum/,2022-08-15,2022-11-02
1358,Cybersecurity Atlas project,A copy of the internal database of the European Commission's Cybersecurity Atlas was offered for sale by an unknown seller on a forum.,2021-01-01,2021-08-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Hijacking with Misuse,,EU (institutions),,International / supranational organization,,,Unknown,Unknown - not attributed,,1,1597,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://cyberthreatintelligence.com/news/eu-authorities-are-investigating-the-hacking-of-their-cybersecurity-atlas-project/; https://therecord.media/eu-officials-investigating-breach-of-cybersecurity-atlas-project/,2022-08-15,2023-04-20
1339,Hacktivists target end users in Sri Lanka,Hacktivist group attacked multiple of Sri Lankans (.klm) websites.,2021-02-06,2021-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim; Incident disclosed by attacker,Disruption,,Sri Lanka,ASIA; SASIA,Unknown; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,; ; ,,Unknown,Non-state-group,Hacktivist(s),1,1577,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,https://www.zdnet.com/article/hacktivists-deface-multiple-sri-lankan-domains-including-google-lk/,System / ideology,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/hacktivists-deface-multiple-sri-lankan-domains-including-google-lk/,2022-08-15,2022-11-02
1338,Israeli Elector app hack,The Israeli Elector app has been hacked and the personal details of 6.5 million Israeli voters has been published online the day before election day.,2021-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,State institutions / political system; State institutions / political system; End user(s) / specially protected groups,Political parties; Election infrastructure / related systems; ,,Unknown,Unknown - not attributed,,2,1576; 1575,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity; Media-based attribution,,,,,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,"https://www.calcalist.co.il/internet/articles/0,7340,L-3791595,00.html; https://www.calcalistech.com/ctech/articles/0,7340,L-3900876,00.html",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://securityaffairs.co/wordpress/115918/hacking/israeli-voters-leak.html; https://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html; https://www.timesofisrael.com/personal-details-of-all-israeli-voters-again-leaked-online-day-before-election/; https://www.calcalist.co.il/internet/articles/0,7340,L-3791595,00.html; https://www.calcalistech.com/ctech/articles/0,7340,L-3900876,00.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html",2022-08-15,2024-02-19
1337,Pro-Trump retaliation: Liker.com leak,Hacktivists hacked the anti-Trump social Network Liker.com and around 400 records are leaked.,2021-03-09,2021-03-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim; Incident disclosed by attacker,Data theft; Disruption,,Unknown,,Social groups,Political opposition / dissidents / expats,,Unknown,Non-state-group,Hacktivist(s),2,1574; 1573,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,,Unknown; Unknown,Non-state-group; Non-state-group,https://www.zataz.com/liker-com-lanti-trump-pirate/; https://thecount.com/2021/03/16/was-liker-hacked/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zataz.com/liker-com-lanti-trump-pirate/; https://thecount.com/2021/03/16/was-liker-hacked/,2022-08-15,2023-10-24
1326,Myanmar hacktivists disrupt government websites,"Myanmar Hackers hacked against several government websites such as the Central Bank, Myanmar Military’s propaganda page, state-run broadcaster MRTV, the Port Authority, Food and Drug Administration.",2021-02-18,2021-02-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,,Myanmar,ASIA; SEA,State institutions / political system; Critical infrastructure; Media; State institutions / political system; State institutions / political system; Critical infrastructure,"Military; Finance; ; Civil service / administration; Other (e.g., embassies); Transportation",Myanmar Hackers,Myanmar,Non-state-group,Hacktivist(s),1,6261,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Myanmar Hackers,Myanmar,Non-state-group,https://www.thehindu.com/news/international/anti-coup-hackers-target-myanmar-government-sites/article33873582.ece,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.securityweek.com/hackers-target-myanmar-government-websites-coup-protest; https://www.thehindu.com/news/international/anti-coup-hackers-target-myanmar-government-sites/article33873582.ece,2022-08-15,2023-01-31
1317,Lazarus vs. security researchers,"Since 2020, APT Lazarus has been targeting security researchers using a Trojanized version of the IDA Pro application. In its tweet, IT company ESET links the campaign to reports from Microsoft and Google of attacks on security researchers.",2020-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,Unknown,,Science,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1549,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://twitter.com/ESETresearch/status/1458438155149922312,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/124630/apt/lazarus-trojanized-ida-pro.html; https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-researchers-with-trojanized-ida-pro/; https://twitter.com/cherepanov74/status/1458438939027591168; https://twitter.com/ESETresearch/status/1458438155149922312; https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html; https://www.bleepingcomputer.com/news/security/fake-zero-day-poc-exploits-on-github-push-windows-linux-malware/; https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/; https://www.darkreading.com/threat-intelligence/north-korean-hackers-target-security-researchers-again; https://www.bleepingcomputer.com/news/security/google-state-hackers-attack-security-researchers-with-new-zero-day/; https://arstechnica.com/security/2023/09/north-korea-backed-hackers-target-security-researchers-with-0-day/,2022-08-15,2024-03-06
1318,Pegasus Spyware used to hack journalists and civil society in El Salvador by the Salvadorian government from July 2020,"Project Torogoz: Citizenlab determines that the smartphones of 35 journalists and members of civil society from El Salvador have been hacked with a version of the Pegasus spyware by the Salvadorian government from July 2020 until November 2021. On November 30th 2022, 15 members of El Faro filed suit against the Israel-based surveillance company NSO Group in U.S. federal court for allegedly designing and deploying the spyware Pegasus to infiltrate the phones of 22 members of the news organization. ",2020-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,El Salvador,CENTAM,Social groups; Media; Social groups,Advocacy / activists (e.g. human rights organizations); ; Other social groups,Government of El Salvador,El Salvador,State,,2,6687; 6686,2022-11-30 00:00:00; 2022-01-01 00:00:00,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker; Attribution by third-party,"Members of ""El Faro""; ",Not available; Not available,El Salvador; ,Government of El Salvador; ,El Salvador; El Salvador,State; State,https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/; https://www.darkreading.com/application-security/newsroom-sues-nso-group-for-pegasus-spyware,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Other,,,,https://cyberscoop.com/google-governments-need-to-do-more-to-combat-commercial-spyware/; https://therecord.media/el-salvador-journalists-hacked-with-nsos-pegasus-spyware/; https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/; https://www.darkreading.com/application-security/newsroom-sues-nso-group-for-pegasus-spyware,2022-08-15,2023-03-13
1319,Iranian telecom disruption,Iran's Internet was shut down for hpurs on the 8th of February 2020. The head of the civil defense Gholam-Reza Jalali accused Washington of retaliation for the downing of an U.S. unmanned drone an missile attacks on Iraq's Ain al-Assad US military base by Iran.,2020-02-08,2020-02-08,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Critical infrastructure,Telecommunications,,United States,State,,1,1551,2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Contested attribution,,,,,United States,State,https://www.cpomagazine.com/cyber-security/massive-ddos-attack-shuts-down-irans-internet-tehran-blames-washington/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://netblocks.org/reports/internet-shutdown-in-iran-following-reported-cyber-attack-18lJVDBa; https://www.forbes.com/sites/daveywinder/2020/02/09/powerful-iran-cyber-attack-takes-down-25-of-national-internet/?sh=77ae48d620dc; https://www.cpomagazine.com/cyber-security/massive-ddos-attack-shuts-down-irans-internet-tehran-blames-washington/,2022-08-15,2022-11-02
1320,Shahid Rajaee port,The israeli state disrupted the computer systems of the Shahid Rajaee port in Iran causing traffic jams and ship delayments for a short time until it switched to manual managment. Israeli defense minister Naftali Bennett pushed for the cyberattack after Iran tried to disrupt an israeli water facility on 24th of April.,2020-05-09,2020-05-09,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Disruption,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Critical infrastructure,Transportation,,Israel,State,,1,1552,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,,Israel,State,https://www.nytimes.com/2020/05/19/world/middleeast/israel-iran-cyberattacks.html,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html; https://www.aljazeera.com/news/2020/5/19/israel-cyberattack-caused-total-disarray-at-iran-port-report; https://www.nytimes.com/2020/05/19/world/middleeast/israel-iran-cyberattacks.html; https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/; https://thehackernews.com/2023/04/iranian-government-backed-hackers.html; https://securityaffairs.com/144996/apt/mint-sandstorm-targeted-us-critical-infrastructure.html; https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf,2022-08-15,2023-04-19
1321,Chinese cyber-campaign on Australia,"China is blamed to conduct a large-scale cyber-campaign against australian state entities and private organizations.  Australian prime minister Scott Morrison said that a state-based actor is responsible for the attack. The Australian Strategic Policy Institute, to be precise the executive director Peter Jennings, added that China is behind the cyber attack as it is the only country with the capabilities and interest to attack Australia.",2020-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Australia,OC,State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Social groups; Science,Government / ministries; Civil service / administration; Water; Health; Other social groups; ,,Unknown,State,,2,1553; 1554,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,Unknown; China,State; State,https://edition.cnn.com/2020/06/18/tech/australia-cyber-attack-intl-hnk/index.html,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyber.gov.au/sites/default/files/2020-12/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf; https://edition.cnn.com/2020/06/18/tech/australia-cyber-attack-intl-hnk/index.html; https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470,2022-08-15,2023-03-30
1322,MoonBounce,Chinese state-sponsored hacking group APT41 injected a backdoor into the Unified Extensible Firmware Interface (UEFI) which links the firmware of computer with the operationg system. The aim of the chinese proxies was to establish a foothold in the unknown targeted entities.,2020-03-14,2021-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,Unknown; Critical infrastructure,; Transportation,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1555,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/126998/apt/moonbounce-uefi-implant-apt41.html; https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/,2022-08-15,2022-11-02
1323,Antlion xPack,Chinese state-backed hacking group Antlion compromised and stole data from taiwanese financial institutions and manufacturers. The attackers managed to stay in the networks for 255 days without getting detected.,2020-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Taiwan,ASIA; SCS,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Finance; ,Antlion,China,"Non-state actor, state-affiliation suggested",,1,1556,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Antlion,China,"Non-state actor, state-affiliation suggested",https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/127592/breaking-news/antlion-backdoor-undetected-for-months.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks,2022-08-15,2023-02-01
1325,Anti-facist Israeli group hacks website of Ku Klux Klan (KKK),"Israeli hacktivists have attacked a website of the Patriotic Brigade Knights, which is a allied group of the white-supremacist Ku Klux Klan (KKK).",2021-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Disruption,,United States,NATO; NORTHAM,Social groups,Other social groups,Hayalim Almonim ,Israel,Non-state-group,Hacktivist(s),1,1558,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hayalim Almonim ,Israel,Non-state-group,https://www.jpost.com/diaspora/antisemitism/israeli-jewish-antifa-hacks-kkk-website-doxxes-members-657546,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/technology-55937133; https://www.jpost.com/diaspora/antisemitism/israeli-jewish-antifa-hacks-kkk-website-doxxes-members-657546,2022-08-15,2022-11-02
1327,Russian threat actors attack Ukrainian government websites,Russian threat actors have been accused by the National Security and Defense Council (NSDC) of Ukraine of attacking multiple Ukrainian government websites.,2021-02-18,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system; State institutions / political system; Critical infrastructure,Civil service / administration; Intelligence agencies; Defence industry,,Russia,Unknown - not attributed,,1,1560,NaT,Not available,Media-based attribution,,,,,Russia,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/ukraine-ddos-attacks-on-govt-sites-originated-from-russia/; https://www.rnbo.gov.ua/en/Diialnist/4820.html; https://ssu.gov.ua/novyny/sbu-zablokuvala-diialnist-transnatsionalnoho-khakerskoho-uhrupovannia,2022-08-15,2022-11-02
1336,Russian disinformation: Nuclear Waste Spill,Russian hacking group attacked two Polish government websites and used them to spread disinformation about a putative radioactive threat.,2021-03-17,2021-03-17,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Poland,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; State institutions / political system; Media,Government / ministries; Civil service / administration; ,,Russia,State,,1,1572,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Russia,State,https://securingdemocracy.gmfus.org/incident/polish-officials-allege-potential-russian-hack-of-polish-government-websites/; https://www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://newseu.cgtn.com/news/2021-03-19/Hacked-Polish-state-websites-spread-false-info-of-radioactive-threat-YJBHWLeKJy/index.html; https://securingdemocracy.gmfus.org/incident/polish-officials-allege-potential-russian-hack-of-polish-government-websites/; https://www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info,2022-08-15,2022-11-02
1328,Cyber attack against Angolan ministry,Cyber-attack against Angolan Ministry of Finance.,2021-02-17,2021-02-17,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Angola,AFRICA; SSA,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1561,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://guardiao-ao.com/2021/02/23/ministerio-das-financas-sofre-ataque-cibernetico/; https://www.verangola.net/va/en/032021/Politics/24353/UNITA-formalizes-request-for-hearing-on-cyber-attack-to-the-Ministry-of-Finance.htm,2022-08-15,2022-11-02
1329,FriarFox,Chinese state-backed hacking group attacked Tibetan organizations.,2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,Social groups,Political opposition / dissidents / expats,TA413,China,"Non-state actor, state-affiliation suggested",,1,1562,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TA413,China,"Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global,System / ideology; National power,System/ideology; Autonomy; Resources,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts/; https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global,2022-08-15,2022-11-02
1330,Far-Right Platform Gab,Attack against the Far-Right Platform Gab including leak of a collection of over 70 gigabytes of data representing more than 40 million posts.,2021-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing,,United States,NATO; NORTHAM,Social groups,Political opposition / dissidents / expats,,Unknown,Individual hacker(s),,2,1563; 1564,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Media-based attribution,,,,,Unknown; Unknown,Individual hacker(s); Individual hacker(s),,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/story/gab-hack-data-breach-ddosecrets/; https://ddosecrets.substack.com/p/release-gableaks-70gb; https://www.nbcnews.com/tech/security/gab-social-platform-favored-far-right-says-it-was-hacked-n1259156; https://www.theguardian.com/world/2021/mar/11/gab-hack-neo-nazis-qanon-conspiracy-theories,2022-08-15,2022-11-02
1331,"Conflict, Security and Stabilisation Fund (CSSF)",Hackers stole sensitive documents about UK aid projects overseas.,2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,United Kingdom,EUROPE; NATO; NORTHEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1565,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://networkingplus.co.uk/news-details?itemid=3879&post=criminals-steal-sensitive-data-on-uk-aid-projects-overseas-356035; https://www.theguardian.com/politics/2021/mar/05/hackers-obtain-sensitive-data-on-uk-aid-projects-overseas,2022-08-15,2022-11-02
1332,Microsoft Exchange Hack: European Banking Authority (EBA) and Norwegian Parliament,"Starting in January 2021, a significant data breach involving Microsoft Exchange servers occurred. The groups involved in the data breach include Hafnium, which Microsoft alleges to be a Chinese state-sponsored group, along with Tick (also known as Bronze Butler), LuckyMouse (also known as APT27 and Emissary Panda), Calypso, the Winnti Group (also known as BARIUM and APT41), Tonto Team (also known as CactusPete), Mikroceen (also known as Vicious Panda), Websiic, DLTMiner, and at least one previously unidentified group. Apart from DLTMiner, which has been linked to crypto-mining, all the other APT groups are associated with cyber espionage.The breach affected tens of thousands to over 250,000 victims worldwide, particularly small businesses and governments. As disclosed in March 2021 prominent targets included the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market. The attackers utilized four zero-day exploits to gain access to servers, deploying web shell backdoors to maintain long-term access. Microsoft patched the vulnerabilities and provided updates to mitigate the attack, but existing infections persisted. On July 19, 2021, the US, along with several Western States, NATO, and the European Union, confidently attributed the cyber operations to malicious actors associated with China's Ministry of State Security. However, China has consistently denied any involvement in the incident.",2021-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,Parliament of Norway - None,Norway; EU (institutions),EUROPE; NATO; NORTHEU - ,State institutions / political system - International / supranational organization,Legislative - ,,Unknown,Unknown - not attributed,,1,12201,NaT,Not available,Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/security/european-banking-authority-discloses-exchange-server-hack/; https://www.eba.europa.eu/cyber-attack-european-banking-authority; https://www.eba.europa.eu/cyber-attack-european-banking-authority-update-2; https://www.bbc.com/news/technology-56321567; https://www.reuters.com/article/us-microsoft-hack-eba-idUSKBN2B01RP; https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/; https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html; https://www.wired.com/story/the-us-government-has-a-microsoft-problem/,2022-08-15,2024-04-09
1333,Microsoft Exchange Hack: Norwegian Parliament,Norway's parliament hacked using data stolen through the recently disclosed Microsoft Exchange vulnerabilities.,2021-03-10,2021-03-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,Norway,EUROPE; NATO; NORTHEU,State institutions / political system,Legislative,Silk Typhoon fka HAFNIUM,China,"Non-state actor, state-affiliation suggested",,2,1567; 1568,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by third-party,,,,Silk Typhoon fka HAFNIUM; Silk Typhoon fka HAFNIUM,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.reuters.com/world/china/norway-says-march-cyber-attack-parliament-carried-out-china-2021-07-19/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/115503/cyber-warfare-2/norway-parliament-hack.html; https://www.bleepingcomputer.com/news/security/norway-parliament-data-stolen-in-microsoft-exchange-attack/; https://www.reuters.com/world/china/norway-says-march-cyber-attack-parliament-carried-out-china-2021-07-19/; https://www.bleepingcomputer.com/news/security/ivanti-releases-patches-for-13-critical-avalanche-rce-flaws/; https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/; https://www.wired.com/story/the-us-government-has-a-microsoft-problem/,2022-08-15,2024-03-27
1334,Microsoft Exchange Hack: Germany,According to the German Federal Office for Information Security (BSI) two German federal authorities have been hacked exploiting the Microsoft vulnerability.,2021-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; Critical infrastructure,Civil service / administration; ,,Unknown,Unknown - not attributed,,1,1569,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.limburger-zeitung.de/60-000-computersysteme-in-deutschland-wegen-microsoft-fehlers-psi-ausgesetzt/; https://www.reuters.com/technology/up-60000-computer-systems-exposed-germany-microsoft-flaw-bsi-2021-03-10/; https://www.wiwo.de/technologie/digitale-welt/cybersicherheit-die-bedrohung-reicht-weit-ueber-microsoft-exchange-hinaus/26996784.html; https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/,2022-08-15,2024-04-17
1335,Iran group Black Shadow attacks Israeli K.L.S Capital Ltd.,Black Shadow reveals to have hacked K.L.S. Capital Ltd.,2021-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Black Shadow,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),2,1571; 1570,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,Black Shadow; Black Shadow,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,https://www.jpost.com/jpost-tech/israeli-car-financing-company-hacked-private-information-held-for-ransom-661865,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.jpost.com/jpost-tech/israeli-car-financing-company-hacked-private-information-held-for-ransom-661865,2022-08-15,2024-02-05
1090,Adobe Zero Day Hack Qatar,"Unknown Actors infected computers of the qatari foreign office with malware, via an Adobe zero-day",2018-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking with Misuse,,Qatar,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1287,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://blogs.360.cn/post/cve-2018-5002-en.html; https://www.cyberscoop.com/adobe-flash-zero-day-qatar/,2022-08-15,2022-11-02
1089,North Korean Defectors Hack,"The South Korean Resettlement Agency was hacked, and some hundred sets of personal data of North Korean refugees were leaked",2018-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1286,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,,Unknown,Unknown - not attributed,https://www.bbc.com/news/world-asia-46698646,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/world-asia-46698646,2022-08-15,2022-11-02
1088,Turla/Waterbug Infrastructure Hijacking,The Russian espionage group Waterbug hijacked the infrastructure of an iranian state-sponsored hacking group in order to spy on targets worldwide.,2018-01-11,2019-06-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,"Iran, Islamic Republic of; Global (region)",ASIA; MENA; MEA - ,State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; ; Telecommunications; ;  - Government / ministries; ; Telecommunications; ; ,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1285,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://symantec-blogs.broadcom.com/blogs/threat-intelligence/waterbug-espionage-governments; https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK; https://socradar.io/apt-profile-turla/,2022-08-15,2023-07-06
861,Niteworks hack,"A contractor ""Niteworks""of Britisch MoD hacked personal information on 831 members of defence community.",2016-04-01,2016-04-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,,,Unknown,Unknown - not attributed,,1,1019,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.theregister.co.uk/2016/04/22/mod_contractor_hacked_831_members_of_defence_community_exposed/,2022-08-15,2022-11-02
841,North Korean Hack of south-korean Government Smartphones,"North Korea hacked smartphones of senior South Korean government officials and made 10,000 zombie PCs worldwide in January alone, National Intelligence Service announced following a committee meeting for national cybersecurity.",2016-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,,"Korea, Democratic People's Republic of",State,,1,997,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/south-korea-claims-north-hacked-government-officials-smartphones/,2022-08-15,2022-11-02
842,North Korean State-Sponsored Lazarus Group Steals $81 Million from Bangladesh Central Bank in Cyber Heist on February 2016,"In February 2016, the Bangladesh Central Bank fell victim to a major cyber theft that was later almost certainly attributed to the notorious North Korean Lazarus Group. This sophisticated cybercrime, known as the ""Bangladesh Central Bank Heist"", utilised sophisticated ""SWIFT Client"" malware. This malware allowed the hackers to penetrate the bank's SWIFT system - a global financial communications network used by more than 11,000 institutions - and issue fraudulent transfer orders. The attack began on 4 February 2016 and targeted the Bangladesh Central Bank's account at the US Federal Reserve Bank. Despite aiming to transfer funds totalling nearly $1 billion, the hackers managed to divert around $81 million to accounts in the Philippines. The operation was undermined by a simple but crucial mistake: a misspelled word in one of the transfer requests that aroused suspicion and led to the transaction being cancelled.
The investigation into the heist, led by US firm FireEye, Mandiant division, and World Informatix Cyber Security, uncovered evidence of malware being installed on the bank's system retrospectively in January 2016. The investigation revealed that the hackers had intimate knowledge of the bank's internal procedures for international payments and wire transfers - making the cyber heist possible.
US prosecutors, the FBI and cybersecurity firms such as Symantec Corp and BAE Systems concluded that the Lazarus Group was behind the heist based on the use of Lazarus-typical TTPs. ",2016-02-04,2016-02-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Hijacking with Misuse,Central Bank (Bangladesh),Bangladesh,ASIA; SASIA,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,14988; 14988; 14989; 14989,2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Domestic legal action; Domestic legal action",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,; ; ; ,; ; Not available; Not available,; ; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/; https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks; https://us-cert.cisa.gov/ncas/alerts/aa20-239a; https://content.fireeye.com/apt/rpt-apt38; https://www.nytimes.com/2017/03/22/business/dealbook/north-korea-said-to-be-target-of-inquiry-over-81-million-cyberheist.html?_r=0; https://www.justice.gov/opa/press-release/file/1092091/download,Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193; https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/; https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html; https://www.darkreading.com/vulnerabilities-threats/lazarus-group-deathnote-cluster-pivots-defense-sector; https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace; https://www.zaobao.com.sg/news/sea/story20240116-1462474; https://www.heise.de/newsticker/meldung/Milliarden-Coup-in-NY-Zentralbank-Konto-per-Ueberweisung-geleert-3131832.html; https://www.independent.co.uk/news/world/asia/spelling-mistake-stops-hackers-stealing-1-billion-bangladesh-bank-heist-a6924971.html; https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/; https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks; https://us-cert.cisa.gov/ncas/alerts/aa20-239a; https://content.fireeye.com/apt/rpt-apt38; https://www.nytimes.com/2017/03/22/business/dealbook/north-korea-said-to-be-target-of-inquiry-over-81-million-cyberheist.html?_r=0; https://www.justice.gov/opa/press-release/file/1092091/download; https://www.reuters.com/article/us-usa-fed-bangladesh-typo-insight/how-a-hackers-typo-helped-stop-a-billion-dollar-bank-heist-idUSKCN0WC0TC; https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/; https://therecord.media/north-korean-hackers-use-fake-job-offers-salary-bumps-as-lure-for-crypto-theft/; https://twitter.com/InfoSecSherpa/status/1622264016360935427,2022-08-15,2024-02-01
843,Anonymous OpAfrica,Anonymous attacked various African countries to protest against the corruption there,2016-02-06,2016-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,None - None - None - None - None,Rwanda; Uganda; South Africa; Tanzania; Kenya,AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA - AFRICA; SSA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries;  - Government / ministries; ,World Hacker Team(Anonymous),Unknown,Non-state-group,Hacktivist(s),1,1000,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,World Hacker Team(Anonymous),Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/anonymous-turns-its-sights-to-africa-uganda-and-rwanda-targets-are-hit-first-500010.shtml,2022-08-15,2022-11-02
844,LSETack down,"Anonymous has crippled the website of the London Stock Exchange in a protest against the global financial system. Anonymous claims the incident was one of 67 successful attacks carried out on the websites of major institutions last month. The targets included the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.",2016-02-06,2016-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Finance,Anonymous,Philippines,Non-state-group,Hacktivist(s),1,6587,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous,Philippines,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.dailymail.co.uk/news/article-3625656/Hackers-attack-Stock-Exchange-Cyber-criminals-website-two-hours-protest-against-world-s-banks.html,2022-08-15,2023-02-08
845,California hospital hack,Hollywood Presbyterian Medical Center was hacked by an unknown actor and taken down for 10 days. Uncommonly they went public with the announcement that they had paid the ransom.,2016-02-07,2016-02-16,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,Critical infrastructure; Other,Health; ,,Unknown,Unknown - not attributed,,1,1002,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-california-hospital-cyberattack/california-hospital-makes-rare-admission-of-hack-ransom-payment-idUSKCN0VS05M,2022-08-15,2022-11-02
846,Doxxing of DHS Data,An Hacker leaked 9000 sets of DHS data,2016-02-07,2016-02-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Unknown,Individual hacker(s),,1,1003,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.tripwire.com/state-of-security/latest-security-news/hacker-publishes-9000-dhs-employees-info-says-20000-fbi-officials-data-is-next/,2022-08-15,2022-11-02
847,Chilean Hackers vs. Chile,"Actor ""Chilean Hackers"" leaked data of people asking for state benefits",2016-02-07,2016-02-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Chile,SOUTHAM,State institutions / political system,Civil service / administration,Chilean Hackers,Chile,Non-state-group,Hacktivist(s),1,1004,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Chilean Hackers,Chile,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/hacktivists-leak-details-for-300-000-chilean-citizens-looking-for-state-benefits-500232.shtml,2022-08-15,2022-11-02
848,Bolivia Army Mail Servers Breach,"The ""Chilean Hackers"" breached the E-Mail Servers of the Bolivian Army and leaked Data",2016-02-10,2016-02-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Bolivia,SOUTHAM,State institutions / political system,Military,Chilean Hackers,Chile,Non-state-group,Hacktivist(s),1,1005,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Chilean Hackers,Chile,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/hackers-breach-bolivian-army-email-servers-500233.shtml,2022-08-15,2022-11-02
849,Israeli Security Cameras vs. Hezbollah,Hezbollah-Affiliated Hackers Breach Israeli Security Camera System into feeds from Israel's Defense Ministry,2016-02-14,2016-02-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Qadmon; Hezbollah,Lebanon; Lebanon,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),1,1006; 1006,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Qadmon; Hezbollah,Lebanon; Lebanon,Non-state-group; Non-state-group,,System / ideology,System/ideology; Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/hezbollah-affiliated-hackers-breach-israeli-security-camera-system-500703.shtml,2022-08-15,2023-12-21
850,Anonymous vs. Turkish National Police,"The hacktivist group Anonymous has released close to 18GB worth of sensitive data from Turkey’s national police database. The information, which was taken from the Turkish General Directorate of Security (EGM), has purportedly been posted on file sharing sites available for free public download.",2016-02-15,2016-02-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Turkey,ASIA; NATO; MEA,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1007,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/44569/hacking/anonymous-hacked-turkish-national-police.html,2022-08-15,2022-11-02
851,DDOS vs. Italian Regional Governments,"Apulia and Basilicata’s regional government portals targeted by DDoS attacks by Anonymous, the Apulia's wasn't functioning for 5-7days and from it data was stolen and posted online.In protest against Trans Adriatic Pipeline project ignorant towards critical environmental concerns.",2016-02-20,2016-02-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1008,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/anonymous-attacks-italian-government-site-because-of-gas-pipeline-project-500977.shtml,2022-08-15,2022-11-02
852,Hack of Israelian Drones,"Palestinian charged for helping an islamic group breaking into Israeli drones, getting pictures of civilian aircraft movements.",2016-03-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,State institutions / political system; Critical infrastructure,Military; Transportation,Majd Ouida for Islamic Jihad,Palestine,Non-state-group,Terrorist(s),1,1009,2016-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,Majd Ouida for Islamic Jihad,Palestine,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-israeli-palestinians-cybercrime/israel-charges-palestinian-for-hacking-drones-airport-info-idUSKCN0WP21F,2022-08-15,2022-11-02
853,New Jersey Police Office Leak,ISIS hackers leaked personaldata of 55 New Jersey Police Officers,2016-03-02,2016-03-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Police,Caliphate Cyber Army,Unknown,Non-state-group,Terrorist(s),1,1010,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Caliphate Cyber Army,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.dailymail.co.uk/news/article-3478237/ISIS-hackers-threaten-55-New-Jersey-police-officers-releasing-home-addresses-phone-numbers-working-locations.html,2022-08-15,2023-02-27
854,NWH vs. Salt Lake City Police,"The NWH group conducted a series of powerful DDoS attacks on SaltLakeCity Police, Airport and Banking website against the shooting of a Somali teenager Abidi Mohamed",2016-03-14,2016-03-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Police,New World Hacktivists,United States,Non-state-group,Hacktivist(s),1,1011,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,New World Hacktivists,United States,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/salt-lake-city-police-airport-websites-ddos-attacks/,2022-08-15,2022-11-02
855,Swedish newspapers down,"Websites of several swedish newspapers shutdown via DDoS by hackers for""spreading government propaganda""",2016-03-18,2016-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Sweden,EUROPE; EU(MS); NORTHEU,Media,,,Unknown,Non-state-group,Hacktivist(s),1,1012,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thelocal.se/20160320/hackers-force-swedish-newspapers-offline; https://sputniknews.com/europe/201603201036631447-hackers-attack-swedish-newspapers/; https://www.heise.de/security/meldung/Webseiten-schwedischer-Zeitungen-nach-DDoS-Angriffen-wieder-online-3145195.html,2022-08-15,2022-11-02
856,NSHC vs. SVP and SBB,"Swiss hackers attacked the swissright-wingparty SVP, and leaked data on the wider internet",2016-03-18,2016-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption,,Switzerland,EUROPE; WESTEU,State institutions / political system; Critical infrastructure,Political parties; Transportation,NSHC,Unknown,Non-state-group,Hacktivist(s),1,1013,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,NSHC,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nzz.ch/schweiz/aktuelle-themen/internetkriminalitaet-grey-hats-hacken-svp-datenbank-ld.8580,2022-08-15,2022-11-02
857,Philippine voter data DDoS & Leak,Anonymous Philippines deface the Commission on Elections (Comelec) websites of the Philippines and LulzSec Philipinas steal and publish voters private data including fingerprints of more than 50 million persons in the countries biggest private dataleak.,2016-03-27,2016-03-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Election infrastructure / related systems,Anonymous Philippines; LulzSec Philipinas,Philippines; Philippines,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),2,1015; 1015; 1014; 1014,NaT; NaT; NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; Attacker confirms,; ; ; ,; ; ; ,; ; ; ,Anonymous Philippines; LulzSec Philipinas; Anonymous Philippines; LulzSec Philipinas,Philippines; Philippines; Philippines; Philippines,Non-state-group; Non-state-group; Non-state-group; Non-state-group,https://www.trendmicro.com/en_us/research/16/d/55m-registered-voters-risk-philippine-commission-elections-hacked.html,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2016/apr/11/philippine-electoral-records-breached-government-hack; http://www.bbc.com/news/technology-36013713; https://www.trendmicro.com/en_us/research/16/d/55m-registered-voters-risk-philippine-commission-elections-hacked.html; https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html,2022-08-15,2024-02-19
858,Anonymous vs. Angolian Government,Anonymous attacked and defaced various angolian government webpages,2016-03-30,2016-03-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Angola,AFRICA; SSA,State institutions / political system,Government / ministries,Anonymous,Portugal,Non-state-group,Hacktivist(s),1,1016,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Portugal,Non-state-group,,System / ideology; National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/anonymous-attacks-angolan-government-in-response-to-the-jailing-of-17-activists-502479.shtml,2022-08-15,2022-11-02
859,Chinese Hackers vs. Taiwan,"Mainland hackers were likely to be behind an attack on the website of Taiwan's ruling party, redirecting it to a fake website",2016-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption,,Taiwan,ASIA; SCS,State institutions / political system,Political parties,,China,State,,1,1017,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,China,State,,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/chinese-cyber-spies-hack-taiwan-ruling-party-fireeye,2022-08-15,2022-11-02
840,Anonymous vs. French Ministry of Defense,Anonymous attacked the French ministry of defense to protest against an arms trade,2016-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,996,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific; Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/44738/cyber-crime/anonymous-hacked-french-cimd.html,2022-08-15,2022-11-02
839,DarkBasin vs. American Enviromentalists,"The indian""hack-for-hire""company BellTroXInfoTech Services was hired by an unidentified client to attack American enviromentalists involved in various courtcases",2016-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,None - None - None,United States; Eastern Europe; Russia,NATO; NORTHAM -  - EUROPE; EASTEU; CSTO; SCO,State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; State institutions / political system; State institutions / political system; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; Legislative; Political parties; ; ;  - Government / ministries; Legislative; Political parties; ; ;  - Government / ministries; Legislative; Political parties; ; ; ,Dark Basin; Bell TroX Info Tech Services,India; India,Non-state-group; Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities; Private technology companies / hacking for hire groups without state affiliation / research entities,1,995; 995,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Dark Basin; Bell TroX Info Tech Services,India; India,Non-state-group; Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2020/06/09/nyregion/exxon-mobil-hackers-greenpeace.html; https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/,2022-08-15,2022-11-02
838,WhiteBear project by Turla,"WhiteBear, a project related to Turla, spied on embassies and consulates worldwide.",2016-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Global (region),,State institutions / political system; Critical infrastructure,; Defence industry,"WhiteBear/Skipper Turla; Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,994; 994,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"WhiteBear/Skipper Turla; Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/introducing-whitebear/81638/,2022-08-15,2023-05-23
827,OP Nigeria,Anonynmous took down Nigerian government Websites,2016-01-07,2016-01-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Nigeria,AFRICA; SSA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,979,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-targets-nigerian-government-websites/,2022-08-15,2022-11-02
819,Gaza Cybergang aka Molerats (APT),Researchers from Kaspersky Lab reveal a new spike of activity by the Gaza Cybergang exploiting CVE-2017-0199 and targeting government entities and oil and gas targets in MENA.,2016-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Mena Region (region),,State institutions / political system; Critical infrastructure,Government / ministries; Energy,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Mena Region (region),Non-state-group,Criminal(s),1,17156,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang,Mena Region (region),Non-state-group,https://www.kaspersky.de/blog/gaza-cybergang/19002/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securelist.com/gaza-cybergang-updated-2017-activity/82765/; https://www.kaspersky.de/blog/gaza-cybergang/19002/,2022-08-15,2024-02-15
820,Telegram Hack,"RocketKitten hacked into Telegram, spying on Iranian Activists etc.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Social groups; Social groups; End user(s) / specially protected groups; Media,Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ; ,Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130; Charming Kitten/Ajax Security Team,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,971; 971; 972; 972,2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution,; ; ; ,; ; ; ,; ; ; ,Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130; Charming Kitten/Ajax Security Team; Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130; Charming Kitten/Ajax Security Team,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-iran-cyber-telegram-exclusive-idUSKCN10D1AM,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-iran-cyber-telegram-exclusive-idUSKCN10D1AM,2022-08-15,2022-11-02
821,APT attack on Tibet,"APT campaign against Tibetans, Journalists and Human Rights Activists in Taiwan and Hong-Kong.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,China; Taiwan; Hong Kong,ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS - ASIA,Social groups; End user(s) / specially protected groups; Media - Social groups; End user(s) / specially protected groups; Media - Social groups; End user(s) / specially protected groups; Media,Advocacy / activists (e.g. human rights organizations); ;  - Advocacy / activists (e.g. human rights organizations); ;  - Advocacy / activists (e.g. human rights organizations); ; ,,Unknown,Unknown - not attributed,,1,973,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/apt-targeting-tibetans-packs-four-vulnerabilities-in-one-compromise/117493/,2022-08-15,2022-11-02
822,Anonymous vs. Nissan,Anonymous drives Nissan offline in dolphin hunting protest,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; ,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,974,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.bbc.com/news/technology-35306206,2022-08-15,2023-12-11
823,Trumps Campaign Site Takedown,Hacking Group NewWorld Hacktivists takes down Trumps Official Website during campaign for one hour.,2016-01-02,2016-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,,New World Hacktivists,United States,Non-state-group,Hacktivist(s),1,975,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,New World Hacktivists,United States,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.zdnet.com/article/attackers-targeting-bbc-donald-trump-amazon-web-services/,2022-08-15,2022-11-02
824,Turkish Activists vs Russias Ministry of Communication,A social network account of Russia’s communications minister was temporarily blocked on Sunday in a cyberattack carried out by hackers presenting themselves as a Turkish activist group and parading images of a warplane and Turkish flags.,2016-01-03,2016-01-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; End user(s) / specially protected groups,,The Börteçine Cyber Team,Turkey,Non-state-group,Hacktivist(s),1,976,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Börteçine Cyber Team,Turkey,Non-state-group,https://www.reuters.com/article/us-russia-turkey-minister-cybersecurity-idUSKBN0UH0HJ20160103,System / ideology; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-russia-turkey-minister-cybersecurity-idUSKBN0UH0HJ20160103,2022-08-15,2022-11-02
825,OP Nimr/OP Saudi,Anonymous took down Saudi-Arabic Websites,2016-01-03,2016-01-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,977,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://www.hackread.com/anonymous-takes-down-top-saudi-arabian-govt-websites/,System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-takes-down-top-saudi-arabian-govt-websites/,2022-08-15,2022-11-02
826,BoycottThailand,Anonymous attacked thai-sites as an retaliation for death sentences against migrant workers,2016-01-06,2016-01-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Thailand,ASIA; SEA,State institutions / political system; State institutions / political system,Judiciary; Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,978,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
828,Defacement vs. DeadSoldiers,An indian hacker group defaced an pakistani Website,2016-01-08,2016-01-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Civil service / administration; ; ,Indian Black Hats,India,Non-state-group,Hacktivist(s),1,980,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indian Black Hats,India,Non-state-group,,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/indian-hackers-deface-pakistani-websites-as-homage-to-dead-soldier-s-daughter-498652.shtml,2022-08-15,2022-11-02
837,Bellingcat-Hack 2016,Cyber-Berkut defaced the bellingcat-website and leaked information of a Russian member.,2016-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Media,,Cyber Berkut,Russia,"Non-state actor, state-affiliation suggested",,3,991; 992; 993,2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attacker confirms; Contested attribution,; ; ,; ; ,; ; ,Cyber Berkut; Cyber Berkut; Cyber Berkut,Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2016/09/29/russian_hackers_target_mh17_journos/,2022-08-15,2022-11-02
829,CyberTeamRox vs. Cambodian Networks,The hacking group CyberTeamRox attacked various cambodian state-run sites,2016-01-12,2016-01-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft; Disruption,,Cambodia,ASIA; SEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Military; ; ,Cyber Team Rox,Unknown,Non-state-group,Hacktivist(s),1,981,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Team Rox,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.phnompenhpost.com/national/slew-websites-hacked,2022-08-15,2022-11-02
830,ISIS supporters defaced the website of China's Tsinghua University in January 2016,"China's prestigious Tsinghua University saw its website defaced by Islamic State (IS) supporters on 16 January 2016. The university's website was altered to show an image of IS fighters on horses, accompanied by audio supporting the holy war. Although the university's homepage and other areas were not affected, the incident raised concerns about the website's security. It is believed that the hackers gained access through a weak password rather than breaking through Tsinghua University's firewall. This incident is not the first time Tsinghua University has faced hacker attacks on its website.",2016-01-18,2016-01-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by attacker,Disruption,Tsinghua University,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,Islamic Militants,Unknown,Non-state-group,Terrorist(s),1,10758,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Islamic Militants,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.scmp.com/news/china/policies-politics/article/1902268/islamic-state-hackers-attack-top-tier-chinese,2022-08-15,2023-06-18
831,Embassy Defacement by Azerbijan hackers - 2016,"NATO-Armenia, Embassy Websites in 40 Countries have been hacked by azerbaijan hackers",2016-01-20,2016-01-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Armenia,ASIA; CENTAS; CSTO,State institutions / political system; International / supranational organization,,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),1,2560,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anti-Armenia Team,Azerbaijan,Non-state-group,,System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/azerbaijani-hackers-defac-nato-armenia-embassy-sites/,2022-08-15,2022-11-02
832,DDOS against north-irish pages,An unknown hacker (probably an individual) probed various networks of north-irish origin,2016-01-22,2016-01-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Ireland,EUROPE; EU(MS); NORTHEU,State institutions / political system,Government / ministries,,Unknown,Individual hacker(s),,1,984,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.theregister.co.uk/2016/01/22/irish_gov_ddos/,2022-08-15,2023-01-19
833,Police Data Doxxing,An American hacker (Lorde Bashtien) leaked data of the Miami-Police-Department,2016-01-22,2016-01-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Police,Lord Bashtien; CWA,United States; United States,Individual hacker(s); Individual hacker(s),,1,985; 985,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Lord Bashtien; CWA,United States; United States,Individual hacker(s); Individual hacker(s),,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/hacker-doxes-80-miami-police-officers-499328.shtml,2022-08-15,2022-11-02
834,Anonymous Tokyo Airport Website Shutdown,Anonymous shuts down the Tokyo`s Narita Airport because of the detention of a dolphin trainer and animal rights activist.,2016-01-22,2016-01-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,Critical infrastructure,Transportation,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,986,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.independent.co.uk/life-style/gadgets-and-tech/news/anonymous-tokyo-narita-airport-whaling-protest-take-down-ddos-a6832481.html,2022-08-15,2022-11-02
835,Data Leak of US Policen Union,The activist Thomas White leaked large amounts of data from an US police union,2016-01-28,2016-01-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),3,988; 987; 989,NaT; NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Contested attribution; Attribution by third-party,; ; ,; ; ,; ; ,Anonymous; Anonymous; Anonymous,Unknown; Unknown; Unknown,Non-state-group; Non-state-group; Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.helpnetsecurity.com/2016/02/01/uk-activists-dumps-2-5-gb-of-data-stolen-from-us-police-union/,2022-08-15,2024-02-12
836,Monte Melkonian CyberArmy vs. Azerbaijan,The Monte Melkonian CyberArmy attacked Azerbaijani E-government pages,2016-01-28,2016-01-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Azerbaijan,ASIA; CENTAS,State institutions / political system; State institutions / political system; State institutions / political system; Science,Government / ministries; Civil service / administration; Military; ,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),1,990,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,,System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/armenian-hackers-ddos-azerbaijani-government-portals/,2022-08-15,2022-11-02
860,Daewoo Shipbuilding Hack,"North Korea probably stole South Korean warship blueprints after hacking into Daewoo Shipbuilding & Marine Engineering CoLtd’s data base in April 2016, a South Korean opposition lawmaker said.",2016-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Defence industry,,"Korea, Democratic People's Republic of",State,,1,1018,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,https://www.reuters.com/article/us-northkorea-missiles-cybercrime/north-korea-hacked-daewoo-shipbuilding-took-warship-blueprints-south-korea-lawmaker-idUSKBN1D00EX,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-northkorea-missiles-cybercrime/north-korea-hacked-daewoo-shipbuilding-took-warship-blueprints-south-korea-lawmaker-idUSKBN1D00EX,2022-08-15,2022-11-02
862,DNC-Hack (Fancy Bear),Russian government hackers from state-sponsored group Fancy Bear/APT28 penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump.,2016-04-01,2016-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Political parties,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,2,1717; 1716,2016-01-01 00:00:00; 2016-01-01 00:00:00,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,Not available; ,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,https://www.justice.gov/file/1080281/download; https://cyber-peace.org/wp-content/uploads/2018/11/Bears-in-the-Midst_-Intrusion-into-the-Democratic-National-Committee-%C2%BB.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.justice.gov/file/1080281/download; https://cyber-peace.org/wp-content/uploads/2018/11/Bears-in-the-Midst_-Intrusion-into-the-Democratic-National-Committee-%C2%BB.pdf; https://www.jpost.com/international/article-743680; https://www.defenseone.com/technology/2023/05/space-force-will-look-how-hack-targets-space/386755/; https://arstechnica.com/features/2023/05/is-cybersecurity-an-unsolvable-problem/; https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/; https://therecord.media/russia-fancy-bear-hackers-targeted-ukraine; https://krebsonsecurity.com/2023/07/russia-sends-cybersecurity-ceo-to-jail-for-14-years/; https://therecord.media/ukraine-energy-facility-cyberattack-fancy-bear-email; https://securityaffairs.com/155420/apt/apt8-exploited-outlook-0day-target-nato.html; https://www.larazon.es/emergente/10-ciberataques-rusos-mas-potentes-ultimos-tiempos_2024021765cb12e94129260001b2e1c4.html; https://www.kyivpost.com/post/28885; https://formiche.net/2024/04/minacce-ibride-intervista-gregory-f-treverton/,2022-08-15,2023-05-22
817,North Korean hacking group Lazarus targeted African and Asian banks in ATM cash-out scheme since 2016 as part of the FASTCash campaign,"The North Korean state-sponsored hacking group Lazarus (aka APT38/HIDDEN COBRA) targeted African and Asian banks in an ATM cash-out scheme since 2016 that was dubbed ""FASTCash"" by the US authorities. The related CISA report states the following regarding the impact of the campaign: ""According to a trusted partner’s estimation, HIDDEN COBRA actors have stolen tens of millions of dollars. In one incident in 2017, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries. In another incident in 2018, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs in 23 different countries.”",2016-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking with Misuse,Not available - Not available,Asia (region); Africa, - ,Critical infrastructure - Critical infrastructure,Finance - Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,,1,16897; 16897; 16897; 16897,2018-12-21 00:00:00; 2018-12-21 00:00:00; 2018-12-21 00:00:00; 2018-12-21 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,Cybersecurity and Infrastructure Security Agency (CISA); US Department of Homeland Security (DHS); US Department of the Treasury; Federal Bureau of Investigation (FBI),Not available; Not available; Not available; Not available,United States; United States; United States; United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State; State; State,https://us-cert.cisa.gov/ncas/alerts/TA18-275A; https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/76798/hacking/fastcash-hidden-cobra-attacks.html; https://us-cert.cisa.gov/ncas/alerts/TA18-275A; https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and; https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/,2022-08-15,2024-02-07
863,Armenian-Azerbaijan-cyber-conflict Part 2,The Monte Melkonian Cyber Army took down Azerbaijani servers,2016-04-02,2016-04-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Azerbaijan,ASIA; CENTAS,State institutions / political system; Media,Government / ministries; ,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),1,1022,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,,System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/cyberwar-turkish-vs-armenian-hackers/,2022-08-15,2022-11-02
886,Diplomats in EasternEurope bitten by a TurlaMosquito,Evidence was found that Turla installers were exfiltrating information since at least July 2016. The targets are mainly consulates and embassies from different countries in Eastern Europe or the vicinity.,2016-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Eastern Europe,,State institutions / political system; State institutions / political system; State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Civil service / administration; ; ,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); FSB",Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,1046; 1046; 1047; 1047,2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,; ; ; ,; ; ; ,; ; ; ,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); FSB; Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); FSB",Unknown; Unknown; Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.valisluureamet.ee/pdf/raport-2018-ENG-web.pdf,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf; https://www.valisluureamet.ee/pdf/raport-2018-ENG-web.pdf,2022-08-15,2023-03-13
887,Russia/Belarus-Aerospace Chinese Hack,"According to the firm ProofPoint, Chinese state-sponsored actors continues to spy on military and aerospace organizations in Russia and Belarus.",2016-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Russia; Belarus,EUROPE; EASTEU; CSTO; SCO - EUROPE; EASTEU; CSTO,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,Military; Defence industry - Military; Defence industry,,China,"Non-state actor, state-affiliation suggested",,1,1048,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",https://securityaffairs.co/wordpress/55942/APT /chinese-state-sponsored-aerospace.html; https://www.proofpoint.com/us/threat-insight/post/APT -targets-russia-belarus-zerot-plugx,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/55942/APT%20/chinese-state-sponsored-aerospace.html; https://securityaffairs.co/wordpress/55942/APT /chinese-state-sponsored-aerospace.html; https://www.proofpoint.com/us/threat-insight/post/APT -targets-russia-belarus-zerot-plugx,2022-08-15,2022-11-02
888,Voting Systems hacked in US states before elections,"Voters personal data was stolen from Election Authorities in Illinois and Arizona, but also other states. At least 200.000 persons affected. But ""due to the ambiguous nature of the attack,"" the elections board warned, ""we may never know the exact number of affected voters"".",2016-07-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Civil service / administration; ,GRU,Russia,State,,1,1049,2017-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,GRU,Russia,State,https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/; https://www.reuters.com/article/us-usa-cyber-election/arizona-election-database-targeted-in-2016-by-criminals-not-russia-source-idUSKBN1HF11F; https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/security/meldung/Das-FBI-untersucht-Hacker-Angriffe-auf-US-Waehlerregister-3310460.html; http://www.governing.com/topics/elections/tns-illinois-arizona-hackers-elections.html; https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/; https://www.reuters.com/article/us-usa-cyber-election/arizona-election-database-targeted-in-2016-by-criminals-not-russia-source-idUSKBN1HF11F; https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf,2022-08-15,2022-11-02
889,Russia economic espionage,20 Russian government and military facilities alongside several defence contractors were targeted via a spear-phishing campaign with malware sent via email.,2016-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Civil service / administration; Defence industry,,Unknown,Unknown - not attributed,,1,1050,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/Russischer-Geheimdienst-meldet-schweren-Fall-von-Cyberspionage-3282142.html,2022-08-15,2022-11-02
890,shad0ws3c vs. Paraguyan Secretary of National Emergency,Hacktivist group leaks information from Paraguayan Secretary of National Emergency,2016-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Paraguay,SOUTHAM,State institutions / political system,Government / ministries,shad0ws3c,Unknown,Non-state-group,Hacktivist(s),1,1051,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,shad0ws3c,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/shad0ws3c-leaks-data-from-paraguay-s-government-507695.shtml,2022-08-15,2022-11-02
891,Anonymous vs. Zimbabwean Government,"Anonymous conducted a series of cyber attacks on the Zimbabwe government websites for #ZimShutDown2016 or #ShutDownZimbabwe, a protest movement in which citizens are protesting against the Robert Mugabe’s government who has been in power for last 36 years. Sites went offline for several hours.",2016-07-04,2016-07-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Zimbabwe,AFRICA; SSA,State institutions / political system; State institutions / political system,Government / ministries; Election infrastructure / related systems,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1052,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-ddos-zimbabwe-government-sites/,2022-08-15,2022-11-02
892,Wikileaks-Turkey-attack,"The whistleblowing website WikiLeaks said it had suffered a ""sustained attack"" over the announcement of publication of documents of Turkey's political power structure and the country's leadership.",2016-07-11,2016-07-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,,Sweden,EUROPE; EU(MS); NORTHEU,Social groups,Advocacy / activists (e.g. human rights organizations),,Turkey,"Non-state actor, state-affiliation suggested",,1,1053,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Turkey,"Non-state actor, state-affiliation suggested",,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://sputniknews.com/world/201607191043251623-turkey-wikileaks-attack-release/; https://nakedsecurity.sophos.com/2016/07/19/wikileaks-suffers-sustained-attack-after-announcing-release-of-turkish-government-docs/,2022-08-15,2022-11-02
893,DDOS against phillipine pages,"Philippines Government Websites Hit by Massive DDoS Attacks, China Suspected",2016-07-12,2016-07-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,Philippines,ASIA; SCS; SEA,State institutions / political system,Government / ministries,,China,Unknown - not attributed,,1,1054,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,China,Unknown - not attributed,,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/philippines-government-websites-hit-by-massive-ddos-attacks-china-suspected-506412.shtml,2022-08-15,2022-11-02
894,Anonymous vs. Brazilian courts,Anonymous hacks a Brazilian Court for blocking WhatsApp.,2016-07-19,2016-07-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Brazil,SOUTHAM,State institutions / political system,Judiciary,Anonymous,Brazil,Non-state-group,Hacktivist(s),1,1055,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Brazil,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-ddos-rio-court-site-for-blocking-whatsapp/; http://anonhq.com/anonymous-shuts-brazilian-court-blocking-whatsapp/,2022-08-15,2023-11-23
895,Defacement of Vietnamese Airports,Information screens on Vietnamese Airports were hacked to show anti-Chinese messages,2016-07-29,2016-07-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Vietnam,ASIA; SCS; SEA,Critical infrastructure,Transportation,1937CN,China,Non-state-group,Hacktivist(s),1,1056,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,1937CN,China,Non-state-group,https://www.cyberdefensemagazine.com/china-1937cn-team-hackers-attack-airports-in-vietnam/,Territory; Resources,Territory; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2016/jul/29/flight-information-screens-in-two-vietnam-airports-hacked; https://www.cyberdefensemagazine.com/china-1937cn-team-hackers-attack-airports-in-vietnam/,2022-08-15,2022-11-02
896,North Korea attack on South Korean Military,"NorthKorea appears to have hacked SouthKorea's cybercommand in what could be the latest cyberattack against Seoul, the military here said Tuesday,",2016-08-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Military,,"Korea, Democratic People's Republic of",Unknown - not attributed,,1,1057,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",Unknown - not attributed,https://arxiv.org/ftp/arxiv/papers/1711/1711.04500.pdf,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://en.yna.co.kr/view/AEN20161207002951315?section=search; https://arxiv.org/ftp/arxiv/papers/1711/1711.04500.pdf,2022-08-15,2022-11-02
897,WADA-Hack,"The World Anti-Doping Agency said on Tuesday that hackers stole confidential medical information about U.S. Olympic athletes and published it on the internet, blaming a Russian group for the attack. In 2018, the US and some of its allies attributed this attack to Russian GRU officers.",2016-08-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing,,World Anti-Doping Agency,,International / supranational organization,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,3,1058; 1059; 1060,2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement/report and indictment / sanctions",Receiver attributes attacker; IT-security community attributes attacker; Attribution by third-party,; ; ,; ; ,; ; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia,"State; Non-state actor, state-affiliation suggested; State",https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/; https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and; https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed,System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-doping-wada-cyber/anti-doping-agency-says-athlete-data-stolen-by-russian-group-idUSKCN11J26T; https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/; https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and; https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed; https://www.nytimes.com/2017/01/06/sports/russia-cyberattacks-wada-doping.html; https://therecord.media/russia-fancy-bear-hackers-targeted-ukraine; https://www.larazon.es/emergente/10-ciberataques-rusos-mas-potentes-ultimos-tiempos_2024021765cb12e94129260001b2e1c4.html; https://www.iyigunler.net/spor/spor-dunyasinda-gerceklesen10-siber-saldiri-h353183.html,2022-08-15,2023-08-02
898,APT3 accessed the networks of Hong Kong Government Agencies in 2016,"APT3, a state-sponsored Chinese hacking group, accessed two Hong Kong government departments since August 2016 in the run-up to parliamentary elections, according to FireEye.",2016-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,Not available,Hong Kong,ASIA,State institutions / political system,Government / ministries,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested",,1,11662,2016-09-02 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,FireEye,,United States,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested",https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers,System / ideology; Autonomy,System/ideology; Autonomy,China (Hong Kong); China (Hong Kong),Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers,2022-08-15,2023-09-26
899,Intsights vs. ISIS,The israeli cyber-securityfirm Intsights hacked an ISIS forum and found information concerning future terrorist attacks,2016-08-04,2016-08-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Unknown,,Social groups,Terrorist,Intsights,Israel,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,1,1062,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Intsights,Israel,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/security-firm-says-it-uncovered-new-terrorist-attacks-after-hacking-isis-forum-506960.shtml,2022-08-15,2022-11-02
900,Anonymous Brazil vs. Brazil,"Anonymous conducted cyber attacks on the government websites forcing several of them to go offline. The targeted websites include the official website of the federal government for the 2016 Games (brasil2016.gov.br), Portal of the State Government of Rio de Janeiro (rj.gov.br), Ministry of sports (esporte.gov.br), Brazil Olympic Committee COB (cob.org.br) and the official website of the Rio 2016 Olympics (rio2016.com).",2016-08-05,2016-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Brazil,SOUTHAM,State institutions / political system,Government / ministries,Anonymous,Brazil,Non-state-group,Hacktivist(s),1,1063,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Brazil,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-ddos-brazilian-government-websites/; https://tecnogazzetta.it/smart-office/2024-04-22-misure-di-sicurezza-olimpiadi-parigi.html,2022-08-15,2024-04-23
901,GhostSquad vs. Israeli Prime Minister,GhostSquad took down the website of the israelian primeminister,2016-08-25,2016-08-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,GhostSquad,Unknown,Non-state-group,Hacktivist(s),1,1064,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,,System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,; ; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/ghost-squad-attacks-israeli-prime-minister-site/,2022-08-15,2022-11-02
902,Azerbaijani Bank Data Leak,"Armenian hackers from the Monte Melkonian Cyber Army (MMCA) have leaked a number of data allegedly belonging to Azerbaijani banks, military and police servers.",2016-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Azerbaijan,ASIA; CENTAS,State institutions / political system; Critical infrastructure; State institutions / political system; State institutions / political system,Government / ministries; Finance; Military; Police,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),1,6585,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Monte Melkonian Cyber Army,Armenia,Non-state-group,,System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/armenian-hackers-leak-azeri-banking-military-data/,2022-08-15,2023-02-08
903,GhostSquad Defacement of Afghani Sites,GhostSquad Hackers deface 12 Afghan Government websites,2016-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Afghanistan,ASIA; SASIA,State institutions / political system; State institutions / political system,Government / ministries; Civil service / administration,GhostSquad,Unknown,Non-state-group,Hacktivist(s),1,1066,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/ghost-squad-hackers-deface-12-afghan-government-websites-507900.shtml,2022-08-15,2022-11-02
904,Anonymous DDOS vs. Japan,Anonymous attacked japanese sites in response to renewed dolphin hunting,2016-09-03,2016-09-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1067,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://asia.nikkei.com/Japan-Update/Dolphin-hunt-prompts-renewed-Anonymous-cyberattacks-on-Japan,2022-08-15,2022-11-02
885,Takedown of House-Democrats,Hackers down House Democrats' websites,2016-06-23,2016-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,United States,NATO; NORTHAM,State institutions / political system,Legislative,,Unknown,Unknown - not attributed,,1,1045,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.politico.com/story/2016/06/hackers-house-democrats-websites-224904,2022-08-15,2022-11-02
884,Muslim Brotherhood-Hack,A hacker going by the handle of  SkyNetCentral conducted as series of distributed denial-of-service (DDoS) attack on the official website of Society of the MuslimBrothers or MuslimBrotherhood (Al-Ikhwanal-Muslimun in Arabic) forcing the website to go offline despite using CloudFlareDDoS protection service,2016-06-16,2016-06-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Egypt,MENA; MEA; AFRICA; NAF,State institutions / political system,Political parties,Skynetcentral,Unknown,Non-state-group,Hacktivist(s),1,1044,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Skynetcentral,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/muslim-brotherhoods-website-suffers-ddos-attacks/,2022-08-15,2022-11-02
883,Anonymous vs. Anti-White-Movemnets,Anonymous Attacks Anti-White Movements in South Africa and Zimbabwe,2016-06-14,2016-06-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None,Zimbabwe; South Africa,AFRICA; SSA - AFRICA; SSA,State institutions / political system - State institutions / political system,Political parties - Political parties,Anonymous; Zim4thewin,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,1043; 1043,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; Zim4thewin,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/anonymous-attacks-anti-white-movements-in-south-africa-and-zimbabwe-505251.shtml,2022-08-15,2022-11-02
872,Turkish Election Data dump,"Not identified hacker(s) posted to the web a 1.4 gigabyte compressed bittorrent file that appears to contain personal data on 50 million Turkish citizens, including their names, addresses, parents 'firstnames, cities of birth, birthdates, and a national identifier number used by the Turkish government, all of which were verified as authentic by the Associated Press.",2016-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,Turkey,ASIA; NATO; MEA,State institutions / political system,Civil service / administration,,United States,Individual hacker(s),,1,1032,NaT,"Attribution given, type unclear",Media-based attribution,,,,,United States,Individual hacker(s),https://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/; https://www.heise.de/security/meldung/Persoenliche-Daten-von-49-Millionen-tuerkischen-Waehlern-veroeffentlicht-3161729.html,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/; https://www.heise.de/security/meldung/Persoenliche-Daten-von-49-Millionen-tuerkischen-Waehlern-veroeffentlicht-3161729.html,2022-08-15,2022-11-02
864,Turkish-Armenian-Azerbaijan-Secession,"The attacks by the Turkish hacking group called ""Aslan Neferler Tim"" (which roughly translates as ""Private Lion Team"") caused blackouts on Armenian government websites, including those of the Ministries of Defence, Energy, Agriculture and several other government agencies.
The group had previously claimed responsibility for the attacks on the websites of Belgian government agencies, Dutch right-wing politician Geert Wilders, the Armenian central bank and the main site of the well-known hacker movement Anonymous.",2016-04-03,2016-04-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Armenia,ASIA; CENTAS; CSTO,State institutions / political system; Critical infrastructure; State institutions / political system; State institutions / political system,Government / ministries; Finance; Police; Intelligence agencies,Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),1,6586,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Turk Hack Team,Turkey,Non-state-group,,System / ideology; Territory,Territory; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.dailysabah.com/turkey/2016/04/06/turkish-hacker-groups-attacks-shut-down-armenian-government-websites,2022-08-15,2023-03-13
865,Syrian government dataleak,The CyberJusticeTeam claimed responsibility for a massive data leak of the syrian government,2016-04-05,2016-04-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Syria,ASIA; MENA; MEA,State institutions / political system,Government / ministries,CyberJustice Team,Unknown,Unknown - not attributed,,2,1024; 1025,NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,CyberJustice Team; CyberJustice Team,Unknown; Unknown,Unknown - not attributed; Non-state-group,https://www.riskbasedsecurity.com/2016/04/08/cyber-justice-team-makes-a-statement-with-massive-data-leak/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.infosecurity-magazine.com/news/massive-syrian-government-hack/; https://www.riskbasedsecurity.com/2016/04/08/cyber-justice-team-makes-a-statement-with-massive-data-leak/,2022-08-15,2022-11-02
866,TeamSystemDz defacement of western websites,"Pro-ISIS Algerian-based TeamSystemDz defaced 88 websites from the US, France, Israel and the UK. In particular, it defaced several websites in Richland County.",2016-04-14,2016-04-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None - None - None,United States; France; Israel; United Kingdom,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; State institutions / political system; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Civil service / administration; Health - Government / ministries; Civil service / administration; Health - Government / ministries; Civil service / administration; Health - Government / ministries; Civil service / administration; Health,Team System Dz,Algeria,Non-state-group,Terrorist(s),1,1026,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team System Dz,Algeria,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/pro-isis-group-defaces-88-websites-in-three-day-rampage-503153.shtml; https://www.hackread.com/richland-county-website-sheriffs-dept-hacked/,2022-08-15,2022-11-02
867,KKK-Knights offline,"The Anonymous-affiliated hackinggroup ""GhostSquad"" blocked the KKKKnights website for several hours via DDoS",2016-04-24,2016-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups,Terrorist,GhostSquad,United States,Non-state-group,Hacktivist(s),1,1027,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,United States,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-ghost-squad-ddos-on-kkk-website/,2022-08-15,2022-11-02
868,Black-Lives-Matter offline,"The Anonymous-affiliated hacking group ""Ghost Squad"" defaced the ""Black Lives Matter"" webportal with ""All Lives Matter"" banners",2016-04-30,2016-04-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups,Other social groups,GhostSquad,United States,Non-state-group,Hacktivist(s),1,1028,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,United States,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-ddos-black-lives-matter-website/,2022-08-15,2022-11-02
869,MagicHound,Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named MagicHound. This appears to be an attack campaign focused on espionage. Possibly related to Iranian state-sponsored RocketKittenGroup aka CobaltGypsy aka APT35.,2016-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Energy; ,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten; Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,1,1029; 1029,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten; Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/; https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf,2022-08-15,2022-11-02
870,Netrepser,"A complex, targeted malware framework that, unlike a military-grade APT, is“ stitched together” with freeware utilities in order to spy on more than 500 government agencies and organizations worldwide.",2016-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,State institutions / political system; Other,,,Unknown,Unknown - not attributed,,1,1030,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bitdefender.de/files/News/CaseStudies/study/152/Bitdefender-Whitepaper-Netrepser-A4-en-EN-web.pdf,2022-08-15,2022-11-02
871,APT 15 aka Ke3chang,Chinese hackers APT 15 spied on UK military contractors.,2016-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Defence industry; ,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,Unknown - not attributed,,1,1031,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea,China,Unknown - not attributed,https://www.nccgroup.com/uk/about-us/newsroom-and-events/press-releases/2018/march/new-tools-uncovered-from-hacking-group-APT 15/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/china-linked-APT%2015-used-myriad-of-new-tools-to-hack-uk-government-contractor/130376/; https://www.nccgroup.com/uk/about-us/newsroom-and-events/press-releases/2018/march/new-tools-uncovered-from-hacking-group-APT 15/,2022-08-15,2023-01-19
873,#OpIcarus,"Anonymous and Ghost Squad have targeted many international banks and central banks with DDoS attacks, in protest against corruption.",2016-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None - None - None - None - None - None - None - None - None,Nepal; Kuwait; Chile; Greece; Mexico; Dominican Republic; Guernsey; Maldives; Netherlands; Kenya,ASIA; SASIA - ASIA; MENA; MEA; GULFC - SOUTHAM - EUROPE; NATO; EU(MS); BALKANS -  -  - EUROPE; NORTHEU - ASIA; SASIA - EUROPE; NATO; EU(MS); WESTEU - AFRICA; SSA,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance - Other (e.g., embassies); Finance - Other (e.g., embassies); Finance - Other (e.g., embassies); Finance - Other (e.g., embassies); Finance - Other (e.g., embassies); Finance - Finance - Other (e.g., embassies); Finance - Other (e.g., embassies); Finance - Other (e.g., embassies); Finance",Anonymous; GhostSquad,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,6340; 6340,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,Not available; Not available,,Anonymous; GhostSquad,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.rt.com/uk/342958-opicarus-anonymous-bank-england/; https://www.ibtimes.co.uk/op-icarus-anonymous-launches-ddos-attacks-8-international-banks-1558987; https://www.hackread.com/opicarus-anonymous-shut-down-5-more-banks/; https://www.ibtimes.co.uk/opicarus-ny-stock-exchange-us-federal-reserve-many-financial-institutions-attacked-by-anonymous-1560836,2022-08-15,2023-01-31
882,#OpSilence,"Ghost Squad Hackers Announce #OpSilence, Month-Long Attacks on Mainstream Media",2016-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Media,,GhostSquad,Unknown,Non-state-group,Hacktivist(s),1,1042,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml,2022-08-15,2022-11-02
874,Anonymous DDOS vs. North Carolina,"Anonymous hacked Government websites of North Carolina in protest against an ""anti-LGBT"" Bathroom Law",2016-05-14,2016-05-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1034,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-ddos-north-carolina-anti-lgbt-law/,2022-08-15,2022-11-02
875,Tutorial Attack,"PhineasFisher attacked the Catalan police union, defaced it's website, plundered their webserver, published personal information about policeofficers and hijacked their Twitteraccount, to protest their past extremely questionable and likely criminal behavior. He recorded the attack and made it public as a tutorial video",2016-05-19,2016-05-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Police,Phineas Fischer,Unknown,Individual hacker(s),,1,1035,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Phineas Fischer,Unknown,Individual hacker(s),,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.helpnetsecurity.com/2016/05/20/phineas-fisher-records-latest-attack/,2022-08-15,2022-11-02
876,GhostSquad vs. Trump,GhostSquad conducted a DDoS attack on the Trump Hotel Collection website to target Trump’s hate mongering,2016-05-21,2016-05-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,GhostSquad,Unknown,Non-state-group,Hacktivist(s),1,1036,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/donald-trump-hotel-collections-website-down/,2022-08-15,2022-11-02
877,Attack on Irans Statistical Centre,"Iran's cyber police claim Statistical Centre was attacked by hackers in three Arab countries, including Saudi Arabia",2016-05-24,2016-05-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,"Iran, Islamic Republic of",ASIA; MENA; MEA,State institutions / political system,Civil service / administration,,Saudi Arabia,Non-state-group,Criminal(s),1,1037,NaT,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Saudi Arabia,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/iran-cyber-police-claim-saudi-arabia-behind-hacking-government-website-1562673,2022-08-15,2022-11-02
878,Gambling Hack,Hackers target Czech Republic gov’t sites over plans to block gambling domains,2016-05-30,2016-05-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Czech Republic,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Legislative; Police; Intelligence agencies,Anonymous,Czech Republic,Non-state-group,Hacktivist(s),1,1038,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Czech Republic,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://calvinayre.com/2016/06/01/business/hackers-target-czech-republic-plans-gambling-domains/; https://news.softpedia.com/news/anonymous-hackers-attack-czech-finance-minister-because-of-online-gambling-law-506946.shtml,2022-08-15,2022-11-02
879,Anonymous DataLeak Spanish Police,"Anonymous leaked personal details of 5,000 Spanish cops online as a protest against the gag law",2016-05-31,2016-05-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Spain,EUROPE; NATO; EU(MS),State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1039,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-spanish-police-against-gag-law/,2022-08-15,2022-11-02
880,Ukraine-based hacking group Bad Magic aka Red Stinger stole data from at least 70 organizations from various sectors in Ukraine beginning in June 2016,"#Operation BugDrop: Ukraine-based hacking group Bad Magic aka Red Stinger stole data from at least 70 organizations from various sectors in Ukraine from June, 23 to October, 27, 2016, U.S.-based IT company CyberX reported on February 15, 2017. 
The affected organizations belonged to critical infrastructure, research, and media in the embattled Ukrainian regions of Donetsk and Luhansk, although organizations from Russia, Saudi Arabia, and Austria were also targeted to a small extent. At least 70 organizations were targeted, including a company that designs control systems for oil and gas infrastructure; an international organization that monitors human rights, counterterrorism, and cyberattacks on critical infrastructure in Ukraine; and an engineering company that designs substations, gas distribution pipelines, and water supply facilities; editors of Ukrainian newspapers and a scientific research institute.
In 2023, the Russian IT company discovered the two cyber operations CloudWizard and CommonMagic and stated in a technical report that the actor behind Operation BugDrop in 2016 and Operation GroundBait in 2015, is the same actor as the actor behind CloudWizard and CommonMagic, Kaspersky dubbed this actor Bad Magic.",2016-06-23,2016-10-27,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available,Russia; Austria; Saudi Arabia; Ukraine,EUROPE; EASTEU; CSTO; SCO - EUROPE; EU(MS); WESTEU - ASIA; MENA; MEA; GULFC - EUROPE; EASTEU,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - International / supranational organization; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Research;  - Research;  - Research;  - ; Research; ; ,Red Stinger / Bad Magic,Ukraine,Unknown - not attributed,,2,10227; 10226,2023-05-19 00:00:00; 2017-02-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Kaspersky; CyberX,Kaspersky; ,Russia; United States,Red Stinger / Bad Magic; Not available,Ukraine; Not available,Unknown - not attributed; Unknown - not attributed,https://web.archive.org/web/20171202045106/https:/cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/; https://securelist.com/cloudwizard-apt/109722/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://cyberx-labs.com/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/; https://twitter.com/Arkbird_SOLG/status/1659910150306557953; https://www.darkreading.com/attacks-breaches/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine; https://twitter.com/e_kaspersky/status/1659523123111243776; https://web.archive.org/web/20171202045106/https:/cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/; https://securelist.com/cloudwizard-apt/109722/,2022-08-15,2023-12-09
881,Pakistani Defacement,"Pakistani Hackers Deface Websites for Seven Indian Embassies, One Police Station",2016-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,; Police,Team Pak,Pakistan,Non-state-group,Hacktivist(s),1,1041,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Pak,Pakistan,Non-state-group,,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/pakistani-hackers-deface-websites-for-seven-indian-embassy-one-police-station-505119.shtml,2022-08-15,2022-11-02
818,Windshift vs. Banks,The APT Windshift attacked the financial system in South Asia with an tailormade attack against one of the local office variants.,2016-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Myanmar; Sri Lanka; Uganda,ASIA; SEA - ASIA; SASIA - AFRICA; SSA,State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure,Government / ministries; Finance - Government / ministries; Finance - Government / ministries; Finance,Bahamut/The White Company/Windshift; Windshift,Unknown; Unknown,Non-state-group; Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities; Private technology companies / hacking for hire groups without state affiliation / research entities,1,969; 969,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Bahamut/The White Company/Windshift; Windshift,Unknown; Unknown,Non-state-group; Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf; https://securelist.com/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/76717/,2022-08-15,2023-03-13
816,Oplan 5027 breach,"North Korean Hackers hacked south-Korean government servers, accessing details about an warplan concerning a conventional first-strike of North Korea against South Korea",2016-01-01,2016-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system,Military,,"Korea, Democratic People's Republic of",State,,1,967,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,System / ideology; Resources; International power,System/ideology; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thediplomat.com/2017/04/north-korean-hackers-may-have-seen-secret-us-south-korea-war-plans/,2022-08-15,2022-11-02
906,DDOS attack on austrian central bank,A turkish hacktivist group managed to overload the website of the austrian central bank via an DDOS-attack,2016-09-13,2016-09-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,Austria,EUROPE; EU(MS); WESTEU,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",,Turkey,Non-state-group,Hacktivist(s),1,6269,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,Not available,,,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://kurier.at/chronik/wien/hacker-attackierten-oesterreichische-nationalbank/220.829.900,2022-08-15,2023-03-13
771,APT 16 vs. Taiwan and Japan,"Between November 26, 2015, and December 1, 2015, known and suspected China-based APT  groups launched several spear phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries",2015-11-26,2015-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Taiwan; Japan,ASIA; SCS - ASIA; SCS; NEA,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,Government / ministries; ;  - Government / ministries; ; ,APT 16,China,Unknown - not attributed,,1,915,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 16,China,Unknown - not attributed,https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html,2022-08-15,2022-11-02
751,Mallu Cyber Soldiers retaliation,Indian Hackers Deface Over 40 Pakistani Websites Hours After Two Indian Government Portals Were Hacked,2015-09-27,2015-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system; Media,Government / ministries; ,Mallu Cyber Soldiers,India,Non-state-group,Hacktivist(s),1,893,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Mallu Cyber Soldiers,India,Non-state-group,,System / ideology; Territory,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
752,North Korean Lazarus group conducts operations against banks in Vietnam and the Philippines starting in October 2015,Symantec's researchers said in December 2016 they have uncovered an attack against a bank in the Philippines and in Vietnam that started in October 2015. Symantec said the evidence indicated responsibility of the North Korean Lazarus Group.,2015-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,Not available,Philippines,ASIA; SCS; SEA,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State,,2,16710; 16710; 16711; 16711,2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00; 2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,; ; ; ,; ; Not available; Not available,; ; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State; State; State,https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks; https://us-cert.cisa.gov/ncas/alerts/aa20-239a,Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.sfgate.com/business/article/North-Korea-linked-to-digital-thefts-from-global-7951583.php; https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks; https://us-cert.cisa.gov/ncas/alerts/aa20-239a,2022-08-15,2024-02-01
753,South Korean Lawmakers Hack,"North Korean hackers stole files from the computers of South Korean lawmakers and hacked into servers at the presidential Blue House,according to Seoul's spyagency. South Korea's NationaI Intelligence Service said Tuesday government auditdata was stolen from three personal computers that belong to members of the National Assembly,News is reported.",2015-10-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,"Korea, Republic of",ASIA; SCS; NEA,State institutions / political system; State institutions / political system,Government / ministries; Legislative,,"Korea, Democratic People's Republic of",Unknown - not attributed,,1,896,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,"Korea, Democratic People's Republic of",Unknown - not attributed,https://www.upi.com/Top_News/World-News/2015/10/20/Spy-agency-North-Korea-hackers-stole-sensitive-South-Korean-data/9041445353950/,International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.upi.com/Top_News/World-News/2015/10/20/Spy-agency-North-Korea-hackers-stole-sensitive-South-Korean-data/9041445353950/,2022-08-15,2022-11-02
754,Anonymous Data Leak,Anonymous Leaks Chinese Government Website Data Over Hong Kong Protests,2015-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,897,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
755,Targeting of the HongKong Opposition,Allegedly Chinese state affiliated hackers compromised popular file-sharing services including Dropbox and GoogleDrive GOOGL.O to trap victims into downloading infected files and compromising sensitive information.,2015-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Hong Kong,ASIA,State institutions / political system; End user(s) / specially protected groups,Political parties; ,,China,State,,2,898; 899,2015-01-01 00:00:00; 2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; IT-security community attributes attacker,,,,,China; China,"State; Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-cybersecurity-hongkong-insight/on-chinas-fringes-cyber-spies-raise-their-game-idUSKBN0TI0WF20151130,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-cybersecurity-hongkong-insight/on-chinas-fringes-cyber-spies-raise-their-game-idUSKBN0TI0WF20151130,2022-08-15,2022-11-02
756,US-DOS-Hack 2015,"During October 2015, Iranian hackers identified individual State Department officials who focus on Iran and the Middle East, and broke into their email and social media accounts.",2015-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,900,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.nytimes.com/2015/11/25/world/middleeast/iran-hackers-cyberespionage-state-department-social-media.html,2022-08-15,2022-11-02
757,DDOS vs. Thai Government,Thai government websites hit by denial-of-service attack,2015-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Thailand,ASIA; SEA,State institutions / political system,Government / ministries,Anonymous,Thailand,Non-state-group,Hacktivist(s),1,901,NaT,Domestic legal action,Attribution by receiver government / state entity,,,,Anonymous,Thailand,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bleepingcomputer.com/news/government/thai-police-arrests-nine-anonymous-hackers-for-role-in-opsinglegateway-attacks/; http://www.bbc.com/news/world-asia-34409343,2022-08-15,2022-11-02
758,Talk-Talk-Hack,"In October, hackers obtained the details of nearly 157,000 TalkTalk customers, 15,000 of which had their bankdetails accessed.",2015-10-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,United Kingdom,Non-state-group,Criminal(s),1,902,NaT,Domestic legal action,Attribution by receiver government / state entity,,,,,United Kingdom,Non-state-group,https://www.heise.de/newsticker/meldung/TalkTalk-Hack-Mehrmonatige-Haftstrafen-fuer-zwei-Taeter-4226949.html; https://www.theguardian.com/technology/2015/oct/23/talktalk-criticised-for-poor-security-and-handling-of-hack-attack; https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-talktalk-breach-timeline-of-a-hack/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/business/2015/dec/15/talktalk-hack-could-not-have-been-prevented-by-cyber-essentials; https://www.heise.de/newsticker/meldung/TalkTalk-Hack-Mehrmonatige-Haftstrafen-fuer-zwei-Taeter-4226949.html; https://www.theguardian.com/technology/2015/oct/23/talktalk-criticised-for-poor-security-and-handling-of-hack-attack; https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-talktalk-breach-timeline-of-a-hack/,2022-08-15,2022-11-02
759,Seven Pointed Dagger/Myanmar Elections,APT  groups from multiple countries-including China-have been known to target organizations of strategic interest with aggressive malware-based espionage campaigns. Initial investigation of malware properties has led to the discovery of a Myanmar website related to elections that was hosting PlugX malware.,2015-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Myanmar,ASIA; SEA,State institutions / political system; State institutions / political system,Civil service / administration; Election infrastructure / related systems,Group27,China,Unknown - not attributed,,1,903,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Group27,China,Unknown - not attributed,http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf; https://news.softpedia.com/news/this-year-s-most-active-cyber-espionage-groups-505402.shtml,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.com/2016/01/12/seven_pointed_dagger_cyberspies/; http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf; https://news.softpedia.com/news/this-year-s-most-active-cyber-espionage-groups-505402.shtml,2022-08-15,2022-11-02
760,Bl@ck Dr@gon vs. PPP,"Pakistan Peoples Party’s website was hacked and defaced by Indian hackers over a controversial statement made by PPP’s Leader Bilawal Bhutto Zardari, that he will take back the entire Kashmir inch by inch.",2014-10-08,2014-10-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Political parties,Bl@ckDr@gon,India,Non-state-group,Hacktivist(s),1,13620,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Bl@ckDr@gon,India,Non-state-group,,System / ideology; Territory,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.techworm.net/2014/10/indo-pak-cyber-war-in-offing.html,2022-08-15,2023-10-12
761,Anonymous Defacement of HongKong Sites,Anonymous hacked and defaced many Hong Kong based websites including few of the Chinese Government websites,2014-10-03,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,China,ASIA; SCS; EASIA; NEA; SCO,State institutions / political system,Government / ministries,Anonymous; Antisec Division,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,13623; 13623,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,Not available; Not available,,Anonymous; Antisec Division,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,,2022-08-15,2023-10-12
762,EPSAwakens,Chinese Hackers Target Taiwanese Politicians Just Before Elections,2015-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,Taiwan,ASIA; SCS,State institutions / political system; State institutions / political system; Media,Intelligence agencies; ; ,APT 16,China,"Non-state actor, state-affiliation suggested",,1,906,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 16,China,"Non-state actor, state-affiliation suggested",,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/chinese-hackers-target-taiwanese-politicians-just-before-elections-497978.shtml,2022-08-15,2022-11-02
763,Anonymous vs. Thai Police,Anonymous hacked Servers of Thai Police and leaked data to protest against internet censorship,2015-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Thailand,ASIA; SEA,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,907,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-thailand-police-against-censorship/,2022-08-15,2022-11-02
764,Israeli Generals-Iran-Hack,"Israeli Generals have been targeted by Iran, according to an Israeli IT-security company.",2015-11-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,State institutions / political system; Social groups; Science,Military; Advocacy / activists (e.g. human rights organizations); ,,"Iran, Islamic Republic of",State,,1,908,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,"Iran, Islamic Republic of",State,https://www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/,2022-08-15,2022-11-02
765,Dropping Elephant targets Diplomats,Dropping Elephant targets multiple diplomatic and government entities with a particular focus on China and its international affairs,2015-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None,China; Pakistan; Sri Lanka; United States; Uruguay; Bangladesh; Taiwan; Australia,ASIA; SCS; EASIA; NEA; SCO - ASIA; SASIA; SCO - ASIA; SASIA - NATO; NORTHAM - SOUTHAM - ASIA; SASIA - ASIA; SCS - OC,State institutions / political system; Media - State institutions / political system; Media - State institutions / political system; Media - State institutions / political system; Media - State institutions / political system; Media - State institutions / political system; Media - State institutions / political system; Media - State institutions / political system; Media,;  - ;  - ;  - ;  - ;  - ;  - ;  - ; ,Monsoon/Patchwork/Dropping Elephant; Monsoon/Patchwork/Dropping Elephant,India; India,Unknown - not attributed; Unknown - not attributed,,1,909,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Monsoon/Patchwork/Dropping Elephant,India,Unknown - not attributed,https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/the-dropping-elephant-actor/75328/; https://www.helpnetsecurity.com/2016/07/11/cyber-espionage-low-profile-tools-high-profile-targets/; https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/,2022-08-15,2023-10-05
766,Capture the Backdoor,"The Brazilian Army's servers got hacked, resulting in personal details of about 7,000 officers getting leaked.",2015-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Brazil,SOUTHAM,State institutions / political system,Military,,Unknown,Non-state-group,Hacktivist(s),1,910,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.zdnet.com/article/brazilian-army-gets-hacked/,2022-08-15,2022-11-02
767,CWA-FBI-Hack,"A group of hackers claims to have breached an FBI information-sharing portal and gained access to numerous sensitive systems,including records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.",2015-11-08,2015-11-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Police,Crackas With Attitude,Unknown,Non-state-group,Hacktivist(s),1,911,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Crackas With Attitude,Unknown,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bankinfosecurity.com/hackers-claim-fbi-information-sharing-portal-breach-a-8667,2022-08-15,2022-11-02
768,Tunisian Fallaga Team vs. Jewish School,Cyber-jihadists claim responsibility for hacking Europe’s biggest Jewish school,2015-11-11,2015-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Social groups,Religious,Tunisian Fallaga Team,Tunisia,Non-state-group,Hacktivist(s),1,912,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Tunisian Fallaga Team,Tunisia,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://nakedsecurity.sophos.com/2015/11/17/jewish-school-website-defaced-with-pro-islam-messages/,2022-08-15,2023-06-18
769,Monte Melkonian CyberArmy vs. Azerbaijani Central Bank,"Armenian Hackergroup ""Monte Melkonian CyberArmy"" hacks azerbijans Central Bank and leaked sensitive personal Data",2015-11-11,2015-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Azerbaijan,ASIA; CENTAS,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),1,6329,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Monte Melkonian Cyber Army,Armenia,Non-state-group,,Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/armenian-group-hacks-azerbaijan-central-bank/,2022-08-15,2023-03-13
750,Faisal vs. Government of Kerela,Pakistani hacker hacked the official website of the Government of Kerala,2015-09-27,2015-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Team Pak,Pakistan,Non-state-group,Hacktivist(s),1,892,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Pak,Pakistan,Non-state-group,,System / ideology; Territory,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.inquisitr.com/2451705/indian-hackers-deface-over-40-pakistani-websites-hours-after-two-indian-government-portals-were-hacked/,2022-08-15,2022-11-02
749,Anonymous vs. Vietnam Government,Anonymous Hacks Vietnam Govt websites Against Human Rights Abuse,2015-09-17,2015-09-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Vietnam,ASIA; SCS; SEA,State institutions / political system,Government / ministries,Anti Sec; Hagash Team,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,891; 891,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anti Sec; Hagash Team,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-vietnam-government-against/,2022-08-15,2022-11-02
748,Yemen Electronic Army vs. India,The hackergroup Yemeni electronic army defaced the website of the indian ministry of energy efficiency,2015-09-09,2015-09-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Yemeni Electronic Army,Yemen,Non-state-group,Hacktivist(s),1,890,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Yemeni Electronic Army,Yemen,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thehindubusinessline.com/news/govt-energy-website-hacked-yemeni-terrorist-group-takes-responsibility/article7633347.ece,2022-08-15,2022-11-02
737,Anonymous vs. Canadian Police,"Anonymous Targets Canadian Police, Crashes RCMP’s Website after Police killed one member of anonymus previosly",2015-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Canada,NATO; NORTHAM,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,877,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-targets-canadian-police-rcmps-website/; https://nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist,2022-08-15,2022-11-02
728,Malaysian Social Media Hacked,"Malaysian Police Facebook, Twitter Accounts Hacked by Pro-ISIS Hackers ""AnonGhost""",2015-06-13,2015-06-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Malaysia,ASIA; SCS; SEA,State institutions / political system,Police,AnonGhost; Pro-ISIS,Unknown; Unknown,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),1,867; 867,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,AnonGhost; Pro-ISIS,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/isis-hackers-malaysia-police-facebook-twitter-hack/,2022-08-15,2022-11-02
730,Anonymous vs. US Census Bureau,"Anonymous hacks US Census Bureau over TTIP agreement, leaking employee details online",2015-06-22,2015-06-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,869,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cbsnews.com/news/anonymous-hackers-claim-to-have-breached-census-bureau-database/; http://uk.businessinsider.com/anonymous-hackers-leak-4200-us-government-workers-alleged-details-to-protest-ttip-and-tpp-2015-7,2022-08-15,2022-11-02
731,Colin Powell Hacked,"Colin Powells Email account was hacked by Fancy Bear and one year later in 2016, emails have been leaked.",2015-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,870,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://www.apnews.com/3bca5267d4544508bb523fa0db462cb2; https://www.vice.com/en/article/mg7xjb/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf; https://www.apnews.com/3bca5267d4544508bb523fa0db462cb2; https://www.vice.com/en/article/mg7xjb/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts,2022-08-15,2022-11-02
732,Azerbaijan vs. Armenia July,"Armenian hackers from Monte Melkonian Cyber Army hacked into the official website of Azerbaijani customs, stealing highly confidential personal information of 5650 Azerbaijani citizens.",2015-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Azerbaijan,ASIA; CENTAS,End user(s) / specially protected groups,,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),1,871,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,https://www.hackread.com/armenian-azerbaijani-cyberwar/,Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/armenian-azerbaijani-cyberwar/,2022-08-15,2023-05-26
733,Leak of U.S. Military Personal Data 2015,Probably Russian Hackers leaked unclassified E-Mail access for thousands of military personal,2015-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Russia,"Non-state actor, state-affiliation suggested",,1,872,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Russia,"Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2015/aug/06/us-military-joint-chiefs-hacked-officials-blame-russia,2022-08-15,2022-11-02
734,Cyberberkut vs. Germany,The pro-Russian Hackgroup CyberBerkut claimed responsibility for the disruption of the website of the German Cancellor and Bundestag,2015-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system,Government / ministries; Legislative,Cyber Berkut,Russia,"Non-state actor, state-affiliation suggested",,2,874; 873,2015-01-01 00:00:00; 2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf; https://www.reuters.com/article/us-germany-cyberattack/pro-russian-group-claims-cyber-attack-on-german-government-websites-idUSKBN0KG15320150107,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/DDoS-Attacke-auf-Web-Seiten-von-Kanzlerin-und-Bundestag-2512871.html; https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf; https://www.reuters.com/article/us-germany-cyberattack/pro-russian-group-claims-cyber-attack-on-german-government-websites-idUSKBN0KG15320150107,2022-08-15,2022-11-02
735,Russian Attack on the Pentagon,Russian Threat actors tried to access the networks of the Pentagon via an phishing attack,2015-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Russia,"Non-state actor, state-affiliation suggested",,1,875,2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Russia,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://edition.cnn.com/2015/04/23/politics/russian-hackers-pentagon-network/,2022-08-15,2023-04-03
736,Hacking Team-Hack 2015,"The cybersecurity firm HackingTeam appears to have itself been the victim of a hack, with documents that purport to show its old software to repressive regimes being posted to the company’s own Twitterfeed.",2015-07-01,2015-07-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,Unknown - not attributed,,1,876,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,,Unknown,Unknown - not attributed,https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim; https://www.heise.de/news/Gruender-des-Hacking-Team-verhaftet-Verdacht-des-Mordversuchs-9545361.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag,2022-08-15,2023-12-01
738,British Television Station Hack,Fancy Bear infiltrated an unnamed british television station for more than a year.,2015-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Media,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,2,879; 878,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,"State; Non-state actor, state-affiliation suggested",https://www.gov.uk/government/news/uk-exposes-russian-cyber-attacks; https://www.secureworks.com/research/iron-twilight-supports-active-measures,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/russia-linked-fancy-bear-hackers-had-access-uk-television-station-almost-year-1603226; https://www.gov.uk/government/news/uk-exposes-russian-cyber-attacks; https://www.secureworks.com/research/iron-twilight-supports-active-measures,2022-08-15,2022-11-02
747,Russsian hacker group APT 28 distrupted French TV network TV 5Monde and took control over their social media accounts in April 205,"On April 8, 2015, the Russian APT 28 alias Fancy Bear took all TV broadcasts of the French TV channel TV5Monde off Air. The hacker group also took control of TV5Monde's Twitter and Facebook accounts and posted Islamist content. The hackers claimed to be a group called Cyber Caliphate, which was linked to the then very active Islamic State. In June 2015, an official spokesperson for the Paris prosecutor's office stated that the attack was likely linked to the Russian hacking group APT 28, which used the Islamic State's embassies to disguise its attack. The cyber security company Fire Eye also attributed the attack to the Russian hacker group and pointed out that APT 28's infrastructure was used in the attack. Russia rejected these claims.",2015-09-04,2015-10-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,TV5Monde,France,EUROPE; NATO; EU(MS); WESTEU,Media,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,16180; 16179,2015-06-11 00:00:00; 2015-06-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,Paquet de Paris; FireEye,Not available; FireEye,France; United States,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.secureworks.com/research/iron-twilight-supports-active-measures; https://www.bankinfosecurity.com/french-officials-detail-fancy-bear-hack-tv5monde-a-9983,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-france-russia-cybercrime/france-probes-russian-lead-in-tv5monde-hacking-sources-idUSKBN0OQ2GG20150610; https://www.hackread.com/france-tv5monde-hack-isis-russia/; https://www.secureworks.com/research/iron-twilight-supports-active-measures; https://www.bankinfosecurity.com/french-officials-detail-fancy-bear-hack-tv5monde-a-9983; https://www.reuters.com/article/us-france-television-islamists/french-broadcaster-tv5monde-hit-by-islamist-hackers-idUSKBN0N00HA20150409; https://twitter.com/Cyber_O51NT/status/1633131784568463361; https://www.generation-nt.com/actualites/bfmtv-rmc-panne-diffusion-incident-technique-cyberattaque-2046224,2022-08-15,2024-01-12
739,US Dept of Energy and NATO websites hacked by ISIS,Subdomain of U.S. Dept. Of Energy’s Argonne National Lab Hacked by ISIS Hackers,2015-07-08,2015-07-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None,NATO (institutions); United States, - NATO; NORTHAM,International / supranational organization; Science - International / supranational organization; Science,;  - ; ,Cyber Islamic State,Unknown,Non-state-group,Terrorist(s),1,880,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Islamic State,Unknown,Non-state-group,,System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/pro-isis-hackers-us-dept-of-energy/,2022-08-15,2022-11-02
740,OilRig Part1,"In autumn 2015, the defence industry in Saudi Arabia was attacked. The malware identified points to an association with APT34, a hacking group working on behalf of the Iranian government.",2015-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Saudi Arabia,ASIA; MENA; MEA; GULFC,Critical infrastructure; Critical infrastructure; Critical infrastructure,Telecommunications; Finance; Defence industry,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,6589,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/; https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html,2022-08-15,2023-03-13
741,Op Taiwan,Anonymous Brings Down Taiwan Government Websites,2015-07-31,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Taiwan,ASIA; SCS,State institutions / political system,Government / ministries,Anonymous Asia,Unknown,Non-state-group,Hacktivist(s),1,13619,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous Asia,Unknown,Non-state-group,,System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://international.thenewslens.com/article/21845; https://www.hackread.com/anonymous-brings-down-taiwan-govt-websites/,2022-08-15,2023-10-12
742,Anonymous vs. Mexican Government,"Anonymous Hacks Mexican Govt Website, Demand Justice For Rubén Espinosa",2015-08-08,2015-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Mexico,,State institutions / political system,Government / ministries,Anonymous,Mexico,Non-state-group,Hacktivist(s),1,883,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Mexico,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-mexico-ruben-espinosa/,2022-08-15,2022-11-02
743,DDOS vs. Minnesota Court System,The website of the Minnesota court system experienced multiple DDOS attacks during December 2015,2015-08-12,2015-12-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Judiciary,,Unknown,Unknown - not attributed,,1,884,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/ddos-attack-on-minnesota-court-system-website-takes-website-offline-for-ten-days-498741.shtml,2022-08-15,2022-11-02
744,Saudi Airforce Defacement,"Royal Saudi AirForce Website Hacked By Iranian Hackers ""Mr.Xpr!Iran Hack Security Team""",2015-08-23,2015-08-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system,Military,Iran Hack Security Team; Mr.Xpr!,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,885; 885,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Iran Hack Security Team; Mr.Xpr!,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,,System / ideology; National power; Subnational predominance,National power; Subnational predominance; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/saudi-airforce-hacked-iranian-hackers/,2022-08-15,2023-10-08
745,British National Crime Agency Website Hack 2015,ISIS Hackergroup Lizard Squad disrupted the Website of the British National Crime Agency for 30 Minutes,2015-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Police,Lizard Squad,Unknown,Non-state-group,Terrorist(s),1,886,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Lizard Squad,Unknown,Non-state-group,,System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/technology/2015/sep/01/lizard-squad-cyber-attackers-disrupt-national-agency-website,2022-08-15,2022-11-02
746,Cyber-Kommando Hack Telekommunikation Afghanistan,The German military hacked the networks of an Afghan telecommunication provider in order to get information regarding a hostage.,2015-09-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft,,Afghanistan,ASIA; SASIA,Critical infrastructure,Telecommunications,Cyber-Kommando Bundeswehr,Germany,State,,1,887,2016-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,Cyber-Kommando Bundeswehr,Germany,State,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.spiegel.de/politik/ausland/cyber-einheit-bundeswehr-hackte-afghanisches-mobilfunknetz-a-1113560.html,2022-08-15,2022-11-02
770,TurkHackTeam vs. Central Bank of Russia,"Turkish Hackergroup ""TurkHackTeam"" shutdown Russian Central banks Website after Russian military plane shut down by turkey",2015-11-25,2015-11-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),1,6328,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Turk Hack Team,Turkey,Non-state-group,,International power,International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.hackread.com/turkish-hackers-target-russian-central-bank-site/,2022-08-15,2023-03-13
772,Revenge for Mumbai 2008,Indian Hackers Deface 125 Pakistani Websites as Payback for Mumbai 2008 Attacks,2015-11-26,2015-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Mallu Cyber Soldiers; Kerala Cyber Warriors,India; India,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,916; 916,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Mallu Cyber Soldiers; Kerala Cyber Warriors,India; India,Non-state-group; Non-state-group,,System / ideology,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://news.softpedia.com/news/indian-hackers-deface-125-pakistani-websites-as-payback-for-mumbai-2008-attacks-496903.shtml,2022-08-15,2022-11-30
815,Smeshapp smashes Indian Cyberdefense,The pakistani secretservice managed to get members of the indian armed forces to install a spyware appposing as messenger app.,2016-01-01,2016-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,India,ASIA; SASIA; SCO,State institutions / political system,Military,ISI,Pakistan,State,,1,966,2016-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,ISI,Pakistan,State,,System / ideology; Resources; International power,System/ideology; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/smeshapp-removed-from-play-store-because-pakistan-used-it-to-spy-on-indian-army-501936.shtml; https://www.gadgetsnow.com/tech-news/Google-removes-app-used-by-Pakistan-to-snoop-on-Indian-Army-Report/articleshow/51406805.cms,2022-08-15,2022-11-02
773,Counter attack for the Indian revenge attack,Pakistani hackers retaliated by hacking the website of the Central Bank of India,2015-11-26,2015-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system; Critical infrastructure,"Other (e.g., embassies); Finance",,Pakistan,Non-state-group,Hacktivist(s),1,6326,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,,Pakistan,Non-state-group,,System / ideology,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,,2022-08-15,2023-01-31
796,APT 33 aka Holmium,"APT33 aka Holmium attacked companies worldwide from 2016 to 2019, mostly companies in the middle east from the aerospace and petrochemical sector but also governmental entities, data has been stolen, according to Fireeye and Symantec. The actual use of an observed wiper malware could not be confirmed.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None,"Saudi Arabia; United States; Korea, Republic of; Germany; India; United Kingdom; Italy; Middle East (region)",ASIA; MENA; MEA; GULFC - NATO; NORTHAM - ASIA; SCS; NEA - EUROPE; NATO; EU(MS); WESTEU - ASIA; SASIA; SCO - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS) - ,State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Energy; Transportation; Health; Chemicals; Defence industry;  - ; Energy; Transportation; Health; Chemicals; Defence industry;  - ; Energy; Transportation; Health; Chemicals; Defence industry;  - ; Energy; Transportation; Health; Chemicals; Defence industry;  - ; Energy; Transportation; Health; Chemicals; Defence industry;  - ; Energy; Transportation; Health; Chemicals; Defence industry;  - ; Energy; Transportation; Health; Chemicals; Defence industry;  - ; Energy; Transportation; Health; Chemicals; Defence industry; ,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,946,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html; https://www.recordedfuture.com/iranian-cyber-operations-infrastructure/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/elfin-apt33-espionage; https://www.recordedfuture.com/iranian-cyber-operations-infrastructure/,2022-08-15,2022-11-02
797,Cellebrite Hack,The israeli phone hacking company cellebrite has been hacked and sensitive information released.,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Data theft & Doxing,,Israel,ASIA; MENA; MEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,Individual hacker(s),,1,947,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),https://www.vice.com/en_us/article/3daywj/hacker-steals-900-gb-of-cellebrite-data,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.vice.com/en_us/article/3daywj/hacker-steals-900-gb-of-cellebrite-data,2022-08-15,2024-01-04
798,Tainted Leaks 2016,"Documents stolen from a prominent journalist and critic of the Russian government were manipulated and then released/leaked. The operation against the journalist led us to the discovery of a larger phishing operation, with over 200 unique targets spanning 39 countries (including members of 28 governments).",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,None - None - None - None - None - None - None - None - None,United States; Russia; Georgia; Armenia; Austria; Turkey; Canada; Afghanistan; Ukraine,NATO; NORTHAM - EUROPE; EASTEU; CSTO; SCO - ASIA; CENTAS - ASIA; CENTAS; CSTO - EUROPE; EU(MS); WESTEU - ASIA; NATO; MEA - NATO; NORTHAM - ASIA; SASIA - EUROPE; EASTEU,State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media,Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ;  - Government / ministries; Military; ; ; ; ; ; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Cyber Berkut",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,948; 948,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Cyber Berkut",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/,2022-08-15,2022-11-14
799,"Turla Malware ""Gazer""",Turla spies vs. Embassies and consulates around the world,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Europe (region),,State institutions / political system,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,949,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Unknown,"Non-state actor, state-affiliation suggested",https://www.zdnet.com/article/this-stealthy-malware-targets-embassies-in-snooping-campaign/; https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/this-stealthy-malware-targets-embassies-in-snooping-campaign/; https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf; https://twitter.com/DarkReading/status/1650627226939924480; https://socradar.io/apt-profile-turla/,2022-08-15,2023-04-26
800,Ethiopian Government vs. Targets worldwide,"A spy tool by the Israeli company Cyberbit was used by Ethiopian government agencies to spy on Oromo dissidents worldwide, according to a Citizen Lab report.",2016-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,None - None - None - None - None,Canada; United States; Norway; United Kingdom; Germany,NATO; NORTHAM - NATO; NORTHAM - EUROPE; NATO; NORTHEU - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU,Social groups - Social groups - Social groups - Social groups - Social groups,Political opposition / dissidents / expats - Political opposition / dissidents / expats - Political opposition / dissidents / expats - Political opposition / dissidents / expats - Political opposition / dissidents / expats,,Ethiopia,State,,1,950,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Ethiopia,State,https://www.wired.com/story/evidence-that-ethiopia-is-spying-on-journalists-shows-commercial-spyware-is-out-of-control/,Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://arstechnica.com/tech-policy/2017/12/exposed-ethiopias-nefarious-comically-bungled-spyware-campaign/; https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/; https://www.wired.com/story/evidence-that-ethiopia-is-spying-on-journalists-shows-commercial-spyware-is-out-of-control/,2022-08-15,2023-08-13
801,Charming kitten aka Flying Kitten against targets worldwide,"Charming Kitten spies on different targets worldwide, according to clearsky.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,"Iran, Islamic Republic of; United States; Israel; United Kingdom",ASIA; MENA; MEA - NATO; NORTHAM - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); NORTHEU,Social groups; Social groups; Media; Science - Social groups; Social groups; Media; Science - Social groups; Social groups; Media; Science - Social groups; Social groups; Media; Science,Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ;  - Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ;  - Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ;  - Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; ; ,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,951; 951,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.clearskysec.com/charmingkitten/,2022-08-15,2022-11-02
802,SEA android spyware,SEA android spyware,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,End user(s) / specially protected groups,,Syrian Electronic Army; Th3Pr0,Syria; Syria,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,952; 952,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Syrian Electronic Army; Th3Pr0,Syria; Syria,Non-state-group; Non-state-group,https://www.forbes.com/sites/thomasbrewster/2018/12/05/syrian-electronic-army-hackers-are-targeting-android-phones-with-fake-whatsapp-attacks/#39ad7cfd6ce4,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forbes.com/sites/thomasbrewster/2018/12/05/syrian-electronic-army-hackers-are-targeting-android-phones-with-fake-whatsapp-attacks/#39ad7cfd6ce4,2022-08-15,2022-11-02
803,Mobile malware FrozenCell,"Lookout researchers have discovered a new mobile surveillance tool family, FrozenCell. The threat is likely targeting employees of various Palestinian government agencies, security services, Palestinian students, and those affiliated with the Fatah political party.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Palestine,ASIA; MENA; MEA,State institutions / political system; End user(s) / specially protected groups; State institutions / political system; State institutions / political system,Government / ministries; ; Intelligence agencies; Political parties,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Unknown,Unknown - not attributed,,1,17161,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang,Unknown,Unknown - not attributed,https://blog.lookout.com/frozencell-mobile-threat,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/; https://blog.lookout.com/frozencell-mobile-threat,2022-08-15,2024-02-15
804,DomesticKittens,Surveillance operation dubbed DomesticKittens targeting ISIS supporters who are Iranian Citizens.,2016-01-01,2018-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"Iran, Islamic Republic of",ASIA; MENA; MEA,Social groups; Social groups; End user(s) / specially protected groups,Ethnic; Political opposition / dissidents / expats; ,Domestic Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,954,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Domestic Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/; https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/20190507_MB_HS_IRN%20V1_rev.pdf,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/; https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/20190507_MB_HS_IRN%20V1_rev.pdf,2022-08-15,2022-11-02
805,Operation Dustsky Part2,"After the release of Clearsky`s Report about the Operation Dustsky, the attacks immediately stopped, but only for 20 days. Analysing the second part of the campaign in their second report, Clearsky attributes both to the Palestine Terrorist Group Hamas.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,United States; Saudi Arabia; Palestine; United Arab Emirates; Israel; Egypt,NATO; NORTHAM - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - MENA; MEA; AFRICA; NAF,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; State institutions / political system; Critical infrastructure,Government / ministries; Finance; ; ; ; Defence industry - Government / ministries; Finance; ; ; ; Defence industry - Government / ministries; Finance; ; ; ; Defence industry - Government / ministries; Finance; ; ; ; Defence industry - Government / ministries; Finance; ; ; ; Defence industry - Government / ministries; Finance; ; ; ; Defence industry,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang; Hamas,Palestine; Palestine,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),1,17186; 17186,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang; Hamas,Palestine; Palestine,Non-state-group; Non-state-group,https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf; https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion,2022-08-15,2024-02-16
806,"Operation ""Glowing Symphony""","The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old CyberCommand together with allies such as the ASD (Australian agency) for the first time to mountcomputer -network attacks that are being used alongside more traditional weapons.",2016-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse,,Unknown,,Critical infrastructure,Health,Australian Signals Directorate (ASD); United States Cyber Command (US CYCOM),Australia; United States,State; State,,1,8648; 8648; 8648; 8648,2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00; 2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,; ; ; ,Not available; Not available; Not available; Not available,; ; ; ,Australian Signals Directorate (ASD); Australian Signals Directorate (ASD); United States Cyber Command (US CYCOM); United States Cyber Command (US CYCOM),Australia; United States; Australia; United States,State; State; State; State,https://www.abc.net.au/news/2019-12-18/inside-the-secret-hack-on-islamic-state-propaganda-network/11809426; https://www.abc.net.au/news/2019-12-18/inside-the-islamic-state-hack-that-crippled-the-terror-group/11792958?nw=0,System / ideology; Resources,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nytimes.com/2016/04/25/us/politics/us-directs-cyberweapons-at-isis-for-first-time.html?_r=0; https://www.abc.net.au/news/2019-12-18/inside-the-secret-hack-on-islamic-state-propaganda-network/11809426; https://www.abc.net.au/news/2019-12-18/inside-the-islamic-state-hack-that-crippled-the-terror-group/11792958?nw=0,2022-08-15,2023-03-13
807,Monokle,"Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android surveillanceware tools called Monokle that has possible connections to Russian threat actors. Lookout research indicates these tools are part of a targeted set of campaigns and are developed by the St.Petersburg, Russia-based company, Special Technology Centre, Ltd. (STC,Ltd.orSTC).",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Caucasus; Syria, - ASIA; MENA; MEA,Social groups; End user(s) / specially protected groups - Social groups; End user(s) / specially protected groups,Terrorist;  - Terrorist; ,Monokle; Special Technology Centre,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,957; 957,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Monokle; Special Technology Centre,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf?utm_source=BL&utm_medium=BL&utm_campaign=WW-MU-MU-MU-MU-P_NON-&utm_content=WP_Monokole%20.xml,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf?utm_source=BL&utm_medium=BL&utm_campaign=WW-MU-MU-MU-MU-P_NON-&utm_content=WP_Monokole%20.xml,2022-08-15,2022-11-02
808,Chinese state-sponsored group Buckeye (aka APT3) used NSA Tools to gain persistent access to target organizations since at least 2016,"The Chinese state-sponsored Buckeye (aka APT3) attack group was using Equation Group tools, for instance the so-called Trojan.Bemstour custom exploit tool that was needed to deliver the DoublePulsar backdoor to target systems, to gain persistent access to target organizations at least a year prior to the Shadow Brokers leak in 2017, according to a report by Symantec in 2019. The usage of NSA tools also included the exploitation of a zero-day-vulnerability. ",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Not available - Not available - Not available - Not available - Not available,Philippines; Hong Kong; Vietnam; Belgium; Luxembourg,ASIA; SCS; SEA - ASIA - ASIA; SCS; SEA - EUROPE; EU(MS); NATO; WESTEU - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Science - Critical infrastructure; Science - Critical infrastructure; Science - Critical infrastructure; Science - Critical infrastructure; Science,Telecommunications;  - Telecommunications;  - Telecommunications;  - Telecommunications;  - Telecommunications; ,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,11666,2019-05-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested",https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/; https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit; https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/; https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers,Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/; https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit; https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/; https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers,2022-08-15,2023-09-26
809,ViperRAT,APT targeting the Israeli Defense Force,2016-01-01,2016-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Israel,ASIA; MENA; MEA,State institutions / political system,Military,Hamas,Unknown,Unknown - not attributed,,1,959,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Hamas,Unknown,Unknown - not attributed,https://blog.lookout.com/viperrat-mobile-apt,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/breaking-the-weakest-link-of-the-strongest-chain/77562/; https://blog.lookout.com/viperrat-mobile-apt; https://socradar.io/threat-actor-profile-aridviper/,2022-08-15,2023-12-28
810,Italian MFA Hack,A threat actor compromised the Italian Ministry of Foreign Affairs’ computer  networks.,2016-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Government / ministries,,Russia,State,,1,960,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Russia,State,https://www.theguardian.com/world/2017/feb/10/russia-suspected-over-hacking-attack-on-italian-foreign-ministry,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/world/2017/feb/10/russia-suspected-over-hacking-attack-on-italian-foreign-ministry,2022-08-15,2022-11-02
811,Russian APTs hack Czech MFAI,"The Czech Security Intelligence Service (BIS) blamed two cyber-espionage groups--known as Turla and APT28 (Sofacy or Fancy Bear)--for hacks of the Ministry of Foreign Affairs (MFA), Ministry of Defense, and the Army of the Czech Republic. The hacks took place in different campaigns across 2016 and 2017. The BIS detected several attacks against Czech military targets, officials said.""The wave of spearphishing emails targeted mainly people from military diplomacy deployed in Europe. [...]A similar spearphishing attack targeted also European arms companies and a borderguard of a European state.""""The most serious included compromising of several private emailaccounts of people linked to the Ministry of Defense and the Army of the Czech Republic and compromising of an IP address belonging to the Ministry of Defense/CzechArmy by a malware known as X-Agent, Czech intelligence officials added.""",2016-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Czech Republic,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system; State institutions / political system,Government / ministries; Military,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia,State; State,,1,961; 961,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Russia,State; State,https://www.bis.cz/public/site/bis.cz/content/vyrocni-zpravy/2017-vz-cz.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/czech-republic-blames-russia-for-multiple-government-network-hacks/; https://www.bis.cz/public/site/bis.cz/content/vyrocni-zpravy/2017-vz-cz.pdf,2022-08-15,2022-11-02
812,APT  10 2016/2017 Operation,"Leveraging its global footprint, FireEye has detected APT 10 activity across six continents in 2016 and 2017. APT 10 has targeted or compromised manufacturing companies in India, Japan and Northern Europe; a mining company in South America; and multiple IT service providers worldwide. We believe these companies are a mix of final targets and organizations that could provide a foothold in a final target.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,India; Japan; Northern Europe; Global (region),ASIA; SASIA; SCO - ASIA; SCS; NEA -  - ,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  - ,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,1,962,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,Resources; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2017/04/APT%2010_menupass_grou.html,2022-08-15,2022-12-29
813,The eye on the nil,State-sponsored actors have phished access to e-mailaccounts of dissidents,2016-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,Egypt,MENA; MEA; AFRICA; NAF,State institutions / political system; Social groups; Social groups; Social groups; Media,; Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats; Other social groups; ,,Unknown,"Non-state actor, state-affiliation suggested",,2,963; 964,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites)",IT-security community attributes attacker; Attribution by third-party,,,,,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2019/the-eye-on-the-nile/,System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.amnesty.org/en/latest/research/2019/03/phishing-attacks-using-third-party-applications-against-egyptian-civil-society-organizations/; https://www.cyberscoop.com/egypt-hacking-check-point-technologies/; https://citizenlab.ca/2017/02/nilephish-report/; https://research.checkpoint.com/2019/the-eye-on-the-nile/; https://www.darkreading.com/dr-global/syealth-soldier-attacks-target-libyan-government-entities-surveillance-malware,2022-08-15,2023-06-23
814,Henbox attack on Uyghurs,"The Henbox malware by the APT  PKPLUG was used against Uyghurs, as well as targets in Myanmar, Mongolia and Taiwan with the goal of espionage",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,China; Myanmar; Taiwan; Mongolia,ASIA; SCS; EASIA; NEA; SCO - ASIA; SEA - ASIA; SCS - ASIA; EASIA; NEA,Social groups; End user(s) / specially protected groups - Social groups; End user(s) / specially protected groups - Social groups; End user(s) / specially protected groups - Social groups; End user(s) / specially protected groups,Ethnic;  - Ethnic;  - Ethnic;  - Ethnic; ,PKPLUG,China,Unknown - not attributed,,1,965,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,PKPLUG,China,Unknown - not attributed,https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/; https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/,Resources; Secession,Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/; https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/; https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/; https://www.hackread.com/plugx-malware-usb-windows-pcs/,2022-08-15,2023-01-30
795,Project Raven,"Former US-intelligence employees hacked on the behalf of the ARE regime opponents and rivals in the wake of the Qatar crisis 2017, later attributed to Stealth Falcon/Fruity Armor, also known as the IT Company Dark Matter.",2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,United Arab Emirates; Qatar; Oman; United Kingdom; United States; Turkey; Yemen,ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - EUROPE; NATO; EU(MS); NORTHEU - NATO; NORTHAM - ASIA; NATO; MEA - ASIA; MENA; MEA,State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media - State institutions / political system; State institutions / political system; Social groups; End user(s) / specially protected groups; Media,Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ;  - Government / ministries; ; Advocacy / activists (e.g. human rights organizations); ; ,Stealth Falcon/Fruity Armor; DarkMatter,United Arab Emirates; United Arab Emirates,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,945; 945,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution,,,,Stealth Falcon/Fruity Armor; DarkMatter,United Arab Emirates; United Arab Emirates,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-usa-spying-karma-exclusive/exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-idUSKCN1PO1AN; https://www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-usa-spying-karma-exclusive/exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-idUSKCN1PO1AN; https://www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/; https://securityaffairs.com/151298/malware/deadglyph-backdoor-middle-east.html,2022-08-15,2023-09-25
794,Sobotka-Mail-Hack,Right-wing extremists hack the Email-Account of the Czech primeminister Sobotka and publish parts of it on right-wingwebsites.,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,Czech Republic,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Government / ministries,Right-wing hackers,Czech Republic,Non-state-group,Hacktivist(s),1,944,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Right-wing hackers,Czech Republic,Non-state-group,https://www.golem.de/news/tschechien-rechte-hacker-knacken-e-mail-konto-von-regierungschef-1601-118339.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.golem.de/news/tschechien-rechte-hacker-knacken-e-mail-konto-von-regierungschef-1601-118339.html,2022-08-15,2022-11-02
793,Chinese use of zero-day Jian/EpMe,"Chinese state-sponsored group APT 31/Zirconium replicated a 0-day (CVE-2017-0005) and used it since 2015 until March 2017, inter alia on an American target.",2015-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,United States,NATO; NORTHAM,Unknown,,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",,1,943,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT31/Violet Typhoon fka ZIRCONIUM/BRONZE VINEWOOD/G0128/Judgment Panda/Red Keres/Altaire (Wuhan Xiaoruizhi Science and Technology Company, MSS Hubei State Security Department)",China,"Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2021/the-story-of-jian/; https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://research.checkpoint.com/2021/the-story-of-jian/; https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/,2022-08-15,2023-03-13
782,Anonymous vs. Government of Japan,Anonymus shut down Japan Primeministers Webpage to protest against whaling policy,2015-12-10,2015-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Japan,ASIA; SCS; NEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,929,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-targets-japan-prime-minister-website/,2022-08-15,2022-11-02
774,Anonymous vs. Iceland OPWhales,Anonymus shut down every Ministry-Website of Iceland except of one to protest against whaling policy,2015-11-27,2015-11-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Iceland,EUROPE; NATO; NORTHEU,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,918,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-crushes-iceland-govt-for-whale-slaughter/,2022-08-15,2022-11-02
775,Anonymous vs UNCCC,Anonymus hacked Website of UNCCC and leaked personal information about over thousand officials,2015-11-30,2015-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United Nations,,International / supranational organization,,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,919,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-un-climate-change-website/,2022-08-15,2022-11-02
776,Sandworm vs. Ukrainian Railway company and airport - 2015,"The disruptive malware KillDisk was detected in several ukrainian company networks, deleting critical data and making multiple computers unusable, this case refers to the the state-owned railway company and the international airport Borispol as victims. The attacks have been attributed to Sandworm, allegedly run by Russian military intelligence service GRU.",2015-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,Critical infrastructure,Transportation,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,2,3246; 3245,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,Not available; Not available,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48),System / ideology; Resources; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://thehackernews.com/2023/04/iranian-government-backed-hackers.html; https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48); https://www.securityweek.com/ukraine-accuses-russia-attack-kiev-airport; https://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0; https://www.virusbulletin.com/virusbulletin/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/,2022-08-15,2022-11-02
777,Chinese state-sponsored group APT3 (aka Gothic Panda) spied on the US company Trimble Inc. for several months until at least March 2016,"Chinese state-sponsored group APT3 (aka Gothic Panda), spied on the US company Trimble Inc. from December 2015 until at least March 2016, according to an US Department of Justice Indictment from September 2016 against three members of APT3 which were employees of the Chinese IT-company Boyusec, a front for the Ministry of State Security (MSS). Trimble Inc. was working on its Commercial GNSS Project at that time. APT3 stole at least 275 megabytes of data from the company, which was in part highly confidential and sensitive, because of its connection to the Commercial GNSS Project. APT3`s usual initial access vector as described in the indictment was spear phishing. The same indictment also detailed APT3 attacks on Siemens and Moody`s. Notably, the US DoJ indictment did only name the indicted individuals and their official positions within Boyusec, but neither their membership with APT3, nor Boyusec`s reported affiliation with the MSS, which was already publicly known at that time, especially due to the blog posts by the anonymous threat intelligence collective Intrusion Truth. ",2015-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,Trimble Inc.,United States,NATO; NORTHAM,Critical infrastructure,Telecommunications,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",China,"Non-state actor, state-affiliation suggested",,2,11683; 11684; 11684; 11684; 11684; 11684; 11684,2017-05-09 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00; 2017-09-13 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action",Attribution by third-party; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Intrusion Truth; US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ),Not available; Not available; Not available; Not available; Not available; Not available; Not available,Not available; United States; United States; United States; United States; United States; United States,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Wu Yingzhuo (Boyusec); Wu Yingzhuo (Boyusec); Dong Hao (Boyusec); Dong Hao (Boyusec); Xia Lei (Boyusec); Xia Lei (Boyusec)",China; China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",https://intrusiontruth.wordpress.com/2017/05/09/APT%203-is-boyusec-a-chinese-intelligence-contractor/,System / ideology; International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.justice.gov/opa/press-release/file/1013866/download; https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/; https://intrusiontruth.wordpress.com/2017/05/09/APT%203-is-boyusec-a-chinese-intelligence-contractor/,2022-08-15,2023-09-26
778,Iranian-developed SamSam ransomware deployed against hospitals and public institutions in the US and Canada dating back to 2015,"Two Iranian hackers targeted over 200 victims with ransomware, including hospitals, municipalities, and other public institutions across Canada and ten states in the US, causing losses in excess of $30 million. Both perpetratos were named by the US Department of Justice in a first-ever indictment focused on ransomware unsealed on 28 November 2018.",2015-12-01,2018-09-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,Government / ministries; ; ,,"Iran, Islamic Republic of",Non-state-group,Criminal(s),1,3871,NaT,Political statement/report and indictment / sanctions,Attribution by receiver government / state entity,,Not available,,,"Iran, Islamic Republic of",Non-state-group,https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public; https://www.justice.gov/opa/press-release/file/1114741/download,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public; https://www.justice.gov/opa/press-release/file/1114741/download; https://socradar.io/evolution-of-ransomware-so-far-and-hereafter/,2022-08-15,2023-03-10
779,Patchwork vs. Global targets related to South East Asian topics,"""Patchwork""conducts cyberattacks tied to Southeast Asia and the South China Sea against governments and entities especially in USA and Europe",2015-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,None - None,United States; Global (region),NATO; NORTHAM - ,State institutions / political system; State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system; State institutions / political system,Government / ministries; Military; Intelligence agencies - Government / ministries; Military; Intelligence agencies,Monsoon/Patchwork/Dropping Elephant,India,Unknown - not attributed,,1,925,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Monsoon/Patchwork/Dropping Elephant,India,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/,2022-08-15,2023-10-05
780,Anonymous attack on Turkish Pages,"Turkey is being hit by a massive cyber attack (DDoS attacks) allegedly carried out by the hacktivist group Anonymous. The targets of the attacks include government and bank websites.
The group released a video claiming that it crashed the servers because of Turkey's alleged links to the Islamic State (ISIS).",2015-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Turkey,ASIA; NATO; MEA,State institutions / political system; Critical infrastructure,Government / ministries; Finance,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,6588,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Anonymous,Unknown,Non-state-group,,System / ideology,System/ideology; Resources; Third-party intervention / third-party affection,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/anonymous-turkey-reeling-under-cyber-attack-government-banks-sites-paralysed-1534984,2022-08-15,2023-03-13
781,Dragonfly 2.0 (2015-2017),"Dragonfly resurfaced by infiltrating energy facilities in the US, Turkey and Switzerland. The US government attributed this recent campaign directly to the Russian state. An US indictment from August 26, 2021 charged three Russian hackers from the Military Unit 71330 or “Center 16” of the FSB for the campaign. ",2015-12-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse, -  - ,Turkey; United States; Switzerland,ASIA; NATO; MEA - NATO; NORTHAM - EUROPE; WESTEU,Critical infrastructure - Critical infrastructure - Critical infrastructure,Energy - Energy - Energy,"Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330))",Russia,State,,3,2343; 2343; 2341; 2342,2018-03-15 00:00:00; 2018-03-15 00:00:00; 2017-10-20 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,Federal Bureau of Investigation (FBI); US Department of Homeland Security (DHS); Symantec; Dragos,Not available; Not available; ; ,United States; United States; United States; United States,"Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330)); Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330)); Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330)); Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330))",Russia; Russia; Unknown; Not available,State; State; Unknown - not attributed; Unknown - not attributed,https://www.us-cert.gov/ncas/alerts/TA18-074A; https://dragos.com/resource/dymalloy/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical; https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks; https://arstechnica.com/information-technology/2017/09/hackers-lie-in-wait-after-penetrating-us-and-europe-power-grid-networks/; https://www.us-cert.gov/ncas/alerts/TA18-074A; https://dragos.com/resource/dymalloy/; https://www.tripwire.com/state-of-security/latest-security-news/dragonfly-2-0-attack-campaign-targets-western-energy-sector/; https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks; https://www.cisa.gov/uscert/ncas/alerts/TA18-074A; https://edition.cnn.com/2018/03/15/politics/dhs-fbi-russia-power-grid/index.html,2022-08-15,2022-11-02
783,Anonymous vs. Donald trump,Anonymus shut down Donald Trumps Webpage to protest against anti-mulsim hatespeech,2015-12-11,2015-12-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,930,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-target-donald-trump-website/,2022-08-15,2022-11-02
792,PhantomLance / Oceanmobile,State-Sponsored hacker group APT 32/OceanLotus used malicious apps uploaded to the Google Play store to infect users in South Asia and South East Asia (but especially inside Vietnam) with spyware.,2015-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,India; Vietnam; Bangladesh; Indonesia; Nepal; Myanmar; Malaysia,ASIA; SASIA; SCO - ASIA; SCS; SEA - ASIA; SASIA - ASIA; SCS; SEA - ASIA; SASIA - ASIA; SEA - ASIA; SCS; SEA,End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups, -  -  -  -  -  - ,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,942,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",https://securelist.com/apt-phantomlance/96772/; https://blogs.blackberry.com/en/2019/10/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyberscoop.com/vietnamese-hackers-google-play-kaspersky-apt32/; https://securelist.com/apt-phantomlance/96772/; https://blogs.blackberry.com/en/2019/10/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform,2022-08-15,2023-11-30
784,CyberCaliphate leak of Stratcom data,Cyber Caliphate leakes sensitive personal Data of military personnel belonging to STRATCOM (including French officers),2015-12-13,2015-12-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,None - None,United States; France,NATO; NORTHAM - EUROPE; NATO; EU(MS); WESTEU,State institutions / political system - State institutions / political system,Military - Military,Lizard Squad,Unknown,Non-state-group,Terrorist(s),1,931,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Lizard Squad,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/isis-military-data-against-anonymous-isis-trolling-day/,2022-08-15,2022-11-02
785,Monte Melkonian CyberArmy vs. Azerbaijani Ministry of Labour,"Armenian Hackergroup ""Monte Melkonian CyberArmy"" hacks azerbaijan Ministry of Labour and Social Protection and Ministry of emergency situation stealing sensitive data about registered person",2015-12-18,2015-12-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Azerbaijan,ASIA; CENTAS,State institutions / political system,Government / ministries,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),1,932,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,,Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/armenians-hackers-hack-azerbaijani-ministry-servers/,2022-08-15,2022-11-02
786,Ukraine Power Outage 2015,"An Ukrainian Power Sector was taken down by a cyberattack, leading to a severe power outage",2014-05-12,2015-12-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,Critical infrastructure,Energy,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia,State; State,,3,13625; 13625; 13624; 13624; 13626; 13626,2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00; 2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,; ; ; ; ; ,Not available; Not available; ; ; Not available; Not available,; ; ; ; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia; Russia; Russia; Russia; Russia,"State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State",https://www.forbes.com/sites/thomasbrewster/2016/01/04/ukraine-power-out-cyber-attack/#e94a5386fa86; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.reuters.com/article/us-ukraine-crisis-malware-idUSKBN0UE0ZZ20151231,System / ideology; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Widespread effects, e.g., affecting different regions of country or a country as a whole (incident scores 2 points in intensity)",Short duration (< 24h; incident scores 1 point in intensity),6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.wired.com/story/ukraine-russia-wiper-malware/; https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/; https://twitter.com/BushidoToken/status/1629205223792156674; https://twitter.com/Dennis_Kipker/status/1629122902099361795; https://therecord.media/china-hacking-uk-members-parliament; https://www.govinfosecurity.com/ukraine-fends-off-sandworm-battlefield-espionage-ploy-a-22772; https://www.wired.com/story/poland-train-radio-stop-attack/; https://arstechnica.com/security/2023/08/russia-targets-ukraine-with-new-android-backdoor-intel-agencies-say/; https://cyberscoop.com/sandworm-ukraine-infamous-chisel/; https://www.wired.com/story/china-redfly-power-grid-cyberattack-asia/; https://nsarchive.gwu.edu/sites/default/files/documents/3891751/SANS-and-Electricity-Information-Sharing-and.pdf; https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf; http://securityaffairs.co/wordpress/55474/cyber-warfare-2/power-outage-2015-ukraine.html; https://www.forbes.com/sites/thomasbrewster/2016/01/04/ukraine-power-out-cyber-attack/#e94a5386fa86; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.reuters.com/article/us-ukraine-crisis-malware-idUSKBN0UE0ZZ20151231; https://www.virusbulletin.com/virusbulletin/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/; https://www.recordedfuture.com/from-coercion-to-invasion-the-theory-and-execution-of-china-cyber-activity; https://www.nytimes.com/interactive/2022/12/16/world/europe/russia-putin-war-failures-ukraine.html; https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022; https://www.cyberscoop.com/critical-infrastructure-cybersecurity-imperative/; https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/; https://twitter.com/CyberScoopNews/status/1619019403890233349; https://twitter.com/BlackBerrySpark/status/1620537202382983173,2022-08-15,2023-10-12
787,TurkHackTeam vs. Russian and Iranian Sites,The APT TurkHackTeam started DDOSing Russian and iranian ministry sites in response to the border conflict in Syria,2015-12-25,2016-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),1,936,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Non-state-group,,International power,International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/turk-hack-team-ddos-attacks-on-iran-russian/,2022-08-15,2022-11-02
788,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2015-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Defence industry; ,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,,1,937; 937,2020-01-01 00:00:00; 2020-01-01 00:00:00,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,2022-08-15,2022-11-02
789,Monsoon espionage campaign,"The indian hacking group ""Monsoon/ Patchwork"" conducted an espionage campaign on Chinese nationals within different industries and government agencies in Southern Asia in order to steal sensitive data.",2015-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,"Sri Lanka; Korea, Republic of; China",ASIA; SASIA - ASIA; SCS; NEA - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system; State institutions / political system; Social groups - State institutions / political system; State institutions / political system; State institutions / political system; Social groups - State institutions / political system; State institutions / political system; State institutions / political system; Social groups,Government / ministries; Military; ; Ethnic - Government / ministries; Military; ; Ethnic - Government / ministries; Military; ; Ethnic,Monsoon/Patchwork/Dropping Elephant; Operation Hangover,India; India,Non-state-group; Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities; Private technology companies / hacking for hire groups without state affiliation / research entities,1,938; 938,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Monsoon/Patchwork/Dropping Elephant; Operation Hangover,India; India,Non-state-group; Non-state-group,https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf,2022-08-15,2024-02-05
790,Leonardo Corp. Hack,"The italian aerospace and electronics group Leonardo was hacked and senistive data stolen from it by a hacking group,whose leader was tasked with securing the network systems of the company.",2015-05-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Italy,EUROPE; NATO; EU(MS),Critical infrastructure,Defence industry,,Italy,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,1,939,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Italy,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securityweek.com/italy-says-two-arrested-defense-data-theft,2022-08-15,2022-11-02
791,Nigeria Governorate surveillance,"Nigerian Governors of Rivers State, Delta State and Bayelsa State purchased surveillance tool ""Circles"" in order to spy on their political opponents in the upcoming elections.",2015-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,Nigeria,AFRICA; SSA,Social groups,Political opposition / dissidents / expats,Nigerian Defence Intelligence Agency,Nigeria,State,,2,941; 940,2016-01-01 00:00:00; 2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by third-party; Media-based attribution,,,,Nigerian Defence Intelligence Agency; Nigerian Defence Intelligence Agency,Nigeria; Nigeria,State; State,https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/; https://www.premiumtimesng.com/investigationspecial-reports/204987-investigation-governors-dickson-okowa-spend-billions-high-tech-spying-opponents-others.html,National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/; https://www.premiumtimesng.com/investigationspecial-reports/204987-investigation-governors-dickson-okowa-spend-billions-high-tech-spying-opponents-others.html,2022-08-15,2022-11-02
905,Australia census pages DDOS,Australia's first digital census website receives DDoS attacks and breaks down,2016-09-08,2016-09-08,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,Australia,OC,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1068,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/australias-first-digital-census-monumental-failure-website-goes-into-meltdown-1575307,2022-08-15,2022-11-02
907,Hack of AHRC,Hacker attacks American Human Rights Council and 62 other websites calling for jihad,2016-09-14,2016-09-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,Social groups,Other social groups,Muslim Leads,Unknown,Individual hacker(s),,1,1070,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Muslim Leads,Unknown,Individual hacker(s),,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/hacker-attacks-american-human-rights-council-62-other-websites-calling-jihad-1581813,2022-08-15,2022-11-02
1087,APT  10 vs. Airbus,"According to unnamed experts, probably the Chinese APT 10 spied on Airbus in 2018.",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft,,Europe (region),,Critical infrastructure; Critical infrastructure,Transportation; Defence industry,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); MSS",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1284; 1284,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); MSS",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-airbus-cyberattack-report/hackers-tried-to-steal-airbus-secrets-via-contractors-afp-idUSKBN1WB0U9,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.france24.com/en/20190926-airbus-hit-by-series-of-cyber-attacks-on-suppliers; https://www.reuters.com/article/us-airbus-cyberattack-report/hackers-tried-to-steal-airbus-secrets-via-contractors-afp-idUSKBN1WB0U9,2022-08-15,2022-11-02
1043,The Binary Guardians,"Hackers disrupted and shut down dozens of Venezuelan government and state-backed websites, pledging online support to a protest campaign against the country's leader, Nicolas Maduro.",2017-08-07,2017-08-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Venezuela,SOUTHAM,State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Legislative; Judiciary; Telecommunications,The Binary Guardians,Venezuela,Non-state-group,Hacktivist(s),1,1228,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Binary Guardians,Venezuela,Non-state-group,,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/our-struggle-digital-hackers-open-about-attacks-venezuelan-government-websites-1634050; https://phys.org/news/2017-08-cyberattack-millions-mobile-venezuela.html,2022-08-15,2022-11-02
1023,Trump-Duterte-Conversion Hack-->OceanLotus aka APT32,A stolen Trump-Duterte transcript appears to be just one part of a larger hacking story,2017-05-15,2017-05-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft & Doxing,,Philippines,ASIA; SCS; SEA,State institutions / political system; State institutions / political system,Government / ministries; Military,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Philippines,"Non-state actor, state-affiliation suggested",,1,1203,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Philippines,"Non-state actor, state-affiliation suggested",https://www.cyberscoop.com/apt-32-trump-duterte-hacking-xi-jinping-vietnam/,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyberscoop.com/apt-32-trump-duterte-hacking-xi-jinping-vietnam/,2022-08-15,2022-11-02
1024,ATP28 vs. Montenegro,A Russia-linked hacking group was found to have launched a spear-phishing campaign against Montenegro after the country announced its decision to join NATO,2017-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Montenegro,EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system,Government / ministries,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,1204,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://cyware.com/news/fireeye-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks-b8d077e5; https://www.darkreading.com/threat-intelligence/fireeye-finds-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks/d/d-id/1329060,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/59820/apt/apt28-targets-montenegro.html; https://cyware.com/news/fireeye-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks-b8d077e5; https://www.darkreading.com/threat-intelligence/fireeye-finds-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks/d/d-id/1329060,2022-08-15,2023-03-30
1025,A fake story was planted on the Qatar News Agency systems that sparked the Qatar Crisis in 2017,"According to an investigation by the FBI, Russian hackers may have planted a fake news story on the Qatar news agency’s website in May 2016 by hacking the agency`s system. The hack sparked one of the biggest crisis between Qatar and six Arab countries. Initially, unnamed observers suspected the United Arab Emirates as being involved, reported via media articles. The hack may also have precipitated the crisis that saw six Arab countries sever their relations with Qatar.",2017-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Disruption,Qatar News Agency,Qatar,ASIA; MENA; MEA; GULFC,Media,,Not available,United Arab Emirates,State,,4,6417; 6416; 6415; 6418,2017-06-01 00:00:00; 2017-06-07 00:00:00; 2017-06-07 00:00:00; 2017-06-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution; Attribution by third-party; Attribution by third-party,Not available; Not available; Federal Bureau of Investigation (FBI); US intelligence agencies,Not available; Not available; Not available; Not available,Qatar; Not available; United States; United States,Not available; Not available; Not available; Not available,United Arab Emirates; United Arab Emirates; Russia; United Arab Emirates,"State; Non-state actor, state-affiliation suggested; Non-state-group; State",https://www.theguardian.com/world/2017/jun/07/russian-hackers-qatar-crisis-fbi-inquiry-saudi-arabia-uae; https://www.aljazeera.com/news/2017/07/uae-arranged-hacking-qatari-media-washington-post-170717004353563.html; https://www.washingtonpost.com/world/national-security/uae-hacked-qatari-government-sites-sparking-regional-upheaval-according-to-us-intelligence-officials/2017/07/16/00c46e54-698f-11e7-8eb5-cbccc2e7bfbf_story.html?noredirect=on,System / ideology; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://www.bbc.com/news/world-middle-east-40026822; https://www.theguardian.com/world/2017/jun/07/russian-hackers-qatar-crisis-fbi-inquiry-saudi-arabia-uae; https://www.aljazeera.com/news/2017/07/uae-arranged-hacking-qatari-media-washington-post-170717004353563.html; https://www.washingtonpost.com/world/national-security/uae-hacked-qatari-government-sites-sparking-regional-upheaval-according-to-us-intelligence-officials/2017/07/16/00c46e54-698f-11e7-8eb5-cbccc2e7bfbf_story.html?noredirect=on; https://www.nytimes.com/2017/06/08/world/middleeast/qatar-cyberattack-espionage-for-hire.html; https://www.reuters.com/article/us-gulf-qatar-cyber-idUSKCN1B608L,2022-08-15,2023-08-07
1026,"Red Alpha Team Operation ""2017 hktechy""","Recorded Future discovered a new espionage campaign dubbed the""Red Alpha""APT  with Chinese origin. One part of it, the campaign""2017 hktechy""took place in 2017 against the Tibetan Community.",2017-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Ethnic,RedAlpha ,China,"Non-state actor, state-affiliation suggested",,1,1207,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,RedAlpha ,China,"Non-state actor, state-affiliation suggested",,System / ideology; Autonomy; Resources,System/ideology; Autonomy; Resources,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.recordedfuture.com/redalpha-cyber-campaigns/,2022-08-15,2022-11-02
1027,Attack on Al-Jazeera Media Network,The Al-Jazeera Media Network was attacked by an unknown hacker group. The group disrupted and hijacked the system afterwards. Then the website sent pro-iranien and pro-israelian contents for a couple of hours.,2017-06-08,2017-06-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,Qatar,ASIA; MENA; MEA; GULFC,Media,,,Unknown,Unknown - not attributed,,1,1208,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.aljazeera.com/news/2017/06/al-jazeera-media-platforms-cyberattack-170608170600837.html; https://www.nzz.ch/international/krise-am-golf-gross-angelegter-hackerangriff-auf-katarischen-sender-al-jazeera-ld.1299975,2022-08-15,2022-11-02
1028,Vigilance attacks the governmental site of Minnesota,"A hacker calling himself Vigilance hacks a database belonging to the Minnesota state government, and steals about 1,400 email addresses and passwords.",2017-06-16,2017-06-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Vigilance,Unknown,Individual hacker(s),,1,1209,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Vigilance,Unknown,Individual hacker(s),,System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.vice.com/en_us/article/ywzje5/hacktivist-breaks-into-minnesota-government-databases-to-protest-philando-castile-verdict,2022-08-15,2022-11-02
1029,ISIS hacks Argentinian military,A hackergroup of ISIS defaced the mainsite of the Argentinian military. As a result the site contained a message which was warning Argentinia about the ISIS in their country. After 20 minutes the army took down the site.,2017-06-19,2017-06-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Argentina,SOUTHAM,State institutions / political system,Military,Pro-ISIS,Unknown,Non-state-group,Hacktivist(s),1,1210,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pro-ISIS,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://en.mercopress.com/2017/06/20/argentine-army-s-website-hacked-by-isis; https://www.reuters.com/article/us-argentina-security-idUSKBN19A2R7,2022-08-15,2022-11-02
1030,Iran hacks UK parliament.,"Iran attacks 9,000 emailaccounts in UK parliament. Russia was initially blamed but investigators have traced the attack to the Tehran regime, TheTime scan reveal.",2017-06-23,2017-06-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Legislative,,"Iran, Islamic Republic of",State,,2,1211; 1212,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Attribution given, type unclear",Attribution by receiver government / state entity; Media-based attribution,,,,,"Iran, Islamic Republic of; Iran, Islamic Republic of",State; State,https://www.thetimes.co.uk/article/iran-attacks-9-000-email-accounts-in-parliament-w5mr836cg,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theguardian.com/politics/2017/jun/24/cyber-attack-parliament-email-access; https://www.thetimes.co.uk/article/iran-attacks-9-000-email-accounts-in-parliament-w5mr836cg,2022-08-15,2022-11-02
1031,ISIS hacks the governor's office of Ohio(USA),"Ohio Gov. John Kasich’s website is hacked ,appearing to show pro- ISIS propaganda. Ohio first lady Karen Kasich’s website, along with the Ohio Department of Rehabilitation and Corrections website, are also hacked.",2017-06-25,2017-06-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,Team System Dz; Pro-ISIS,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,1213; 1213,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Team System Dz; Pro-ISIS,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thehill.com/policy/cybersecurity/339395-kasichs-website-hacked-with-what-appears-to-be-pro-isis-messages,2022-08-15,2022-11-02
1032,"The Russian state-sponsored APT Sandworm initially targeted Ukrainian infrastructures with wiper-campaign called ""NotPetya"" since June 2017, affecting targets worldwide","The APT Sandworm which is affiliated with Russia's military intelligence service GRU used a Trojan to initially target Ukrainian infrastructure, including power companies, airports, and public transit, with a wiper called NotPetya, that should appear as ransomware. The initial access point was a Ukrainian tax software called MeDoc, which then infected almost all companies worldwide that pay taxes in Ukraine, causing a financial damage of reportedly more than 10 billion dollars. The IT-company ESET linked the campaign to the group Telebots (Sandworm), which evolved from BlackEnergy and is held responsible for the Industroyer/Crashoverride attacks against Ukrainian power grid in December 2016. Multiple governments attributed the campaign to Russia`s GRU and its Unit 74455 that is affiliated with Sandworm aka Telebots. NotPetya, just like WannaCry, uses the primary NSA vulnerability ""Eternal Blue"". On July 30 2020, the Counci of the European Union decided to sanction n July 2020, the European Council decided to sanction, within the framework of the EU cyber diplomacy toolbox, the Main Centre for Special Technologies of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU) for the attack. ",2017-06-27,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,None - None,Global (region); Ukraine, - EUROPE; EASTEU,Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Critical infrastructure,;  - Energy; Transportation; Finance,,Russia,State,,10,16202; 16199; 16201; 16198; 16196; 16204; 16203; 16200; 16197; 16195,2018-02-15 00:00:00; 2017-06-28 00:00:00; 2018-01-12 00:00:00; 2017-07-03 00:00:00; 2018-02-15 00:00:00; 2018-02-16 00:00:00; 2018-02-16 00:00:00; 2018-02-16 00:00:00; 2020-10-19 00:00:00; 2020-07-30 00:00:00,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Domestic legal action; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by EU institution/agency,"Lord (Tariq) Ahmad of Wimbledon (Minister of State for the Middle East, North Africa, South Asia and United Nations at the Foreign, Commonwealth & Development Office (FCDO), GBR); Roman Boyarchuk (Head of the Center for Cyber Protection within the State Special Communications Service of Ukraine (SSSCIP)); Central Intelligence Agency ; ESET; The White House; Government of Canada; Angus Taylor (Minister for Law Enforcement and Cyber Security, AUS);  Andrew Hampton (Director-General of the Government Communications Security Bureau (GCSB), NZL); US Department of Justice (DoJ); Council of the European Union (European Council)",Not available; Not available; Not available; ; Not available; Not available; Not available; Not available; Not available; Not available,United Kingdom; Ukraine; United States; Slovakia; United States; Canada; Australia; New Zealand; United States; EU (region),; ; ; ; ; ; ; ; ; ,Russia; Russia; Russia; Not available; Russia; Russia; Russia; Russia; Russia; Russia,"State; State; State; Non-state actor, state-affiliation suggested; State; State; State; State; State; State",https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.spiegel.de/politik/ausland/eu-beschliesst-sanktionen-gegen-hacker-aus-russland-und-china-a-77111293-2651-4bb8-a2e3-fb6c3a04eea5; https://www.wired.com/story/petya-ransomware-ukraine/; https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html; https://www.cyberscoop.com/uk-government-blames-russian-military-infamous-notpetya-cyberattacks/; https://blog.talosintelligence.com/2017/07/the-medoc-connection.html; https://www.reuters.com/article/us-ukraine-cybersecurity-sandworm-idUSKBN0UM00N20160108; https://trumpwhitehouse.archives.gov/briefings-statements/statement-press-secretary-25/; https://cse-cst.gc.ca/en/information-and-resources/news/cse-statement-notpetya-malware; https://www.dfat.gov.au/sites/default/files/australia-attributes-notpetya-malware-to-russia.pdf; https://www.gcsb.govt.nz/news/new-zealand-joins-international-condemnation-of-notpetya-cyber-attack/; https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020D1127&from=EN,International power,Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 2,6,2018-02-15 00:00:00; 2018-02-15 00:00:00; 2018-02-16 00:00:00; 2018-02-16 00:00:00; 2018-02-16 00:00:00; 2017-07-01 00:00:00,State Actors: Stabilizing measures; EU member states: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Preventive measures,Statement by head of state/head of government (or executive official); Statement by other ministers (or spokespersons)/members of parliament; Statement by head of state/head of government (or executive official); Statement by other ministers (or spokespersons)/members of parliament; Statement by head of state/head of government (or executive official); Awareness raising,United States; United Kingdom; Canada; Australia; New Zealand; United States,The White House; Lord (Tariq) Ahmad of Wimbledon (Foreign Office Minister; GBR); Government of Canada; Angus Taylor (Minister for Law Enforcement and Cyber Security; AUS); Andrew Hampton (Director-General of the Government Communications Security Bureau (GCSB); NZL); Cybersecurity and Infrastructure Security Agency (CISA),No,,Supply Chain Compromise,Data Destruction; Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),International peace; Sovereignty,Use of force; ,Not available,3,2019-01-12 00:00:00; 2018-03-15 00:00:00; 2020-07-30 00:00:00,Not available; Peaceful means: Retorsion (International Law); Peaceful means: Retorsion (International Law),; Economic sanctions; Economic sanctions,United States; United States; EU (region),Mondelez International; US Department of the Treasury; Council of the European Union (European Council),Sovereignty,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://twitter.com/lukOlejnik/status/1623630238163804160; https://www.spiegel.de/politik/ausland/eu-beschliesst-sanktionen-gegen-hacker-aus-russland-und-china-a-77111293-2651-4bb8-a2e3-fb6c3a04eea5; https://www.wired.com/story/petya-ransomware-ukraine/; https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html; https://www.cyberscoop.com/uk-government-blames-russian-military-infamous-notpetya-cyberattacks/; https://blog.talosintelligence.com/2017/07/the-medoc-connection.html; https://www.reuters.com/article/us-ukraine-cybersecurity-sandworm-idUSKBN0UM00N20160108; https://www.wired.com/story/white-house-russia-notpetya-attribution/; https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit/; https://www.govinfosecurity.com/oreo-maker-settles-insurer-over-notpetya-damages-claim-a-20396; https://www.welivesecurity.com/deutsch/2017/07/03/telebots-supply-chain-attack-gegen-ukraine/; https://trumpwhitehouse.archives.gov/briefings-statements/statement-press-secretary-25/; https://cse-cst.gc.ca/en/information-and-resources/news/cse-statement-notpetya-malware; https://www.dfat.gov.au/sites/default/files/australia-attributes-notpetya-malware-to-russia.pdf; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://home.treasury.gov/news/press-releases/sm0312; https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020D1127&from=EN; https://www.ncsc.gov.uk/news/russian-military-almost-certainly-responsible-destructive-2017-cyber-attack; https://www.cisa.gov/uscert/ncas/alerts/TA17-181A; https://www.cyberscoop.com/dhs-mayorkas-cybersecurity/; https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/; https://www.wired.com/story/worst-hacks-2022/; https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022; https://twitter.com/RecordedFuture/status/1619109632882135040; https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/; https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html; https://www.gcsb.govt.nz/news/new-zealand-joins-international-condemnation-of-notpetya-cyber-attack/; https://elpais.com/tecnologia/2023-02-14/por-que-rusia-no-ha-logrado-ganar-la-guerra-cibernetica-en-ucrania.html; https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html; https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html; https://twitter.com/RidT/status/1627423109459460097; https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months; https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/; https://www.wired.com/story/us-military-email-leak/; https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/; https://www.nrc.nl/nieuws/2023/02/26/zelfs-rusland-houdt-grote-cyberaanvallen-maar-eventjes-vol-a4158110; https://twitter.com/Dennis_Kipker/status/1629122902099361795; https://www.c4isrnet.com/cyber/2023/03/02/biden-vows-to-wield-all-instruments-in-fighting-cyber-threats/; https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/; https://twitter.com/UK_Daniel_Card/status/1653956738356326400; https://twitter.com/mikko/status/1654043917162086407; https://twitter.com/Dennis_Kipker/status/1654089757750620160; https://therecord.media/ukraine-ssscip-yurii-shchyhol-interview; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-10-supply-chain-attacks/; https://www.cybersecasia.net/news/what-are-the-riskiest-ot-and-ics-devices-across-critical-infrastructure-industries; https://nakedsecurity.sophos.com/2023/06/26/uk-hacker-busted-in-spain-gets-5-years-over-twitter-hack-and-more/; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://www.wired.com/story/poland-train-radio-stop-attack/; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-supply-chain-attacks/; https://thehackernews.com/2023/09/russian-state-backed-infamous-chisel.html; https://arstechnica.com/security/2023/08/russia-targets-ukraine-with-new-android-backdoor-intel-agencies-say/; https://cyberscoop.com/sandworm-ukraine-infamous-chisel/; https://www.darkreading.com/edge/why-identity-management-key-stopping-apt-cyberattacks; https://securityaffairs.com/152617/apt/sandworm-ukraine-telecommunication-service.html; https://securityaffairs.com/153920/apt/russian-sandworm-ot-attacks.html; https://www.techrepublic.com/article/sandworm-threat-actor-disrupts-power-ukraine/; https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://therecord.media/merck-insurance-settlement-notpetya; https://securityaffairs.com/156958/cyber-warfare-2/sandworm-inside-kyivstar-for-months.html; https://securityaffairs.com/156994/laws-and-regulations/merck-settles-notpetya-insurance.html; https://www.c4isrnet.com/opinion/2024/01/04/protecting-those-below-the-cyber-poverty-line-is-critical-to-everyone/; https://securityboulevard.com/2024/01/london-calling-hey-us-lets-chat-about-cyber-ai-the-next-wannacry/; https://www.aol.com/finance/10-billion-cyber-insurance-industry-213343656.html; https://www.cyberdefensemagazine.com/protecting-critical-infrastructure-from-cyber-attack/; https://thediplomat.com/2024/02/maritime-cybersecurity-an-emerging-area-of-concern-for-india/; https://www.kyivpost.com/post/28885; https://www.govtech.com/security/struggles-continue-as-fed-unitedhealth-confront-cyber-attack; https://www.chemietechnik.de/sicherheit-umwelt/ist-ihr-unternehmen-wirklich-gegen-cyberangriffe-versichert-117.html; https://www.turkiyegazetesi.com.tr/dunya/rus-hackerlar-abdnin-texas-eyaletindeki-bir-su-aritma-tesisine-siber-saldiri-duzenledi-1035726,2022-08-15,2024-01-17
1033,Gamefish,"The Russian hacker group known as APT28, or Fancy Bear, has targeted victims via their connections to hacked hotel Wi-Fi networks.",2017-07-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,Unknown,,Other,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1217,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html; https://www.fireeye.de/current-threats/apt-groups.html#apt28; https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html,Resources; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyberscoop.com/fancy-bear-eternal-blue-fire-eye/; https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html; https://www.fireeye.de/current-threats/apt-groups.html#apt28; https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html,2022-08-15,2022-11-02
1034,"APT ""Leafmine"" aka ""Raspite""","Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017. The group tends to adapt publicly available techniques and tools for their attacks and experiments with published proof-of-concept exploits. Leafminer attempts to infiltrate target networks through various means of intrusion: watering hole websites, vulnerability scans of network services on the internet, and brute-force/dictionary login attempts. The actor’s post-compromise toolkit suggests that the group is looking for email data, files, and database servers on compromised target systems.",2017-07-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,Saudi Arabia; Israel; Lebanon; Kuwait; United States; Japan; Europe (region),ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - NATO; NORTHAM - ASIA; SCS; NEA - ,State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Government / ministries; Intelligence agencies; Energy; Transportation; Chemicals; Telecommunications; Food; Finance - Government / ministries; Intelligence agencies; Energy; Transportation; Chemicals; Telecommunications; Food; Finance - Government / ministries; Intelligence agencies; Energy; Transportation; Chemicals; Telecommunications; Food; Finance - Government / ministries; Intelligence agencies; Energy; Transportation; Chemicals; Telecommunications; Food; Finance - Government / ministries; Intelligence agencies; Energy; Transportation; Chemicals; Telecommunications; Food; Finance - Government / ministries; Intelligence agencies; Energy; Transportation; Chemicals; Telecommunications; Food; Finance - Government / ministries; Intelligence agencies; Energy; Transportation; Chemicals; Telecommunications; Food; Finance,Leafminer/Raspite,"Iran, Islamic Republic of",Unknown - not attributed,,1,1218,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Leafminer/Raspite,"Iran, Islamic Republic of",Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://dragos.com/resource/raspite/; https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east,2022-08-15,2023-03-13
1035,National Australian University attacked by Chinese hackers,"China-based hackers have successfully infiltrated the IT systems at the Australian National University, potentially compromising the home of Australia's leading national security college and key defence research projects.",2017-07-06,2018-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ; ",Incident disclosed by authorities of victim state,Data theft,National Australian University,Australia,OC,State institutions / political system; Critical infrastructure; Education,Civil service / administration; Research; ,,China,"Non-state actor, state-affiliation suggested",,1,10757,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,Not available,,,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.smh.com.au/politics/federal/chinese-hackers-breach-anu-putting-national-security-at-risk-20180706-p4zq0q.htmlhttps://www.9news.com.au/national/2018/07/06/16/46/anu-hacked-china-security-threat,2022-08-15,2023-06-18
1036,New Details about SpringDragon (APT  of China),KasperskyLab reveals the details of a new wave of attacks carried on by a long running APT  actor dubbed SpringDragon (also known as LotusBlossom).,2017-07-24,2017-07-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,Taiwan; Indonesia; Philippines; Vietnam; Hong Kong; Malaysia; Thailand,ASIA; SCS - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA; SCS; SEA - ASIA - ASIA; SCS; SEA - ASIA; SEA,State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Political parties; Telecommunications; ;  - Government / ministries; Political parties; Telecommunications; ;  - Government / ministries; Political parties; Telecommunications; ;  - Government / ministries; Political parties; Telecommunications; ;  - Government / ministries; Political parties; Telecommunications; ;  - Government / ministries; Political parties; Telecommunications; ;  - Government / ministries; Political parties; Telecommunications; ; ,Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,China,"Non-state actor, state-affiliation suggested",,1,1220,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,China,"Non-state actor, state-affiliation suggested",,Territory; Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/61328/APT%20/spring-dragon-APT.html,2022-08-15,2022-11-02
1037,Rousseau,"In August anonymous hackers broke into Italy's 5-Star’s webplatform, called “Rousseau” and obtained secret data on ist members and donors.",2017-08-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption,,Italy,EUROPE; NATO; EU(MS),State institutions / political system; State institutions / political system,Political parties; Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1221,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-italy-politics-5star/hacking-attacks-a-pre-election-setback-for-italys-5-star-movement-idUSKBN1CA1TM,2022-08-15,2022-11-02
1038,Sandworm vs. GermanMedia - 2017,Fraudulent mails with malicious code addressed to German media companies and organizations in the field of chemical weapons research,2017-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Media; Science,Chemicals; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,2,3242; 3241,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution,,Not available; Not available,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.verfassungsschutz.de/embed/broschuere-2018-07-bfv-cyber-brief-2018-02.pdf; https://www.onvista.de/news/bfv-cyberangriffe-gegen-medienunternehmen-und-chemiewaffenforschung-105840187,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.heise.de/security/meldung/Verfassungsschutz-alarmiert-Cyberangriffe-auf-deutsche-Organisationen-4109407.html; https://www.verfassungsschutz.de/embed/broschuere-2018-07-bfv-cyber-brief-2018-02.pdf; https://www.onvista.de/news/bfv-cyberangriffe-gegen-medienunternehmen-und-chemiewaffenforschung-105840187,2022-08-15,2022-11-02
1039,"""Operation Parliament""",An unknown hacker group with the capabilities of a state-sponsored APT attacked several countries with espionage malware. Most of the targets were located in the MENA-region.,2017-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,Social groups,Advocacy / activists (e.g. human rights organizations),Operation Parliament/Gaza Cybergang Group 3 < Gaza Cybergang; Hamas,Unknown; Unknown,State; State,,1,1224; 1224,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,Operation Parliament/Gaza Cybergang Group 3 < Gaza Cybergang; Hamas,Unknown; Unknown,State; State,"https://www.kaspersky.de/blog/gaza-cybergang/19002/, https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://www.scmagazine.com/home/security-news/government-and-defense/operation-parliament-targeting-middle-east-nations-with-cyberespionage-malware/; https://securelist.com/operation-parliament-who-is-doing-what/85237/; https://www.kaspersky.de/blog/gaza-cybergang/19002/, https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion; https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html",2022-08-15,2023-12-15
1040,Democratic opponent of Rep. Dana Rohrbacher was attacked several times,"FBI agents in California and Washington, D.C. , have investigated a series of cyberattacks over the past year that targeted a Democratic opponent of Rep. Dana Rohrabacher (R-CA). Rohrabacher is a 15-term incumbent who is widely seen as the most pro-Russia and pro-Putin member of Congress and is as taunch supporter of President Trump.",2017-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Election infrastructure / related systems,,Russia,"Non-state actor, state-affiliation suggested",,1,13613,2018-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,Not available,,,Russia,"Non-state actor, state-affiliation suggested",,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://in.reuters.com/article/us-usa-election-hacking-exclusive-idINKBN1L22BZ; https://www.rollingstone.com/politics/politics-news/california-election-hacking-711202/; https://www.rollingstone.com/politics/politics-news/california-election-hacking-711202,2022-08-15,2024-03-15
1041,Axiom vs. Software Ccleaner,"The Chinese state-sponsored APT  Axiom or rather APT  17 conducted a multi-staged espionage campaign first against the Software Ccleaner, owned by Avast, and at a later stage against targets like Google etc.. Important: Axiom and APT  17 are named as one actor in the report but not so by other sources, as for example the THAI CERT Threat Group Cards.",2017-08-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1226,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China,"Non-state actor, state-affiliation suggested",http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.darkreading.com/endpoint/privacy/chinese-APT%20-backdoor-found-in-ccleaner-supply-chain-attack/d/d-id/1331250?; http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf; https://www.bleepingcomputer.com/news/security/hackers-abuse-google-command-and-control-red-team-tool-in-attacks/; https://socradar.io/guarding-the-gates-an-exploration-of-the-top-10-supply-chain-attacks/,2022-08-15,2023-04-18
1022,Operation Cobalt Kitty,"Cyber reason reveals the details of Operation Cobalt Kitty, a campaign carried on by APT32, an advanced threatgroup that conducts targeted intrusions at large multi national businesses with interests in Vietnam.",2017-05-14,2017-05-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,Asia (region),,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1202,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html,Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html; https://www.cybereason.com/blog/operation-cobalt-kitty-apt,2022-08-15,2023-08-13
1021,Lebanon-Hezbollah Phone Hack 2017,Lebanon blames Israel for anti-Hezbollah telecoms hacking,2017-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Lebanon,ASIA; MENA; MEA,Critical infrastructure,Transportation,,Israel,State,,1,1201,2017-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Israel,State,https://www.haaretz.com/israel-news/israel-responsible-for-anti-hezbollah-propaganda-phone-hack-lebanon-says-1.5471465,Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.apnews.com/42d48c9b5b2d4b7e9c96d96f8ac92c3e; https://www.haaretz.com/israel-news/israel-responsible-for-anti-hezbollah-propaganda-phone-hack-lebanon-says-1.5471465,2022-08-15,2022-11-02
1020,Attack on Equifax,"The world's largest consumer credit reporting agency Equifax which is located in the USA was attacked by a first unknown group of hackers. As a result the attackers were able to steal personal information (adresses, social insurance numbers etc.) of more than 143 Million clients. In February 2020, the US unsealed an indictment against four Chinese PLA officers and blamed them for committing the hacks.",2017-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Finance,PLA,China,State,,1,1200,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,PLA,China,State,https://www.spiegel.de/netzwelt/netzpolitik/equifax-hack-usa-klagen-vier-chinesische-militaerangehoerige-an-a-7a50d266-0c53-44ca-a619-8a98b593ec73; https://www.justice.gov/opa/press-release/file/1246891/download,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html; https://www.c4isrnet.com/opinion/2023/08/08/why-the-china-cyber-threat-demands-an-airtight-public-private-response/; https://www.darkreading.com/edge-articles/cybersecurity-builds-trust-in-critical-infrastructure; https://www.govinfosecurity.com/uk-fca-fines-equifax-11-million-pounds-for-2017-data-breach-a-23316; https://therecord.media/uk-fines-equifax-millions-for-2017-data-breach; https://www.schneier.com/blog/archives/2024/01/cfpbs-proposed-data-rules.html; https://www.ht4u.net/news/alarmstufe-rot-im-cyberspace-der-unaufhaltsame-anstieg-von-cyberangriffen-und-datenbruechen-erreicht-neue-hoehen/; https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2024/fallout-from-viamedis-almerys-attack-does-not-end-with-the-data-leak; https://www.heise.de/security/meldung/Equifax-Hack-Angreifer-ueber-Apache-Struts-Luecke-eingestiegen-3831905.html; https://www.heise.de/newsticker/meldung/Nach-Megahack-bei-Equifax-Spekulation-ueber-Verbleib-der-Daten-4309723.html; https://xakep.ru/2017/09/08/equifax-hack/; https://www.spiegel.de/netzwelt/netzpolitik/equifax-hack-usa-klagen-vier-chinesische-militaerangehoerige-an-a-7a50d266-0c53-44ca-a619-8a98b593ec73; https://www.justice.gov/opa/press-release/file/1246891/download; https://www.cnbc.com/2017/09/13/us-senator-on-equifax-hack-somebody-needs-to-go-to-jail.html; https://www.reuters.com/article/ctech-us-equifax-cyber-heitkamp-idCAKCN1BN1WN-OCATC; https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/; https://krebsonsecurity.com/2022/12/the-equifax-breach-settlement-offer-is-real-for-now/; https://www.darkreading.com/application-security/appsec-playbook-2023-study-of-829m-attacks-on-1-400-websites,2022-08-15,2024-02-01
1008,Lazarus (NorthKorea) attacks endusers because of financial interests,Focusing on financial interests (Bitcoin) the NorthKorean APT Lazarus ends false job recruitments to gain data from endusers.,2017-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,Critical infrastructure; Critical infrastructure,Finance; Defence industry,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1186,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/,2022-08-15,2023-02-08
1000,Unknown group attacks Democratic Party in Pennsylvania (USA),"The Pennsylvania Senate Democratic Caucus was hit by a ransomware attack, blocking access to its entire IT systems and web servers. The separate networks used by Democratic state senators remained unaffected.",2017-03-03,2017-03-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,,United States,NATO; NORTHAM,State institutions / political system,Political parties,,Unknown,Unknown - not attributed,,1,3851,NaT,"Attribution given, type unclear",Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.nbcnews.com/news/us-news/senate-democrats-pennsylvania-are-being-held-cyber-hostage-n728901; https://www.zdnet.com/article/pennsylvania-senate-democrats-paid-700000-to-recover-from-ransomware-attack/,2022-08-15,2022-11-02
1001,Attack on various US progressive groups (probably by CozyBear),"New reports reveal that Russian hackers are targeting U.S. progressive groups in a new wave of attacks. According to the report, at least a dozen groups have faced extortion attempts since the U.S. presidential election. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.",2017-03-06,2017-03-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,Social groups,Other social groups,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,2,1178; 1177,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity; Media-based attribution,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
1002,RanRan Ransomware deployed against government entitites in the Middle East,"Malware researchers at Palo Alto Networks discovered a new strain of ransomware, dubbed Ran Ran, that has been used in targeted attacks against government organizations in the Middle East.",2017-03-08,2017-03-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,,Mena Region (region),,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,3839,NaT,"Attribution given, type unclear",Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/57031/malware/ranran-ransomware.html,2022-08-15,2022-11-02
1003,Turkish hackers attack several Dutch websites,Turkish hackergroups target a large number of Dutch websites after the political fallout between the Netherlands and Turkey over the weekend.,2017-03-11,2017-03-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Media,,Akincilar,Turkey,Non-state-group,Hacktivist(s),1,1180,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://nltimes.nl/2017/03/14/turkish-hacker-groups-focus-cyberattacks-dutch-websites-incl-nl-times,2022-08-15,2022-11-02
1004,Canadian Statistics website got shut down by hackers,The Canadian government confirms that the Statistics Canada website is hacked and taken offline for over two days. In the aftermath of the cyberattack parts of the Canada Revenue Agency's (CRA) site is also reportedly taken offline by authorities as a precaution.,2017-03-14,2017-03-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Canada,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1181,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/statistics-canada-site-hit-by-hackers-taken-offline-peak-tax-season-1611419,2022-08-15,2022-11-02
1005,Ransomware found in the systems of the Tweede Kamer(NLD),"Ransomware is found on the computersystems of the Tweede Kamer, the lower house of Dutch parliament.",2017-03-28,2017-03-28,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption; Ransomware,,Netherlands,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Legislative,,Unknown,Unknown - not attributed,,1,3837,NaT,"Attribution given, type unclear",Media-based attribution,,Not available,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Data Encrypted for Impact,Required,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://nltimes.nl/2017/03/28/ransomware-found-dutch-parliament,2022-08-15,2022-11-02
1006,IAAF Hack,IAAF says medical records compromised by Fancy Bear hackinggroup,2017-04-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,International Association of Athletics Federations,,International / supranational organization,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,2,1183; 1184,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action",Receiver attributes attacker; Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,https://www.justice.gov/opa/documents-and-resources-october-4-2018-press-conference,Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-sport-doping-iaaf-idUSKBN1750ZM; https://www.justice.gov/opa/documents-and-resources-october-4-2018-press-conference,2022-08-15,2022-11-02
1007,Unknown hacker attacks Britain First,"Britain First is hit by a massive hack that targeting its websites and Twitter accounts, and their YouTube channel.",2017-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Political parties,,Unknown,Unknown - not attributed,,1,1185,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.huffingtonpost.co.uk/entry/britain-first-hacked_uk_58f0ccf6e4b0bb9638e323ab,2022-08-15,2022-11-02
1009,Yapizon Hack (Lazarus),"Lazarus managed to hack into Yapizon, a South Korean cryptocurrency exchange in April 2017 and stole 3,816 Bitcoins valued at $5.3million.",2017-04-01,2017-12-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1187; 1187,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html; https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/,System / ideology; Territory; International power,System/ideology; Territory; International power,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/; https://btcmanager.com/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/?q=/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/&; https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html; https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/,2022-08-15,2023-02-08
1019,Youbit Hack by Lazarus,The South Korean crypto exchange Youbit fell victim to a large-scale security breach that led to the theft of a fifth of its user funds. The North Korean Lazarus Group is suspected to be behind the attack.,2017-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,6581; 6581; 6580; 6580,2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,; ; ; ,; ; Not available; Not available,; ; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.htmlhttps://www.recordedfuture.com/north-korea-cryptocurrency-campaign/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://bitnewsbot.com/north-korea-accused-of-hacking-south-korean-bitcoin-exchange-youbit/; https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.htmlhttps://www.recordedfuture.com/north-korea-cryptocurrency-campaign/,2022-08-15,2023-02-08
1010,APT28 Operation Dealer`s Choice - 2017,APT28 targeted primarily NATO Countries as well as Ukraine (among others) in a spearphishing campaign.,2017-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse, - ,NATO (region); Ukraine, - EUROPE; EASTEU,State institutions / political system - State institutions / political system,Military - Military,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,2558,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,Not available,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/69365/apt/sofacy-apt-east.htmlhttps://securelist.com/a-slice-of-2017-sofacy-activity/83930/,2022-08-15,2022-11-02
1011,Chinese hackers attack UK think tanks,The Chinese -based APT 26 (aka Deep Panda) attacked several UK think tanks and gained access to information regarding the PC China.,2017-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Social groups,Other social groups,Panda,China,"Non-state actor, state-affiliation suggested",,1,1189,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Panda,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/uk-43172371,2022-08-15,2023-07-07
1013,Leviathan aka TEMP.periscope aka APT 40 influences on the election in Cambodia,"Since they want them to win the Chinese-based APT 40 supports a Chinese-friendly party in the Cambodian elections. Fire Eye has examined a range of TEMP. Periscope activity revealing extensive interest in Cambodia's politics, with active compromises of multiple Cambodian entities related to the country’s electoralsystem. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures.",2017-04-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Cambodia,ASIA; SEA,State institutions / political system; State institutions / political system; Social groups; Media,Legislative; Election infrastructure / related systems; Advocacy / activists (e.g. human rights organizations); ,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",,1,1191,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)",China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html,2022-08-15,2022-11-02
1014,Unknown hacker disrupts emergency sirens in Dallas,A computer hack sets off all the emergency sirens in Dallas for about 90 minutes.,2017-04-07,2017-04-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,State institutions / political system,,,United States,Unknown - not attributed,,1,1192,NaT,"Attribution given, type unclear",Media-based attribution,,,,,United States,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,"Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),3,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-texas-sirens-idUSKBN17B001; https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/; https://therecord.media/cyberattacks-on-governments-way-up,2022-08-15,2023-11-14
1015,Unknown APT attacks Singapore government and universities,"Reports emerge that the two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the attackers specifically targeting government and research data.",2017-04-11,2017-04-11,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,Singapore,ASIA,Science,,,Unknown,Unknown - not attributed,,1,1193,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/singapore-university-breaches-reveal-wider-attack-surface-to-safeguard/,2022-08-15,2023-06-18
1016,"North Korean State-Sponsored Hacking Group Lazarus Launched WannaCry Ransomware Attack Infecting Over 200,000 Computers in 150 Countries, Including Major Corporations and the UK National Health Service in May 2017","The WannaCry ransomware attack that broke out in May 2017 ranks as a major global ransomware incident. The attack affected over 200,000 computers in 150 countries and impacted companies such as FedEx, Honda, Nissan, and the UK National Health Service. WannaCry is a ransomware that targets Windows operating systems that have not been patched with a specific update offered by Microsoft since March 2017 and encrypts certain user files on the computer. Utilizing the EternalBlue exploit, the ransomware was able to spread rapidly by infecting other vulnerable systems on the same network. The ransomware initially set a ransom of 300 USD (in Bitcoin) and was later increased to 600 USD. Some victims only had a few days to respond to the ransomware demand - otherwise, they risked losing their data. The security authorities subsequently attributed the attack to the Lazarus Group, which is linked to North Korea, although some researchers dispute this attribution. The spread of the attack was inadvertently stopped when a security researcher registered a domain found in the malware's code. Once inside a system, WannaCry employed asymmetric encryption, using a combination of RSA and AES encryption algorithms to lock files, which made the decryption key unique and almost impossible to reproduce without paying the ransom. In 2018, the US brought charges against a North Korean agent of APT Lazarus, who was also previously blamed for the Sony hack in 2014. The extensive damage caused by WannaCry, with an estimated global cost in the billions, was particularly severe for organizations like the UK’s National Health Service (NHS), which suffered an estimated loss of US$100 million due to a large number of vulnerable machines. The discovery of a ""kill switch"" within the WannaCry code eventually stopped the 2017 outbreak from spreading further, although modified versions of the ransomware have since surfaced but failed to reach the same scale or notoriety as the original. On July 30 2020, the Council of the European Union santioned, within the framework of the EU Cyber Diplomacy Tollbox, the North Korean company Chosun Expo for the WannaCry attack",2017-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized; Attack on critical infrastructure target(s)",; ; ,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,None - Honda - None - SberBank - None - None - None - None - None - National Health Service (NHS),"China; Japan; Spain; Russia; Israel; Germany; United States; Korea, Republic of; France; United Kingdom",ASIA; SCS; EASIA; NEA; SCO - ASIA; SCS; NEA - EUROPE; NATO; EU(MS) - EUROPE; EASTEU; CSTO; SCO - ASIA; MENA; MEA - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - ASIA; SCS; NEA - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Critical infrastructure,Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Finance;  - Civil service / administration; Health; ; Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; State; State; State; Non-state actor, state-affiliation suggested",; ; ; ; ,5,16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209; 16209,2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00; 2017-05-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Kaspersky; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Symantec; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Thomas P. Bossert - Homeland Security Advisor to President Donald Trump; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Lord Ahmad of Wimbledon - British Foreign Office Minister ; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; Julie Bishop - Minister for Foreign Affairs; United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC),Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available; Kaspersky; Kaspersky; Symantec; Symantec; Not available; Not available,Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia; Russia; Russia; Russia; Russia; Russia; Russia; United States; United States; United States; United States; United States; United States; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; Australia; Australia; Australia; Australia; Australia; Australia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",https://www.justice.gov/opa/press-release/file/1092091/download; https://www.scmp.com/news/asia/east-asia/article/2124884/us-declares-north-korea-was-behind-huge-wannacry-cyberattack; https://www.justsecurity.org/49889/questions-wannacry-attribution-north-korea/; https://threatpost.com/us-sanctions-north-korea-wannacry-sony-hacks/148351/; https://www.theguardian.com/technology/2017/dec/19/wannacry-cyberattack-us-says-it-has-evidence-north-korea-was-directly-responsiblehttps://www.telegraph.co.uk/news/2017/10/14/north-korea-behind-wannacry-attack-crippled-nhs-stealing-us/; https://www.spiegel.de/politik/ausland/eu-beschliesst-sanktionen-gegen-hacker-aus-russland-und-china-a-77111293-2651-4bb8-a2e3-fb6c3a04eea5,Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available; Not available; Not available; Not available; Not available,; ; ; ; ,,,"https://twitter.com/vmyths/status/1623655251789201411; https://www.malwarebytes.com/blog/news/2023/02/cisa-issues-alert-with-south-korean-government-about-dprks-ransomware-antics; https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193; https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/; https://www.govinfosecurity.com/asia-pacific-faced-highest-share-cyberattacks-in-2022-a-21311; https://www.darkreading.com/threat-intelligence/wannacry-hero-malware-creator-named-cybrary-fellow; https://securitymea.com/2023/02/28/apt-group-lazarus-likely-using-winordll64-backdoor-to-exfiltrate-data/; https://therecord.media/uk-national-health-service-cyberattacks-strategy; https://www.malwarebytes.com/blog/news/2023/03/ransomware-gunning-for-transport-sectors-ot-systems-next; https://www.darkreading.com/vulnerabilities-threats/lazarus-group-deathnote-cluster-pivots-defense-sector; https://twitter.com/vmyths/status/1657097277888946177; https://www.cybersecasia.net/news/what-are-the-riskiest-ot-and-ics-devices-across-critical-infrastructure-industries; https://therecord.media/hackers-infect-russian-gamers-with-wannacry; https://nakedsecurity.sophos.com/2023/06/26/uk-hacker-busted-in-spain-gets-5-years-over-twitter-hack-and-more/; https://securityaffairs.com/148022/cyber-crime/tsmc-lockbit-ransomware.html; https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/; https://cyberscoop.com/vietnam-ransomware-group-wannacry/; https://therecord.media/vietnamese-hacker-targets-chinese-bulgarian-organizations-with-new-ransomware; https://www.darkreading.com/threat-intelligence/custom-yashma-ransomware-crashes-into-the-scene; https://thehackernews.com/2023/08/new-yashma-ransomware-variant-targets.html; https://thehackernews.com/2023/08/why-you-need-continuous-network.html; https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html; https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace; https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates; https://www.justice.gov/opa/press-release/file/1092091/download; https://www.scmp.com/news/asia/east-asia/article/2124884/us-declares-north-korea-was-behind-huge-wannacry-cyberattack; https://www.justsecurity.org/49889/questions-wannacry-attribution-north-korea/; https://threatpost.com/us-sanctions-north-korea-wannacry-sony-hacks/148351/; https://www.theguardian.com/technology/2017/dec/19/wannacry-cyberattack-us-says-it-has-evidence-north-korea-was-directly-responsiblehttps://www.telegraph.co.uk/news/2017/10/14/north-korea-behind-wannacry-attack-crippled-nhs-stealing-us/; https://www.spiegel.de/politik/ausland/eu-beschliesst-sanktionen-gegen-hacker-aus-russland-und-china-a-77111293-2651-4bb8-a2e3-fb6c3a04eea5; https://www.gdata.de/blog/2017/05/29752-infektionswelle-wannacry-ransomware; https://bourse.lefigaro.fr/indices/analyse-aof-cloture-france-europe-le-cac-40-resiste-aux-mauvaises-nouvelles-en-provenance-de-chine-20220815; https://securityaffairs.co/wordpress/137894/cyber-crime/wannacry-hybrid-malware.html; https://twitter.com/ciaranmartinoxf/status/1601624589754585088; https://twitter.com/vmyths/status/1603041111366410240; https://thehackernews.com/2022/12/2022-top-five-immediate-threats-in.html; https://twitter.com/vmyths/status/1610711722112827394; https://twitter.com/MischaHansel/status/1623012083854979083; https://therecord.media/hhs-warns-of-citrix-bleed-bug; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wannacry-ransomware-attack; https://www.wsj.com/articles/its-official-north-korea-is-behind-wannacry-1513642537; https://www.dfat.gov.au/sites/default/files/australia-attributes-wannacry-ransomware-to-north-korea.pdf; https://www.gov.uk/government/news/foreign-office-minister-condemns-north-korean-actor-for-wannacry-attacks#:~:text=The%20UK%27s%20National%20Cyber%20Security,terms%20of%20scale%20and%20disruption.; https://www.theguardian.com/technology/2017/jun/16/wannacry-ransomware-attack-linked-north-korea-lazarus-group; https://www.ft.com/content/77d54679-0915-4ce2-a42f-0c2b844da7ef; https://www.it-business.de/armis-vorhersage-die-kriminelle-landschaft-veraendert-sich-a-fcb4fadd4fd2d60441e313ebf6c659ac/; https://securityboulevard.com/2024/01/london-calling-hey-us-lets-chat-about-cyber-ai-the-next-wannacry/; https://www.phillyvoice.com/cybersecurity-101-safeguarding-your-digital-life-cyber-shadows/; https://www.cyberdefensemagazine.com/protecting-critical-infrastructure-from-cyber-attack/; https://www.ht4u.net/news/alarmstufe-rot-im-cyberspace-der-unaufhaltsame-anstieg-von-cyberangriffen-und-datenbruechen-erreicht-neue-hoehen/; https://www.dailymail.co.uk/news/article-13129041/Russian-linked-cyber-gang-attacks-Royal-Mail-Porton-ONLINE-just-week-Britains-FBI-celebrated-taking-down.html; https://inews.co.uk/inews-lifestyle/cyber-disaster-expert-what-will-happen-russian-cyber-attack-2958407; https://www.techrepublic.com/article/cyber-security-trends-uk/",2022-08-15,2024-02-26
1017,Berserker Bear,Russian state-sponsored hackers managed to access secured parts of the German energy network,2017-05-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure,Energy,"Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330)); Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330))",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1196,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,"Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330))",Russia,"Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-germany-cyber-russia/german-intelligence-sees-russia-behind-hack-of-energy-firms-media-report-idUSKBN1JG2X2; https://www.verfassungsschutz.de/download/broschuere-2018-06-bfv-cyber-brief-2018-01-neu.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.n-tv.de/wirtschaft/Hacker-greifen-EnBW-Tochter-an-article20436822.html; https://www.reuters.com/article/us-germany-cyber-russia/german-intelligence-sees-russia-behind-hack-of-energy-firms-media-report-idUSKBN1JG2X2; https://www.verfassungsschutz.de/download/broschuere-2018-06-bfv-cyber-brief-2018-01-neu.pdf,2022-08-15,2022-11-02
1018,OceanLotus vs. Asean,"OceanLotus accessed networks of local SEA governments, to use the mass taging points against the local organisation ASEAN.In the same campaign attacks were started against local humanrights defenders",2017-05-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Laos; Philippines; Cambodia; Vietnam; China,ASIA; SEA - ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS; SEA - ASIA; SCS; EASIA; NEA; SCO,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Social groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Social groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Social groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Social groups; Media - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; International / supranational organization; Critical infrastructure; Social groups; Social groups; Media,Government / ministries; Civil service / administration; Military; Police; ; ; Energy; Political opposition / dissidents / expats; Other social groups;  - Government / ministries; Civil service / administration; Military; Police; ; ; Energy; Political opposition / dissidents / expats; Other social groups;  - Government / ministries; Civil service / administration; Military; Police; ; ; Energy; Political opposition / dissidents / expats; Other social groups;  - Government / ministries; Civil service / administration; Military; Police; ; ; Energy; Political opposition / dissidents / expats; Other social groups;  - Government / ministries; Civil service / administration; Military; Police; ; ; Energy; Political opposition / dissidents / expats; Other social groups; ,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",,1,1197,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH,Vietnam,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-cyber-attack-vietnam/vietnams-neighbors-asean-targeted-by-hackers-report-idUSKBN1D70VU; https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/,2022-08-15,2022-11-02
1042,Ne0-H4ck3r,"The official website of the Government of Pakistan was hacked by anonymous hackers on Thursday, who posted the Indian national anthem and Independence Day greetings on the portal.",2017-08-03,2017-08-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,,India,Non-state-group,Hacktivist(s),1,1227,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,India,Non-state-group,,System / ideology; Autonomy; Territory,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://zeenews.india.com/asia/pakistan-govt-website-hacked-hackers-post-indian-national-anthem-independence-day-greetings-on-it-2029858.html; https://www.hackread.com/pakistani-govt-portal-hacked-to-play-indian-national-anthem/,2022-08-15,2022-11-02
1044,DDoS Ukrposhta,"The computer networks of Ukrposhta, the national postal service in Ukraine, have reportedly been disrupted by a two-day distributed-denial-of-service cyberattack.",2017-08-07,2017-08-08,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1229,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/ukraines-national-postal-service-networks-disrupted-by-two-day-ddos-cyberattack-1634132; https://www.cybersecurity-insiders.com/ddos-cyber-attack-on-ukraines-postal-department/,2022-08-15,2022-11-20
998,Unknown hacker attacks Kansas department of Commerce,A security breach in the Kansas Department of Commerce exposes millions of Social Security numbers from people across 10 states to hackers. Many other accounts are also attacked.,2017-03-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Unknown,Unknown - not attributed,,1,1174,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.kcur.org/post/hackers-kansas-system-accessed-social-security-numbers-millions-10-states#stream/0,2022-08-15,2022-11-02
1045,Op Domestic Terrorism,"The online hacktivist group Anonymous has claimed responsibility for carrying out a DDoS attack on the official website of Charlottesville, Virginia. The motive behind was to protest against an incident in which activists were hit while protesting against a group of white supremacists.",2017-08-12,2017-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,New World Hackers; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,1230; 1230,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,New World Hackers; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-shut-down-charlottesville-city-website/; https://www.telegraph.co.uk/technology/2017/08/14/anonymous-shuts-neo-nazi-kkk-websites-charlottesville-rally/,2022-08-15,2022-11-02
1068,Akincila,"Hackers affiliated with the hacking group Akincila claimed responsibility for hijacking the Times of Israel and Asia Times websites on Thursday (2 November), replacing their main pages with images of children waving the Turkish flag.",2017-11-02,2017-11-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,None - None,Israel; Hong Kong,ASIA; MENA; MEA - ASIA,Media - Media, - ,Akincilar,Turkey,Non-state-group,Hacktivist(s),1,1260,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/times-israel-asia-times-websites-hijacked-defaced-by-suspected-pro-palestine-turkish-hackers-1645729,2022-08-15,2022-11-02
1069,"Hacking-for-Hire group Bahamut aka ""The White Company"" spied on the Pakstani Air Force since 2017 within ""Operation Shaheen""","A new APT, called ""The White Company"", later attributed to the hacking for hire group Bahamut by Blackberry, attacked the Pakistan Air Force with spear-phishing messages that weaponized lure files with names referenced events, government documents, or news articles of interest for the targets.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,Pakistan Air Force,Pakistan,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Military,Bahamut/The White Company/Windshift,Unknown,"Non-state actor, state-affiliation suggested; Non-state-group",; Private technology companies / hacking for hire groups without state affiliation / research entities,2,5303; 5303; 5302; 5302,2020-01-01 00:00:00; 2020-01-01 00:00:00; 2018-11-01 00:00:00; 2018-11-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team; Cylance (today: Blackberry); Cylance (today: Blackberry),; ; ; ,United States; United States; United States; United States,Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift,Unknown; Unknown; Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state-group; Non-state actor, state-affiliation suggested; Non-state-group",https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf; https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/,International power,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf; https://securityaffairs.co/wordpress/77982/apt/operation-shaheen-campaign.html; https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/,2022-08-15,2022-12-14
1070,Anonymous steals data from employees of the Italien government,The Anonymous collective publishes some internal document stolen from the email accounts of some government employees.,2017-11-14,2017-11-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1263,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.trust.org/item/20171114194755-qn91v,2022-08-15,2022-11-02
1071,Anonymous defaces neo-nazi-websites,The hacktivist collective Anonymous claims responsibility for taking down over a dozen neo-Nazi sites in retaliation for recent ongoing events in the US. These attacks are a part of the ongoing #OpDomesticTerrorism campaign.,2017-11-14,2017-11-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,Social groups,Advocacy / activists (e.g. human rights organizations),Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1264,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/opdomesticterrorism-anonymous-hackers-take-down-over-dozen-neo-nazi-sites-new-wave-attacks-1647385,2022-08-15,2022-11-02
1072,Gallmaker,"Gallmaker is an attack group that is targeting government, military and defense targets in the Middle East and Eastern Europe. The group uses living off the land (LotL) tactics and publicly available hack tools to carry out activities that seems to be a cyber espionage campaign.",2017-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Eastern Europe; Middle East (region), - ,State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure - State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Military; Election infrastructure / related systems; Defence industry - Government / ministries; Military; Election infrastructure / related systems; Defence industry,Gallmaker,Unknown,"Non-state actor, state-affiliation suggested",,1,1265,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Gallmaker,Unknown,"Non-state actor, state-affiliation suggested",https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group,2022-08-15,2022-11-02
1073,Anonymous attacks US and Israel government,"In name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them.",2017-12-08,2017-12-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Israel,ASIA; MENA; MEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1266,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/66491/hacktivism/opisrael-opus-anonymous.html,2022-08-15,2022-11-02
1074,"""Zebrocy""","In the ""Zebrocy""-campaign the Russian-sponsored APT Fancy Bear aka APT28 aka Sofacy attacked various organisations of governments which are linked to foreign affairs.",2017-12-20,2018-03-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,United States; Europe (region); Asia (region); South Africa,NATO; NORTHAM -  -  - AFRICA; SSA,State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science,Government / ministries; Intelligence agencies; Chemicals; Other social groups; ; ;  - Government / ministries; Intelligence agencies; Chemicals; Other social groups; ; ;  - Government / ministries; Intelligence agencies; Chemicals; Other social groups; ; ;  - Government / ministries; Intelligence agencies; Chemicals; Other social groups; ; ; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1267,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://securelist.com/a-slice-of-2017-sofacy-activity/83930/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks/; https://securelist.com/a-slice-of-2017-sofacy-activity/83930/,2022-08-15,2022-11-02
1075,Domestic Kitten,"The iranian government concucted an extensive surveillance program through the hacking group APT-C-50 on internal dissidents, oppositions forces, ISIS advocates, the Kurdish minority in Iran, and more.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None,"Iran, Islamic Republic of; United States; United Kingdom; Pakistan; Afghanistan; Turkey",ASIA; MENA; MEA - NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - ASIA; SASIA; SCO - ASIA; SASIA - ASIA; NATO; MEA,Social groups; Social groups; Social groups - Social groups; Social groups; Social groups - Social groups; Social groups; Social groups - Social groups; Social groups; Social groups - Social groups; Social groups; Social groups - Social groups; Social groups; Social groups,Ethnic; Terrorist; Political opposition / dissidents / expats - Ethnic; Terrorist; Political opposition / dissidents / expats - Ethnic; Terrorist; Political opposition / dissidents / expats - Ethnic; Terrorist; Political opposition / dissidents / expats - Ethnic; Terrorist; Political opposition / dissidents / expats - Ethnic; Terrorist; Political opposition / dissidents / expats,APT-C-50; Domestic Kitten,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1268; 1268,2021-01-01 00:00:00; 2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT-C-50; Domestic Kitten,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://blogs.360.cn/post/APT-C-50.html#toc-90c; https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/,System / ideology; National power; International power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blogs.360.cn/post/APT-C-50.html#toc-90c; https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/,2022-08-15,2022-11-02
1076,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2017-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None,Lithuania; Germany; United States; Sweden,EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU - NATO; NORTHAM - EUROPE; EU(MS); NORTHEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  - ,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,,1,13995; 13995,2020-01-01 00:00:00; 2020-01-01 00:00:00,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,Not available; Not available,United States; United States,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,2022-08-15,2023-10-31
1077,China vs. Uyghurs,"Chinese state hacked into websites, which are mostly used by uyghurs, in order to hack into Apple, Google, and Windows phones.",2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups; End user(s) / specially protected groups,Ethnic; ,,China,"Non-state actor, state-affiliation suggested",,2,1270; 1271,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/; https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/,System / ideology; National power,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.forbes.com/sites/thomasbrewster/2019/09/01/iphone-hackers-caught-by-google-also-targeted-android-and-microsoft-windows-say-sources/?sh=245173404adf; https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html; https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/; https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/,2022-08-15,2022-11-14
1078,Patchwork/ Dropping Elephant espionage campaign,The hacking group Patchwork/ Dropping Elephant conducted an espionage campaign on China and other states in order to gain sensitive information.,2017-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,China; South Asia (region); United Kingdom; Turkey; Israel,ASIA; SCS; EASIA; NEA; SCO -  - EUROPE; NATO; EU(MS); NORTHEU - ASIA; NATO; MEA - ASIA; MENA; MEA,International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media - International / supranational organization; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media,; Transportation; Telecommunications; Finance; ;  - ; Transportation; Telecommunications; Finance; ;  - ; Transportation; Telecommunications; Finance; ;  - ; Transportation; Telecommunications; Finance; ;  - ; Transportation; Telecommunications; Finance; ; ,Monsoon/Patchwork/Dropping Elephant,India,Unknown - not attributed,,1,1272,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Monsoon/Patchwork/Dropping Elephant,India,Unknown - not attributed,https://www.trendmicro.com/en_us/research/17/l/untangling-the-patchwork-cyberespionage-group.html?_ga=2.34283175.767906807.1607518516-2094640627.1607518516,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.trendmicro.com/en_us/research/17/l/untangling-the-patchwork-cyberespionage-group.html?_ga=2.34283175.767906807.1607518516-2094640627.1607518516,2022-08-15,2023-10-05
1079,NASA hack 2018,The network systems of the National Aeronautics and Space Administration (NASA) were breached and approximately 500 MB of data related to Mars missions stolen.,2017-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1273,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://oig.nasa.gov/docs/IG-19-022.pdf; https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/,2022-08-15,2022-11-02
1080,"DragonOK campaign ""KHRAT""","Allegedly Chinese state-backed hackers used a new malware, named KHRAT, in order to compromise the networks systems of the cambodian government.",2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Cambodia,ASIA; SEA,State institutions / political system,Government / ministries,DragonOk,Unknown,Unknown - not attributed,,2,1274; 1275,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attribution by third-party,,,,DragonOk; DragonOk,Unknown; China,"Unknown - not attributed; Non-state actor, state-affiliation suggested",https://www.phnompenhpost.com/national/kingdom-targeted-new-malware,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-updated-khrat-malware-used-in-cambodia-attacks/; https://www.phnompenhpost.com/national/kingdom-targeted-new-malware,2022-08-15,2022-11-02
1081,Rana Android Malware,"U.S. authorities detected an Iranian state surveillance campaign on Iranian citizens, especially dissidents and others, conducted by the front company Rana.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,None - None - None,"Global (region); United States; Iran, Islamic Republic of", - NATO; NORTHAM - ASIA; MENA; MEA,State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media; Science; Critical infrastructure; Social groups - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media; Science; Critical infrastructure; Social groups - State institutions / political system; Critical infrastructure; Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media; Science; Critical infrastructure; Social groups,Intelligence agencies; Transportation; Political opposition / dissidents / expats; ; ; ; ; Telecommunications; Other social groups - Intelligence agencies; Transportation; Political opposition / dissidents / expats; ; ; ; ; Telecommunications; Other social groups - Intelligence agencies; Transportation; Political opposition / dissidents / expats; ; ; ; ; Telecommunications; Other social groups,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company); Rana Company/Ministry of Intelligence and Security (Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,14510; 14510; 14509; 14509,2020-09-17 00:00:00; 2020-09-17 00:00:00; 2020-12-09 00:00:00; 2020-12-09 00:00:00,"Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Reversing Lab; Reversing Lab,Not available; Not available; Reversing Lab; Reversing Lab,United States; United States; Switzerland; Switzerland,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company); Rana Company/Ministry of Intelligence and Security (Iran); APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company); Rana Company/Ministry of Intelligence and Security (Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.ic3.gov/Media/News/2020/200917-2.pdf; https://home.treasury.gov/news/press-releases/sm1127; https://blog.reversinglabs.com/blog/rana-android-malware,System / ideology; National power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.govinfosecurity.com/iranian-linked-android-spyware-sneaks-into-private-chats-a-15556; https://www.ic3.gov/Media/News/2020/200917-2.pdf; https://home.treasury.gov/news/press-releases/sm1127; https://blog.reversinglabs.com/blog/rana-android-malware,2022-08-15,2023-12-04
1082,The Chinese Ministry of State Security gained access to classified data of the US Navy in January 2018,"A division of the Chinese Ministry of State Security (MSS) operating out of the province of Guangdong have compromised the computers of an unnamed contractor working for the Naval Undersea Warfare Center during January-February 2018. The state hackers obtained over 600 GB of highly sensitive data related to undersea warfare, according to unidentified US officials and responsible investigators. The sensitive information included secret plans to develop a supersonic anti-ship missile for use on US submarines by 2020 called Sea Dragon; signals and sensor data; submarine radio room information relating to cryptographic systems and the Navy submarine development unit's electronic warfare library.",2018-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,Not available,United States,NATO; NORTHAM,Critical infrastructure,Defence industry,MSS,China,State,,1,8488,2018-06-08 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,Not available,Not available,United States,MSS,China,State,https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html,System / ideology; International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,0,,Not available,,Not available,Not available,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,1,2018-06-08 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,https://www.telegraph.co.uk/technology/2018/12/14/chinese-hackers-steal-missile-plans-us-navy-contractors/; https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html; https://www.c4isrnet.com/cyber/2023/03/27/us-indo-pacific-command-seeks-extra-274-million-for-cyber/; https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns; https://www.cyberscoop.com/submarine-contractor-hacked-china-us-navy/; https://www.c4isrnet.com/cyber/2022/10/31/secure-survive-strike-the-navys-new-approach-for-cyber-dominance/; https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/,2022-08-15,2023-12-22
1083,Pentagon attacked by unknown hacker,"Roughly 30,000 DOD military and civilian personnel are believed to be affected by a cyberattack. A third-party contractor is compromised, granting the attackers access to the Pentagon network to steal travel data for DOD personnel.",2018-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1279,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/pentagon-discloses-card-breach/,2022-08-15,2022-11-02
1084,Saudi-Arabia hacks the phones of its critics,"Omar Abdulaziz is a Canadian permanent resident and vocal critic of the Saudi government. The Saudi Arabian state used the pegasus spyware to gain access to Abdulaziz's phone. Once a phone is infected, the customer has full access to a victim’s personalfiles, such as chats, emails, and photos.They can even surreptitiously use the phone’s microphones and cameras to view and eavesdrop on their targets. The hack was allegedly used to even spy on Jamal Khashoggi in the months before his murder. Ghanem al-Masarir and Yahya Assiri, two Saudi Arabian human rights activists living in exile, were even targeted by the spyware.",2018-06-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,None - None,Canada; United Kingdom,NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU,Social groups; Social groups - Social groups; Social groups,Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats - Advocacy / activists (e.g. human rights organizations); Political opposition / dissidents / expats,KINGDOM,Saudi Arabia,State,,2,1281; 1280,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Attribution by third-party,,,,KINGDOM; KINGDOM,Saudi Arabia; Saudi Arabia,State; State,https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/; https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html; https://netzpolitik.org/2024/spionagetechnologie-in-jordanien-mehr-spionageopfer-durch-staatstrojaner-pegasus/,2022-08-15,2024-02-06
1085,Midterm Elections-Attack on the Republican Party,Shortly before the Midterm Elections an election campaign comittee of the Republican Party was hacked by an unknown attacker group. Espionaging the e-mail accounts of four highranked employees the attackers gained access to thousands of e-mails.,2018-01-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,United States,NATO; NORTHAM,State institutions / political system,Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1282,NaT,Not available,Media-based attribution,,,,,Unknown,Unknown - not attributed,https://www.politico.com/story/2018/12/04/exclusive-emails-of-top-nrcc-officials-stolen-in-major-2018-hack-1043309,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/Wahlkampf-in-den-USA-Auch-Republikaner-wurden-gehackt-4241151.html; https://www.politico.com/story/2018/12/04/exclusive-emails-of-top-nrcc-officials-stolen-in-major-2018-hack-1043309,2022-08-15,2022-11-02
1086,"Red Alpha Team Operation ""2018 internet docss""","Recorded Future discovered a new espionage campaign dubbed the""Red Alpha""APT  with Chinese origin. One part of it, the campaign"" 2018 internet docss""took place in 2018 against the Tibetan Community.",2018-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Ethnic,RedAlpha ,China,"Non-state actor, state-affiliation suggested",,1,1283,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,RedAlpha ,China,"Non-state actor, state-affiliation suggested",,System / ideology; Autonomy; Resources,System/ideology; Autonomy; Resources,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.recordedfuture.com/redalpha-cyber-campaigns/,2022-08-15,2022-11-02
1067,Iranian hackers attacked the Austal company,"The Austal company was attacked by unknown hackers who stole shipdesigns, some staff email addresses and mobile phone numbers. Unlike the Australian CyberSecurity Centre (ACSC) the Australian Broadcasting Corporation (local media) claimed that Iranian hackers had executed the attack.",2017-11-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing,,Australia,OC,Critical infrastructure,Defence industry,,"Iran, Islamic Republic of",Non-state-group,Criminal(s),1,1259,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Iran, Islamic Republic of",Non-state-group,https://www.abc.net.au/news/2019-02-20/cyber-activists-or-state-actor-attack-how-experts-tell/10825466,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bankinfosecurity.com/australian-shipbuilder-hacked-refuses-to-pay-ransom-a-11662; https://www.reuters.com/article/us-australia-iran-cybercrime/australias-cyber-security-chief-says-austal-defense-hack-investigation-may-take-years-idUSKCN1NI03X; https://www.abc.net.au/news/2019-02-20/cyber-activists-or-state-actor-attack-how-experts-tell/10825466; https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-15th-2023-ransomware-drama/,2022-08-15,2023-12-18
1066,APT34 aka Oilrig hacked unnamed Middle Eastern government entity,"Targeted Phishing Attack against a governmental entity in the middle east, which used a vulnerability which was released just days before.",2017-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Middle East (region),,State institutions / political system,Government / ministries,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1258,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html; https://www.fireeye.de/current-threats/apt-groups.html#apt34; https://www.thedailybeast.com/irans-cyber-army-is-under-attack-from-all-sides-as-us-tensions-escalate,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/; https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html; https://www.fireeye.de/current-threats/apt-groups.html#apt34; https://www.thedailybeast.com/irans-cyber-army-is-under-attack-from-all-sides-as-us-tensions-escalate,2022-08-15,2022-11-02
1065,BadRabbit - 2017,"A threat actor launched a ransomware operation on networks in several countries, mainly in Russia. The operation is believed to have disrupted the Kiev metro system and the Odessa airport. In October 2018, the United Kingdom attributed this incident to Russian military intelligence GRU. But it seems contested, whether it was the work of Fancy Bear or Telebots (aka Sandworm).",2017-10-24,2017-10-24,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,None - Odessa Airport - Interfax - None,Bulgaria; Ukraine; Russia; Turkey,EUROPE; BALKANS; NATO; EU(MS) - EUROPE; EASTEU - EUROPE; EASTEU; CSTO; SCO - ASIA; NATO; MEA,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); End user(s) / specially protected groups; Media,Government / ministries; Finance; ; ;  - Government / ministries; Transportation; ;  - Government / ministries; ; ;  - Government / ministries; Finance; ; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,,3,14785; 14785; 14785; 14785; 14785; 14785; 14784; 14784; 14786; 14786,2018-09-29 00:00:00; 2018-09-29 00:00:00; 2018-09-29 00:00:00; 2018-09-29 00:00:00; 2018-09-29 00:00:00; 2018-09-29 00:00:00; 2017-10-25 00:00:00; 2017-10-25 00:00:00; 2017-10-03 00:00:00; 2017-10-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,; ; ; ; ; ; We live security; We live security; Security Service of Ukraine (SBU); Security Service of Ukraine (SBU),Not available; Not available; Not available; Not available; Not available; Not available; We live security; We live security; Not available; Not available,United Kingdom; United Kingdom; Australia; Australia; New Zealand; New Zealand; Germany; Germany; Ukraine; Ukraine,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia; Russia; Russia; Russia; Unknown; Unknown; Russia; Russia,"State; State; State; State; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State",https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed; https://securelist.com/bad-rabbit-ransomware/82851/; https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed; https://securelist.com/bad-rabbit-ransomware/82851/; https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/; https://www.wired.com/story/ukraine-russia-wiper-malware/; https://www.techrepublic.com/article/sandworm-threat-actor-disrupts-power-ukraine/,2022-08-15,2023-12-04
1054,HRD Hack,Actors tied to the Moroccan government accessed the phones of human rights defenders in Morrocco,2017-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Morocco,AFRICA; NAF; MENA,Social groups; Social groups,Political opposition / dissidents / expats; Other social groups,,Morocco,State,,1,1241,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,Morocco,State,https://www.forbes.com/sites/thomasbrewster/2019/10/09/moroccan-activist-says-nsos-elite-spy-tools-hacked-his-iphone/#13a389a82489,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.amnesty.org/en/latest/research/2019/10/morocco-human-rights-defenders-targeted-with-nso-groups-spyware/; https://www.forbes.com/sites/thomasbrewster/2019/10/09/moroccan-activist-says-nsos-elite-spy-tools-hacked-his-iphone/#13a389a82489,2022-08-15,2022-11-02
1046,Russian ATP Turla attacks G-20 participants,"ProofPoint reveals that Turla (Russian APT) appears to be actively targeting G20 participants and those interested in its activities including policy makers, member nations and journalists.The analysis is based on the discovery of a new Java Script dropper for a backdoor called KopiLuwak that Turla has been known to use.",2017-08-17,2017-08-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,1,1231,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-the-blockbuster-sequel/; https://unit42.paloaltonetworks.com/unit42-blockbuster-saga-continues/; https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,2022-08-15,2023-10-26
1047,Blockbuster Sequel,Researchers from Palo Alto Networks reveal the details of a new operation carried on by the North Korea-linked Lazarus Group against individuals involved with US Defense Contractors.,2017-07-14,2017-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system,Military,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1232,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack,System / ideology; International power; Other,System/ideology,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.darkreading.com/attacks-breaches/russian-speaking-apt-engaged-in-g20-themed-attack/d/d-id/1329673; https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack,2022-08-15,2024-02-01
1048,North Korean Lazarus group conducts Operation Sharpshooter against organziations in global defense and critical infrastructure since September 2017,"Using the ""risings unim plant"", the North-Korean Lazarus Group hacked various organisations and institutions in Europe, the UK and the US. These attacks provided the group with information on critical infrastructure (in the sectors of finance, energy, transport etc.) as well as the military, according to a no-longer accessible report by McAfee.
",2017-09-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure,Government / ministries; Energy; Finance; Defence industry,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,16713; 16712,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,; Not available,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/78884/hacking/operation-sharpshooter.html; https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf; https://techcrunch.com/2019/03/03/north-korea-lazarus-hackers/,2022-08-15,2024-02-01
1049,Disruption of Verrit,"Verrit, a political fact-checking site is DDoSed almost immediately after it was endorsed by Hillary Clinton.",2017-09-04,2017-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,,Unknown,Unknown - not attributed,,1,1235,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/hillary-clinton-verrit-backs-fact-check-site-targeted-by-hackers-donald-trump-fake-news/,2022-08-15,2023-07-25
1050,Unknown hacker attacks Russian-speaking endusers,Security Firm FireEye reveals that the Zero-day vulnerability CVE-2017-0199 in Microsoft Office was exploited by suspected nation state hackers to spread the FinSpy malware,2017-09-13,2017-09-13,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,Unknown,,Unknown,,,Unknown,State,,1,1236,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,State,https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/microsoft-office-zero-day-bug-was-used-by-suspected-state-backed-hackers-spread-finspy-malware-1639196; https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html,2022-08-15,2022-11-02
1051,Operation Catalonia,"Digital activists linked to the Anonymous collective have claimed responsibility for a wave of cyberattacks against a number of Spanish government websites, the constitutional court and the Royal House website as part of a pro-Catalonia protest campaign.",2017-09-24,2017-10-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Spain,EUROPE; NATO; EU(MS),State institutions / political system; State institutions / political system,Government / ministries; Judiciary,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1237,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology; Secession,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://sputniknews.com/europe/201710211058429552-spain-court-website-attack/; https://www.ibtimes.co.uk/anonymous-hacks-spanish-government-websites-free-catalonia-cyber-campaign-1644210,2022-08-15,2022-11-02
1052,Aslan Neferler Tim,A Turkish hacker group has claimed responsibility for a cyber attack that has rendered the Danish Ministry of Immigration website inaccessible.,2017-09-27,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption; Disruption,,Denmark,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Government / ministries,,Turkey,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,13610,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,,Turkey,Non-state-group,,System / ideology; System / ideology,Unknown; Unknown,,Unknown; Unknown,,0,,,,,,No; No,,,,,True,none; none,Short-term disruption (< 24h; incident scores 1 point in intensity); Short-term disruption (< 24h; incident scores 1 point in intensity),none; none,none; none,none; none,1,Moderate - high political importance; Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.thelocal.dk/20170928/two-danish-ministries-taken-offline-by-cyber-attack,2022-08-15,2023-10-12
1053,Lazarus Casino Hack,The north Korean APT Lazarus hacked an online casino and managed to steal an substantial part of the earnings of the casino,2017-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,Central America (region),,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",2,1240; 1240; 1239; 1239,2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,; ; ; ,; ; ; ,; ; ; ,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://us-cert.cisa.gov/ncas/alerts/aa20-239a; https://www.kaspersky.de/about/press-releases/2017_jadg-auf-lazarus-gruppe-verhindert-groben-cyberbankuberfall,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/; https://us-cert.cisa.gov/ncas/alerts/aa20-239a; https://www.kaspersky.de/about/press-releases/2017_jadg-auf-lazarus-gruppe-verhindert-groben-cyberbankuberfall,2022-08-15,2022-11-02
1055,Hudson attack,Chinese cyberattackers allegedly crashed the website of the Hudson Institute as the think tank was about to host an event with a Chinese political dissident that the Chinese government considers to be a criminal.,2017-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,,United States,NATO; NORTHAM,Social groups,Other social groups,,China,"Non-state actor, state-affiliation suggested",,2,1243; 1242,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Receiver attributes attacker,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",http://www.thinktankwatch.com/2017/10/doj-steps-in-after-cyber-attack-on.html; https://www.reuters.com/article/us-china-corruption-tycoon/china-denies-links-to-alleged-cyber-attacks-in-united-states-targeting-exiled-tycoon-guo-idUSKBN1CD0AP,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-china-corruption-tycoon-idUSKBN1CD0AP; http://www.thinktankwatch.com/2017/10/doj-steps-in-after-cyber-attack-on.html; https://www.reuters.com/article/us-china-corruption-tycoon/china-denies-links-to-alleged-cyber-attacks-in-united-states-targeting-exiled-tycoon-guo-idUSKBN1CD0AP,2022-08-15,2023-07-07
1064,CSU DDoS,"Two websites run by the Czech Statistical Office(CSU) were taken offline after a DDoS attack tried to disrupt reporting of the country’s parliamentary elections. According to the CSU, the vote count was not affected.",2017-10-21,2017-10-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Czech Republic,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Election infrastructure / related systems,,Unknown,Unknown - not attributed,,1,1254,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.infosecurity-magazine.com/news/ddos-attack-takes-czech-election/; https://www.cnbc.com/2017/10/23/czech-election-websites-hacked-vote-unaffected-statistics-office.html,2022-08-15,2022-11-02
1056,Lazarus (SubgroupAPT38/Bluenoroff) vs. Far Eastern Bank,"NorthKorean Lazarus (SubgroupAPT38/Bluenoroff) hackinggroup is likely responsible for attempt to steal US$ 500,000 from FarEasternbank.",2017-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking with Misuse,,Taiwan,ASIA; SCS,Critical infrastructure,Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1244,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/; https://content.fireeye.com/apt/rpt-apt38; https://www.reuters.com/article/us-cyber-heist-north-korea-taiwan/north-korea-likely-behind-taiwan-swift-cyber-heist-bae-idUSKBN1CL2VOhttps://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/; https://www.bleepingcomputer.com/news/security/north-korean-hackers-used-hermes-ransomware-to-hide-recent-bank-heist/; https://content.fireeye.com/apt/rpt-apt38; https://www.reuters.com/article/us-cyber-heist-north-korea-taiwan/north-korea-likely-behind-taiwan-swift-cyber-heist-bae-idUSKBN1CL2VOhttps://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html; http://focustaiwan.tw/search/201710070007.aspx?q=Far%20Eastern%20International%20Bank,2022-08-15,2023-11-08
1057,VPN Filter,VPN Filter malware infected thousands of home and small business routers and network devices worldwide.,2017-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Global (region),,End user(s) / specially protected groups,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,3,1247; 1245; 1246,2018-01-01 00:00:00; 2018-01-01 00:00:00; 2018-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,; ; ,; ; ,; ; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested",https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/; https://www.reuters.com/article/us-cyber-routers-ukraine/cyber-firms-ukraine-warn-of-planned-russian-attack-idUSKCN1IO1U9 https://arstechnica.com/information-technology/2018/05/fbi-seizes-server-russia-allegedly-used-to-infect-500000-consumer-routers/; https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://us-cert.cisa.gov/ncas/alerts/TA18-106A?utm_source=newsletter&utm_medium=email&utm_campaign=kremlin_watch_briefing_british_parliament_moves_toward_a_more_coordinated_investigation&utm_term=2019-03-16; https://bgr.com/2018/06/07/vpnfilter-malware-security-threat-fix/; https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/; https://www.reuters.com/article/us-cyber-routers-ukraine/cyber-firms-ukraine-warn-of-planned-russian-attack-idUSKCN1IO1U9 https://arstechnica.com/information-technology/2018/05/fbi-seizes-server-russia-allegedly-used-to-infect-500000-consumer-routers/; https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices; https://twitter.com/Dennis_Kipker/status/1629122902099361795,2022-08-15,2023-10-26
1058,Hackers deceive facebook users with fake profiles,"Using fake profiles on facebook, a group (probably the Hezbollah) tried to convince end users, download a contagious messenger program. With the spy software the hackers were able to steal data from the private devices immediately. Their targets have been mostly located in Central/Eastern Europe and in the MiddleEast.",2017-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,None - None - None,Mena Region (region); Europe (region); Eastern Europe, -  - ,End user(s) / specially protected groups - End user(s) / specially protected groups - End user(s) / specially protected groups, -  - ,Hezbollah,Lebanon,Non-state-group,Terrorist(s),1,1248,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,Hezbollah,Lebanon,Non-state-group,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/czech-intelligence-service-shuts-down-hezbollah-hacking-operation/,2022-08-15,2022-11-02
1059,Chinese hackers attack think tanks and NGOs,Crowd strike reveals the details of espionage-driven targeted attacks carried on by Chinese actors against four Western think tanks and an additional one on governmental organizations (NGOs).,2017-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,,,,,,China,Unknown - not attributed,,1,1249,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.crowdstrike.com/blog/an-end-to-smash-and-grab-more-targeted-approaches/,2022-08-15,2023-10-26
1060,Emissary Panda (ChineseAPT ) attacks the Mongolian national data center,"According to Kaspersky’s latest research, the Chinese hacking group Emissary Panda aka APT 27 aka LuckyMouse used watering hole-style attacks and spear-phishing emails to breach specific employees of the Mongolian data center. After gaining individual access, they leveraged those accounts to gain additional control over the facility’s infrastructure.",2017-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,Mongolia,ASIA; EASIA; NEA,State institutions / political system,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,4685,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177; https://securelist.com/luckymouse-hits-national-data-center/86083/,Autonomy; Subnational predominance; Resources,Autonomy; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.cyberscoop.com/APT%2027-mongolia-kaspersky/; https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177; https://securelist.com/luckymouse-hits-national-data-center/86083/,2022-08-15,2023-02-22
1061,Sandvines Spyware Injection into turkish network,The network company Sandvines injected spyware in the turkish communication network and misused it to controll the showcase of ads,2017-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,None - None,Turkey; Syria,ASIA; NATO; MEA - ASIA; MENA; MEA,End user(s) / specially protected groups - End user(s) / specially protected groups, - ,Sandvines,Turkey,State,,1,1251,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Sandvines,Turkey,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/,2022-08-15,2022-11-02
1062,Sandvines Spyware Injection into egyptian network,The network company Sandvines injected spyware in the egyptian communication network and misused it to control the showcase of ads and to mine cryptocurency,2017-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking with Misuse,,Egypt,MENA; MEA; AFRICA; NAF,End user(s) / specially protected groups,,Sandvines,Egypt,State,,1,1252,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Sandvines,Egypt,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
1063,World War 3,"APT28 has recently dispatched several malware distribution campaigns that try to take advantage of a Flash zero-day vulnerability that Adobe patched earlier this week. According to US cyber-security firm Proofpoint, the one which first spotted these attacks, APT28 targeted abroad set of targets across Europe and in the US.",2017-10-18,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,United States; Europe (region),NATO; NORTHAM - ,State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries;  - Government / ministries; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,1253,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/hackers-race-to-use-flash-exploit-before-vulnerable-systems-are-patched/; https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed,2022-08-15,2022-11-02
999,DarkHydrusin 2017,The hacker group DarkHydrusaka Copy Kittenaka LazyMeerkat in 2017 mainly hacked the governmental and educational sector of different Middle East countries. The hacks are mainly harvesting attacks.,2017-03-01,2017-12-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,Middle East (region),,State institutions / political system,Government / ministries,DarkHydrus/LazyMeerkat,Unknown,Unknown - not attributed,,1,1175,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkHydrus/LazyMeerkat,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://unit42.paloaltonetworks.com/unit42-darkhydrus-uses-phishery-harvest-credentials-middle-east/,2022-08-15,2022-11-02
997,US DDoS towards North Korean,"The United States targeted North Korea’s military spy agency. The attack was a distributed denial of service (DDoS) campaign with an aim to flood North Korean spy agency’s servers with traffic, crippling its access to the internet.",2017-03-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,"Korea, Democratic People's Republic of",ASIA; NEA,State institutions / political system,Intelligence agencies,US CYCOM,United States,State,,1,1173,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,US CYCOM,United States,State,https://thediplomat.com/2017/10/how-to-make-sense-of-offensive-us-cyber-operations-against-north-korean-military-intelligence/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cybersecurityintelligence.com/blog/cyberwarfare-us-launches-ddos-attacks-against-n-korean-spy-agency-2902.html; https://thediplomat.com/2017/10/how-to-make-sense-of-offensive-us-cyber-operations-against-north-korean-military-intelligence/,2022-08-15,2024-04-11
908,Indian CBI Hack,"Indian Central Bureau of Investigation and Army officers were targeted by a phishing campaign, according to an Indian Cybersecurity Blog/Research-Entity.",2016-09-20,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,India,ASIA; SASIA; SCO,State institutions / political system; State institutions / political system,Government / ministries; Military,,Pakistan,"Non-state actor, state-affiliation suggested",,1,1071,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Pakistan,"Non-state actor, state-affiliation suggested",https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea/,International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials/; https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea/,2022-08-15,2022-11-02
951,Montenegro national election 2016,Allegedly Russian hackers disrupted various websites a few days before and on election day (16th of october). The montenegrin leaders accuse russia of these hacks and supporting even the preparation of a coup.,2016-10-13,2016-10-16,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Montenegro,EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system; State institutions / political system; Media,Political parties; Election infrastructure / related systems; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,1119,2016-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://balkaninsight.com/2016/11/07/montenegro-to-tighten-cyber-security-against-hackers-11-04-2016/; https://www.euractiv.com/section/global-europe/news/montenegro-hit-by-cyber-attacks-on-election-day/,2022-08-15,2023-08-15
931,Kuwaiti Parliament Defacment,Hackers defaced Kuwaiti parliament website one lection day accusing MP of being an Iranian agent,2016-11-26,2016-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Kuwait,ASIA; MENA; MEA; GULFC,State institutions / political system; State institutions / political system,Legislative; Election infrastructure / related systems,Group_dmar,Unknown,Non-state-group,Hacktivist(s),1,1094,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Group_dmar,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/hackers-defaced-kuwaiti-parliament-website-election-day-accusing-mp-being-iranian-agent-1593992,2022-08-15,2023-11-27
932,SF Muni Hack,"San Francisco Metro and Buscompany Muni was hacked, bringing their payment systems down for several days.",2016-11-26,2016-11-28,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,United States,NATO; NORTHAM,Critical infrastructure,Transportation,,Unknown,Individual hacker(s),,1,1095,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/hackers-sf-muni-ransomware-attack-muni/; https://www.cnet.com/news/sf-muni-hack-contained-next-transit-hack-could-be-train-wreck/; https://www.washingtonpost.com/news/dr-gridlock/wp/2017/01/09/cyberattack-on-san-francisco-transit-agency-prompts-senate-questions-for-metro/?utm_term=.0f18ec42e255,2022-08-15,2022-11-02
933,Telekom-Hack,"Nearly 1 Million Telekom Routers (and several hundred thousands from other companies) were targeted in order to include them in a gigantic Botnet. The hack did not function properly and led to the internet disruption of the affected enduser's systems. An individual hacker from London called ""Spiderman"" was arrested as only responsible individual.",2016-11-27,2016-11-27,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,Telekom - TalkTalk,Germany; United Kingdom,EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure - Critical infrastructure,Telecommunications - Telecommunications,Spiderman,United Kingdom,Non-state-group,Criminal(s),1,14751,NaT,Domestic legal action,Attribution by receiver government / state entity,Bundesamt für Sicherheits und Informationstechnik,Not available,Germany,Spiderman,United Kingdom,Non-state-group,https://www.spiegel.de/netzwelt/netzpolitik/telekom-hack-prozess-gegen-29-jaehrigen-briten-hat-begonnen-a-1159071.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,http://www.zdnet.de/88283775/telekom-hack-das-sind-die-hintergruende-so-schuetzen-sich-anwender/?inf_by=59c8c424671db86a6a8b4aa4; https://www.spiegel.de/netzwelt/netzpolitik/telekom-hack-prozess-gegen-29-jaehrigen-briten-hat-begonnen-a-1159071.html; https://www.wiwo.de/unternehmen/it/streit-um-it-sicherheit-nach-telekom-hackerangriff-der-fensterbauer-haftet-nicht-wenn-eingebrochen-wird/14914942.html; https://www.bleepingcomputer.com/news/security/notorious-bestbuy-hacker-arraigned-for-running-dark-web-market/; https://therecord.media/notorious-hacker-daniel-kaye-arraigned-for-allegedly-running-dark-web-marketplace/,2022-08-15,2023-12-01
934,Israel Propaganda Broadcast,Hackers took control of an Israeli newschannel and broadcast the Muslim call to prayer followed by anti-Israel propaganda which lasted about 30 seconds before the connection was restored. The hack allegedly took place in protest of a controversial bill that limits the volume of the ‘Adhan’from mosques in Israel.,2016-11-30,2016-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Israel,ASIA; MENA; MEA,Media,,,Unknown,Non-state-group,Religious actors,1,1097,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.independent.co.uk/news/world/middle-east/hackers-take-control-israelim-channel-2-tv-broadcast-muslim-call-to-prayer-a7461911.html; https://www.heise.de/newsticker/meldung/Hacker-senden-anti-israelischen-Kurzfilm-im-Fernsehen-in-Israel-3518414.html,2022-08-15,2022-11-02
935,Kaputskiy vs. Slovak Chamber of Commerece,"Kaputskiy breaks into Slovak Chamber of Commerce and accesses and exposes data belonging to more than 4,000 users",2016-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Slovakia,EUROPE; NATO; EU(MS); EASTEU,State institutions / political system,Civil service / administration,Kapustkiy,Unknown,Individual hacker(s),,1,1098,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/54550/data-breach/slovak-chamber-commerce-hacked.html,2022-08-15,2022-11-02
936,Turkish Power Outage 2016,"Sources from the Energy Ministry claim that a major cyber-attack is the source of the widespread electricity cuts across Istanbul in december, according to reports in the Turkish media.",2016-12-01,Not available,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,Turkey,ASIA; NATO; MEA,Critical infrastructure,Energy,,United States,Unknown - not attributed,,1,1099,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,United States,Unknown - not attributed,https://securityaffairs.co/wordpress/55176/hacking/power-outages-turkey.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Widespread effects, e.g., affecting different regions of country or a country as a whole (incident scores 2 points in intensity)",Short duration (< 24h; incident scores 1 point in intensity),6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.csa.gov.sg/singcert/publications/energy; http://www.hurriyetdailynews.com/major-cyber-attack-on-turkish-energy-ministry-claimed-107981; https://securityaffairs.co/wordpress/55176/hacking/power-outages-turkey.html,2022-08-15,2022-11-02
937,Red Alpha Team against Tibetan Targets,"Citizen Lab provides an in-dep th view into a phishing operation that ran for 1 19 months, and which targeted the Tibetan community. Recorded Future later linked this campaign to the so called Chinese state-backed group Red Alpha.",2016-12-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,China,ASIA; SCS; EASIA; NEA; SCO,Social groups,Ethnic,RedAlpha ,China,"Non-state actor, state-affiliation suggested",,2,1101; 1100,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,RedAlpha ; RedAlpha ,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.recordedfuture.com/redalpha-cyber-campaigns/,System / ideology; Autonomy; Resources,System/ideology; Autonomy; Resources,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-with-targets-in-the-tibetan-community/; https://www.recordedfuture.com/redalpha-cyber-campaigns/,2022-08-15,2022-11-02
938,"Hacking-for-Hire group Bahamut aka ""The White Company"" spied on various targets in the Middle East from December 2016 until June 2017","The hacking-for-hire group Bahamut aka ""The White Company"" spied on diverse political, economic, and social sectors in the Middle East since December 2016, with specifically crafted phishing attacks and highly-sophisticated malware, according to Bellingcat researchers. The group seems to work for multiple state-sponsors according to the wide-ranging victomology, including actors from Egypt, Iran, Palestine, Turkey, Tunisia, and the United Arab Emirates. According to a second report from Bellingcat, the group stopped those attacks after its public exposure in June 2017, but soon continued its operations. (See incident ""In September 2017, Bahamut aka ""The White Company"" resumed its espionage, focusing on South Asia and the Middle East""). 
Bellingcat also identified connections to an operation disclosed by Amnesty International, called ""Kingphish"".",2016-12-01,Not available,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,Not available - Ministry of Foreign Affairs (United Arab Emirates) - Minister of State for Foreign Affairs (United Arab Emirates) - Union of Arab Banks - Minister of Foreign Affairs (Turkey) - UNESCO delegate (Turkey)  - Not available - Not available - Not available - Not available,"Egypt; United Arab Emirates; United Arab Emirates; Lebanon; Turkey; Turkey; Iran, Islamic Republic of; United Arab Emirates; Iran, Islamic Republic of; Middle East (region)",MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ASIA; NATO; MEA - ASIA; NATO; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA - ,Media - State institutions / political system - State institutions / political system - International / supranational organization - State institutions / political system - State institutions / political system - State institutions / political system - Social groups - Social groups; Media - Social groups; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science," - Government / ministries - Government / ministries -  - Government / ministries - Other (e.g., embassies) - Other (e.g., embassies) - Other social groups - Advocacy / activists (e.g. human rights organizations);  - Advocacy / activists (e.g. human rights organizations); ; ",,Unknown,"Non-state actor, state-affiliation suggested; Non-state-group",; Private technology companies / hacking for hire groups without state affiliation / research entities,1,5732; 5732,2017-06-12 00:00:00; 2017-06-12 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,Bellingcat; Bellingcat,Not available; Not available,Not available; Not available,,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state-group",https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/,Unknown,Unknown,,Unknown,,0,,Not available,,Not available,Not available,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf; https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/; https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/; https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.ibeidghw5,2022-08-15,2023-01-02
939,Kaputskiy vs. Venezuelan Army,"Kaputskiy hacks Venezuelan Army and exposes details of  3,000 accounts",,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Venezuela,SOUTHAM,State institutions / political system,Military,Kapustkiy,Unknown,Individual hacker(s),,1,13614,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,Not available,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://news.softpedia.com/news/venezuelan-army-website-hacked-details-of-3-000-accounts-exposed-510676.shtml,2022-08-15,2023-10-12
940,Kaputskiy vs. Ecuadorian National Assembly,Kaputskiy hacks into Ecuador National Assembly and exposes 550-600 accounts,2016-12-05,2016-12-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Ecuador,,State institutions / political system,Legislative,Kapustkiy,Unknown,Individual hacker(s),,1,1105,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/54068/data-breach/national-assembly-of-ecuador-hacked.html,2022-08-15,2024-02-19
941,Sandworm 2.0-Attacks on Ukrainian financial Institutions - 2016,"In December 2016, almost exactly a year after the attacks on Ukraine's power grid, Russian hackers shut down the payment system of Ukraine's Ministry of Finance, Treasury and Pension Fund.",2016-12-06,2016-12-08,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Civil service / administration; Finance; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia,State; State,,2,6584; 6584; 6583; 6583,2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,; ; ; ,Not available; Not available; Not available; Not available,; ; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia; Russia; Russia,State; State; State; State,https://www.wired.com/story/russian-hackers-attack-ukraine/; https://www.ukrinform.ru/rubric-polytics/2176548-rossia-atakovala-finansovuu-infrastrukturu-ukrainy-virusom-telebots-sbu.html; https://www.securitylab.ru/news/484704.php; https://lenta.ru/news/2017/02/17/uahacked/; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and,System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.wired.com/story/russian-hackers-attack-ukraine/; https://www.rferl.org/a/ukraine-cyberattacks-finance-ministry-treasury-infrastructure-russia/28172004.html; https://www.ukrinform.ru/rubric-polytics/2176548-rossia-atakovala-finansovuu-infrastrukturu-ukrainy-virusom-telebots-sbu.html; https://www.securitylab.ru/news/484704.php; https://lenta.ru/news/2017/02/17/uahacked/; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.epravda.com.ua/rus/publications/2016/12/9/613957/,2022-08-15,2023-03-13
942,Kaputskiy and Kasimierz hack into Argentinian Ministry of Industry,Kaputskiy and Kasimierz hack into Argentinian Ministry of Industry  website and breach personaldata,2016-12-07,2016-12-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Argentina,SOUTHAM,State institutions / political system,Government / ministries,Kapustkiy; Kasimierz,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),1,1108; 1108,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Kapustkiy; Kasimierz,Unknown; Unknown,Non-state-group; Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/argentinian-government-site-suffers-major-breach-personal-information-exposed-510780.shtml,2022-08-15,2022-11-02
943,Disruption of Ukrainian Defense Ministry,Ukraine Defence Ministry website disrupted,2016-12-13,2016-12-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1109,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,System / ideology,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-ukraine-crisis-cyber/ukraines-defence-ministry-says-website-hit-by-cyber-attack-idUSKBN1421YT,2022-08-15,2022-11-02
944,Kaputskiy vs. Russian Consulate,"Kaputskiy hacks into Russian Consulate department Russian National Visa Bureau websites in the Netherlands, steals and exposes user information",2016-12-13,2016-12-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Kapustkiy,Unknown,Individual hacker(s),,1,1110,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/russian-consulate-hacked-passport-numbers-and-personal-information-stolen-510928.shtml,2022-08-15,2022-11-02
945,Cryptolulz vs. RussianEmbassy in Armenia,Individual hacker Cryptolulz breaks into the data base of the website of Russian embassy of Armenia and leaks data,2016-12-14,2016-12-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,,Cryptolulz,Unknown,Individual hacker(s),,1,1111,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cryptolulz,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/54393/hacking/russian-embassy-of-armenia-hacked.html,2022-08-15,2022-11-02
946,Cryptolulz DDOS vs. Italian Governments,Cryptolulz targets Russian and Italian governments websites and conducts a DDoS attack,2016-12-16,2016-12-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,None - None,Russia; Italy,EUROPE; EASTEU; CSTO; SCO - EUROPE; NATO; EU(MS),State institutions / political system - State institutions / political system,Government / ministries - Government / ministries,Cryptolulz,Unknown,Individual hacker(s),,1,1112,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cryptolulz,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/54459/hacking/cryptolulz666-ddos.html,2022-08-15,2022-11-02
947,Ukraine Power Grid 2,"Hackers struck an electric transmission station north of the city of Kiev, blacking out a portion of the Ukrainian capital equivalent to a fifth of its total power capacity. The outage lasted about an hour.",2016-12-17,2016-12-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,Ukraine,EUROPE; EASTEU,Critical infrastructure,Energy,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,State,,3,1115; 1113; 1114,2017-01-01 00:00:00; 2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Domestic legal action",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,; ; ,; ; ,; ; ,"Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia; Russia,"State; Non-state actor, state-affiliation suggested; State",https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and,Territory,Territory,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),5,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",7.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://cyberscoop.com/ransomware-manufacturing-dragos/; https://www.wired.com/story/ukraine-russia-wiper-malware/; https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/; https://twitter.com/Dennis_Kipker/status/1629122902099361795; https://www.darkreading.com/vulnerabilities-threats/vulkan-playbook-leak-exposes-russia-plans-worldwide-cyber-war; https://twitter.com/DigitalPeaceNow/status/1661836966881533965; https://therecord.media/china-hacking-uk-members-parliament; https://www.govinfosecurity.com/ukraine-fends-off-sandworm-battlefield-espionage-ploy-a-22772; https://www.wired.com/story/poland-train-radio-stop-attack/; https://arstechnica.com/security/2023/08/russia-targets-ukraine-with-new-android-backdoor-intel-agencies-say/; https://cyberscoop.com/sandworm-ukraine-infamous-chisel/; https://www.wired.com/story/china-redfly-power-grid-cyberattack-asia/; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/; https://dragos.com/blog/crashoverride/CrashOverride-01.pdf; https://www.securitylab.ru/news/484757.php; https://www.ukrinform.ru/rubric-polytics/2176548-rossia-atakovala-finansovuu-infrastrukturu-ukrainy-virusom-telebots-sbu.html; https://motherboard.vice.com/en_us/article/bmvkn4/ukrainian-power-station-hacking-december-2016-report; https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/; https://www.wired.com/story/crash-override-malware/; https://www.securitylab.ru/news/484704.php; https://lenta.ru/news/2017/02/17/uahacked/; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and; https://www.securityweek.com/ukraine-says-russia-planning-massive-cyberattacks-critical-infrastructure; https://www.cyberscoop.com/ukrainians-warn-of-massive-cyberattacks/,2022-08-15,2023-11-24
948,Anonymous vs. Thai Government (OPSingle Gateway),"After the Single Internet Gateway was passed into a law, the websites of the National Security Agency and the Ministry of Defense and four other ministries became inaccessible, Anonymous also defaced Thai LA consulate and leaked data in protest of arrests related to OpSingleGateway.",2016-12-20,2016-12-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,Thailand,ASIA; SEA,State institutions / political system; State institutions / political system,Government / ministries; Military,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1116,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-against-thai-internet-censorship-surveillance-law/; https://www.hackread.com/anonymous-hacks-thailand-navy-foreign-affairs/,2022-08-15,2022-11-02
949,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2016-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,Netherlands,EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,,1,1117; 1117,2020-01-01 00:00:00; 2020-01-01 00:00:00,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS)); MSS",China; China,State; State,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://us-cert.cisa.gov/ncas/alerts/aa20-258a,2022-08-15,2023-03-13
930,Kapustkiy vs. India,Kaputskiy hacks into Indian High Commissions in Ghana and Fiji and exposes credentials of 200 accounts,2016-11-26,2016-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,None - None - None,India; Fiji; Ghana,ASIA; SASIA; SCO - OC - AFRICA; SSA,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,Kapustkiy,Unknown,Individual hacker(s),,1,1093,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/powerful-greek-army-hacker-breaches-high-commission-websites-in-india-510519.shtml,2022-08-15,2022-11-02
929,Foreign Ministry Austria DDoS,Austrian Foreign Ministry suffered a DDoS attack leading to the shutdown of webpage. Turkish involvement due to Austrian position on EU membership suggested.,2016-11-25,2016-11-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,Austria,EUROPE; EU(MS); WESTEU,State institutions / political system,Government / ministries,,Turkey,Unknown - not attributed,,1,1092,NaT,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,Turkey,Unknown - not attributed,,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/DDoS-Angriff-auf-oesterreichisches-Aussenministerium-3505859.html; https://www.welt.de/politik/ausland/article159785771/Tuerkische-Hacker-greifen-Website-des-Aussenministeriums-an.html,2022-08-15,2022-11-02
928,DDoS European Commission,"DDoS attack brought down the Internet connection of the EU Commission staff. No data leak, no sign so far related attacks such as hijacking.",2016-11-24,2016-11-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,EU (institutions),,International / supranational organization,,,Unknown,Unknown - not attributed,,1,1091,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.politico.eu/pro/european-commission-cyberattack-internet-loss-hacked-what-we-know-and-dont-know/; https://www.hackread.com/european-commission-suffers-ddos-attacks/,2022-08-15,2023-05-07
917,Break of US election Agency,"US election agency breached and 100 credentials of voters stolen, hacker tried to sell the data",2016-11-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,United States,NATO; NORTHAM,State institutions / political system,Civil service / administration,,Unknown,Individual hacker(s),,1,1080,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Unknown,Individual hacker(s),,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-election-hack-commission-idUSKBN1442VC?il=0,2022-08-15,2024-02-08
909,Turkish Energy Leak,RedHack leaks personal E-Mail accounts of Turkish Energy Minister and Erdogan's son-in-law Albayrak,2016-09-23,2016-09-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,Turkey,ASIA; NATO; MEA,State institutions / political system,Government / ministries,RedHack,Turkey,Non-state-group,Hacktivist(s),1,1072,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,,System / ideology; Autonomy,Autonomy,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.dailydot.com/layer8/redhack-turkey-albayrak-censorship/,2022-08-15,2022-11-02
910,India/Pakistan Ehdoor Espionage,"SymantecCorp, a digital security company, says it has identified a sustained cyberspying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.",2016-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Pakistan; India,ASIA; SASIA; SCO - ASIA; SASIA; SCO,State institutions / political system; State institutions / political system - State institutions / political system; State institutions / political system,Government / ministries; Military - Government / ministries; Military,,Unknown,"Non-state actor, state-affiliation suggested",,1,1073,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2,2022-08-15,2022-11-02
911,Lazarus vs. Polish Banks,"Attacks aimed at banks in Poland appear to be part of a bigger campaign targeting financial organizations around the world, and researchers have found some links to the threat actor known as Lazarus.",2016-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,Poland; United States; Mexico; Brazil; Denmark; Venezuela; Colombia; Peru; United Kingdom; India,EUROPE; NATO; EU(MS); EASTEU - NATO; NORTHAM -  - SOUTHAM - EUROPE; NATO; EU(MS); NORTHEU - SOUTHAM - SOUTHAM - SOUTHAM - EUROPE; NATO; EU(MS); NORTHEU - ASIA; SASIA; SCO,Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure - Critical infrastructure,Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance - Finance,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1074; 1074,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"https://www.securityweek.com/malware-attacks-polish-banks-linked-lazarus-group#:~:text=The%20custom%20exploit%20kit%20was,toolkit%20of%20the%20Lazarus%20Group.; https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf",2022-08-15,2023-03-13
912,Bradley-Foundation Hack,Hackers penetrated the networks of the Bradley Foundation and leaked data (additionally some fake data),2016-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,United States,NATO; NORTHAM,Social groups,Other social groups,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,1075,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://www.vocativ.com/372088/bradley-foundation-hack-clinton-cammpaign-fake-files/; https://www.databreaches.net/bradley-foundation-hacked-to-expose-contribution-to-clinton-campaign/,2022-08-15,2022-11-02
913,Defacement of Indian Websites,Indian government sites hacked and defaced with propaganda by pakistani hackers.,2016-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,,Pakistan,Non-state-group,Hacktivist(s),1,1076,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Pakistan,Non-state-group,,System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.gadgetsnow.com/tech-news/Pakistan-steps-up-cyberwar-over-35-Indian-websites-hit/articleshow/54753240.cms,2022-08-15,2022-11-02
914,Surkov Leaks,"Ukrainian hackers CyberHunta leaked over a gigabyte of emails (2,300) of Kremlin official Vladislav Surkov (with plans to destabilise Ukraine). Ukrainian officials affirm authenticity of the documents while the Kremlin says it's fake and denies Surkov even using email.",2016-10-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Government / ministries,Cyber Hunta,Ukraine,Non-state-group,Hacktivist(s),1,1077,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Hunta,Ukraine,Non-state-group,https://medium.com/dfrlab/breaking-down-the-surkov-leaks-b2feec1423cb#.t4wz7vsnx,System / ideology; Resources; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.securitylab.ru/news/484218.php; https://medium.com/dfrlab/breaking-down-the-surkov-leaks-b2feec1423cb#.t4wz7vsnx; https://www.newsweek.com/kremlin-denies-putin-aide-hack-because-he-does-not-use-email-514038?rx=us,2022-08-15,2022-11-02
915,DPR pension fund,"Chairperson of Donetsk People's Republic pension fund reported an attack and blocking of the fund database, so that pension payments were suspended. DPR blaimed Ukrainian hackers, presumably related to advance poll in DPR",2016-10-04,2016-10-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,Ukraine,EUROPE; EASTEU,State institutions / political system,Civil service / administration,,Ukraine,Non-state-group,Hacktivist(s),1,1078,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Ukraine,Non-state-group,,System / ideology; Resources; Secession,System/ideology; Resources; Secession,; ; ,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.segodnya.ua/regions/donetsk/zhiteli-dnr-ostalis-bez-pensiy-boeviki-obvinyayut-hakerov-758334.html; https://russian.rt.com/article/324629-v-dnr-zayavili-o-vzlome-bazy-dannyh,2022-08-15,2023-06-20
916,SEA vs. Belgian Media,Syrian Cyberarmy hacks Belgian Media Sites.,2016-10-24,2016-10-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Belgium,EUROPE; EU(MS); NATO; WESTEU,Media,,Syrian Cyber Army,Syria,Non-state-group,Hacktivist(s),1,1079,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Cyber Army,Syria,Non-state-group,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html; https://news.softpedia.com/news/syrian-cyber-army-claim-ddos-attacks-on-belgian-media-509623.shtml; https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0,2022-08-15,2022-11-02
918,"Malware ""Stonedrill""","A wiper malware sharing similarities with Shamoon 2.0, but even stronger with past attacks of Newsbeef aka Newscaster aka CharmingKitten targeted Saudi Arabian Corporations and was even found in an Kaspersky Network in Europe.",2016-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,None - None,Europe (region); Saudi Arabia, - ASIA; MENA; MEA; GULFC,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Other,;  - ; ,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten; Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1081; 1081,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten; Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf; https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf; https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf,2022-08-15,2022-11-02
927,Shad0wS3C vs. Mexican Regional Government,Shad0wS3C Hacker Breaches Mexican Government Website and exposes sensitive user date,2016-11-23,2016-11-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Mexico,,State institutions / political system,Civil service / administration,Shad0wS3C,Unknown,Non-state-group,Hacktivist(s),1,1090,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Shad0wS3C,Unknown,Non-state-group,,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/shad0ws3c-hacker-breaches-mexican-government-website-510447.shtml,2022-08-15,2022-11-02
919,N.T.R. Greyhat leak,"Hacker leaks personal data of 34 Mio. Keralites from Kerala government’s civil supplies department website, after department fails to address security flaws in website",2016-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,India,ASIA; SASIA; SCO,State institutions / political system,Civil service / administration,N.T.R.,India,Individual hacker(s),,1,1082,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,N.T.R.,India,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://gulfnews.com/xpress/news/data-of-34-million-keralites-leaked-in-massive-breach-1.1930317,2022-08-15,2022-11-02
920,DDOS vs. Wikileaks,"WikiLeaks hit with'targeted' cyberattack after publishing over 8,000 more DNC emails",2016-11-07,2016-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,Unknown,,Social groups,Advocacy / activists (e.g. human rights organizations),,Unknown,Unknown - not attributed,,1,1083,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/wikileaks-hit-targeted-cyberattack-after-publishing-over-8000-more-dnc-emails-1590267,2022-08-15,2023-06-13
921,Shutdown of ScotlandYard,The website of ScotlandYard was taken down by Anonymous in response to an arrest of people at an anti-capitalist protest,2016-11-07,2016-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system,Police,Anonymous,Unknown,Non-state-group,Hacktivist(s),1,1084,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.thetimes.co.uk/article/hackers-hit-police-site-after-arrests-at-protest-7fj2dhzqw,2022-08-15,2022-11-02
922,CozyBear vs. US-Think Tanks etc. - 2016,"Mere hours after Donald Trump was declared victorious in the wake of the US elections, Kremlin-linked hacker group CozyBear(APT29) ,reportedly launched a wave of attacks on US-based targets. According to Washington-based cyber response firm Volexity, CozyBear hackers launched five different spear-phishing campaigns,""with a heavy focus on U.S.-based think tanks and non-governmental organizations (NGOs)"".",2016-11-08,2016-11-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Social groups; Science,Other social groups; ,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,4798,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/russia-linked-dnc-hackers-launched-wave-cyberattacks-hours-after-trump-victory-1590976; https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html,2022-08-15,2023-11-14
923,Russian-Banks-DDoS,"A hacker calling himself vim products claimed to have taken down the webpages of several mayor Russian banks for ""customers""who bought the DDoS attack because their disapproval about Russias interference in the US elections. The effected sites included the Moscow Exchange, the Bank of Moscow, Rosbank, and Alfa-Bank.",2016-11-08,2016-11-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,Russia,EUROPE; EASTEU; CSTO; SCO,Critical infrastructure,Defence industry,Vimproducts,Unknown,Individual hacker(s),,1,1086,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Vimproducts,Unknown,Individual hacker(s),,Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://motherboard.vice.com/en_us/article/4xa5y9/hacker-claims-to-take-down-russian-bank-websites-on-election-day,2022-08-15,2023-03-13
924,Shamoon 2.0,"Likely Iranian State-sponsored hackers (Crowd strike) have conducted a series of destructive attacks on Saudi Arabia over the last two weeks, erasing data and wreaking havoc in the computerbanks of the agency running the country’s airports and hitting five additional targets.",2016-11-17,2017-01-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,Saudi Arabia,ASIA; MENA; MEA; GULFC,State institutions / political system; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Government / ministries; Energy; Transportation; ,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1087,2017-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/; https://www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR,International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/; https://www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR; https://www.nytimes.com/2016/12/01/world/middleeast/saudi-arabia-shamoon-attack.html; https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/; https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/; https://twitter.com/780thC/status/1618571785276100609,2022-08-15,2022-12-20
925,Kapustkiy vs. Italian Government,"Kaputskiy hacks into Italian government site and exposes 45,000 users' data",2016-11-18,2016-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Italy,EUROPE; NATO; EU(MS),State institutions / political system,Government / ministries,Kapustkiy,Unknown,Individual hacker(s),,1,1088,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/hacker-breaks-into-italian-government-website-45-000-users-exposed-510332.shtml,2022-08-15,2022-11-02
926,Kapustkiy vs. Indian regional Council,"Kaputskiy Breaks into Indian Regional Council Server and exposes 17,000 users' data",2016-11-20,2016-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,India,ASIA; SASIA; SCO,State institutions / political system,Government / ministries,Kapustkiy,Unknown,Individual hacker(s),,1,1089,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://news.softpedia.com/news/kapustkiy-breaks-into-indian-regional-council-server-17-000-users-exposed-510355.shtml,2022-08-15,2022-11-02
950,UN International Civil Aviation Organization hack,China-linked group Emissary Panda breached into computer systems of UN International Civil Aviation Organization and spread malware to foreign government websites.,2016-11-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,Turkey,ASIA; NATO; MEA,State institutions / political system; International / supranational organization,Government / ministries; ,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",,1,1118,2019-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cbc.ca/news/canada/montreal/montreal-based-un-aviation-agency-tried-to-cover-up-2016-cyberattack-documents-show-1.5033733,2022-08-15,2022-11-02
952,Bulgaria presidential election and referendum hack,"Allegedly Russian hackers disrupted the websites of the bulgarian electoral commission, presidency and other government institutions in the course of the upcoming presidential elections and the referendum on 6th of novermber.",2016-10-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,Bulgaria,EUROPE; BALKANS; NATO; EU(MS),State institutions / political system,Election infrastructure / related systems,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,1,3093,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,Not available,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bbc.com/news/world-europe-37867591,2022-08-15,2022-11-02
996,Luxembourg DDoS 2017,DDoS attack takes down Luxembourg government servers,2017-02-27,2017-02-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,Luxembourg,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Government / ministries,,Unknown,Unknown - not attributed,,1,1172,NaT,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.ibtimes.co.uk/ddos-attack-takes-down-luxembourg-government-servers-1609380,2022-08-15,2022-11-02
953,Chinese espionage campaign,"Chinese state-sponsored hacking group ""Emissary Panda"" compromised the network systems of an European drone company and a U.S. subsidiary of a French energy management company in order to steal information relevant to economic and military competition.",2016-06-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Europe (region); France, - EUROPE; NATO; EU(MS); WESTEU,Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure,Energy; Defence industry - Energy; Defence industry,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",,1,1121,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",https://threatconnect.com/blog/threatconnect-discovers-chinese-APT -activity-in-europe/,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://threatconnect.com/blog/threatconnect-discovers-chinese-APT%20-activity-in-europe/; https://threatconnect.com/blog/threatconnect-discovers-chinese-APT -activity-in-europe/,2022-08-15,2023-09-24
977,Chafer 2.0,Iran-based group Chafer remains highly active and is moving up the telecoms and transport supply chain to facilitate widescale surveillance of targets. One of the tools used by Chafer was the EternalBlue exploit that was previously deployed in the devastating WannaCry and Petya attacks.,2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None,Israel; Jordan; United Arab Emirates; Saudi Arabia; Turkey,ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; MENA; MEA; GULFC - ASIA; NATO; MEA,Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),Transportation; Telecommunications;  - Transportation; Telecommunications;  - Transportation; Telecommunications;  - Transportation; Telecommunications;  - Transportation; Telecommunications; ,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1151,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions?SID=86151X1538609X92fba9ea2ae860e8e0dfe5d0fdc6793a&API1=100&API2=7887077&cjid=7887077&cjevent=415f80e0e04111e9811400500a18050e,2022-08-15,2024-01-08
978,Charming Kitten vs. Instagram and Telegram,Talos Intelligence reports several attacks on users of Instagram and Telegram. The Attacker used greyware of these applications to gain access to private information about his victims.,2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Iran, Islamic Republic of",ASIA; MENA; MEA,End user(s) / specially protected groups,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1152,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.talosintelligence.com/2018/11/persian-stalker.html,2022-08-15,2022-11-02
979,"""Operation/Group Rancor""","The RANCOR APT  group has been targeting political entities in Singapore, Cambodia, and Thailand, and likely in other countries, using two previously unknown strain of malware. The two malware families were tracked as DDKONG and PLAINTEE. The group might be related to the Chinese-based group DragonOk.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,None - None,North America; Asia (region), - ,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science,Government / ministries; Telecommunications; ;  - Government / ministries; Telecommunications; ; ,,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1153,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",https://www.phnompenhpost.com/national/kingdom-targeted-new-malware,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/73927/APT%20/rancor-cyber-espionage.html%20https://unit42.paloaltonetworks.com/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/; https://www.phnompenhpost.com/national/kingdom-targeted-new-malware,2022-08-15,2022-11-02
980,"""Bundeshack""","The Russian APT Turla attacked the German government, after Fancy Bear was the suspect at the beginning of the investigation.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,Germany,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system,Legislative,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia,"Non-state actor, state-affiliation suggested",,2,11063; 11062,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,Not available; ,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)",Russia; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.heise.de/newsticker/meldung/Bundeshack-Russische-Hackergruppe-Snake-soll-hinter-Angriff-stecken-3984930.html; https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/,2022-08-15,2023-06-28
981,"""Operation PZChao""","""Operation PZChao"" targets US and Asian organisations with cyber-attacks reminiscent of Iron Tiger - but this time with the ability to drop trojans, conduct espionage, and mine bitcoin. Researchers spectaculate that the same Chinese-based APT (APT27 aka Emissary Panda) as in the Iron Tiger operation takes part in the new project but this is not proven yet.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None,Mena Region (region); Africa; Palestine; Global (region), -  - ASIA; MENA; MEA - ,State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science - State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Media; Science,Government / ministries; Legislative; Civil service / administration; Intelligence agencies; Election infrastructure / related systems; Finance; ; ;  - Government / ministries; Legislative; Civil service / administration; Intelligence agencies; Election infrastructure / related systems; Finance; ; ;  - Government / ministries; Legislative; Civil service / administration; Intelligence agencies; Election infrastructure / related systems; Finance; ; ;  - Government / ministries; Legislative; Civil service / administration; Intelligence agencies; Election infrastructure / related systems; Finance; ; ; ,Gaza Cybergang,Unknown,Unknown - not attributed,,1,1156,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Gaza Cybergang,Unknown,Unknown - not attributed,https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177; https://download.bitdefender.com/resources/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf?adobe_mc=MCMID%3D81353798674868294900645340493449571262%7CMCORGID%3D0E920C0F53DA9E9B0A490D45%2540AdobeOrg%7CTS%3D1594802281; https://securityaffairs.co/wordpress/68581/apt/operation-pzchao.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/espionage-malware-snoops-for-passwords-mines-bitcoin-on-the-side/; https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177; https://download.bitdefender.com/resources/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf?adobe_mc=MCMID%3D81353798674868294900645340493449571262%7CMCORGID%3D0E920C0F53DA9E9B0A490D45%2540AdobeOrg%7CTS%3D1594802281; https://securityaffairs.co/wordpress/68581/apt/operation-pzchao.html,2022-08-15,2023-03-13
982,UK starts cybercampaign against ISIS,The British governement initiated a cybercampaign against ISIS disrupting all of its actions within the Internet. Through 2017 ISIS was strongly prohibited in sharing ist propaganda over the web.,2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption,,ISIS,,Social groups,Terrorist,GCHQ,United Kingdom,State,,1,1157,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,GCHQ,United Kingdom,State,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/technology-43738953,2022-08-15,2022-11-02
983,Sea Turtle,"Unknown state-sponsored actors hijacked parts of the DNS-Infrastructure, allowing them to phish credentials of middle-eastern foreign offices and energy provides, before accessing confidential data",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Middle East (region),,State institutions / political system; State institutions / political system; State institutions / political system; Critical infrastructure,Government / ministries; Military; Intelligence agencies; Energy,,Unknown,"Non-state actor, state-affiliation suggested",,2,1158; 1159,2019-01-01 00:00:00; 2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attribution by third-party,,,,,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.heise.de/ct/artikel/DNSpionage-Massive-Angriffe-auf-Mail-und-VPN-User-4333644.html; https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://blog.talosintelligence.com/2019/04/seaturtle.html; https://us-cert.cisa.gov/ncas/alerts/AA19-024A; https://www.heise.de/ct/artikel/DNSpionage-Massive-Angriffe-auf-Mail-und-VPN-User-4333644.html; https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html,2022-08-15,2022-11-02
984,APT28 Intelligence Gathering,APT28 continued lowlevel intelligence gathering action between 2017 and 2018,2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Europe (region); South America, - ,State institutions / political system; State institutions / political system; International / supranational organization - State institutions / political system; State institutions / political system; International / supranational organization,; Military;  - ; Military; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,1,1160,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://symantec-enterprise-blogs.security.com/blogs/election-security/apt28-espionage-military-government,2022-08-15,2022-11-02
985,Singapore Defense Ministry Hack,Singapore Reveals CyberAttack on Defense Ministry,2017-02-01,Not available,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,Singapore,ASIA,State institutions / political system; State institutions / political system,Government / ministries; Military,,Unknown,"Non-state actor, state-affiliation suggested",,1,1161,2017-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,"Non-state actor, state-affiliation suggested",https://www.straitstimes.com/singapore/personal-data-of-850-mindef-servicemen-and-staff-leaked-due-targeted-planned-cyber-attack,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://thediplomat.com/2017/03/singapore-reveals-cyber-attack-on-defense-ministry/; https://www.straitstimes.com/singapore/personal-data-of-850-mindef-servicemen-and-staff-leaked-due-targeted-planned-cyber-attack,2022-08-15,2022-11-02
986,Pentagon-Twitter Attack,Russian hackers targeted Pentagon workers with malware-laced Twitter messages,2017-02-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); ,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,State institutions / political system; State institutions / political system,Government / ministries; Military,,Russia,State,,1,1162,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Russia,State,http://time.com/4783932/inside-russia-social-media-war-america/,System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.theverge.com/2017/5/18/15658300/russia-hacking-twitter-bots-pentagon-putin-election; http://time.com/4783932/inside-russia-social-media-war-america/,2022-08-15,2023-04-03
987,Muddy Water,"Researchers from Palo Alto Networks' Unit 42 reveal the details of Muddy Water, a campaign carried on by a politically-motivated actor targeting Middle Eastern nations. Reaqta links the campaign to Iran as the geographical origin.",2017-02-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None,Saudi Arabia; United States; Iraq; Israel; United Arab Emirates; Georgia; Pakistan; India; Turkey,ASIA; MENA; MEA; GULFC - NATO; NORTHAM - ASIA; MENA; MEA - ASIA; MENA; MEA - ASIA; MENA; MEA; GULFC - ASIA; CENTAS - ASIA; SASIA; SCO - ASIA; SASIA; SCO - ASIA; NATO; MEA,State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Critical infrastructure,Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications - Government / ministries; Energy; Telecommunications,Muddy Water,"Iran, Islamic Republic of",Unknown - not attributed,,1,1163,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Muddy Water,"Iran, Islamic Republic of",Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/; https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/https://securityaffairs.co/wordpress/78586/apt/muddywater-powershell-backdoor.html; https://securityaffairs.com/153475/apt/muddywater-targets-israeli-entities.html; https://securityaffairs.com/161042/apt/iran-ta450-rmm-atera.html,2022-08-15,2023-12-06
988,"""Operation Honeybee""","McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. The Analysts of McAfee have named this Operation Honeybee, based on the names of the malicious documents used in the attacks.",2017-02-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Cambodia; Singapore; Thailand,ASIA; SEA - ASIA - ASIA; SEA,State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries,Rancor; DragonOk,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1164; 1164,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Rancor; DragonOk,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/hacking-operation-uses-malicious-word-documents-to-target-aid-organisations/; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/,2022-08-15,2022-11-02
989,Russian hackergroup CozyBear vs. Norway,"Norway’s security service says nine emailaccounts—including those belonging to the Labourparty, the foreign ministry and defenseministry—have been targeted by hackers belonging APT 29.",2017-02-03,2017-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft,,Norway,EUROPE; NATO; NORTHEU,State institutions / political system; State institutions / political system,Government / ministries; Political parties,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,1,1165,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.bbc.com/news/world-europe-38859491; https://eu.usatoday.com/story/news/2017/02/03/norway-russian-hackers-hit-spy-agency-defense-labour-party/97441782/; https://apnews.com/9aaf954bb24f4a289d4c399db7d71f8e,2022-08-15,2022-11-02
990,Defacement of the 45 Committe website,"The website of 45 Committee, a PAC supporting President Donald Trump, is defaced.",2017-02-06,2017-02-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,United States,NATO; NORTHAM,State institutions / political system,Political parties,,United States,Unknown - not attributed,,1,1166,NaT,"Attribution given, type unclear",Media-based attribution,,,,,United States,Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://edition.cnn.com/2017/02/06/politics/45-committee-website-hacked/index.html,2022-08-15,2022-11-02
991,Charming Kitten hacks MacUsers,"Two security researchers reveal the details of a new campaign linked to Charming Kitten, a cyber espionage group linked to the Iranian Government using an unsophisticated strain of malware, dubbed MacDownloader, to steal credentials and other data from Mac computers.",2017-02-06,2017-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,Unknown,,Social groups; Critical infrastructure,Advocacy / activists (e.g. human rights organizations); Defence industry,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC); Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1167,2017-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://iranthreats.github.io/resources/macdownloader-macos-malware/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/56095/intelligence/macdownloader-iranian-hackers.html; https://iranthreats.github.io/resources/macdownloader-macos-malware/,2022-08-15,2022-11-02
992,Hackergroup linked to ISIS attacks NHS websites,"The Independent reveals that, over the past six weeks, six NHS websites were defaced showing grue some images of the conflict in Syria with the hashtags: #Op_Russiaand#save_aleppo.",2017-02-07,2017-02-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,United Kingdom,EUROPE; NATO; EU(MS); NORTHEU,Critical infrastructure,Health,Tunisian Fallaga Team; Pro-ISIS,Tunisia; Tunisia,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),1,1168; 1168,NaT; NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Tunisian Fallaga Team; Pro-ISIS,Tunisia; Tunisia,Non-state-group; Non-state-group,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.independent.co.uk/news/uk/crime/isis-islamist-hackers-nhs-websites-cyber-attack-syrian-civil-war-images-islamic-state-a7567236.html,2022-08-15,2022-11-02
993,Indian Cyber Army vs. Pakistani Embassy in Serbia,"Hackergroup ""Indian Cyber Army"" hacks website of Pakistani embassy in Serbia, leaves message.",2017-02-17,2017-02-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,Pakistan,ASIA; SASIA; SCO,State institutions / political system,,Indian Cyber Army,India,Non-state-group,Ethnic actors,1,1169,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indian Cyber Army,India,Non-state-group,,Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/pakistani-embassy-in-serbia-website-hacked-by-indian-cyber-army/,2022-08-15,2022-11-02
994,Cuba Ransomware Gang claims disruptive cyber attacks against Montenegro government servers in 2022,"In August 2022, the Montenegro government experienced an initial cyber attack, later confirming two series of attacks on government servers. The Cuba Ransomware Gang, identified by VX-Underground researchers, claimed responsibility through their leak site. The attack disrupted 150 workstations in 10 state institutions, including the Ministry of Finance, using the Zerodate virus. Stolen internal information, such as financial documents, correspondence, and source code related to the Montenegrin parliament, was reported to be leaked. Although the hackers demanded a $10 million ransom, officials deny receiving the demand. The attack targeted electricity and water supply systems, transportation services, and online government services. The National Security Agency (ANB) described it as unprecedented. As a precautionary measure, the state-owned power utility EPCG switched to manual operation. By September 1, 2022, the attack was still ongoing, causing government websites to be unavailable and leading to delays in court processes.
Deputy Prime Minister Konjevic believed there was sufficient evidence to link the attack to Russia, supported by the Montenegrin National Security Agency's briefing that mentioned ""several Russian services"" as the sponsors. The National Security Council decided to await further details from foreign partners to determine the responsible party. Anonymous ANB officials suspected Russian security services of targeting critical infrastructure, resulting in manual control of power plants. The US embassy in Montenegro issued a security alert, advising limited movement due to uncertain disruptions to public utilities, transportation, and telecommunication caused by the ongoing cyber attack. The US and France sent cyber experts to assist Montenegro based on its NATO membership and collective defense commitment.
",2022-08-20,2022-09-02,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company; Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption; Ransomware,Parliament (Montenegro) - Ministry of Finance (Montenegro) - Not available - Not available,Montenegro; Montenegro; Montenegro; Montenegro,EUROPE; BALKANS; NATO; WBALKANS - EUROPE; BALKANS; NATO; WBALKANS - EUROPE; BALKANS; NATO; WBALKANS - EUROPE; BALKANS; NATO; WBALKANS,State institutions / political system - State institutions / political system - State institutions / political system - Critical infrastructure,Legislative - Government / ministries - Government / ministries - Energy,Cuba Ransomware,Not available,Non-state-group,Criminal(s),3,12439; 12439; 12438; 12440,2022-08-19 00:00:00; 2022-08-19 00:00:00; 2022-08-31 00:00:00; 2022-08-26 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Political statement / report (e.g., on government / state agency websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Contested attribution; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Cuba Ransomware; Cuba Ransomware; Marash Dukaj (Public Administration Minister, Montenegro); Agencija za Nacionalnu Bezbjednost (ANB)",Not available; Not available; Not available; Not available,Montenegro; Montenegro; Montenegro; Montenegro,Cuba Ransomware; Cuba Ransomware; Not available; Not available,Not available; Not available; Not available; Russia,Non-state-group; Non-state-group; Non-state-group; State,https://www.rferl.org/a/montenegro-cyberattack-russia/32006237.html; https://www.reuters.com/world/europe/montenegro-blames-criminal-gang-cyber-attacks-government-2022-08-31/; https://www.bleepingcomputer.com/news/security/montenegro-hit-by-ransomware-attack-hackers-demand-10-million/; https://www.euractiv.com/section/global-europe/news/cyberattack-hits-montenegro-government-defence-minister-points-at-russia/; https://mobile.twitter.com/javnaupravamne/status/1565043988800978944,Unknown,Not available,,Not available,,3,2022-08-26 00:00:00; 2022-09-01 00:00:00; 2022-09-01 00:00:00,State Actors: Preventive measures; State Actors: Preventive measures; EU member states: Preventive measures,Awareness raising; Capacity building in third countries; Capacity building in third countries,Montenegro; United States; France,Rasko Konjevic (Minister of Defense); Federal Bureau of Investigation (FBI); National Agency for the Security of Information Systems (France),No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,8.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,Not available,,Montenegro,,Not available,,No response justified (missing state attribution & breach of international law),,https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/; https://twitter.com/josephmenn/status/1658184581449912321; https://twitter.com/lorenzofb/status/1658135479651368960; https://twitter.com/UK_Daniel_Card/status/1658484619522760713; https://twitter.com/Dennis_Kipker/status/1658426125570170881; https://twitter.com/780thC/status/1658417668087590918; https://twitter.com/780thC/status/1658417470024081413; https://socradar.io/mutation-effect-of-babuk-code-leakage-new-ransomware-variants/; https://www.gov.me/en/News/169508/Web-portal-of-Government-of-Montenegro-and-several-other-web-sites-were-under-enhanced-cyberattacks.html; https://www.rferl.org/a/montenegro-cyberattack-russia/32006237.html; https://lookingglasscyber.com/blog/threat-intelligence-insights/cyber-monitor-september22022/; https://therecord.media/fbi-and-french-officials-arrive-in-montenegro-to-investigate-ransomware-attack/; https://www.securityweek.com/montenegro-wrestles-massive-cyberattack-russia-blamed; https://securityaffairs.co/wordpress/135667/hacking/montenegro-massive-cyber-attack.html; https://www.bleepingcomputer.com/news/security/cuba-ransomware-affiliate-targets-ukrainian-govt-agencies/; https://www.reuters.com/world/europe/montenegro-blames-criminal-gang-cyber-attacks-government-2022-08-31/; https://www.reuters.com/world/montenegro-says-fbi-will-help-investigate-cyber-attacks-2022-08-31/; https://orf.at/stories/3284892/; https://www.bleepingcomputer.com/news/security/montenegro-hit-by-ransomware-attack-hackers-demand-10-million/; https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/; https://me.usembassy.gov/security-alert-montenegro-august-26-2022/; https://www.euractiv.com/section/global-europe/news/cyberattack-hits-montenegro-government-defence-minister-points-at-russia/; https://mobile.twitter.com/mdukaj1/status/1563047270345748482; https://mobile.twitter.com/mdukaj1/status/1563047271964352513; https://mobile.twitter.com/javnaupravamne/status/1565043988800978944; https://twitter.com/BlackBerrySpark/status/1586085423314599937; https://me.usembassy.gov/security-alert-montenegro-august-26-2022/; https://www.gov.me/en/article/national-security-council-holds-its-third-session-2; https://www.spiegel.de/netzwelt/montenegro-sieht-ausreichende-hinweise-fuer-russische-cyberattacke-a-2b48d900-9389-4fb7-9c1c-d3e99ba72486#ref=rss; https://www.reuters.com/world/europe/montenegros-state-infrastructure-hit-by-cyber-attack-officials-2022-08-26/; https://slate.com/technology/2022/09/russia-cyberattack-montenegro-ukraine.html; https://apnews.com/article/russia-ukraine-technology-hacking-montenegro-2a8eb2df87f657b6d7b9971b7419bff9; https://balkaninsight.com/2022/09/07/montenegro-blames-slowed-court-processes-on-cyber-attacks/; https://politicalviolenceataglance.org/2022/09/21/who-attacked-montenegro-the-moral-and-strategic-hazards-of-misassigning-blame/; https://balkaninsight.com/2022/08/29/montenegro-still-assessing-damage-from-mystery-cyber-attacks/; https://cybernews.com/cyber-war/montenegro-blames-cuba-ransomware-for-attacking-the-country/; https://shared-public-reports.s3-eu-west-1.amazonaws.com/Cuba+Ransomware+Group+-+on+a+roll.pdf; https://www.ic3.gov/Media/News/2021/211203-2.pdf; https://www.latimes.com/world-nation/story/2022-09-12/nato-montenegro-massive-cyberattack-russia-blamed,2022-08-15,2023-10-04
995,Black Hat Hackers leak Navy Data of India,"Bangladeshi Hacker group ""Black Hat Hackers"" extracts and leaks personal information of Indian Navy officials from government servers.",2017-02-25,2017-02-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,India,ASIA; SASIA; SCO,State institutions / political system,Military,Black Hat Hackers,Bangladesh,Non-state-group,Ethnic actors,1,1171,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Black Hat Hackers,Bangladesh,Non-state-group,,Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/indian-navy-officers-private-details-leaked-by-bangladeshi-black-hat-hackers/,2022-08-15,2023-01-04
976,Pupy RAT,"Iranian PupyRAT Bites Middle Eastern Organizations, closely related or working on behalf of Magic Hound (Palo Alto) APT 35 (Mandiant) Cobalt Gypsy (Secure Works)RocketKitten (CrowdStrike)",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,Mena Region (region),,Unknown,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1150,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049/Hazel Sandstorm fka EUROPIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations,2022-08-15,2023-04-27
975,Fancy Bear UN-Mail Leak,The Russian APT Fancy Bear leaked E-Mails of UN Staff,2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,United Nations Organization,,International / supranational organization,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,1,1149,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,https://www.bild.de/politik/inland/hacker/fuehren-deutschen-top-diplomaten-vor-53910162.bild.html?wt_eid=2147080677200839578&wt_t=2151118029200488870,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.politico.eu/article/russian-hackers-fancy-bear-behind-leak-of-un-diplomats-email-report/; https://www.bild.de/politik/inland/hacker/fuehren-deutschen-top-diplomaten-vor-53910162.bild.html?wt_eid=2147080677200839578&wt_t=2151118029200488870,2022-08-15,2022-11-02
974,Indian Revenge: Ransomware against Pakistani Airports,"Indian hackers claimed to have infected three Pakistani Airports with ransomware, as a revenge action after the defacement of the Indian Security Guard Website.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Ransomware,,Pakistan,ASIA; SASIA; SCO,Critical infrastructure,Transportation,Mallu Cyber Soldiers,India,Non-state-group,Hacktivist(s),1,3867,NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,Not available,,Mallu Cyber Soldiers,India,Non-state-group,,System / ideology; Territory; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.dailymail.co.uk/indiahome/indianews/article-4082644/The-India-Pakistan-cyber-war-intensifies-retaliatory-ransomware-attack-cripples-websites-Islamabad-Multan-Karachi-airports.html,2022-08-15,2022-11-02
962,SunTeam Kakao Hack,"The actor SunTeam, attributed to be North Korean, hacked the devices of northKorean defectors and of journalists in South Korea to access the saved data",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Social groups; End user(s) / specially protected groups; Media,Political opposition / dissidents / expats; ; ,Sun Team,Unknown,Unknown - not attributed,,1,1132,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Sun Team,Unknown,Unknown - not attributed,,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cyberscoop.com/new-hacking-campaign-targets-north-korean-defectors-in-south-korea/; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/north-korean-defectors-journalists-targeted-using-social-networks-kakaotalk/,2022-08-15,2022-11-02
954,Naikon Cyber Espionage,State-sponsored Chinese hacking group Naikon/APT 30 conducted long-term espionage campaign agaginst government entities and government-owned companies in South East Asia and Australia.,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None,Australia; India; Vietnam; Myanmar; Philippines; Thailand; Brunei,OC - ASIA; SASIA; SCO - ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS; SEA - ASIA; SEA - ASIA; SCS,State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system - State institutions / political system,Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries - Government / ministries,"APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1122; 1122,2020-01-01 00:00:00; 2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://research.checkpoint.com/2020/naikon-APT -cyber-espionage-reloaded/,Resources; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnbc.com/2020/05/07/chinese-hacking-group-naikon-reportedly-spying-on-asia-governments.html; https://research.checkpoint.com/2020/naikon-APT -cyber-espionage-reloaded/; https://twitter.com/elinanoor/status/1630983893573566481,2022-08-15,2023-03-13
955,Kaputskiy vs. Russian Visa Centre in USA,Kaputskiy hacks Russian Visa Centre in USA and accessed information of around 3000 individuals,2016-12-25,2016-12-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Russia,EUROPE; EASTEU; CSTO; SCO,State institutions / political system,Civil service / administration,Kapustkiy,Unknown,Individual hacker(s),,1,1123,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,http://securityaffairs.co/wordpress/54709/hacking/russian-visa-center-hacked.html,2022-08-15,2022-11-02
956,Tick aka PLA Unit 61419 vs. Japanese Defense Companies,Japanese law enforcement believes Tick is linked to the Chinese military and behind a broad cyber-espionage campaign that has breached more than 200 Japanese companies and organizations since at least 2016.,2016-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,Japan,ASIA; SCS; NEA,Critical infrastructure; Critical infrastructure; Media,Transportation; Defence industry; ,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419); PLA Unit 61419",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,2,1125; 1125; 1124; 1124,2021-01-01 00:00:00; 2021-01-01 00:00:00; 2021-01-01 00:00:00; 2021-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,; ; ; ,; ; ; ,; ; ; ,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419); PLA Unit 61419; Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419); PLA Unit 61419",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://therecord.media/japanese-police-say-tick-APT -is-linked-to-chinese-military/,International power,Territory; Resources; International power; Other,; ; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://therecord.media/japanese-police-say-tick-APT%20-is-linked-to-chinese-military/; https://therecord.media/japanese-police-say-tick-APT -is-linked-to-chinese-military/,2022-08-15,2023-03-15
957,Covellite attack on US electric grid,"Covellite, a propably state-sponsored north Korean group tried to access networks of US-American and subsequently European and asian companies associated with the electrical grid.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,None - None - None,United States; Europe (region); Asia (region),NATO; NORTHAM -  - ,Critical infrastructure - Critical infrastructure - Critical infrastructure,Energy - Energy - Energy,Covellite,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",1,1126,2018-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,Covellite,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",https://collaborate.mitre.org/attackics/index.php/Group/G0008,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.zdnet.com/article/north-korean-apt-group-covellite-abandons-us-targets/; https://dragos.com/resource/covellite/; https://collaborate.mitre.org/attackics/index.php/Group/G0008,2022-08-15,2022-11-02
958,APT35/Newscaster attack on US companies,"APT35 (The Newscaster Team) compromising at least three U.S.-based companies, and performing reconnaissance at two other U.S. organizations and one non-U.S. company. At least one organization was likely compromised due to the attacker exploiting unpatched vulnerabilities in the Ektron CMS platform, which allowed them to upload web shell backdoors.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,United States,NATO; NORTHAM,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,1,1127,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf,2022-08-15,2024-01-18
959,Darkpulsar,The NSA conducted a major hijacking operation against various asian targets,2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,"Russia; Egypt; Iran, Islamic Republic of",EUROPE; EASTEU; CSTO; SCO - MENA; MEA; AFRICA; NAF - ASIA; MENA; MEA,Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - Critical infrastructure; Critical infrastructure; Critical infrastructure; Science - Critical infrastructure; Critical infrastructure; Critical infrastructure; Science,Energy; Chemicals; Defence industry;  - Energy; Chemicals; Defence industry;  - Energy; Chemicals; Defence industry; ,NSA/Equation Group,Unknown,Unknown - not attributed,,2,1128; 1129,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,Unknown; United States,Unknown - not attributed; State,https://www.zdnet.com/article/kaspersky-says-it-detected-infections-with-darkpulsar-alleged-nsa-malware/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securelist.com/darkpulsar/88199/https://securelist.com/darkpulsar-faq/88233/; https://www.zdnet.com/article/kaspersky-says-it-detected-infections-with-darkpulsar-alleged-nsa-malware/,2022-08-15,2022-11-02
960,Operation Wocao,"An unknown actor with direct ties to the Chinese government leveraged malware deposited by other threatactors, to gain access to high-level networks in various countries",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None - None - None - None - None - None - None - None,United States; Brazil; China; France; Germany; Italy; Mexico; Spain; Portugal; United Kingdom,NATO; NORTHAM - SOUTHAM - ASIA; SCS; EASIA; NEA; SCO - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS); WESTEU - EUROPE; NATO; EU(MS) -  - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS) - EUROPE; NATO; EU(MS); NORTHEU,State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - State institutions / political system; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance;  - ; Energy; Transportation; Health; Finance; ,APT 20,China,"Non-state actor, state-affiliation suggested",,1,1130,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 20,China,"Non-state actor, state-affiliation suggested",,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf,2022-08-15,2023-03-13
961,Lazarus Bitcoin Hijack,The APT Lazarus hijacked south-Korean servers to run cryptocoin miners,2017-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Hijacking with Misuse,,"Korea, Republic of",ASIA; SCS; NEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",Unknown - not attributed; Unknown - not attributed,,1,1131; 1131,NaT; NaT,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",Unknown - not attributed; Unknown - not attributed,,System / ideology; International power; Other,System/ideology; International power; Other,; ; ,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,,2022-08-15,2022-11-02
963,Octopus infected Seas of Central Asia,Octopus infected Seas of Central Asia,2017-01-01,Not available,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,Central Asia (region); Afghanistan, - ASIA; SASIA,State institutions / political system; End user(s) / specially protected groups - State institutions / political system; End user(s) / specially protected groups,;  - ; ,DustSquad/Nomadic Octopus; APT-C-34/Golden Falcon,Russia; Russia,Unknown - not attributed; Unknown - not attributed,,1,1133; 1133,NaT; NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,DustSquad/Nomadic Octopus; APT-C-34/Golden Falcon,Russia; Russia,Unknown - not attributed; Unknown - not attributed,,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html,2022-08-15,2023-05-02
973,Pakistan vs. Indian Security Guard Website,"Hackers suspected to be affiliated with Pakistan attacked the website of the elite National Security Guard (NSG), defacing the homepage with a profanity laden message against Prime Minister Modi.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,India,ASIA; SASIA; SCO,State institutions / political system,Military,Alone Injector; ISI,Pakistan; Pakistan,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1147; 1147,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Alone Injector; ISI,Pakistan; Pakistan,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,System / ideology; Territory; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://timesofindia.indiatimes.com/india/national-security-guard-website-hacked-defaced-with-abusive-message-against-pm-modi/articleshow/56280790.cms,2022-08-15,2022-11-02
964,Russian APT Fancy Bear targeted Emmanuel Macron`s presidential campaign with a hack-and-leak operation between 2017 and 2018,"Between 2017 and 2018, the Russian state-sponsored APT Fancy Bear leaked Mails of the French Presidential Campaign of Emmanuel Macron with the goal of influencing the French elections.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing,,France,EUROPE; NATO; EU(MS); WESTEU,State institutions / political system; State institutions / political system,Political parties; ,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,2,18926; 18927,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action",IT-security community attributes attacker; Attribution by third-party,,; Not available,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,"Non-state actor, state-affiliation suggested; State",https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and  https://www.cyberscoop.com/researchers-link-macron-hack-to-apt28-with-moderate-confidence/,Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www.bbc.com/news/blogs-trending-39845105; https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and  https://www.cyberscoop.com/researchers-link-macron-hack-to-apt28-with-moderate-confidence/; https://www.techrepublic.com/article/sandworm-threat-actor-disrupts-power-ukraine/; https://www.rferl.org/a/ukraine-russia-crisis-crosshairs-live-briefing/31668477.html; https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/,2022-08-15,2024-04-24
966,Reaper vs. Japan/Vietnam/Middle East,The North Korean Proxy Reaper (APT37) expanded its focus to Japanese and Vietnamese targets as well as Middle Eastern companies.,2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None - None,Vietnam; Japan; Middle East (region),ASIA; SCS; SEA - ASIA; SCS; NEA - ,State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure - State institutions / political system; Critical infrastructure; Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition); Science; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure; Critical infrastructure,Government / ministries; Transportation; ; ; Health; Chemicals; Telecommunications; Finance; Defence industry - Government / ministries; Transportation; ; ; Health; Chemicals; Telecommunications; Finance; Defence industry - Government / ministries; Transportation; ; ; Health; Chemicals; Telecommunications; Finance; Defence industry,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067; Group123,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,6582; 6582,2018-01-01 00:00:00; 2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067; Group123,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf,International power,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf; https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf,2022-08-15,2023-02-08
967,MSS 2020 Indictment Case 2017,"MSS supported hackers have stolen sensitive data by different companies and research entities in the US, Europe and Korea in 2017, according to a 2020 indictment.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,None - None - None - None,Sweden; United States; Lithuania; Germany,EUROPE; EU(MS); NORTHEU - NATO; NORTHAM - EUROPE; NATO; EU(MS); NORTHEU - EUROPE; NATO; EU(MS); WESTEU,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition) - Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition), -  -  - ,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,1,13903,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,Not available,United States,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,,2022-08-15,2023-10-26
968,Anonymous vs. Thai Government,Anonymous hacks Thai Gov’t job portal; leaks a trove of data,2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,Thailand,ASIA; SEA,State institutions / political system,Government / ministries,Anonymous,Unknown,Non-state-group,,1,1139,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,https://www.hackread.com/anonymous-hacks-thai-govt-job-portal/,System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.hackread.com/anonymous-hacks-thai-govt-job-portal/,2022-08-15,2022-11-02
969,NATO Smartphone Hack - 2017,Russia managed to hack into at least 4000 NATO soldiers’ personal smartphones to obtain military information.,2017-01-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,NATO (institutions),,State institutions / political system; International / supranational organization,Military; ,,Russia,State,,1,2559,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,Not available,,,Russia,State,https://www.hackread.com/smartphones-nato-soldiers-compromised-russian-hackers/; https://nypost.com/2017/10/04/russia-has-been-hacking-smartphones-of-nato-troops/,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,https://koddos.net/blog/russia-hacks-nato-soldiers-smartphones/; https://www.hackread.com/smartphones-nato-soldiers-compromised-russian-hackers/; https://nypost.com/2017/10/04/russia-has-been-hacking-smartphones-of-nato-troops/,2022-08-15,2022-11-02
970,Thrip17,"A group of hackers traced to China are waging a sophisticated cyberespionage campaign against satellite operators, telecommunication companies and defense contractors in the US and Southeast Asia",2017-01-01,Not available,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,None - None,United States; Southeast Asia (region),NATO; NORTHAM - ,Critical infrastructure; Critical infrastructure - Critical infrastructure; Critical infrastructure,Telecommunications; Defence industry - Telecommunications; Defence industry,Thrip,China,Unknown - not attributed,,1,1141,NaT,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Thrip,China,Unknown - not attributed,https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets,International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://www.cnet.com/news/china-based-espionage-campaign-targets-satellite-defense-companies/; https://www.globaldots.com/china-based-cyber-espionage-campaign-targets-satellite-telecom-defense-firms/; https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets,2022-08-15,2024-04-23
971,Conimes,"Cyberspies working for or on behalf of China's government have broadened attacks against official and corporate targets in Vietnam at a time of raised tension over the South China Sea, cyber security company Fire Eye said.",2017-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,Vietnam,ASIA; SCS; SEA,Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition),,Conimes; Hellsing,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,1,1142; 1142,2017-01-01 00:00:00; 2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,Conimes; Hellsing,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",https://www.reuters.com/article/us-vietnam-china-cyber-idUSKCN1BB0I5,Territory; International power,Territory; Resources; International power,; ; ,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,https://uk.news.yahoo.com/chinese-cyber-spies-broaden-attacks-060012176.html; https://www.reuters.com/article/us-vietnam-china-cyber-idUSKCN1BB0I5,2022-08-15,2022-11-02
972,Triton (GroupTEMP.VelesakaXenotime),"Attackers, believed to work for a nationstate, used malware–called Triton–to infiltrate a safety system for operations in critical infrastructure organizations. After initial allegations towards Iran, Fireeye reported in 2018, that it is highly likely, that the state-owned Russian Science Institute CNIIHM developed the malware.
In June 2021, an indictment in the District of Columbia, United States v. Evgeny Viktorovich Gladkikh, charged a Russian ministry of defense research institute employee, Viktorovich Gladkikh, with conspiring to damage critical infrastructure outside the United States from May 2017 to September 2017 through causing direct physical damage to the facilities by disabling the safety systems with Triton (or also known as ""Trisis"").",2017-05-01,Not available,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,Saudi Arabia,ASIA; MENA; MEA; GULFC,Critical infrastructure,Chemicals,Evgeny Viktorovich Gladkikh (TsNIIKhM),Russia,State,,5,6694; 6690; 6691; 6691; 6691; 6691; 6692; 6693,2022-03-24 00:00:00; 2017-01-01 00:00:00; 2018-10-23 00:00:00; 2018-10-23 00:00:00; 2018-10-23 00:00:00; 2018-10-23 00:00:00; 2017-12-15 00:00:00; 2020-10-23 00:00:00,"Domestic legal action; Media report (e.g., Reuters makes an attribution statement, without naming further sources); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action",Attribution by third-party; Media-based attribution; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party,US Department of Justice (DoJ); Not available; Mandiant; Mandiant; Mandiant; Mandiant; CyberX; Department of the Treasury’s Office of Foreign Assets Control (OFAC),Not available; Not available; ; ; ; ; ; Not available,United States; Not available; United States; United States; United States; United States; Israel; United States,"Evgeny Viktorovich Gladkikh (TsNIIKhM); Temp.Veles; Temp.Veles; Temp.Veles; Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM, a.k.a. ЦНИИХМ); Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM, a.k.a. ЦНИИХМ); ; State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM)","Russia; Russia; Russia; Russia; Russia; Russia; Iran, Islamic Republic of; Russia","State; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; State; State",https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical; https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html?mtrref=undefined; https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html; https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html; https://home.treasury.gov/news/press-releases/sm1162,Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,2,2020-10-23 00:00:00; 2022-03-24 00:00:00,"Peaceful means: Retorsion (International Law); Other legal measures on national level (e.g. law enforcement investigations, arrests)",Economic sanctions; ,United States; United States,US Department of the Treasury; US Justice Department,Not available,,,,https://cyberscoop.com/vulnerabilities-industrial-conference-s4x23/; https://www.malwarebytes.com/blog/news/2023/03/ransomware-gunning-for-transport-sectors-ot-systems-next; https://www.darkreading.com/ics-ot/cosmicenergy-malware-emerges-electric-grid-shutdown; https://www.bleepingcomputer.com/news/security/rockwell-warns-of-new-apt-rce-exploit-targeting-critical-infrastructure/; https://securityaffairs.com/148472/ics-scada/rockwell-automation-controllogix-flaws.html; https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical; https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html?mtrref=undefined; https://www.reuters.com/article/us-cyber-infrastructure-attack/hackers-halt-plant-operations-in-watershed-cyber-attack-idUSKBN1E8271; https://www.theguardian.com/technology/2017/dec/15/triton-hackers-malware-attack-safety-systems-energy-plant; https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html; https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html; https://home.treasury.gov/news/press-releases/sm1162; https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks; https://www.securityweek.com/iran-used-triton-malware-target-saudi-arabia-researchers,2022-08-15,2023-07-18
2,Azerbaijani hackers took down and defaced Armenian state TV and other webpages in January/February 2000,"After an ethnic Armenian in California launched Aliyev.com, a site that disseminated ""black propaganda"" about the former Azerbaijani President Heydar Aliyev, in January/February 2000, Azerbaijani hackers took down and defaced webpages of the Armenian state TV and webpages with information about the Turkish massacre against ethnic Armenians in World War I. ",2000-01-01,Not available,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,Not available,Armenia,ASIA; CENTAS; CSTO,State institutions / political system; Media; Other,Civil service / administration; ; ,Not available,Azerbaijan,Non-state-group,Hacktivist(s),1,17416,NaT,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Not available,Not available,Azerbaijan,Not available,Azerbaijan,Non-state-group,,Autonomy; Territory; Resources,Autonomy; Territory; Resources,Armenia - Azerbaijan; Armenia - Azerbaijan; Armenia - Azerbaijan,Yes / HIIK intensity,HIIK 1,0,,Not available,,Not available,Not available,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,https://eurasianet.org/nagorno-karabakh-dispute-takes-to-cyber-space,2022-08-15,2024-02-23